Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Препоръчан отговор


Здравейте, от доста време насам браузъра ми е заразен с някаква руска търсачка. Пробвал съм да трия браузъра да променям настройките да премахвам всички добавки но без успех. Мисля,че с тоя боклук вървят в с още 2 с нея. Когато съм изгасил браузъра и си играя някоя игра примерно изведнъж ми се отваря някакъв шибан руски сайт asap.ru нещо подобно. 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by ASUS (administrator) on ASUS-PC (30-12-2017 20:36:37)
Running from C:\Users\ASUS\Downloads
Loaded Profiles: ASUS & UpdatusUser (Available Profiles: ASUS & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
() C:\Users\ASUS\AppData\Local\Facebook\Games\FacebookGames.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
() C:\Windows\Microsoft\svchost.exe
(The CefSharp Authors) C:\Users\ASUS\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-20] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-15] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [vyrtapcchc] => explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526" <==== ATTENTION
HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [57446848 2017-12-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\MountPoints2: {7e52b7ab-80b8-11e5-abf8-ac220bd789b4} - G:\Install.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-07-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-07-08] (NVIDIA Corporation)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Games Arcade (BETA).lnk [2016-09-19]
ShortcutTarget: Facebook Games Arcade (BETA).lnk -> C:\Users\ASUS\AppData\Local\Facebook\Games\FacebookGames.exe ()
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 77.76.144.10
Tcpip\..\Interfaces\{18B97A15-4C37-40AB-8ABC-148924326CD0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{18B97A15-4C37-40AB-8ABC-148924326CD0}: [DhcpNameServer] 77.76.144.10
Tcpip\..\Interfaces\{7B128963-1D6F-410F-B447-36004838DDB1}: [DhcpNameServer] 10.0.0.13

Internet Explorer:
==================
HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526
HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BA4B52271-83DE-44E1-91D2-F540224D09C8%7D&gp=811014
BHO-x32: Searchgo Class -> {598AEFC6-DD3C-4A63-9AC3-53FCF6155931} -> C:\Users\ASUS\AppData\LocalLow\SearchGo\searchgo.dll [2017-12-30] (Searchgo)
BHO-x32: Поиск@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\ASUS\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2016-05-26] (Mail.Ru)
Toolbar: HKLM-x32 - Searchgo - {2BC46CFA-4B00-4193-A7BD-6AD1D0BCB5BC} - C:\Users\ASUS\AppData\LocalLow\SearchGo\searchgo.dll [2017-12-30] (Searchgo)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-30] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3540903787-1263480670-1707380032-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ASUS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)

