Премини към съдържанието
porata

Съмнение за вирус който атакува интернет..

Препоръчан отговор


Съмненията ми идват главно от бързината на интернета ми който до преди дни си беше наред за да не направя поредната глупост реших да почакам за да видя дали случайно не е от доставчика ми.. Но уви не беше дори днес ходих да взема малко информация от тях.. Казаха че всичко е наред.Разбира се проблемът може и да е друг но все пак да проверим за всеки случай дали всичко е наред с системата


 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
Ran by User (administrator) on USER-PC (29-02-2016 21:10:32)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\main.exe
(The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Cortex\Cef\CefSharp.BrowserSubprocess.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13675736 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4859592 2015-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-11-20] (Raptr, Inc)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [98256 2015-08-31] (Razer Inc.)
HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\...\Run: [Viber] => "C:\Users\User\AppData\Local\Viber\Viber.exe"
HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\...\Run: [RGSC] => D:\sd\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 95.87.0.251 95.87.0.252
Tcpip\..\Interfaces\{081756E3-7BA6-43E7-884C-6906AE89F75B}: [DhcpNameServer] 95.87.0.251 95.87.0.252

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vrwfu40n.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vrwfu40n.default\extensions\ROUAILDE73397174@UXGZI17268980.com [not found]
FF Extension: downintabmaxmax - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vrwfu40n.default\extensions\downintab@max.max [2014-10-23] [not signed]

Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-18]
CHR Extension: (Google Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-18]
CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Търсене) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Електронни таблици от Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-18]
CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-18]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-18]
CHR HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [242960 2016-02-07] (EasyAntiCheat Ltd)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-08-15] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-08-31] (Razer Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-04] (Advanced Micro Devices Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-10-18] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3341904 2012-03-26] (Broadcom Corporation)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-11-29] (Qualcomm Atheros Co., Ltd.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-29 21:10 - 2016-02-29 21:10 - 00013119 _____ C:\Users\User\Downloads\FRST.txt
2016-02-29 21:10 - 2016-02-29 21:10 - 00000000 ____D C:\FRST
2016-02-29 21:09 - 2016-02-29 21:09 - 02371072 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2016-02-21 09:22 - 2016-02-21 09:22 - 00069944 _____ C:\Users\User\Downloads\Justice.League.Doom.2012.(subs.sab.bz).rar
2016-02-21 09:21 - 2016-02-21 09:21 - 00014590 _____ C:\Users\User\Downloads\Justice League Doom[2012]BRRip XviD-ETRG.torrent
2016-02-18 17:16 - 2016-02-18 17:16 - 00000219 _____ C:\Users\User\Desktop\Dota 2.url
2016-02-17 04:00 - 2016-02-17 04:05 - 268136801 _____ C:\Users\User\Downloads\cs16full_sector_edition.exe
2016-02-08 13:40 - 2016-02-08 13:41 - 06828320 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup514.exe
2016-02-08 13:38 - 2016-02-08 13:38 - 00021986 _____ C:\Users\User\Downloads\scooby.doo.camp.scare.2010.dvdrip.xvid-qcf(subsunacs.net).rar
2016-02-08 13:38 - 2016-02-08 13:38 - 00011494 _____ C:\Users\User\Downloads\Scooby-Doo.Camp.Scare.2010.STV.MULTI.BRRip.x264.mkv.torrent
2016-02-07 19:22 - 2016-02-07 19:22 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-02-07 19:22 - 2016-02-07 19:22 - 00001035 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-02-07 19:21 - 2016-02-07 19:21 - 09665808 _____ (TeamViewer GmbH) C:\Users\User\Downloads\TeamViewer_Setup_bg-iod.exe
2016-02-07 16:17 - 2016-02-07 16:17 - 00242960 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2016-02-07 16:17 - 2016-02-07 16:17 - 00000222 _____ C:\Users\User\Desktop\EasyAntiCheat eSports.url
2016-02-07 12:55 - 2016-02-07 12:55 - 00000000 ____D C:\Users\User\Desktop\www
2016-02-01 16:14 - 2016-02-01 16:14 - 00044877 _____ C:\Users\User\Downloads\bridge.of.spies.2015.brrip.xvid.ac3-evo(subsunacs.net).rar
2016-02-01 16:12 - 2016-02-01 16:12 - 00015126 _____ C:\Users\User\Downloads\Bridge.of.Spies.2015.576p.BRRIP.x264.AAC-GOD.torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-29 21:04 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-29 21:04 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-29 20:59 - 2014-10-20 15:36 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2016-02-29 20:59 - 2014-10-18 20:00 - 00000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2016-02-29 20:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-29 07:57 - 2014-10-24 19:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-29 07:19 - 2014-10-19 00:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-29 01:14 - 2014-10-17 19:45 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-21 14:44 - 2014-10-17 19:55 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2016-02-21 10:22 - 2015-04-24 09:12 - 00000000 ____D C:\Users\User\AppData\LocalLow\Temp
2016-02-21 09:22 - 2016-01-17 15:53 - 00000000 ____D C:\wqe
2016-02-19 23:05 - 2014-10-24 19:33 - 00002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 23:05 - 2014-10-24 19:33 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-18 22:46 - 2014-10-20 15:36 - 00000000 ____D C:\ProgramData\Skype
2016-02-17 04:07 - 2015-07-02 22:26 - 00000000 ____D C:\Users\User\AppData\Local\AMD
2016-02-16 18:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-02-15 08:42 - 2009-07-14 06:45 - 00275432 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-09 20:13 - 2014-10-19 00:24 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-09 20:13 - 2014-10-19 00:24 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-09 20:13 - 2014-10-19 00:24 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-08 13:43 - 2015-07-02 22:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-02-08 13:43 - 2015-01-20 23:58 - 00000000 ____D C:\Users\User\AppData\Roaming\TeamViewer
2016-02-08 13:43 - 2014-10-18 23:34 - 00000000 ____D C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2016-02-08 13:38 - 2014-10-17 19:42 - 00057560 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-04 21:19 - 2009-07-14 07:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-02 00:52 - 2014-10-24 19:33 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 00:52 - 2014-10-24 19:33 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 00:52 - 2014-10-24 19:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-01 00:39 - 2015-10-20 02:15 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client

