What does the Ath_CoexAgent.exe file do?
The Ath_CoexAgent.exe process is also known as Atheros Coex Service Application and is a part of Qualcomm Atheros Bluetooth Suite or, as the case may be, Dell WLAN and Bluetooth Client. This software is produced by Atheros. An obsolete or defective version of Ath_CoexAgent.exe can cause problems for your computer that can range from slowness to error messages such as these:
- Atheros Coex service Application has stopped working. Windows is checking for a solution to the problem. (Windows 10, 8, 7)
- Atheros Coex service Application has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available. (Windows 10, 8, 7)
- Ath_CoexAgent.exe has encountered a problem and needs to close.
- Access violation at address FFFFFFFF in module Ath_CoexAgent.exe. Read of address 00000000.
Free PC Check
Scan your computer today at no charge with the Windows Repair Tool. This tool helps repair Windows and helps it run faster.
More information about Outbyte and Unistall. Please review Outbyte EULA and Privacy Policy. Outbyte scanner and repair are free. An advanced version must be purchased.
What you should know about Ath_CoexAgent.exe Atheros Coex service Application
Ath_CoexAgent.exe is not part of Windows, but it is important nonetheless. Ath_CoexAgent.exe is found in a subdirectory of «C:\Program Files». Frequently occurring are file sizes such as 323,584 bytes (35% of all these files), 151,552 bytes as well as 6 other variants .
It is the service «ZAtheros Bt and Wlan Coex Agent».
It was developed by a so-called third party provider — and not by Microsoft. The program executes in the background, and can only be terminated using Windows Task Manager. For this reason, 36% of all experts consider this file to be a possible threat. The probability that it can cause harm is high.
If you see this file on your hard drive or in Windows Task Manager, please make sure that it is not a malicious variant. It’s a fact that many trojans try to cloak their true identity by calling themselves Ath_CoexAgent.exe. With the above information or by using tools like Security Task Manager you can determine if, in your case, the file is an undesirable variant.
What do other computer users say about Ath_CoexAgent?
The file spreads very slowly and does not often make an appearance. Therefore, feedback from other users is not yet available.
How to uninstall Qualcomm Atheros Bluetooth Suite or Dell WLAN and Bluetooth Client
To remove Atheros Coex service Application from your computer, please follow the manual instructions below or use an automatic uninstaller product.
- Click the Windows Start Button. You find it in the lower left corner of the taskbar.
- Type the word uninstall.
- Click Add or remove programs.
- Now locate Qualcomm Atheros Bluetooth Suite or Dell WLAN and Bluetooth Client in the list of displayed applications.
- Click the program, and then click Uninstall.
How to tell if Ath_CoexAgent.exe (Atheros Coex service Application) was uninstalled cleanly
After uninstalling, restart your computer. Then start Windows Explorer and see if there is still a folder with the name of the software under C:\Program Files. Be sure to check the Registry as well for remnants of Atheros Coex service Application. To do this, start «Regedit», then look under «HKEY_LOCAL_MACHINE» > «Software» for Atheros Coex service Application or the name of the producer. Always keep in mind that only a computer professional should ever directly delete entries in the Windows Registry.
What to do if a program does not uninstall
The easiest way to remove any kind of software cleanly and accurately is to use an uninstaller tool. Because the uninstaller automatically creates a backup, there is no risk of anything going wrong.
Last but not least
If Windows not working quite right for you, or if startup is taking a long time, or Ath_CoexAgent.exe is causing problems for you, a good Windows diagnostic tool may very well help. This is especially effective when it comes to older computers that have accumulated vast quantities of «garbage data» as the result of many software installs and uninstalls.
Научный форум dxdy
Здравствуйте! Впервые лет за 8 оступился и скачал с незнакомого сайта .zip-файл, который позже открыл. Само-собой, ни к чему хорошему это не привело: установились всякие браузеры а-ля Амиго, ОК, Mail.ru и т.д. , а ярлыки моих браузеров были переписаны на .bat файлы, которые несли за собой всякий хлам. Сканировал ПК с помощью KIS2014, Dr.Web и KIS2016, что-то нашлось и удалилось, но иногда бывает снова переписываются ярлыки и приходится удалять все заново! В интернете прочитал, что это так называемые Hijack-программы и что антивирусники их зачастую не считают за вирусы.
Подсказали воспользоваться программой Hijackthis, но тут я столкнулся со следующей проблемой: какие файлы\пункты нужно удалить, а которые удалять не стоит?! Собственно с этой просьбой я и обращаюсь к вам! Плиз, хэлп!
