Премини към съдържанието
piston79

Реклами и пренасочвания/съмнение за вирус.

Препоръчан отговор


Здравейте!

От известно време насам имам проблем при браузване в интернет, постоянно изкачат прозорки с реклама на ефбет, а вчера даже нещо като видео от каунтър страйк ((макар и за секунди)

Използвам аваст и малуеърбайтс, отделно adon за  мозила -Адблок +,

При сканиране и от двете не излиза нищо особени като инфекция (само някакъв .длл от една стара игра).

 

П.С. Обикновено съм на компютъра късно вечер и то не всеки ден, така че може би няма да мога да изпълнявам бързо съветите Ви....

 

Цитат

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2017

Ran by Zzz (administrator) on ZZZ-PC (01-09-2017 08:10:03)

Running from C:\Users\Zzz\Desktop

Loaded Profiles: Zzz (Available Profiles: Zzz)

Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

==================== Processes (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Corsair) C:\Program Files\Corsair SSD Toolbox\CSSDTService.exe

(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe

() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ====================

 

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-08-31] (AVAST Software)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-21-1823912443-1866771204-3555711914-1000\...\MountPoints2: {055e4e18-335f-11e5-9408-001d60d7f6a8} - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1823912443-1866771204-3555711914-1000\...\MountPoints2: {5e88b65b-6b32-11e4-9a32-001d60d7f6a8} - F:\setup.exe

 

 

==================== Internet (Whitelisted) ====================

 

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

 

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{9267BF8D-66E0-4FF0-BD4B-EC6A5630C7B0}: [DhcpNameServer] 192.168.0.1

 

 

Internet Explorer:

==================

HKU\S-1-5-21-1823912443-1866771204-3555711914-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.abv.bg/

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-26] (Oracle Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-08-31] (AVAST Software)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-26] (Oracle Corporation)

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-12] (Microsoft Corporation)

 

 

FireFox:

========

FF ProfilePath: C:\Users\Zzz\AppData\Roaming\Mozilla\Firefox\Profiles\sefmfwtz.default-1440174430788 [2017-09-01]

FF Extension: (ADB Helper) - C:\Users\Zzz\AppData\Roaming\Mozilla\Firefox\Profiles\sefmfwtz.default-1440174430788\Extensions\adbhelper@mozilla.org [2017-08-29]

FF Extension: (Avast SafePrice) - C:\Users\Zzz\AppData\Roaming\Mozilla\Firefox\Profiles\sefmfwtz.default-1440174430788\Extensions\sp@avast.com.xpi [2017-08-24]

FF Extension: (Avast Online Security) - C:\Users\Zzz\AppData\Roaming\Mozilla\Firefox\Profiles\sefmfwtz.default-1440174430788\Extensions\wrc@avast.com.xpi [2017-08-20]

FF Extension: (Adblock Plus) - C:\Users\Zzz\AppData\Roaming\Mozilla\Firefox\Profiles\sefmfwtz.default-1440174430788\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]

FF HKLM\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF => not found

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-14] ()

FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-26] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-26] (Oracle Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1823912443-1866771204-3555711914-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Zzz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)

 

 

Chrome:

=======

CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>

 

 

==================== Services (Whitelisted) ====================

 

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5830352 2017-08-31] (AVAST Software s.r.o.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-08-31] (AVAST Software)

R2 CorsairSSDToolBox; C:\Program Files\Corsair SSD Toolbox\CSSDTService.exe [1864808 2014-08-12] (Corsair)

R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)

R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]

S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5429520 2015-01-30] (TeamViewer GmbH)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

 

 

===================== Drivers (Whitelisted) ======================

 

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [267520 2017-08-31] (AVAST Software s.r.o.)

R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157416 2017-08-31] (AVAST Software s.r.o.)

R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276736 2017-08-31] (AVAST Software s.r.o.)

R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50384 2017-08-31] (AVAST Software s.r.o.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42856 2017-08-31] (AVAST Software)

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39784 2017-08-31] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [124952 2017-08-31] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [99568 2017-08-31] (AVAST Software)

R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70864 2017-08-31] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [773800 2017-08-31] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [500136 2017-08-31] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [147720 2017-08-31] (AVAST Software)

R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296824 2017-08-31] (AVAST Software)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2015-12-19] (Disc Soft Ltd)

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)

R3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()

R0 mv61xx; C:\Windows\System32\drivers\mv61xx.sys [155688 2009-10-12] (Marvell Semiconductor, Inc.)

