Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Препоръчан отговор


Здравейте, от доста време насам браузъра ми е заразен с някаква руска търсачка. Пробвал съм да трия браузъра да променям настройките да премахвам всички добавки но без успех. Мисля,че с тоя боклук вървят в с още 2 с нея. Когато съм изгасил браузъра и си играя някоя игра примерно изведнъж ми се отваря някакъв шибан руски сайт asap.ru нещо подобно. 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by ASUS (administrator) on ASUS-PC (30-12-2017 20:36:37)
Running from C:\Users\ASUS\Downloads
Loaded Profiles: ASUS & UpdatusUser (Available Profiles: ASUS & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
() C:\Users\ASUS\AppData\Local\Facebook\Games\FacebookGames.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
() C:\Windows\Microsoft\svchost.exe
(The CefSharp Authors) C:\Users\ASUS\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-20] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-15] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [vyrtapcchc] => explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526" <==== ATTENTION
HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [57446848 2017-12-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\MountPoints2: {7e52b7ab-80b8-11e5-abf8-ac220bd789b4} - G:\Install.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-07-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-07-08] (NVIDIA Corporation)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Games Arcade (BETA).lnk [2016-09-19]
ShortcutTarget: Facebook Games Arcade (BETA).lnk -> C:\Users\ASUS\AppData\Local\Facebook\Games\FacebookGames.exe ()
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 77.76.144.10
Tcpip\..\Interfaces\{18B97A15-4C37-40AB-8ABC-148924326CD0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{18B97A15-4C37-40AB-8ABC-148924326CD0}: [DhcpNameServer] 77.76.144.10
Tcpip\..\Interfaces\{7B128963-1D6F-410F-B447-36004838DDB1}: [DhcpNameServer] 10.0.0.13

Internet Explorer:
==================
HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526
HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BA4B52271-83DE-44E1-91D2-F540224D09C8%7D&gp=811014
BHO-x32: Searchgo Class -> {598AEFC6-DD3C-4A63-9AC3-53FCF6155931} -> C:\Users\ASUS\AppData\LocalLow\SearchGo\searchgo.dll [2017-12-30] (Searchgo)
BHO-x32: Поиск@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\ASUS\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2016-05-26] (Mail.Ru)
Toolbar: HKLM-x32 - Searchgo - {2BC46CFA-4B00-4193-A7BD-6AD1D0BCB5BC} - C:\Users\ASUS\AppData\LocalLow\SearchGo\searchgo.dll [2017-12-30] (Searchgo)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-30] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3540903787-1263480670-1707380032-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ASUS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)