Chrome: 
=======
CHR HomePage: Default -> mail.ru
CHR StartupUrls: Default -> "hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526"
CHR NewTab: Default ->  Not-active:"chrome-extension://nagnmfhgkjkplbhplkbicmpkfopmnefp/newtab.html"
CHR DefaultSearchURL: Default -> hxxp://go-search.ru/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> GoSearch
CHR DefaultSuggestURL: Default -> hxxp://suggest.yandex.net/suggest-ff.cgi?part={searchTerms}
CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default [2017-12-30]
CHR Extension: (Презентации) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Документи) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Диск) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-01]
CHR Extension: (YouTube) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-01]
CHR Extension: (Chrome Cleaner Pro) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2017-11-12]
CHR Extension: (Save Tabs) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjepfldodmdfmdidhhgamnklbdibndi [2017-11-05]
CHR Extension: (Таблици) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Документи офлайн) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-01]
CHR Extension: (Skype) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-30]
CHR Extension: (Microcosm - New Tab) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nagnmfhgkjkplbhplkbicmpkfopmnefp [2017-11-05]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-01]
CHR Extension: (Chrome Media Router) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-12]
CHR Extension: (No Name) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2017-08-25]
CHR HKLM-x32\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lbjjfiihgfegniolckphpnfaokdkbmdm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nagnmfhgkjkplbhplkbicmpkfopmnefp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-15] (Sandboxie Holdings, LLC)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 SvcHost Service Host; C:\Windows\Microsoft\svchost.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-11-01] (DT Soft Ltd)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-15] (Sandboxie Holdings, LLC)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-14] (Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-30 20:36 - 2017-12-30 20:37 - 000014515 _____ C:\Users\ASUS\Downloads\FRST.txt
2017-12-30 20:36 - 2017-12-30 20:36 - 000000000 ____D C:\FRST
2017-12-30 20:35 - 2017-12-30 20:35 - 002391552 _____ (Farbar) C:\Users\ASUS\Downloads\FRST64.exe
2017-12-30 19:58 - 2017-12-30 20:04 - 000001310 _____ C:\Users\Public\Desktop\Skype.lnk
2017-12-30 19:58 - 2017-12-30 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-30 20:15 - 2016-03-17 20:38 - 000000000 ___RD C:\Users\ASUS\Desktop\Снимки
2017-12-30 20:05 - 2016-05-26 03:40 - 000000000 ____D C:\Users\ASUS\AppData\LocalLow\SearchGo
2017-12-30 20:05 - 2016-05-26 03:40 - 000000000 ____D C:\Users\ASUS\AppData\Local\SearchGo
2017-12-30 20:03 - 2017-07-09 14:45 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-30 20:03 - 2016-05-26 03:39 - 000000000 ____D C:\Users\ASUS\AppData\Local\PowerMonitor
2017-12-30 20:02 - 2009-07-14 07:13 - 000782154 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-30 20:02 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-12-30 20:00 - 2015-11-01 19:02 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-30 20:00 - 2015-11-01 19:02 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-30 20:00 - 2015-11-01 19:02 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-30 20:00 - 2015-11-01 19:02 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-30 20:00 - 2015-11-01 19:02 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-30 19:57 - 2017-03-06 20:25 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-12-30 19:57 - 2015-11-01 18:59 - 000000000 ____D C:\ProgramData\Skype
2017-12-30 19:55 - 2016-04-06 12:07 - 000001382 _____ C:\Windows\Sandboxie.ini
2017-12-30 19:54 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-30 12:07 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-30 12:07 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-30 05:25 - 2015-11-01 18:59 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2016-03-30 13:19 - 2016-03-30 13:19 - 000000036 _____ () C:\Users\ASUS\AppData\Local\housecall.guid.cache
2016-07-12 22:16 - 2016-07-12 22:16 - 000004096 ____H () C:\Users\ASUS\AppData\Local\keyfile3.drm

Some files in TEMP:
====================
2017-11-24 23:55 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\113.tmp.exe
2017-11-25 00:04 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\1214.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\1B95.tmp.exe
2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\1C50.tmp.exe
2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\27E4.tmp.exe
2017-11-12 15:44 - 2017-11-12 11:13 - 000775168 ____N (PhoneLine SOFT Inc) C:\Users\ASUS\AppData\Local\Temp\28DE.tmp.exe
2017-11-17 01:08 - 2017-11-16 23:36 - 000807912 _____ () C:\Users\ASUS\AppData\Local\Temp\2AE7.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\2B1F.tmp.exe
2017-11-25 00:04 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\2E2B.tmp.exe
2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\30E9.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\31B4.tmp.exe
2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3212.tmp.exe
2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3443.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\34A1.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3665.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3B45.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C01.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C3F.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C4F.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3CAC.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3CCB.tmp.exe
2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\4DCC.tmp.exe
2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\4EB6.tmp.exe
2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5403.tmp.exe
2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5480.tmp.exe
2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5885.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5D75.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E6F.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E7E.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E8E.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5EFB.tmp.exe
2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\62A3.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\67A2.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\6A8F.tmp.exe
2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\727B.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7327.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7420.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7568.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7F37.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\8F4E.tmp.exe
2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\949B.tmp.exe
2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\9EC8.tmp.exe
2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A129.tmp.exe
2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A5BB.tmp.exe
2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A934.tmp.exe
2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\AA4D.tmp.exe
2017-11-27 07:14 - 2017-11-27 01:56 - 000930776 ____N () C:\Users\ASUS\AppData\Local\Temp\B082.tmp.exe
2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\BF81.tmp.exe
2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\C184.tmp.exe
2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\C1D2.tmp.exe
2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\C838.tmp.exe
2017-11-18 14:23 - 2017-11-18 13:59 - 000803816 _____ () C:\Users\ASUS\AppData\Local\Temp\CA7F.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CD09.tmp.exe
2017-11-18 14:23 - 2017-11-18 13:59 - 000803816 _____ () C:\Users\ASUS\AppData\Local\Temp\CD7B.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CDD4.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CF4A.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CFD6.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\D275.tmp.exe
2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\DB8A.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\DFCE.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\E05A.tmp.exe
2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\E662.tmp.exe
2017-11-17 01:08 - 2017-11-16 23:36 - 000807912 _____ () C:\Users\ASUS\AppData\Local\Temp\EDF7.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\F512.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\F6D6.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe
[2010-11-21 05:24] - [2011-01-16 02:01] - 000389632 _____ (Microsoft Corporation) 81257415084B84F3C0D95C381A8D4C8F