==================== Files in the root of some directories =======

2014-12-11 01:11 - 2014-12-11 01:11 - 0045270 _____ () C:\Users\User\AppData\Roaming\room_v3.dat
2015-06-01 07:17 - 2015-07-03 14:12 - 0007602 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-28 00:08

==================== End of FRST.txt ============================



 

Addition_29-02-2016_21-11-23.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте..! :)

 

GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

Моля, изтеглете Malwarebytes Anti-Malware 2.2.0.1024 Final и я запазете на вашия десктоп.

  • Стартирайте файла mbam-setup-2.1.8.1057.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи се уверете че сте сложили отметка пред:
  • Launch Malwarebytes Anti-Malware
  • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката. Т.е. премахнете първата отметка:

DkgJ7Zr.png

  • Натиснете бутона Finish.
  • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
  • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
  • Ще започне проверка за зловреден софтуер.
  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи натиснете бутона Apply Actions.
  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
  • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
  • Отидете то табът History > Application Logs.

65ZBqkR.jpg

  • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.

 

BY4dvz9.png Сканиране с AdwCleaner

 
Моля, изтеглете и стартирайте програмата AdwCleaner (by Xplode):

  • Затворете всички стартирани програми и браузъри
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
  • Маркирайте Clean
  • Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта.
  • Моля, да публикувате съдържанието на този лог в отговора си
  • Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

 

E3feWj5.png  Сканиране с Junkware Removal Tool
 
Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

122.jpg?1414578932  Моля, изтеглете  Check Browsers' LNK by Dragokas & regist

  • Запомнете архива на вашия декстоп,разархивирате.
  • Временно спрете вашия  антивирусен софтуер.
  • Стартирайте файла Check Browsers LNK.exe от името на администратор.
  • Изчакайте програмата да завърши работата си.Това може да отнеме до 5 минути. Моля бъдете търпеливи. След сканирането, отворете генерираната папка LOG и публикувайте отчета Check_Browsers_LNK.log, в следвашия си пост.

 

Сканиране с SecurityCheck by glax24

  • Изтеглете SecurityCheck by glax24 от тук и запомнете инструмента на десктопа .
  • Стартирате програмата (ако използвате Windows XP) или стартирате с десен бутон на мишката от името на администратор (ако използвате Windows Vista/7/8/10)
  • Изчакайте да приключи сканирането.Ще се отвори в текстов файл с име SecurityCheck.txt. Копирайте съдържанието на  този файл  следващия си пост
  • Можете да намерите този файл в основната директория на системния диск в папка с име SecurityCheck, напр. C:\SecurityCheck\SecurityCheck.txt

 

pfNZP4A.png  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • Дневник от Malwarebytes Anti -Malware
  • AdwCleaner[s0].txt
  • JRT.txt
  • Check_Browsers_LNK.log
  • SecurityCheck.txt

 

 

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2.3.2016 г.
Scan Time: 18:27 ч.
Logfile: asd.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.02.04
Rootkit Database: v2016.02.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335928
Time Elapsed: 20 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 22
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, , [94687a08d1c8e650713845459171d62a], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, , [94687a08d1c8e650713845459171d62a], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT3329621, , [56a6f989eaaf2412ee456776fd06936d], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\Conduit, , [5aa250329ffa4de9ec59f087a65ecb35], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT3329621, , [ce2eccb66f2ab680c17220bd0003758b], 
PUP.Optional.CrossRider, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, , [57a5780a6f2a66d06499ac45fc07a65a], 
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\Conduit, , [cc30eb97811892a4cc78b6c17c889c64], 
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\Tbccint, , [8d6f0c766237132393ac96478e75cb35], 
PUP.Optional.Conduit, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\Tbccint_HKLM, , [ed0f0280613878be970f41ad3cc7a65a], 
PUP.Optional.GlobalUpdate, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, , [b7458002782143f3dbbfdb209073837d], 
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1DA0897E-24A9-4EAF-AA84-AF19C8C8F3CD}, , [54a8b7cb47524cead43ade15b0532cd4], 
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{356189C6-823C-4F97-B6A1-13B29F80F557}, , [58a4443e5b3ecc6a69a5ad4644bf1ee2], 
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3832282E-A5DB-4BE9-B9F5-503E7B448755}, , [cc301d655d3cde58f21b797a27dc8f71], 
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7CC88579-FFE5-48FC-9AEF-D5B5AB111C54}, , [906c344ef8a1d165ba54bf34be45bc44], 
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8F933301-C10A-4CDB-A3DD-29B8E329E744}, , [19e33a488b0e4aec7d918a6918eb54ac], 
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9972500D-A9F4-499B-9650-56E5C57CAD5F}, , [b3492d55ebae0a2c020cd320729115eb], 
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A49F3C98-93EA-4EB9-BFDA-732826F57730}, , [9864146e4f4a241265a83fb4887b6b95], 
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AC6DCF0E-5D6B-4463-86E1-A7A7D3DC22A0}, , [fdfff48e5f3ace6855b9ba39877c758b], 
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BA81C09E-5677-4B75-B65B-DAEC1CDFDF74}, , [3dbfb9c99cfdc96dfd10f7fcc53ed42c], 
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DBA31862-F532-45D7-86AA-1FDA47EE46D8}, , [f705a3df1a7f58de0a036093b74c5fa1], 
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E4C26A9D-94A9-4739-A42C-66CE67BBA850}, , [2cd04f333e5baf876e9f0de6dc2733cd], 
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F2C43D47-875D-4E9E-BCB2-8237498639F0}, , [ac500280b6e393a32be3dd16669dee12], 