Chrome: 
=======
CHR HomePage: Default -> mail.ru
CHR StartupUrls: Default -> "hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526"
CHR NewTab: Default ->  Not-active:"chrome-extension://nagnmfhgkjkplbhplkbicmpkfopmnefp/newtab.html"
CHR DefaultSearchURL: Default -> hxxp://go-search.ru/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> GoSearch
CHR DefaultSuggestURL: Default -> hxxp://suggest.yandex.net/suggest-ff.cgi?part={searchTerms}
CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default [2017-12-30]
CHR Extension: (Презентации) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Документи) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Диск) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-01]
CHR Extension: (YouTube) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-01]
CHR Extension: (Chrome Cleaner Pro) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2017-11-12]
CHR Extension: (Save Tabs) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjepfldodmdfmdidhhgamnklbdibndi [2017-11-05]
CHR Extension: (Таблици) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Документи офлайн) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-01]
CHR Extension: (Skype) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-30]
CHR Extension: (Microcosm - New Tab) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nagnmfhgkjkplbhplkbicmpkfopmnefp [2017-11-05]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-01]
CHR Extension: (Chrome Media Router) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-12]
CHR Extension: (No Name) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2017-08-25]
CHR HKLM-x32\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lbjjfiihgfegniolckphpnfaokdkbmdm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nagnmfhgkjkplbhplkbicmpkfopmnefp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-15] (Sandboxie Holdings, LLC)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 SvcHost Service Host; C:\Windows\Microsoft\svchost.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-11-01] (DT Soft Ltd)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-15] (Sandboxie Holdings, LLC)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-14] (Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-30 20:36 - 2017-12-30 20:37 - 000014515 _____ C:\Users\ASUS\Downloads\FRST.txt
2017-12-30 20:36 - 2017-12-30 20:36 - 000000000 ____D C:\FRST
2017-12-30 20:35 - 2017-12-30 20:35 - 002391552 _____ (Farbar) C:\Users\ASUS\Downloads\FRST64.exe
2017-12-30 19:58 - 2017-12-30 20:04 - 000001310 _____ C:\Users\Public\Desktop\Skype.lnk
2017-12-30 19:58 - 2017-12-30 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-30 20:15 - 2016-03-17 20:38 - 000000000 ___RD C:\Users\ASUS\Desktop\Снимки
2017-12-30 20:05 - 2016-05-26 03:40 - 000000000 ____D C:\Users\ASUS\AppData\LocalLow\SearchGo
2017-12-30 20:05 - 2016-05-26 03:40 - 000000000 ____D C:\Users\ASUS\AppData\Local\SearchGo
2017-12-30 20:03 - 2017-07-09 14:45 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-30 20:03 - 2016-05-26 03:39 - 000000000 ____D C:\Users\ASUS\AppData\Local\PowerMonitor
2017-12-30 20:02 - 2009-07-14 07:13 - 000782154 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-30 20:02 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-12-30 20:00 - 2015-11-01 19:02 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-30 20:00 - 2015-11-01 19:02 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-30 20:00 - 2015-11-01 19:02 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-30 20:00 - 2015-11-01 19:02 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-30 20:00 - 2015-11-01 19:02 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-30 19:57 - 2017-03-06 20:25 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-12-30 19:57 - 2015-11-01 18:59 - 000000000 ____D C:\ProgramData\Skype
2017-12-30 19:55 - 2016-04-06 12:07 - 000001382 _____ C:\Windows\Sandboxie.ini
2017-12-30 19:54 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-30 12:07 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-30 12:07 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-30 05:25 - 2015-11-01 18:59 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2016-03-30 13:19 - 2016-03-30 13:19 - 000000036 _____ () C:\Users\ASUS\AppData\Local\housecall.guid.cache
2016-07-12 22:16 - 2016-07-12 22:16 - 000004096 ____H () C:\Users\ASUS\AppData\Local\keyfile3.drm