C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2011-01-16 02:01] - 001008640 _____ (Microsoft Corporation) 0B864E15A0BADFF0E7BB8B59009FDDCF

C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-19 01:44

==================== End of FRST.txt ============================

 

image.png

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стъпка 1

Изтеглете:  ADWCleaner.

  • Затворете всички браузъри и стартирайте AdwCleaner.exe.
  • Натиснете бутона SCAN.
  • След като приключи проверката натиснете бутона CLEAN.
  • Програмата ще затвори излишния софтуер и ще започне почистването.
  • След като приключи почистването ADWCleaner ще поиска рестарт. Съгласете се.
  • След зареждането на системата отидете до: C:\AdwCleaner и потърсете лог файл с името AdwCleaner[C0].txt.
  • Публикувайте съдържанието на "AdwCleaner[C0]" в следващия Ви коментар.

 

Стъпка 2

  • Направете нови логове с FRST и ги прикачете към следващия Ви коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стъпка 1

Изтеглете: MKLLMRQ.png  Malwarebytes Anti-Malware 3.2.2.2018 Final и я запазете на вашия десктоп.

  • Стартирайте файла mb3-setup-consumer-3.2.2.2018.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи програмата ще стартира автоматично.
  • Отидете до табът Settings => Protection > и под категорията Scan Options включете опцията "Scan for rootkits" като преместите плъзгача надясно.

xTvORSF.png

  • Отидете до табът Scan, и изберете Custom Scan и след това натиснете бутона Configure Scan.

AtYgjcc.png

  • Сложете всичките отметки и натиснете бутона Scan Now

aqnqDHI.png

  • Ще започне проверка за зловреден софтуер.

shUHK8O.png

  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи ще се появи списъка с резултатите (ако има намерени обекти). Ако програмата е минимизирана докато сканира ще се появи следното съобщение ако има открити заплахи. Натиснете бутона View Scan Results.

37b.png

  • . Натиснете бутона Quarantine Selected.

2CfXEk1.png

  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.

8Jc9dl9.png

  • След рестарта, стартирайте отново Malwarebytes Anti-Malware.
  • Отидете то табът Reports и отворете лог файла с името Scan Report.

X0ha4sd.png

  • Натиснете бутона Export и след това =>  "Copy to Clipboard"

fE9qzai.png

  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.

 

Стъпка 2

  • Направете нови логове с FRST и ги публикувайте тук.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/5/18
Scan Time: 11:37 PM
Log File: 914b6982-f260-11e7-89ad-ac220bd789b4.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.3633
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ASUS-PC\ASUS

-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 189073
Threats Detected: 89
Threats Quarantined: 86
Time Elapsed: 2 hr, 45 min, 18 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 5
PUP.Optional.StartPage, HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\SOFTWARE\START PAGE, Quarantined, [40], [259290],1.0.3633
Adware.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\StartMenuCache, Quarantined, [1200], [450497],1.0.3633
Adware.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B8E04427-B7C1-4FF9-A20E-F3E637C0D686}, Quarantined, [1200], [450490],1.0.3633
PUP.Optional.MultiPlug, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, Quarantined, [230], [-1],0.0.0
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, Quarantined, [230], [-1],0.0.0