R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13976 2009-05-01] (Logitech Inc.)

R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-05-01] (Logitech Inc.)

S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3563520 2010-08-20] ()

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

 

 

==================== One Month Created files and folders ========

 

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

 

2017-08-31 21:33 - 2017-08-31 21:33 - 000304816 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2017-08-31 00:37 - 2017-08-31 00:37 - 000000000 ____D C:\ProgramData\ESET

2017-08-31 00:15 - 2017-08-31 00:15 - 009264611 _____ C:\Users\Zzz\Desktop\A. Canev, A. Petrov - Mestna PVO.djvu

2017-08-30 22:25 - 2017-08-30 22:30 - 000035386 _____ C:\Users\Zzz\Desktop\Addition.txt

2017-08-30 22:24 - 2017-09-01 08:10 - 000010026 _____ C:\Users\Zzz\Desktop\FRST.txt

2017-08-30 22:24 - 2017-09-01 08:10 - 000000000 ____D C:\FRST

2017-08-30 22:22 - 2017-08-30 22:23 - 001792512 _____ (Farbar) C:\Users\Zzz\Desktop\FRST.exe

2017-08-28 18:02 - 2017-08-28 18:02 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk

2017-08-28 18:02 - 2017-08-28 18:02 - 000002130 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk

2017-08-27 17:38 - 2017-08-27 17:38 - 000002246 _____ C:\Users\Zzz\Desktop\JRT.txt

2017-08-26 07:49 - 2017-08-26 07:49 - 000000000 ____D C:\Program Files\Common Files\Java

2017-08-25 19:14 - 2017-08-27 17:27 - 000000000 ____D C:\AdwCleaner

2017-08-14 19:06 - 2017-07-29 17:50 - 000074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2017-08-14 19:06 - 2017-07-21 17:26 - 000518144 _____ C:\Windows\system32\msjetoledb40.dll

2017-08-14 19:06 - 2017-07-21 17:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\system32\msexch40.dll

2017-08-14 19:06 - 2017-07-21 17:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\system32\msjtes40.dll

2017-08-14 19:06 - 2017-07-21 17:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\system32\mstext40.dll

2017-08-14 19:06 - 2017-07-15 20:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2017-08-14 19:06 - 2017-07-14 18:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll

2017-08-14 19:06 - 2017-07-14 18:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll

2017-08-14 19:06 - 2017-07-14 18:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll

2017-08-14 19:06 - 2017-07-14 18:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll

2017-08-14 19:06 - 2017-07-14 18:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2017-08-14 19:06 - 2017-07-14 18:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll

2017-08-14 19:06 - 2017-07-14 18:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll

2017-08-14 19:06 - 2017-07-14 18:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll

2017-08-14 19:06 - 2017-07-14 18:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll

2017-08-14 19:06 - 2017-07-14 18:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll

2017-08-14 19:06 - 2017-07-14 18:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe

2017-08-14 19:06 - 2017-07-14 18:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe

2017-08-14 19:06 - 2017-07-14 17:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe

2017-08-14 19:06 - 2017-07-14 17:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll

2017-08-14 19:06 - 2017-07-14 17:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe

2017-08-14 19:06 - 2017-07-14 17:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll

2017-08-14 19:06 - 2017-07-14 06:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2017-08-14 19:06 - 2017-07-14 06:00 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2017-08-14 19:06 - 2017-07-14 05:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2017-08-14 19:06 - 2017-07-14 05:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2017-08-14 19:06 - 2017-07-14 05:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2017-08-14 19:06 - 2017-07-14 05:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2017-08-14 19:06 - 2017-07-14 05:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2017-08-14 19:06 - 2017-07-14 05:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2017-08-14 19:06 - 2017-07-14 05:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2017-08-14 19:06 - 2017-07-14 05:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2017-08-14 19:06 - 2017-07-14 05:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2017-08-14 19:06 - 2017-07-14 05:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2017-08-14 19:06 - 2017-07-14 05:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2017-08-14 19:06 - 2017-07-14 05:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2017-08-14 19:06 - 2017-07-14 05:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2017-08-14 19:06 - 2017-07-14 05:38 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2017-08-14 19:06 - 2017-07-14 05:33 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2017-08-14 19:06 - 2017-07-14 05:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2017-08-14 19:06 - 2017-07-14 05:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2017-08-14 19:06 - 2017-07-14 05:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2017-08-14 19:06 - 2017-07-14 05:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2017-08-14 19:06 - 2017-07-14 05:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2017-08-14 19:06 - 2017-07-14 05:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2017-08-14 19:06 - 2017-07-14 05:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2017-08-14 19:06 - 2017-07-14 05:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2017-08-14 19:06 - 2017-07-14 05:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2017-08-14 19:06 - 2017-07-14 05:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2017-08-14 19:06 - 2017-07-14 05:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2017-08-14 19:06 - 2017-07-14 05:12 - 000689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2017-08-14 19:06 - 2017-07-14 05:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2017-08-14 19:06 - 2017-07-14 05:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2017-08-14 19:06 - 2017-07-14 05:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2017-08-14 19:06 - 2017-07-14 04:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2017-08-14 19:06 - 2017-07-14 04:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2017-08-14 19:06 - 2017-07-14 04:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2017-08-14 19:06 - 2017-07-08 18:19 - 000250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