Some files in TEMP:
====================
2017-11-24 23:55 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\113.tmp.exe
2017-11-25 00:04 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\1214.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\1B95.tmp.exe
2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\1C50.tmp.exe
2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\27E4.tmp.exe
2017-11-12 15:44 - 2017-11-12 11:13 - 000775168 ____N (PhoneLine SOFT Inc) C:\Users\ASUS\AppData\Local\Temp\28DE.tmp.exe
2017-11-17 01:08 - 2017-11-16 23:36 - 000807912 _____ () C:\Users\ASUS\AppData\Local\Temp\2AE7.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\2B1F.tmp.exe
2017-11-25 00:04 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\2E2B.tmp.exe
2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\30E9.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\31B4.tmp.exe
2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3212.tmp.exe
2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3443.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\34A1.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3665.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3B45.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C01.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C3F.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C4F.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3CAC.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3CCB.tmp.exe
2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\4DCC.tmp.exe
2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\4EB6.tmp.exe
2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5403.tmp.exe
2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5480.tmp.exe
2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5885.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5D75.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E6F.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E7E.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E8E.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5EFB.tmp.exe
2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\62A3.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\67A2.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\6A8F.tmp.exe
2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\727B.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7327.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7420.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7568.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7F37.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\8F4E.tmp.exe
2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\949B.tmp.exe
2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\9EC8.tmp.exe
2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A129.tmp.exe
2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A5BB.tmp.exe
2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A934.tmp.exe
2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\AA4D.tmp.exe
2017-11-27 07:14 - 2017-11-27 01:56 - 000930776 ____N () C:\Users\ASUS\AppData\Local\Temp\B082.tmp.exe
2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\BF81.tmp.exe
2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\C184.tmp.exe
2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\C1D2.tmp.exe
2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\C838.tmp.exe
2017-11-18 14:23 - 2017-11-18 13:59 - 000803816 _____ () C:\Users\ASUS\AppData\Local\Temp\CA7F.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CD09.tmp.exe
2017-11-18 14:23 - 2017-11-18 13:59 - 000803816 _____ () C:\Users\ASUS\AppData\Local\Temp\CD7B.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CDD4.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CF4A.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CFD6.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\D275.tmp.exe
2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\DB8A.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\DFCE.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\E05A.tmp.exe
2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\E662.tmp.exe
2017-11-17 01:08 - 2017-11-16 23:36 - 000807912 _____ () C:\Users\ASUS\AppData\Local\Temp\EDF7.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\F512.tmp.exe
2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\F6D6.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe
[2010-11-21 05:24] - [2011-01-16 02:01] - 000389632 _____ (Microsoft Corporation) 81257415084B84F3C0D95C381A8D4C8F

C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2011-01-16 02:01] - 001008640 _____ (Microsoft Corporation) 0B864E15A0BADFF0E7BB8B59009FDDCF

C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-19 01:44

==================== End of FRST.txt ============================

 

image.png

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стъпка 1

Изтеглете:  ADWCleaner.

  • Затворете всички браузъри и стартирайте AdwCleaner.exe.
  • Натиснете бутона SCAN.
  • След като приключи проверката натиснете бутона CLEAN.
  • Програмата ще затвори излишния софтуер и ще започне почистването.
  • След като приключи почистването ADWCleaner ще поиска рестарт. Съгласете се.
  • След зареждането на системата отидете до: C:\AdwCleaner и потърсете лог файл с името AdwCleaner[C0].txt.
  • Публикувайте съдържанието на "AdwCleaner[C0]" в следващия Ви коментар.

 

Стъпка 2

  • Направете нови логове с FRST и ги прикачете към следващия Ви коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стъпка 1

Изтеглете: MKLLMRQ.png  Malwarebytes Anti-Malware 3.2.2.2018 Final и я запазете на вашия десктоп.

  • Стартирайте файла mb3-setup-consumer-3.2.2.2018.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи програмата ще стартира автоматично.
  • Отидете до табът Settings => Protection > и под категорията Scan Options включете опцията "Scan for rootkits" като преместите плъзгача надясно.

xTvORSF.png

  • Отидете до табът Scan, и изберете Custom Scan и след това натиснете бутона Configure Scan.

AtYgjcc.png

  • Сложете всичките отметки и натиснете бутона Scan Now

aqnqDHI.png

  • Ще започне проверка за зловреден софтуер.

shUHK8O.png

  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи ще се появи списъка с резултатите (ако има намерени обекти). Ако програмата е минимизирана докато сканира ще се появи следното съобщение ако има открити заплахи. Натиснете бутона View Scan Results.

37b.png

  • . Натиснете бутона Quarantine Selected.

2CfXEk1.png

  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.

8Jc9dl9.png

  • След рестарта, стартирайте отново Malwarebytes Anti-Malware.
  • Отидете то табът Reports и отворете лог файла с името Scan Report.

X0ha4sd.png

  • Натиснете бутона Export и след това =>  "Copy to Clipboard"

fE9qzai.png

  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.