Registry Values: 13
PUP.Optional.GlobalUpdate, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, IE, , [b7458002782143f3dbbfdb209073837d]
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1DA0897E-24A9-4EAF-AA84-AF19C8C8F3CD}|AppName, 839ac62c-3543-4dce-abf4-74492843eb53-2.exe-codedownloader.exe, , [54a8b7cb47524cead43ade15b0532cd4]
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{356189C6-823C-4F97-B6A1-13B29F80F557}|AppName, 839ac62c-3543-4dce-abf4-74492843eb53-2.exe-codedownloader.exe, , [58a4443e5b3ecc6a69a5ad4644bf1ee2]
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3832282E-A5DB-4BE9-B9F5-503E7B448755}|AppName, bc0a4064-916d-4450-9576-83b8e8d45d52-2.exe-buttonutil.exe, , [cc301d655d3cde58f21b797a27dc8f71]
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7CC88579-FFE5-48FC-9AEF-D5B5AB111C54}|AppName, 839ac62c-3543-4dce-abf4-74492843eb53-2.exe-codedownloader.exe, , [906c344ef8a1d165ba54bf34be45bc44]
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8F933301-C10A-4CDB-A3DD-29B8E329E744}|AppName, 839ac62c-3543-4dce-abf4-74492843eb53-2.exe-codedownloader.exe, , [19e33a488b0e4aec7d918a6918eb54ac]
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9972500D-A9F4-499B-9650-56E5C57CAD5F}|AppName, bc0a4064-916d-4450-9576-83b8e8d45d52-2.exe-codedownloader.exe, , [b3492d55ebae0a2c020cd320729115eb]
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A49F3C98-93EA-4EB9-BFDA-732826F57730}|AppName, 839ac62c-3543-4dce-abf4-74492843eb53-2.exe-buttonutil.exe, , [9864146e4f4a241265a83fb4887b6b95]
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AC6DCF0E-5D6B-4463-86E1-A7A7D3DC22A0}|AppName, 839ac62c-3543-4dce-abf4-74492843eb53-2.exe-codedownloader.exe, , [fdfff48e5f3ace6855b9ba39877c758b]
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BA81C09E-5677-4B75-B65B-DAEC1CDFDF74}|AppName, 839ac62c-3543-4dce-abf4-74492843eb53-2.exe-buttonutil.exe, , [3dbfb9c99cfdc96dfd10f7fcc53ed42c]
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DBA31862-F532-45D7-86AA-1FDA47EE46D8}|AppName, 839ac62c-3543-4dce-abf4-74492843eb53-2.exe-buttonutil.exe, , [f705a3df1a7f58de0a036093b74c5fa1]
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E4C26A9D-94A9-4739-A42C-66CE67BBA850}|AppName, 839ac62c-3543-4dce-abf4-74492843eb53-2.exe-buttonutil.exe, , [2cd04f333e5baf876e9f0de6dc2733cd]
PUP.Optional.CrossRider, HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F2C43D47-875D-4E9E-BCB2-8237498639F0}|AppName, 839ac62c-3543-4dce-abf4-74492843eb53-2.exe-codedownloader.exe, , [ac500280b6e393a32be3dd16669dee12]

Registry Data: 0
(No malicious items detected)

Folders: 13
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy, , [7389fd855c3ddc5a540ebf0c6b97f907], 
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy\20D1C407D6D641D1ACD4AD19637880E0, , [7389fd855c3ddc5a540ebf0c6b97f907], 
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy\7728136815BF4C9BBC9246291894D7E7, , [7389fd855c3ddc5a540ebf0c6b97f907], 
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint, , [996330521980b77f0123e9eaf90921df], 
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\IE, , [996330521980b77f0123e9eaf90921df], 
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\Multi, , [996330521980b77f0123e9eaf90921df], 
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\Multi\CT3329621, , [996330521980b77f0123e9eaf90921df], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Local\Tbccint, , [926aff836b2e6fc7e93c4192f2105fa1], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Local\Tbccint\Community Alerts, , [926aff836b2e6fc7e93c4192f2105fa1], 
PUP.Optional.Conduit, C:\Program Files (x86)\Tbccint, , [0af25b273a5f41f500d2cf0ba062926e], 
PUP.Optional.ShopperPro, C:\Users\Public\Documents\ShopperPro, , [49b3b8cad1c84bebcd3ce90c14eec13f], 
PUP.Optional.ShopperPro, C:\Users\Public\Documents\ShopperPro\JsDriver, , [49b3b8cad1c84bebcd3ce90c14eec13f], 
PUP.Optional.Goobzo, C:\Users\User\AppData\Local\Installer\Installiwebar_13626, , [758789f96d2c3402f073788cb2515aa6], 