2017-08-14 19:06 - 2017-07-08 17:51 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2017-08-14 19:06 - 2017-07-07 18:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2017-08-14 19:06 - 2017-07-07 18:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2017-08-14 19:06 - 2017-07-07 18:15 - 000296680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys

2017-08-14 19:06 - 2017-07-07 18:15 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2017-08-14 19:06 - 2017-07-07 18:15 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2017-08-14 19:06 - 2017-07-07 18:13 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2017-08-14 19:06 - 2017-07-07 18:11 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2017-08-14 19:06 - 2017-07-07 18:11 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2017-08-14 19:06 - 2017-07-07 18:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2017-08-14 19:06 - 2017-07-07 18:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2017-08-14 19:06 - 2017-07-07 18:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2017-08-14 19:06 - 2017-07-07 18:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2017-08-14 19:06 - 2017-07-07 18:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2017-08-14 19:06 - 2017-07-07 18:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll

2017-08-14 19:06 - 2017-07-07 18:11 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2017-08-14 19:06 - 2017-07-07 18:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2017-08-14 19:06 - 2017-07-07 18:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2017-08-14 19:06 - 2017-07-07 18:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2017-08-14 19:06 - 2017-07-07 18:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2017-08-14 19:06 - 2017-07-07 18:10 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2017-08-14 19:06 - 2017-07-07 18:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2017-08-14 19:06 - 2017-07-07 18:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2017-08-14 19:06 - 2017-07-07 18:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2017-08-14 19:06 - 2017-07-07 18:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2017-08-14 19:06 - 2017-07-07 18:10 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll

2017-08-14 19:06 - 2017-07-07 18:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2017-08-14 19:06 - 2017-07-07 18:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2017-08-14 19:06 - 2017-07-07 18:10 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2017-08-14 19:06 - 2017-07-07 18:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2017-08-14 19:06 - 2017-07-07 18:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2017-08-14 19:06 - 2017-07-07 17:52 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2017-08-14 19:06 - 2017-07-07 17:52 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2017-08-14 19:06 - 2017-07-07 17:52 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2017-08-14 19:06 - 2017-07-07 17:52 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2017-08-14 19:06 - 2017-07-07 17:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2017-08-14 19:06 - 2017-07-07 17:50 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2017-08-14 19:06 - 2017-07-07 17:48 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2017-08-14 19:06 - 2017-07-07 17:48 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2017-08-14 19:06 - 2017-07-07 17:48 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2017-08-14 19:06 - 2017-07-07 17:47 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2017-08-14 19:06 - 2017-07-07 17:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2017-08-14 19:06 - 2017-07-07 17:47 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2017-08-14 19:06 - 2017-07-07 17:47 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2017-08-14 19:06 - 2017-07-01 16:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll

2017-08-14 19:06 - 2017-07-01 16:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\system32\mswdat10.dll

2017-08-14 19:06 - 2017-07-01 16:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\system32\mswstr10.dll

2017-08-14 19:06 - 2017-07-01 16:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\system32\msrepl40.dll

2017-08-14 19:06 - 2017-07-01 16:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\system32\msxbde40.dll

2017-08-14 19:06 - 2017-07-01 16:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\system32\mspbde40.dll

2017-08-14 19:06 - 2017-07-01 16:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll

2017-08-14 19:06 - 2017-07-01 16:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll

2017-08-14 19:06 - 2017-07-01 16:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x40.dll

2017-08-14 19:06 - 2017-07-01 16:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\msltus40.dll

2017-08-14 19:06 - 2017-07-01 16:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\system32\msjint40.dll

2017-08-14 19:06 - 2017-07-01 16:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\msjter40.dll