 

Стъпка 2

  • Направете нови логове с FRST и ги публикувайте тук.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/5/18
Scan Time: 11:37 PM
Log File: 914b6982-f260-11e7-89ad-ac220bd789b4.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.3633
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ASUS-PC\ASUS

-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 189073
Threats Detected: 89
Threats Quarantined: 86
Time Elapsed: 2 hr, 45 min, 18 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 5
PUP.Optional.StartPage, HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\SOFTWARE\START PAGE, Quarantined, [40], [259290],1.0.3633
Adware.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\StartMenuCache, Quarantined, [1200], [450497],1.0.3633
Adware.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B8E04427-B7C1-4FF9-A20E-F3E637C0D686}, Quarantined, [1200], [450490],1.0.3633
PUP.Optional.MultiPlug, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, Quarantined, [230], [-1],0.0.0
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, Quarantined, [230], [-1],0.0.0

Registry Value: 3
PUP.Optional.StartPage.Generic, HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|VYRTAPCCHC, Quarantined, [566], [182786],1.0.3633
PUP.Optional.StartPage, HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\SOFTWARE\START PAGE|START PAGE, Quarantined, [40], [259290],1.0.3633
Adware.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B8E04427-B7C1-4FF9-A20E-F3E637C0D686}|PATH, Quarantined, [1200], [450490],1.0.3633

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 81
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\2B1F.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\2E2B.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\30E9.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\31B4.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\3212.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\3443.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\34A1.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\3665.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Adware.LoadMoney, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\2AE7.TMP.EXE, Quarantined, [38], [471360],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\A5BB.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\5480.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\5885.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\5D75.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\5E6F.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\5E7E.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\5E8E.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\5EFB.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\62A3.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\67A2.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\6A8F.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\727B.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\7327.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\7420.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\7568.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\C184.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Adware.LoadMoney, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\CA7F.TMP.EXE, Quarantined, [38], [471360],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\C1D2.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\C838.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\DB8A.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\DFCE.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\E05A.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\3B45.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\3C3F.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\3C01.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\3C4F.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\3CAC.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\3CCB.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\E662.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Adware.LoadMoney, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\EDF7.TMP.EXE, Quarantined, [38], [471360],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\F512.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\F6D6.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\7F37.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\8F4E.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\949B.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\9EC8.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\AA4D.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\B082.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\BF81.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\4DCC.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\4EB6.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\CD09.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Adware.LoadMoney, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\CD7B.TMP.EXE, Quarantined, [38], [471360],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\CDD4.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\CFD6.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\CF4A.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\5403.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\A129.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\A934.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\D275.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\113.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\1214.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\1B95.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\1C50.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Trojan.Downloader, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\27E4.TMP.EXE, Quarantined, [47], [389301],1.0.3633
Adware.LoadMoney, C:\USERS\ASUS\APPDATA\LOCAL\TEMP\28DE.TMP.EXE, Quarantined, [38], [450559],1.0.3633
Adware.SearchGo, C:\ADWCLEANER\QUARANTINE\GXIX4A2DRE\SEARCHGO.DLL, Quarantined, [3517], [411104],1.0.3633
Adware.LoadMoney, C:\ADWCLEANER\QUARANTINE\FRAQBC8WSA\WUPDATE.EXE, Quarantined, [38], [441133],1.0.3633
Adware.StartPage, C:\WINDOWS\SYSTEM32\TASKS\STARTMENUCACHE, Quarantined, [1200], [450498],1.0.3633
Adware.LoadMoney, C:\WINDOWS\TEMP\_AVAST_\UNP200024452.TMP, Removal Failed, [38], [474749],1.0.3633
PUP.Optional.OutBrowse, D:\$RECYCLE.BIN\S-1-5-21-830763801-1145103059-1074387030-1000\$RQLXUW7\WINDOWS 7 ACTIVATOR\WINDOWS 7 ACTIVATOR.EXE, Quarantined, [355], [71554],1.0.3633
PUP.Optional.OutBrowse, D:\$RECYCLE.BIN\S-1-5-21-830763801-1145103059-1074387030-1000\$RQLXUW7\WINDOWS 7 ACTIVATOR.ZIP, Quarantined, [355], [71554],1.0.3633
Trojan.Agent, D:\$RECYCLE.BIN\S-1-5-21-830763801-1145103059-1074387030-1000\$RQWRKKJ\ACTIVATION WINDOWS 8 PRO ZX.EXE, Quarantined, [18], [135094],1.0.3633
PUP.Optional.MultiPlug, D:\$RECYCLE.BIN\S-1-5-21-830763801-1145103059-1074387030-1000\$R4U7DJ3.EXE, Quarantined, [230], [72863],1.0.3633
PUP.Optional.MultiPlug, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, Removal Failed, [230], [-1],0.0.0
PUP.Optional.MultiPlug, C:\PROGRAMDATA\NTUSER.POL, Removal Failed, [230], [-1],0.0.0
PUP.Optional.MultiPlug, C:\WINDOWS\SYSTEM32\GROUPPOLICY\USER\REGISTRY.POL, Quarantined, [230], [-1],0.0.0
PUP.Optional.MultiPlug, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, Quarantined, [230], [-1],0.0.0
PUP.Optional.Amonetize, D:\$RECYCLE.BIN\S-1-5-21-830763801-1145103059-1074387030-1000\$R2V823B.EXE, Quarantined, [6], [300971],1.0.3633
PUP.Optional.MultiPlug, D:\$RECYCLE.BIN\S-1-5-21-830763801-1145103059-1074387030-1000\$RLAN29F.EXE, Quarantined, [230], [72863],1.0.3633
PUP.Optional.OutBrowse, D:\$RECYCLE.BIN\S-1-5-21-830763801-1145103059-1074387030-1000\$RNPPYKL.ZIP, Quarantined, [355], [71554],1.0.3633
PUP.Optional.MultiPlug, D:\$RECYCLE.BIN\S-1-5-21-830763801-1145103059-1074387030-1000\$RBAVCET.EXE, Quarantined, [230], [72863],1.0.3633