Files: 7
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy\20D1C407D6D641D1ACD4AD19637880E0\dh.exe, , [73893f432376da5c7ba6809249b835cb], 
PUP.Optional.RazorWeb, C:\Users\User\AppData\Roaming\OpenCandy\20D1C407D6D641D1ACD4AD19637880E0\setup.exe, , [ba423e444f4a77bf469441120df49b65], 
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy\7728136815BF4C9BBC9246291894D7E7\dh.exe, , [4eae11715f3a9c9a879a42d0ef1231cf], 
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy\7728136815BF4C9BBC9246291894D7E7\AVG-PC-TuneUp2015-2200626.exe, , [7389fd855c3ddc5a540ebf0c6b97f907], 
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\Multi\CT3329621\configutaion.json, , [996330521980b77f0123e9eaf90921df], 
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\Multi\CT3329621\SetupIcon.ico, , [996330521980b77f0123e9eaf90921df], 
PUP.Optional.ShopperPro, C:\Users\Public\Documents\ShopperPro\JsDriver\Config.xml, , [49b3b8cad1c84bebcd3ce90c14eec13f], 

Physical Sectors: 0
(No malicious items detected)


(end)










 

# AdwCleaner v5.037 - Logfile created 02/03/2016 at 18:53:35
# Updated 28/02/2016 by Xplode
# Database : 2016-03-02.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner_5.037.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\Tbccint
[-] Folder Deleted : C:\ProgramData\Tbccint
[-] Folder Deleted : C:\Users\Public\Documents\ShopperPro
[-] Folder Deleted : C:\Users\Public\Documents\YTAHelper
[-] Folder Deleted : C:\Users\User\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\User\AppData\Local\Tbccint
[-] Folder Deleted : C:\Users\User\AppData\Local\Installer\Installsense_11076
[-] Folder Deleted : C:\Users\User\AppData\LocalLow\Tbccint
[-] Folder Deleted : C:\Users\User\AppData\Roaming\OpenCandy
[-] Folder Deleted : C:\Users\User\AppData\Roaming\RHEng

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3329621
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : HKCU\Software\Classes\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\Goobzo
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\Tbccint
[-] Key Deleted : HKCU\Software\Tbccint_HKLM
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Tbccint
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\Goobzo
[-] Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
[-] Key Deleted : HKU\.DEFAULT\Software\Goobzo
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar

***** [ Web browsers ] *****

[-] [C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vrwfu40n.default\prefs.js] [Preference] Deleted : user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A838651%2C%22ver%22%3A1%2C%22status%22%3A1%2C%22name%22%3A%2[...]
[-] [C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vrwfu40n.default\prefs.js] [Preference] Deleted : user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_resource_838660.value", "%22function%20startAskCom%28e%2Ct%2Cr%29%7Bfunction%20a%28e%29%7Bvar%20t%3Dnew%20RegExp[...]
[-] [C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vrwfu40n.default\prefs.js] [Preference] Deleted : user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22[...]
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4507 bytes] - [02/03/2016 18:53:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [4332 bytes] - [02/03/2016 18:52:44]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4653 bytes] ##########









 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Ultimate x64 
Ran by User (Administrator) on ба 02.03.2016 Ј. at 18:58:03,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 27 

Successfully deleted: C:\Users\User\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\User\AppData\Local\installer (Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62WM2SE3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P65K21V (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8IA6ORVN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HC52DBS8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IHT0G72O (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INQSM3B6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IV4VYZ7T (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JTIYH17L (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JZK69VUR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUJEJX2O (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2DJ3BOG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1WWU6YB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\prefetch\FREEALARMCLOCK.EXE-08D6F59F.pf (File) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62WM2SE3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P65K21V (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8IA6ORVN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HC52DBS8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IHT0G72O (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INQSM3B6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IV4VYZ7T (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JTIYH17L (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JZK69VUR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUJEJX2O (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2DJ3BOG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1WWU6YB (Temporary Internet Files Folder) 

Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ба 02.03.2016 Ј. at 19:00:19,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~









 

Check Browsers' LNK  by Alex Dragokas & regist                                 ver. 2.1.0.4

OS:       x64 Windows 7 Ultimate, 6.1.7601, Service Pack: 1
Time:     02.03.2016 - 19:04
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: Bulgarian (0x402). Codapage: OEM - c_866.nls (ok), ANSI - c_1251.nls (ok)
Elevated: Yes
User:     User    (group: Administrator)


* Suspicious objects will be marked with prefix >>>

=========================================================================
               ((((((       Other shortcuts       ))))))
=========================================================================

______________________  Suspicious ( low risk )  ________________________

-[*.URL] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock\Free Alarm Clock on the Web.lnk"         -> ["C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.url"] -> hxxp://FreeAlarmClockSoftware.com ( >>> FREEALARMCLOCK.exe exists <<< )