Registry Value: 3
PUP.Optional.StartPage.Generic, HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|VYRTAPCCHC, Quarantined, [566], [182786],1.0.3633
PUP.Optional.StartPage, HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\SOFTWARE\START PAGE|START PAGE, Quarantined, [40], [259290],1.0.3633
Adware.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B8E04427-B7C1-4FF9-A20E-F3E637C0D686}|PATH, Quarantined, [1200], [450490],1.0.3633

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 81
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\2B1F.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\2E2B.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\30E9.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\31B4.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\3212.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\3443.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\34A1.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\3665.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Adware.LoadMoney, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\2AE7.TMP.EXE, Quarantined, [38], [471360],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\A5BB.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\5480.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\5885.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\5D75.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\5E6F.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\5E7E.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\5E8E.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\5EFB.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\62A3.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\67A2.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\6A8F.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\727B.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\7327.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\7420.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\7568.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\C184.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Adware.LoadMoney, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\CA7F.TMP.EXE, Quarantined, [38], [471360],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\C1D2.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\C838.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\DB8A.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\DFCE.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\E05A.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\3B45.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\3C3F.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\3C01.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\3C4F.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\3CAC.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\3CCB.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\E662.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Adware.LoadMoney, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\EDF7.TMP.EXE, Quarantined, [38], [471360],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\F512.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\F6D6.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\7F37.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\8F4E.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\949B.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\9EC8.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\AA4D.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\B082.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\BF81.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\4DCC.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\4EB6.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\CD09.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Adware.LoadMoney, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\CD7B.TMP.EXE, Quarantined, [38], [471360],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\CDD4.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\CFD6.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\CF4A.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\5403.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\A129.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\A934.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\D275.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\113.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\1214.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\1B95.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\1C50.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\27E4.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Adware.LoadMoney, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\28DE.TMP.EXE, Quarantined, [38], [450559],1.0.3633
Adware.SearchGo, C:\ADWCLEANER\QUARANTINE\GXIX4A2DRE\SEARCHGO.DLL, Quarantined, [3517], [411104],1.0.3633
Adware.LoadMoney, C:\ADWCLEANER\QUARANTINE\FRAQBC8WSA\WUPDATE.EXE, Quarantined, [38], [441133],1.0.3633
Adware.StartPage, C:\WINDOWS\SYSTEM32\TASKS\STARTMENUCACHE, Quarantined, [1200], [450498],1.0.3633
Adware.LoadMoney, C:\WINDOWS\TEMP\_AVAST_\UNP200024452.TMP, Removal Failed, [38], [474749],1.0.3633
PUP.Optional.OutBrowse, D:\$RECYCLE.BIN\S-1-5-21-830763801-1145103059-1074387030-1000\$RQLXUW7\WINDOWS 7 ACTIVATOR\WINDOWS 7 ACTIVATOR.EXE, Quarantined, [355], [71554],1.0.3633
PUP.Optional.OutBrowse, D:\$RECYCLE.BIN\S-1-5-21-830763801-1145103059-1074387030-1000\$RQLXUW7\WINDOWS 7 ACTIVATOR.ZIP, Quarantined, [355], [71554],1.0.3633
Trojan.Agent, D:\$RECYCLE.BIN\S-1-5-21-830763801-1145103059-1074387030-1000\$RQWRKKJ\ACTIVATION WINDOWS 8 PRO ZX.EXE, Quarantined, [18], [135094],1.0.3633
PUP.Optional.MultiPlug, D:\$RECYCLE.BIN\S-1-5-21-830763801-1145103059-1074387030-1000\$R4U7DJ3.EXE, Quarantined, [230], [72863],1.0.3633
PUP.Optional.MultiPlug, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, Removal Failed, [230], [-1],0.0.0
PUP.Optional.MultiPlug, C:\PROGRAMDATA\NTUSER.POL, Removal Failed, [230], [-1],0.0.0
PUP.Optional.MultiPlug, C:\WINDOWS\SYSTEM32\GROUPPOLICY\USER\REGISTRY.POL, Quarantined, [230], [-1],0.0.0
PUP.Optional.MultiPlug, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, Quarantined, [230], [-1],0.0.0
PUP.Optional.Amonetize, D:\$RECYCLE.BIN\S-1-5-21-830763801-1145103059-1074387030-1000\$R2V823B.EXE, Quarantined, [6], [300971],1.0.3633
PUP.Optional.MultiPlug, D:\$RECYCLE.BIN\S-1-5-21-830763801-1145103059-1074387030-1000\$RLAN29F.EXE, Quarantined, [230], [72863],1.0.3633
PUP.Optional.OutBrowse, D:\$RECYCLE.BIN\S-1-5-21-830763801-1145103059-1074387030-1000\$RNPPYKL.ZIP, Quarantined, [355], [71554],1.0.3633
PUP.Optional.MultiPlug, D:\$RECYCLE.BIN\S-1-5-21-830763801-1145103059-1074387030-1000\$RBAVCET.EXE, Quarantined, [230], [72863],1.0.3633