 

 

==================== One Month Modified files and folders ========

 

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

 

2017-09-01 08:09 - 2016-11-18 17:43 - 000000000 ____D C:\Users\Zzz\AppData\LocalLow\Mozilla

2017-09-01 02:22 - 2009-07-14 07:34 - 000025536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-09-01 02:22 - 2009-07-14 07:34 - 000025536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-09-01 02:18 - 2010-11-21 00:01 - 000792294 _____ C:\Windows\system32\PerfStringBackup.INI

2017-09-01 02:18 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf

2017-09-01 02:14 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2017-08-31 21:38 - 2014-11-11 16:09 - 000170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2017-08-31 21:33 - 2014-11-11 17:59 - 000500136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2017-08-31 21:33 - 2014-11-11 17:59 - 000296824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys

2017-08-31 21:33 - 2014-11-11 17:59 - 000147720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2017-08-31 21:33 - 2014-11-11 17:59 - 000124952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2017-08-31 21:33 - 2014-11-11 17:59 - 000099568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2017-08-31 21:33 - 2014-11-11 17:59 - 000070864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys

2017-08-31 21:33 - 2014-11-11 17:59 - 000042856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys

2017-08-31 21:32 - 2017-02-18 07:37 - 000276736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys

2017-08-31 21:32 - 2017-02-18 07:37 - 000267520 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys

2017-08-31 21:32 - 2017-02-18 07:37 - 000157416 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys

2017-08-31 21:32 - 2017-02-18 07:37 - 000050384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys

2017-08-31 21:32 - 2016-03-23 11:44 - 000039784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys

2017-08-31 21:32 - 2014-11-11 17:59 - 000773800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2017-08-30 18:44 - 2015-07-16 18:56 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2017-08-28 18:02 - 2014-11-14 15:45 - 000000000 ____D C:\Program Files\Google

2017-08-26 07:54 - 2014-12-23 00:08 - 000000000 ____D C:\ProgramData\Oracle

2017-08-26 07:50 - 2015-02-06 13:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2017-08-26 07:50 - 2014-12-23 00:08 - 000000000 ____D C:\Program Files\Java

2017-08-26 07:49 - 2014-12-23 00:08 - 000095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2017-08-22 08:20 - 2014-11-12 01:29 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2017-08-22 08:20 - 2014-11-12 01:29 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2017-08-22 08:19 - 2014-11-12 01:29 - 000000000 ____D C:\Windows\system32\Macromed

2017-08-21 02:42 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\rescache

2017-08-15 06:53 - 2009-07-14 07:33 - 000418584 _____ C:\Windows\system32\FNTCACHE.DAT

2017-08-15 00:34 - 2015-07-17 07:59 - 000000000 ____D C:\Users\Zzz\AppData\Roaming\vlc

2017-08-14 19:10 - 2014-11-11 22:12 - 000000000 ____D C:\Windows\system32\MRT

2017-08-14 19:07 - 2015-04-24 12:23 - 137505280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2017-08-13 16:23 - 2014-11-23 19:13 - 000000000 ____D C:\ProgramData\Skype

2017-08-13 15:58 - 2014-11-12 21:36 - 000000000 ___SD C:\Users\Zzz\AppData\LocalLow\Temp

 

 

==================== Files in the root of some directories =======

 

 

1641-02-20 09:06 - 1641-02-20 09:06 - 000000000 ____H () C:\Users\Zzz\AppData\Local\BIT1574.tmp

2015-09-12 23:11 - 2017-03-02 23:14 - 000006656 _____ () C:\Users\Zzz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-11-28 09:39 - 2015-11-28 09:39 - 000000036 _____ () C:\Users\Zzz\AppData\Local\housecall.guid.cache

2017-07-12 19:12 - 2017-07-12 19:12 - 000001010 _____ () C:\Users\Zzz\AppData\Local\recently-used.xbel

2015-07-23 19:43 - 2017-05-27 22:01 - 000007651 _____ () C:\Users\Zzz\AppData\Local\resmon.resmoncfg

1641-02-20 09:06 - 1641-02-20 09:06 - 000000000 _____ () C:\Users\Zzz\AppData\Local\{4BC2EF26-D564-4340-B62F-7F30DC37E032}

2015-05-06 18:13 - 2015-05-06 18:13 - 000000057 _____ () C:\ProgramData\Ament.ini

2015-04-24 00:29 - 2015-04-24 00:29 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

 

 

==================== Bamital & volsnap ======================

 

 

(There is no automatic fix for files that do not pass verification.)