_______________________  Target does not exist  _________________________

- "C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\73b484f5a7a756d6\PokerStars.BG.lnk"         -> ["C:\Program Files (x86)\PokerStars.BG\PokerStarsUpdate.exe"]
- "C:\Users\User\AppData\Roaming\Microsoft\Office\Последни\упражнения.LNK"       -> ["C:\Users\User\Downloads\упражнения.doc"]
- "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6\Counter-Strike.lnk"       -> ["D:\cs\Counter-Strike 1.6\hl.exe"  =>> -game cstrike]
- "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6\CS Listen Server.lnk"     -> ["D:\cs\Counter-Strike 1.6\hl.exe"  =>> -nomaster -game cstrike -insecure]
- "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6\Uninstall.lnk"  -> ["D:\cs\Counter-Strike 1.6\uninst.exe"]
- "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.BG\Network Status.lnk"  -> ["C:\Program Files (x86)\PokerStars.BG\Tracer.exe"]
- "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.BG\PokerStars.bg.lnk"   -> ["C:\Program Files (x86)\PokerStars.BG\PokerStarsUpdate.exe"]
- "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.BG\Uninstall PokerStars.bg.lnk"   -> ["C:\Program Files (x86)\PokerStars.BG\PokerStarsUninstall.exe"  =>> /u:PokerStars.bg]
- "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ\Darksiders II\Darksiders II.lnk"         -> ["D:\asd\sd\Darksiders II\Darksiders2.exe"]
- "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ\Darksiders II\Uninstall Darksiders II.lnk"         -> ["D:\asd\sd\Darksiders II\unins000.exe"]

=========================================================================
                 ((((((      Internet shortcuts       ))))))
=========================================================================

- "C:\Users\User\Desktop\Counter-Strike Global Offensive.url"  ->     steam://rungameid/730
- "C:\Users\User\Desktop\Dota 2.url"  ->                              steam://rungameid/570
- "C:\Users\User\Desktop\EasyAntiCheat eSports.url"  ->               steam://rungameid/282660

_____________________ Statistics ____________________

Threats found:      0
Start mode:         Normal
Files processed:    4876 (Folders processed:  1153, shortcuts: 181)
Time spent:         1 sec. (search: 1 sec.)

Been verified:
C:\Users\User
C:\Users\Default
C:\Users\Public
C:\ProgramData
_____________________________ End of Log ________________________________

______________________ Maximum of file objects __________________________
1192  ( 1210 )  - C:\Users\User\AppData\Local\Steam\old_htmlcache_000

_________________________________________________________________________7668 bytes,









 

SecurityCheck by glax24 & Severnyj v.1.4.0.35 [23.01.16]
WebSite: www.safezone.cc
DateLog: 02.03.2016 19:23:25
Path starting: C:\Users\User\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: User
VersionXML: 2.56is-02.03.2016
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) Ultimate Lang: English(0409)
Installation date OS: 17.10.2014 16:18:22
LicenseStatus: Windows(R) 7, Ultimate edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [42.2 Gb] Used: [32.4 Gb] Free: [9.8 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.16428 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
Automatic Updates disabled
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service has stopped
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
System Restore Disable
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.0.1024 v.2.2.0.1024
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 4.11 (64-bit) v.4.11.0 Warning! Download Update
TeamViewer 11 v.11.0.53254
VLC media player v.2.1.5 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.18 v.7.18.112
--------------------------------- [ P2P ] ---------------------------------
µTorrent v.3.4.5.41712 Warning! P2P-client.
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 20 NPAPI v.20.0.0.306
------------------------------- [ Browser ] -------------------------------
Google Chrome v.48.0.2564.116
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.48.0.2564.116
---------------------------- [ UnwantedApps ] -----------------------------
Skype Click to Call v.8.0.0.9103 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------







Izvinete no Nqkoq ot programite prosto mi iztri Bg ezik ili kirilizatora... na pc-to 
 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Всички неща засечени от  Malwarebytes Anti-Malware - изтрийте..!

Изтрийте FRST.exe и логовете към нея. След това изтеглете отново свежа версия и повторете сканирането по тази инструкция:

 

Сканиране с Farbar Recovery Scan Tool

 

  • Моля изтеглете icon1337953436.pngFarbar Recovery Scan Tool (според версията на Windows изберете 32 битовата или 64 битовата версия) и го запазете на десктопа.
  • Стартирайте файла FRST.exe (или FRST64.exe)
  • Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
  • Натиснете бутона YClYkft.jpg.
  • Изчакайте търпеливо проверката да приключи.
  • Ще се създадат два лог файла с името - FRST.txt и Addition.txt на десктопа.
  • Копирайте съдържанието на файла FRST.txt в следващия си пост. Прикачете Addition.txt в коментар си (погледнете опцията Прикачване на файлове, когато публикувате мнение).