Файл лога сканирования:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:47:45, on 18.12.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
FIREFOX: 42.0 (x86 ru)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\WINDOWS\SysWOW64\rundll32.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Defender Quick-Point\Quick Point.exe
C:\Users\Гор\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Users\Гор\AppData\Roaming\uTorrent\utorrent.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\2GIS\3.0\2GISTrayNotifier.exe
C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
C:\Program Files (x86)\Opera\34.0.2036.39\opera_crashreporter.exe
C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
C:\Users\Гор\Downloads\HijackThis.exe
C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
C:\WINDOWS\SysWOW64\DllHost.exe
R1 — HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
R1 — HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=789106
R1 — HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 — HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 — HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 — HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 — HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 — HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 — REG:system.ini: UserInit=userinit.exe
O2 — BHO: Groove GFS Browser Helper — — C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 — BHO: MRSearchPlugin — — C:\Users\Гор\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll (file missing)
O2 — BHO: SkypeIEPluginBHO — — C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 — BHO: URLRedirectionBHO — — C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 — BHO: Advanced SystemCare Surfing Protection — — C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL (file missing)
O2 — BHO: ScriptInjectionPluginBrowserHelperObject — — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O3 — Toolbar: Kaspersky Protection toolbar — — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O4 — HKLM\..\Run: [Adobe Reader Speed Launcher] «C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe»
O4 — HKLM\..\Run: [ASUSPRP] «C:\Program Files (x86)\ASUS\APRP\APRP.EXE»
O4 — HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S
O4 — HKLM\..\Run: [RemoteControl10] «C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe»
O4 — HKLM\..\Run: [BCSSync] «C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe» /DelayServices
O4 — HKLM\..\Run: [2Gis Update Notifier] «C:\Program Files (x86)\2GIS\3.0\2GISTrayNotifier.exe» -delayed_start
O4 — HKCU\..\Run: [DAEMON Tools Pro Agent] «C:\Program Files\DAEMON Tools Pro\DTAgent.exe» -autorun
O4 — HKCU\..\Run: [X7Application] C:\Program Files (x86)\Defender Quick-Point\Quick Point.exe -run
O4 — HKCU\..\Run: [KabAuth] C:\Users\Гор\Desktop\kabauth.exe
O4 — HKCU\..\Run: [BingSvc] C:\Users\Гор\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 — HKCU\..\Run: [MyDesktop] C:\Users\Гор\AppData\Roaming\MyDesktop\qweeeCL.exe /killme_30 /restoreme_5 /url_http://mpnl.ru/offers/ru.csv /url2_http://hello.limbbo.ru/offers/ru.csv
O4 — HKCU\..\Run: [coprofit] «C:\Users\Гор\AppData\Local\coprofit\coprofit_stb.exe» /run «C:\Users\Гор\AppData\Local\coprofit\config.json»
O4 — HKCU\..\Run: [uTorrent] «C:\Users\Гор\AppData\Roaming\uTorrent\utorrent.exe» /MINIMIZED
O4 — HKLM\..\Policies\Explorer\Run: [BtvStack] «C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe»
O8 — Extra context menu item: &Отправить в OneNote — res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 — Extra button: Отправить в OneNote — — C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — — C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 — Extra button: &Связанные заметки OneNote — — C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 — Extra ‘Tools’ menuitem: &Связанные заметки OneNote — — C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 — Extra button: Skype Click to Call settings — — C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 — Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 — HKLM\System\CCS\Services\Tcpip\..\: NameServer = 87.224.197.1,87.224.213.1
O18 — Protocol: skypec2c — — C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 — Protocol: wlpg — — C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 — Filter hijack: text/xml — — C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 — AppInit_DLLs: C:\WINDOWS\SysWOW64\nvinit.dll
O23 — Service: 2GIS UpdateService (2GISUpdateService) — ООО ДубльГИС — C:\Program Files (x86)\2GIS\3.0\2GISUpdateService.exe
O23 — Service: Adobe Acrobat Update Service (AdobeARMservice) — Adobe Systems Incorporated — C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 — Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) — Adobe Systems Incorporated — C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 — Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) — Unknown owner — C:\WINDOWS\System32\alg.exe (file missing)
O23 — Service: ASLDR Service (ASLDRService) — ASUSTek Computer Inc. — C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 — Service: ASUS InstantOn Service (ASUS InstantOn) — ASUS — C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
O23 — Service: AtherosSvc — Qualcomm Atheros Commnucations — C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 — Service: ATKGFNEX Service (ATKGFNEXSrv) — ASUS — C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 — Service: Kaspersky Anti-Virus Service 16.0.0 (AVP16.0.0) — Kaspersky Lab ZAO — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
O23 — Service: Intel(R) Content Protection HECI Service (cphs) — Intel Corporation — C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 — Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) — Unknown owner — C:\WINDOWS\System32\lsass.exe (file missing)
O23 — Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) — Unknown owner — C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 — Service: NVIDIA GeForce Experience Service (GfExperienceService) — NVIDIA Corporation — C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 — Service: Intel(R) Integrated Clock Controller Service — Intel(R) ICCS (ICCS) — Intel Corporation — C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 — Service: IconMan_R — Realsil Microelectronics Inc. — C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 — Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) — Unknown owner — C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 — Service: Intel(R) Capability Licensing Service Interface — Intel(R) Corporation — C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 — Service: Intel(R) ME Service — Intel Corporation — C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 — Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) — Intel Corporation — C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 — Service: @keyiso.dll,-100 (KeyIso) — Unknown owner — C:\WINDOWS\system32\lsass.exe (file missing)