 

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2017-09-01 02:31

 

 

==================== End of FRST.txt ============================

 

 

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Лог файловете изглеждат наред. Специално за рекламите на Efbet се появяват и при мен чат-пат. Има някои сайтове с доста агресивни скриптове, които минават през NoScript и Adblock Plus. Това, което при мен помага и съм го добавил към Adblock Plus и към Element Hiding Helper-a се казва Adblock Plus Pop-up Addon

http://jessehakanen.net/adblockpluspopupaddon/

Активира се като се постави следната отметка:

orHqHRc.png

а от настройките:

E2Apafu.png

Поздрави!

 • Харесва ми 3

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Благодаря!

 

Линкът към този блокер не работи, но ще потърся нещо подобно. Ако забележа отново проблем - ще пиша отново във форума!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход


 • Горещи теми в момента

 • Подобни теми

  • от Rosoman
   Здравейте!От близо месец забелязвам,че понякога като гледам филм или слушам нещо в youtube компа замръзва и се ресетва...Само 2 пъти стана така.Но от седмица започна и да се бави..Досега не се е случвало..Отварял съм игри  и песни едновременно,както и по 20 прозореца в браузъра,но днес от едва 2 сайта звука почна да насича сякаш всеки момент ще спре....След което започна да пищи..Преди месеци отново пищя така,но тогава беше изгоряла видео картата,след смяна се оправи..Сега не знам какво може да бъде...Звука е от дънната платка.Когато стартира и прави check на частите изпищява веднъж,както е нормално.Знам за биос кодовете,но те са при старт ъп .Това пищене е след boot.Пак подобно на код,но е след boot,по време на работа на компа...Но по-късно се замислих за вирус..Пуснах avast boot check-up и намери несъществени неща.След това пуснах и malwarebytes,който откри riskware.crypter...Четох и го обявяват като троянски кон,не съм убеден дали е така.Но след като уж бе поставен под карантина,компа стана страаашно бавен..Сега дори не отваря нищо..Не отваря Chrome ...Само антивирусната и file explorer...Става много странно..Не знам какво да направя..Дали се е махнал вируса или с друга програма и safe mode..Дайте съвети...Отделно от това процесора за няма и нищо се натоварва на 98%...никога досега не е било така..
  • от Тенчо Ганчевски
   Здравейте  до колко разбрах имам вирус който фарми биткойт и качва видио карата до 94-95 градуса
   преинсталирахго 3-4 дена няма нищо после пак се появи когато го затворя всичко става наред но  като рестартирам компютъра или го включа пак се пуска

  • от Eclipse2G
   Здравейте, след като MBAM намери 4 бацила Virus.Sality във празни папки, а Kaspersky, казва, че папките са празни, започвам да се чудя, аджеба, какво става. Прикачвам логовете. Благодаря предварително.
   Addition.txt
   FRST.txt
    
   Това са резултатите от Kaspersky и MBAM:

  • от Don Omar
   Проблемът ми е, когато пускам компютъра и след зареждане(може би дори първият приорите от персоналните програми) е да зареди google chrome със сайт(руски). Вероятно не е моя вината(брат ми си играе също)... Но до сега такъв проблем не съм имал-да не мога да намеря проблема. Ползвам дребни но ефикасни трикчета за справяне с такива неща, ако ли не използвам програми. Пробвах Iobit malware fighter 5.5, но явно(предполагах че) проблема е за професионалисти. Веднъж май хванах самият процес в "процесите"(task manager) и намирам същото име като на сайта в папката на Steam.
  • от bobivg
   Здравейте, от известно време ми направи впечатление, че след като изгасне монитора (не се ползва компютъра) се увеличават оборотите на вентилатора на процесора. Проблема изчезва веднага след като размърдам мишката. Предположих, че имам някакъв миньор и от предходните теми за подобен проблем качих и сканирах с Malwarebytes, който не откри нищо. Сканирах с free версията (с крака не можах да се оправя).
   Прилагам снимки от Resoursce Monitor и Task Manager. Aко е необходима повече информация казвайте.  
   Предварително благодаря за помощта.
   п.п Шума със сигурност е вентилатора на процесора, защото до скоро нямах видео карта и звученето си го познавам добре.
   п.п. 2  Farbar Recovery Scan Tool  FRST.txt и Addition.txt
    

 • Разглеждащи в момента   0 потребители

  Няма регистрирани потребители разглеждащи тази страница.

 • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.