 

  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • FRST.txt (копирате цялото съдържание)
  • Addition.txt (прикачате..),
  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Само да попитам след като вече затворих програмата Мбам
Каде мога да намеря Тези така наречени вируси и да ги изтрия защото 
Като цяло започнах да сканирам на ново..И намери само една част от предното сканиране
Другото което е че само единият логов файл ми излезе фрст..ехе
 

 

Извинявам се ето ги логовите файлове!!!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-03-2016
Ran by User (administrator) on USER-PC (03-03-2016 18:47:22)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\main.exe
(The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Cortex\Cef\CefSharp.BrowserSubprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13675736 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4859592 2015-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-11-20] (Raptr, Inc)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [98256 2015-08-31] (Razer Inc.)
HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\...\Run: [Viber] => "C:\Users\User\AppData\Local\Viber\Viber.exe"
HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\...\Run: [RGSC] => D:\sd\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 95.87.0.251 95.87.0.252
Tcpip\..\Interfaces\{081756E3-7BA6-43E7-884C-6906AE89F75B}: [DhcpNameServer] 95.87.0.251 95.87.0.252

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vrwfu40n.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vrwfu40n.default\extensions\ROUAILDE73397174@UXGZI17268980.com [not found]
FF Extension: downintabmaxmax - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vrwfu40n.default\extensions\downintab@max.max [2014-10-23] [not signed]

Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-18]
CHR Extension: (Google Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-18]
CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Търсене) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Електронни таблици от Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-18]
CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-18]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [242960 2016-02-07] (EasyAntiCheat Ltd)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-08-15] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-08-31] (Razer Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-04] (Advanced Micro Devices Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-10-18] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3341904 2012-03-26] (Broadcom Corporation)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-11-29] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-03 18:44 - 2016-03-03 18:47 - 00013282 _____ C:\Users\User\Downloads\FRST.txt
2016-03-03 18:44 - 2016-03-03 18:47 - 00000000 ____D C:\FRST
2016-03-03 18:43 - 2016-03-03 18:43 - 02371584 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2016-03-02 21:25 - 2016-03-02 21:25 - 00000000 ____D C:\Users\User\Documents\ESL Match Media
2016-03-02 21:11 - 2016-03-03 18:20 - 00000000 ____D C:\Program Files\EslWire
2016-03-02 21:02 - 2016-03-02 21:02 - 00934712 _____ (Turtle Entertainment GmbH) C:\Users\User\Downloads\ESLWireSetup-1.19.0.8185.exe
2016-03-02 19:23 - 2016-03-02 19:23 - 00488580 _____ (glax24 (safezone.cc)) C:\Users\User\Downloads\SecurityCheck.exe
2016-03-02 19:23 - 2016-03-02 19:23 - 00000000 ____D C:\SecurityCheck
2016-03-02 19:03 - 2016-03-02 19:03 - 00242486 _____ C:\Users\User\Downloads\CheckBrowsersLNK.zip
2016-03-02 19:03 - 2016-02-27 16:56 - 00671856 _____ (Alex Dragokas) C:\Users\User\Desktop\Check Browsers LNK.exe
2016-03-02 18:57 - 2016-03-02 18:57 - 01609216 _____ (Malwarebytes) C:\Users\User\Downloads\JRT.exe
2016-03-02 18:51 - 2016-03-02 18:53 - 00000000 ____D C:\AdwCleaner
2016-03-02 18:51 - 2016-03-02 18:51 - 01518592 _____ C:\Users\User\Downloads\adwcleaner_5.037.exe
2016-03-02 18:26 - 2016-03-03 18:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-02 18:25 - 2016-03-02 18:25 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-02 18:25 - 2016-03-02 18:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-02 18:25 - 2016-03-02 18:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-02 18:25 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-02 18:25 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-02 18:25 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-02 18:23 - 2016-03-02 18:23 - 22908888 _____ (Malwarebytes ) C:\Users\User\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-21 09:22 - 2016-02-21 09:22 - 00069944 _____ C:\Users\User\Downloads\Justice.League.Doom.2012.(subs.sab.bz).rar
2016-02-21 09:21 - 2016-02-21 09:21 - 00014590 _____ C:\Users\User\Downloads\Justice League Doom[2012]BRRip XviD-ETRG.torrent
2016-02-18 17:16 - 2016-02-18 17:16 - 00000219 _____ C:\Users\User\Desktop\Dota 2.url
2016-02-17 04:00 - 2016-02-17 04:05 - 268136801 _____ C:\Users\User\Downloads\cs16full_sector_edition.exe
2016-02-08 13:40 - 2016-02-08 13:41 - 06828320 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup514.exe
2016-02-08 13:38 - 2016-02-08 13:38 - 00021986 _____ C:\Users\User\Downloads\scooby.doo.camp.scare.2010.dvdrip.xvid-qcf(subsunacs.net).rar
2016-02-08 13:38 - 2016-02-08 13:38 - 00011494 _____ C:\Users\User\Downloads\Scooby-Doo.Camp.Scare.2010.STV.MULTI.BRRip.x264.mkv.torrent
2016-02-07 19:22 - 2016-02-07 19:22 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-02-07 19:22 - 2016-02-07 19:22 - 00001035 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-02-07 19:21 - 2016-02-07 19:21 - 09665808 _____ (TeamViewer GmbH) C:\Users\User\Downloads\TeamViewer_Setup_bg-iod.exe
2016-02-07 16:17 - 2016-02-07 16:17 - 00242960 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2016-02-07 16:17 - 2016-02-07 16:17 - 00000222 _____ C:\Users\User\Desktop\EasyAntiCheat eSports.url
2016-02-07 12:55 - 2016-02-07 12:55 - 00000000 ____D C:\Users\User\Desktop\www