Physical Sector: 0
(No malicious items detected)


(end)


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стъпка 1

Изтеглете файла fixlist и го запазете на вашия десктоп.

  • Стартирайте FRST.exe и натиснете бутона FIX веднъж!
  • Почистването ще започне, не използвайте системата!
  • След като приключи, ако ви поиска рестартиране, съгласете се.
  • След като зареди системата публикувайте лог файла с име fixlog.txt, който се намира на десктопа Ви.

Забележка: Текущия фикс да не се използва на други системи!

 

Стъпка 2

Изтеглете: QlYrtp7.jpg HitmanPro.

  • Запазете файла на вашия десктоп.
  • Стартирайте програмата.

Забележка: Програмата ще се актуализира, след актуализацията HitmanPro ще се рестартира.

  • Натиснете бутона "Напред".
  • Сложете отметка на лицензионното споразумение и натиснете отново бутона "Напред".
  • Кликнете върху "Не, искам да извърша еднократно сканиране на компютъра" и натиснете бутона "Напред".
  • Програмата ще започне да сканира. Сканирането ще отнеме ~2 минути.
  • След като сканирането приключи от списъка с намерените обекти(ако има такива) изберете Apply to all => Ignore.
  • Натиснете бутона "Next" и след това бутона "Изнеси резултатите от сканирането в XML файл" и запазете лог файла на десктопа.
  • Отворете лог файла, копирайте съдържанието му и го поставете в следващия Ви коментар.

Забележка: Ако от падащото меню няма Ignore тогава просто затворете програмата след края на проверката без да премахвате нищо!

От My Computer => Tools => Folder Options => View => Сложете отметка пред "Show hidden files, folders and drives".
Натиснете Apply.

Влезте в C:\Programdata\HitmanPro\Logs прикачете лога към следващия Ви коментар.