Physical Sector: 0
(No malicious items detected)


(end)


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стъпка 1

Изтеглете файла fixlist и го запазете на вашия десктоп.

  • Стартирайте FRST.exe и натиснете бутона FIX веднъж!
  • Почистването ще започне, не използвайте системата!
  • След като приключи, ако ви поиска рестартиране, съгласете се.
  • След като зареди системата публикувайте лог файла с име fixlog.txt, който се намира на десктопа Ви.

Забележка: Текущия фикс да не се използва на други системи!

 

Стъпка 2

Изтеглете: QlYrtp7.jpg HitmanPro.

  • Запазете файла на вашия десктоп.
  • Стартирайте програмата.

Забележка: Програмата ще се актуализира, след актуализацията HitmanPro ще се рестартира.

  • Натиснете бутона "Напред".
  • Сложете отметка на лицензионното споразумение и натиснете отново бутона "Напред".
  • Кликнете върху "Не, искам да извърша еднократно сканиране на компютъра" и натиснете бутона "Напред".
  • Програмата ще започне да сканира. Сканирането ще отнеме ~2 минути.
  • След като сканирането приключи от списъка с намерените обекти(ако има такива) изберете Apply to all => Ignore.
  • Натиснете бутона "Next" и след това бутона "Изнеси резултатите от сканирането в XML файл" и запазете лог файла на десктопа.
  • Отворете лог файла, копирайте съдържанието му и го поставете в следващия Ви коментар.

Забележка: Ако от падащото меню няма Ignore тогава просто затворете програмата след края на проверката без да премахвате нищо!

От My Computer => Tools => Folder Options => View => Сложете отметка пред "Show hidden files, folders and drives".
Натиснете Apply.

Влезте в C:\Programdata\HitmanPro\Logs прикачете лога към следващия Ви коментар.

 

Стъпка 3

Изтеглете TDSSKiller

  • Стартирайте TDSSKiller.exe.
  • След това натиснете върху бутона Change parameters. 
  • Сложете отметка на Loaded Modules.
  • За да влязат в сила промените рестартирайте системата като натиснете бутона Reboot now.
  • TDSSKiller ще стартира автоматично след рестарта. Системата ще зареди по-бавно.
  • След това натиснете Change parameters отново.
  • Сложете всички отметки (този път рестарт не се изисква).

 

Sbf88.png

 

  • Натиснете бутона Start scan.
  • Ако подозрителен обект бъде засечен, действието по подразбиране ще бъде Skip, натиснете върху Continue.
  • Ако има намерени зловредни обекти, тогава от падащото меню ще имате три възможности.  
  • Бъдете сигурни, че избраното действие е Cure и натиснете върху Continue > Рестартирайте за да бъде завършена поправката.

 


Забележка: Ако Cure бутона не е наличен от възможностите, тогава моля изберете Skip бутона, не избирайте Delete освен ако не сте инструктирани затова.

  • Лог файл с име TDSSKiller.[Version]_[Date]_[Time]_log.txt ще бъде създаден на дял C:. Копирайте съдържанието му в следващия си пост.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Добави ново...