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-03 18:44 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-03 18:44 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-03 18:39 - 2014-10-20 15:36 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2016-03-03 18:37 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-03 18:19 - 2014-10-19 00:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-03 18:11 - 2014-10-17 19:45 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-03 17:57 - 2014-10-24 19:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-03 07:44 - 2015-02-19 08:25 - 00000000 ____D C:\Users\User\AppData\Local\Steam
2016-03-02 22:59 - 2014-10-18 20:00 - 00000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2016-03-02 19:45 - 2016-01-17 15:53 - 00000000 ____D C:\wqe
2016-02-21 14:44 - 2014-10-17 19:55 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2016-02-21 10:22 - 2015-04-24 09:12 - 00000000 ____D C:\Users\User\AppData\LocalLow\Temp
2016-02-19 23:05 - 2014-10-24 19:33 - 00002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 23:05 - 2014-10-24 19:33 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-18 22:46 - 2014-10-20 15:36 - 00000000 ____D C:\ProgramData\Skype
2016-02-17 04:07 - 2015-07-02 22:26 - 00000000 ____D C:\Users\User\AppData\Local\AMD
2016-02-16 18:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-02-15 08:42 - 2009-07-14 06:45 - 00275432 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-09 20:13 - 2014-10-19 00:24 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-09 20:13 - 2014-10-19 00:24 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-09 20:13 - 2014-10-19 00:24 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-08 13:43 - 2015-07-02 22:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-02-08 13:43 - 2015-01-20 23:58 - 00000000 ____D C:\Users\User\AppData\Roaming\TeamViewer
2016-02-08 13:43 - 2014-10-18 23:34 - 00000000 ____D C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2016-02-08 13:38 - 2014-10-17 19:42 - 00057560 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-04 21:19 - 2009-07-14 07:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-02 00:52 - 2014-10-24 19:33 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 00:52 - 2014-10-24 19:33 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 00:52 - 2014-10-24 19:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

==================== Files in the root of some directories =======

2014-12-11 01:11 - 2014-12-11 01:11 - 0045270 _____ () C:\Users\User\AppData\Roaming\room_v3.dat
2015-06-01 07:17 - 2015-07-03 14:12 - 0007602 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\EslWireSetup-1.19.0.8185-x64.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-28 00:08

==================== End of FRST.txt ============================

Addition_03-03-2016_18-47-50.txt

И намерих и останалите те са били в карантина.. изтрих и тях от вчера )

Редактирано от porata (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Така..! :)

56d86ca54c24d_.JPG.3cd40c8e24456594bd125

 

Липсва прикачения файл

  • Addition.txt (прикачате..)

Деинсталирайте следния софтуер ( в карето) по стандартния метод:

 

Цитат

Skype Click to Call v.8.0.0.9103 Warning! Browser's toolbar. - Това може да забави работата на вашия браузър и да има проблем с  поверителността.

 

Фикс с Farbar Recovery Scan Tool

 
icon13.gif Изтеглете прикачения файл - fixlist.txt  и го запазете там, където сте свалили FRST.exe
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.
Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.

 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

 

  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • FixLog.txt

 

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Fix result of Farbar Recovery Scan Tool (x64) Version:02-03-2016
Ran by User (2016-03-03 20:33:08) Run:1
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
StartMenuInternet: IEXPLORE.EXE - iexplore.exe 
C:\Users\User\AppData\Local\Temp\EslWireSetup-1.19.0.8185-x64.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\vcredist_x64.exe
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [118]
cmd: bitsadmin /reset /allusers 
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
emptytemp:
reboot:
end
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
C:\Users\User\AppData\Local\Temp\EslWireSetup-1.19.0.8185-x64.exe => moved successfully
C:\Users\User\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\User\AppData\Local\Temp\vcredist_x64.exe => moved successfully
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 511.6 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 20:33:13 ====


Другият текст. файл съм го прикачил в по горният пост ) 

Сега ще кажа нещо което е извън темата 
Благодарен съм ви че ви има защото най малкото което правите е спестявате усилия на хората и най важното пари!
 

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Благодаря...! Как е сега положението със системата ви. Наблюдавате ли първоначалните проблеми..!

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Мисля че е доста по добре 
То и като цяло имам доста програми който трябва да бъдат премахнати малко да го поизчистя от ненужни програми 
Отново Благодаря и дано всичко е наред за напред и да ви търся възможно най малко !!! ::D

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Прекрасно..! :)

Обновете следния софтуер:

Цитат

WinRAR 4.11 (64-bit) v.4.11.0 Warning! Download Update

VLC media player v.2.1.5 Warning! Download Update

Internet Explorer 11.0.9600.16428 Warning! Download Update

 

Да направим едно контролно сканиране и приключваме:

1.Изтеглете Hitman Pro.

За 32-битова система - dEMD6.gif.
За 64-битова система - Download-button3.gif

2.Стартирайте програмата.
3.След като сте стартирали програмата като кликнете върху иконата 5vo5F.jpg и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).

4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

5.Натиснете бутона „Напред“.

6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.
 
Забележка: Ако няма падащо меню, където да изберете ignore както на снимката:
 
6-scanfin-choose.jpg
 
Тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:\Programdata\HitmanPro\Logs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.

Забележка: Папката C:\ProgramData е скрита и затова трябва да направите скритите файлове видими по-следния начин:

От My Computer => Tools => Folder Options => View:

Сложете отметка пред "Show hidden files, folders and drives"

и махнете отметката пред "Hide protected operating system files (recommended)".

Натиснете Apply.