 

Стъпка 3

Изтеглете TDSSKiller

  • Стартирайте TDSSKiller.exe.
  • След това натиснете върху бутона Change parameters. 
  • Сложете отметка на Loaded Modules.
  • За да влязат в сила промените рестартирайте системата като натиснете бутона Reboot now.
  • TDSSKiller ще стартира автоматично след рестарта. Системата ще зареди по-бавно.
  • След това натиснете Change parameters отново.
  • Сложете всички отметки (този път рестарт не се изисква).

 

Sbf88.png

 

  • Натиснете бутона Start scan.
  • Ако подозрителен обект бъде засечен, действието по подразбиране ще бъде Skip, натиснете върху Continue.
  • Ако има намерени зловредни обекти, тогава от падащото меню ще имате три възможности.  
  • Бъдете сигурни, че избраното действие е Cure и натиснете върху Continue > Рестартирайте за да бъде завършена поправката.

 


Забележка: Ако Cure бутона не е наличен от възможностите, тогава моля изберете Skip бутона, не избирайте Delete освен ако не сте инструктирани затова.

  • Лог файл с име TDSSKiller.[Version]_[Date]_[Time]_log.txt ще бъде създаден на дял C:. Копирайте съдържанието му в следващия си пост.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.


  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от manjaro
      Здравейте. Интересува ме, дали има нещо притиснително според логовете от farbar. Просто профилактично.

       
      Farbar logs.7z
    • от The Reaper
      Здравейте, преди два дена някъде забелязах яко лагене на моменти, мишката едва се влачеше и процесора забелязах че качва на 100%,  поня че първите няколко пъти като го забелязах това антивирусната (вградената на win 10pro) изписва че нещо е хванато под карантира, но да речем след няколко часа пак по същия начин, системата забавя и така, общо траеше около 20-25сек. По време на този проблем имах и проблем с geforce experianc-а на видео драйвера, за това и направих тема в отдел драйвери, както и да е проблема с драйвера е решен ала да видим какво ще правим по въпроса. Пиша ви след като колега ми препоръча да изтегля malwarebytes и да сканирам, така и направих, активирах 14денния период и сканирах и намери няколко съмнителни открития, всички поставени под карантина. Сега знам че не съм сканирал както е по ред със програмите посочени от вас, но искам да ви покажа лог-а на malwarebytes и ако кажете ще следвам стъпките както сте посочили в темата за премахване на зловреден софтуер, надявам се че не е проблем че не съм следвал както трябва стъпка по стъпка, ако е извинете. ето го лог-а: https://dox.abv.bg/download?id=d02deebbb7
    • от Станислав Маринов
      Addition.txt FRST.txt Shortcut.txt
    • от klass
      Здравейте! Опитвам да се запиша за платено почистване ми излиза това -
      "Съжаляваме, възникна проблем
      Нещо се обърка. Моля опитайте отново Код на грешка EX1406"
       
      Накратко искам платено почистване на компютъра ако е възможно.
      Проблема е следния:  В един момент Мозила Файерфокс ми съобщава, че не мога да използвам отметките, защото се използвали от друга програма.
      Рестартирах компютъра и на влизане уиндоус ми казва че няма връзка с интернет и да позвам други опции да вляза.
      Само дето нямам спомен как съм се регистрирал за майкрософтски акаунт, нито име нито имеил.
      На единия диск имам GRUB от който избирам Линукс или уиндоус да заредя, през който влизам в Линукс Минт. И от там пиша сега.
      Само че каквото и да сваля за проверка е за уиндоус и не мога да го стартирам в Линукса.
      Има ли начин през Линукса да се почисти компютъра или да го преинсталирам?
      Благодаря за вниманието, и извинявайте ако не е това начина за контакт.
       