Сега проверете за лог файла в папката C:\Programdata\HitmanPro\Logs и го прикачете в следващия си коментар. :)

 

Сканиране с ESET Online Scan
 
 
i_arrow-r.gif Изтеглете програмата: ESET Online Scanner

  • Стартирайте esetsmartinstaller_enu.exe 7c9e83b53227ef3d.jpg
  • Сложете отметка на YES, I accept the Terms of Use и изберете Start:

04ed1c15c0abe843.jpg

  • Скенерът ще започне да изтегля компонентите, които са му необходими:

3b734079c5ccd713.jpg

  • Уверете се, че Enable detection of potentially unwanted applications е избран.

Уверете се, че е премахната отметката от:

  • Remove found threats

Уверете се че са маркирани следните позиции:

  • Scan Archives

Кликнете върху Advanced Settings и маркирайте следните опции:

  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

Накрая изберете Start
 
2.JPG
 
Скенерът ще започне да изтегля последните дефиниции и ще започне сканиране на вашия компютър.
Моля, бъдете търпеливи, тъй като това може да отнеме известно време.

  • След, като сканирането завърши кликнете на List of found threats.
  • Щракнете върху Export, и запишете файла на вашия работен плот с  име  ESETScan. Копирайте съдържанието на този доклад, в следващия си отговор.
  • Изберете бутона Back.
  • Изберете бутона Finish.

 

 

  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • Дневник от HitmanPro
  • Дневник от ESET Online Scanner ( List of found threats )
  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

code]
HitmanPro 3.7.13.258
www.hitmanpro.com

   Computer name . . . . : USER-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : User-PC\User
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-03-20 10:51:07
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 57s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 186

   Objects scanned . . . : 1 048 058
   Files scanned . . . . : 19 984
   Remnants scanned  . . : 172 634 files / 855 440 keys

Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\AppID\{76efae02-0a02-45c9-a8a4-98e69e98e894}\ (RazorWeb)
   HKLM\SOFTWARE\Classes\AppID\{bbd11510-964d-48c6-84f0-2d414559e06a}\ (RazorWeb)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{76efae02-0a02-45c9-a8a4-98e69e98e894}\ (RazorWeb)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{bbd11510-964d-48c6-84f0-2d414559e06a}\ (RazorWeb)
   HKLM\SYSTEM\ControlSet001\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro)
   HKLM\SYSTEM\ControlSet001\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro)
   HKLM\SYSTEM\ControlSet002\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro)
   HKLM\SYSTEM\ControlSet002\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro)
   HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro)
   HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro)
   HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\Software\AppDataLow\Software\Smartbar\ (Conduit)
   HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar\ (iWebar)
   HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\Software\Conduit\ (Conduit)
   HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} (ShopperPro)
   HKU\S-1-5-21-1710281554-3881854972-3818547670-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} (ShopperPro)
   HKU\S-1-5-21-1710281554-3881854972-3818547670-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar\ (iWebar)

Cookies _____________________________________________________________________

   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:3546821071.log.optimizely.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:3750190367.log.optimizely.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:acuityplatform.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:acxiom-online.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.sbb.bg
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad1.adfarm1.adition.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adadvisor.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adfarm1.adition.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adformdsp.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adgrx.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adingo.jp
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:admized.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.betweendigital.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.deliverimp.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.indexinfo.org
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.inews.bg
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.kaldata.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.programattik.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pruc.org
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.spisanie.to
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.traffichunt.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.trafficjunky.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.tv7.bg
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsby.bidtheatre.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscale.de
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscience.nl
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.video
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertere.***
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adx.adform.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adzerk.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:angsrvr.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:atemda.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:audienceiq.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:basebanner.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidr.io
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.appier.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:chango.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:cnzz.mmstat.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:connexity.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ctnsnet.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:d.adroll.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:diff3.smartadserver.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmp.adform.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpclk.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.phn.doublepimp.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:erne.co
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyereturn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyeviewads.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:genieessp.jp
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:genieesspv.jp
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:go.sonobi.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:gssprt.jp
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:href.asia
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ib.mookie1.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ibeu2.mookie1.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ibillboard.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ih.adscale.de
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ipredictive.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:kau.li
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:legolas-media.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:liverail.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:m6r.eu
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:metanetwork.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:metrigo.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ml314.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:mmstat.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:mxptint.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:myroitracking.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:optimatic.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ox-d.mailonline.servedbyopenx.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ox-d.warnerbros.servedbyopenx.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel-a.sitescout.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.sitescout.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:po.st
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:porn-xnick.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornhub.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:pswec.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:relestar.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:rhythmxchange.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:rtbidder.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:russiasexygirls.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:s7.addthis.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.adformdsp.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:servesharp.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving.xxxwebtraffic.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:swid.switchads.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:sxp.smartclip.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap-t.rubiconproject.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap.rubiconproject.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap2-cdn.rubiconproject.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:trc.taboola.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tremorhub.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:virool.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:warnerbros.112.2o7.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:wtp101.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pornhub.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:xxxsexxx.tumblr.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\5PXBE4CD.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\9HACECKR.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Z4X2S45N.txt








C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\tb_free.exe    a variant of Win32/TFTPD32.A potentially unsafe application
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vrwfu40n.default\extensions\downintab@max.max\content\overlay.js    JS/Toolbar.Crossrider.T potentially unwanted application
C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.2_34537.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe    a variant of Win32/OpenCandy.A potentially unsafe application
D:\programi\Daemon Tools Lite 4.47.1.0333\DTLite4471-0333.exe    Win32/DownWare.L potentially unwanted application




Извинявам се за закъснението нямах допир до интернет дълго време 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход


×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.