      Това е компютъра: System: Host: xaxa-desktop Kernel: 4.15.0-62-generic x86_64 bits: 64 gcc: 7.4.0 Desktop: Cinnamon 3.8.9 (Gtk 3.22.30-1ubuntu4) dm: lightdm Distro: Linux Mint 19 Tara Machine: Device: desktop Mobo: ASRock model: Z370 Pro4 serial: N/A UEFI: American Megatrends v: P3.20 date: 09/06/2018 CPU: 6 core Intel Core i7-8700 (-MT-MCP-) arch: Skylake rev.10 cache: 12288 KB flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 38304 clock speeds: min/max: 800/4600 MHz 1: 1210 MHz 2: 938 MHz 3: 1064 MHz 4: 1624 MHz 5: 1582 MHz 6: 1650 MHz 7: 1004 MHz 8: 1016 MHz 9: 1097 MHz 10: 1018 MHz 11: 969 MHz 12: 804 MHz Graphics: Card: NVIDIA GP104 [GeForce GTX 1080] bus-ID: 01:00.0 chip-ID: 10de:1b80 Display Server: x11 (X.Org 1.19.6 ) drivers: nvidia (unloaded: modesetting,fbdev,vesa,nouveau) Resolution: [email protected] OpenGL: renderer: GeForce GTX 1080/PCIe/SSE2 version: 4.6.0 NVIDIA 390.116 Direct Render: Yes Audio: Card-1 NVIDIA GP104 High Def. Audio Controller driver: snd_hda_intel bus-ID: 01:00.1 chip-ID: 10de:10f0 Card-2 Intel 200 Series PCH HD Audio driver: snd_hda_intel bus-ID: 00:1f.3 chip-ID: 8086:a2f0 Sound: Advanced Linux Sound Architecture v: k4.15.0-62-generic Network: Card: Intel Ethernet Connection (2) I219-V driver: e1000e v: 3.2.6-k bus-ID: 00:1f.6 chip-ID: 8086:15b8 IF: eno1 state: up speed: 1000 Mbps duplex: full mac: <filter> Drives: HDD Total Size: 8513.7GB (0.4% used) ID-1: /dev/sda model: ADATA_SU800 size: 512.1GB serial: <filter> ID-2: /dev/sdb model: ST4000VN008 size: 4000.8GB serial: <filter> ID-3: /dev/sdc model: ST4000VN008 size: 4000.8GB serial: <filter> Partition: ID-1: / size: 1.1T used: 32G (4%) fs: ext4 dev: /dev/sdc1 RAID: System: supported: N/A No RAID devices: /proc/mdstat, md_mod kernel module present Unused Devices: none Sensors: System Temperatures: cpu: 33.0C mobo: N/A gpu: 0.0:42C Fan Speeds (in rpm): cpu: N/A Repos: Active apt sources in file: /etc/apt/sources.list.d/official-package-repositories.list deb http: //packages.linuxmint.com tara main upstream import backport deb http: //archive.ubuntu.com/ubuntu bionic main restricted universe multiverse deb http: //archive.ubuntu.com/ubuntu bionic-updates main restricted universe multiverse deb http: //archive.ubuntu.com/ubuntu bionic-backports main restricted universe multiverse deb http: //security.ubuntu.com/ubuntu/ bionic-security main restricted universe multiverse deb http: //archive.canonical.com/ubuntu/ bionic partner Info: Processes: 255 Uptime: 1:05 Memory: 3446.9/15974.9MB Init: systemd v: 237 runlevel: 5 Gcc sys: 7.4.0 Client: Unknown python3.6 client inxi: 2.3.56  
    • от Alpine Trail
      Здравейте!От известно време имам забавяне  и забиване на системата и затова вчера и днес пуснах няколко сканирвания с две различни версии на Eset-a.С най-новата версия откри 4 инфектирани файла.С другата при първото сканирване включих и дял D и също 4.При второто без дял D,3 такива.Чудя се дали трябва да се трият тези файлове.Това са логовете.
      Eset Online Scanner-07.09.2019.txt Eset Online Scanner-08.09.2019.txt
  • Дарение

×
×
  • Добави ново...