O23 — Service: LiveUpdate (LiveUpdateSvc) — Unknown owner — C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (file missing)
O23 — Service: Intel(R) Management and Security Application Local Management Service (LMS) — Intel Corporation — C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 — Service: Mozilla Maintenance Service (MozillaMaintenance) — Mozilla Foundation — C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 — Service: @comres.dll,-2797 (MSDTC) — Unknown owner — C:\WINDOWS\System32\msdtc.exe (file missing)
O23 — Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) — Unknown owner — C:\WINDOWS\system32\lsass.exe (file missing)
O23 — Service: NVIDIA Network Service (NvNetworkService) — NVIDIA Corporation — C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 — Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) — NVIDIA Corporation — C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 — Service: NVIDIA Streamer Service (NvStreamSvc) — NVIDIA Corporation — C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 — Service: NVIDIA Display Driver Service (nvsvc) — Unknown owner — C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 — Service: Deactivate Program (rediqilu) — Unknown owner — C:\Program.exe (file missing)
O23 — Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) — Unknown owner — C:\WINDOWS\system32\locator.exe (file missing)
O23 — Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) — Unknown owner — C:\WINDOWS\system32\lsass.exe (file missing)
O23 — Service: Samsung UPD Utility Service (SamsungUPDUtilSvc) — Unknown owner — C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe
O23 — Service: Skype Updater (SkypeUpdate) — Skype Technologies — C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 — Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) — Unknown owner — C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 — Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) — Unknown owner — C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 — Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) — Unknown owner — C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 — Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) — Unknown owner — C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 — Service: Intel(R) Management and Security Application User Notification Service (UNS) — Intel Corporation — C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 — Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) — Unknown owner — C:\WINDOWS\system32\lsass.exe (file missing)
O23 — Service: @%SystemRoot%\system32\vds.exe,-100 (vds) — Unknown owner — C:\WINDOWS\System32\vds.exe (file missing)
O23 — Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) — Unknown owner — C:\WINDOWS\system32\vssvc.exe (file missing)
O23 — Service: vssbrigde64 — AO Kaspersky Lab — C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe
O23 — Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) — Unknown owner — C:\WINDOWS\system32\wbengine.exe (file missing)
O23 — Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) — Unknown owner — C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 — Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) — Unknown owner — C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 — Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) — Unknown owner — C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 — Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) — Unknown owner — C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 — Service: ZAtheros Bt and Wlan Coex Agent — Atheros — C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
—
End of file — 14047 bytes
Atheros coex service application что это
РЕбят, кто в курсе че за лажа. Win8.1. Появляется левая учетка локальная-vtouhj.как то так называется. Удаление бесполезно-После перезагрузки опять вылазит. Виры не видят.
Хиджак показывает вот что:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:34:34, on 14.12.2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Opera\26.0.1656.32\opera.exe
C:\Program Files (x86)\Opera\26.0.1656.32\opera_crashreporter.exe
C:\Program Files (x86)\Opera\26.0.1656.32\opera.exe
C:\Program Files (x86)\Opera\26.0.1656.32\opera.exe
C:\Program Files (x86)\Opera\26.0.1656.32\opera.exe
C:\Program Files (x86)\Opera\26.0.1656.32\opera.exe
C:\Program Files (x86)\Opera\26.0.1656.32\opera.exe
C:\Program Files (x86)\Opera\26.0.1656.32\opera.exe
C:\Program Files (x86)\Opera\26.0.1656.32\opera.exe
C:\Program Files (x86)\Opera\26.0.1656.32\opera.exe
C:\Program Files (x86)\Opera\26.0.1656.32\opera.exe
C:\Program Files (x86)\Opera\26.0.1656.32\opera.exe
C:\Program Files (x86)\Opera\26.0.1656.32\opera.exe
C:\Users\U\Desktop\HijackThis.exe
R1 — HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
R1 — HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?win=117&clid=2052536
R1 — HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 — HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 — HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 — HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 — HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 — HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 — REG:system.ini: UserInit=userinit.exe
O2 — BHO: Lync Click to Call BHO — — C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — — C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 — BHO: Microsoft SkyDrive Pro Browser Helper — — C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 — BHO: Визуальные закладки — — (no file)
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — — C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 — HKLM\..\Run: [ASUSPRP] «C:\Program Files (x86)\ASUS\APRP\APRP.EXE»
O4 — HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
O4 — HKLM\..\Run: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe
O4 — HKLM\..\Run: [RemoteControl10] «C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe»
O4 — HKLM\..\Run: [UpdatePSTShortCut] «C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe» «C:\Program Files (x86)\Cyberlink\DVD Suite» UpdateWithCreateOnce «Software\CyberLink\PowerStarter»
O4 — HKLM\..\Run: [CLMLServer] «C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe»
O4 — HKLM\..\Run: [TrueImageMonitor.exe] «C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe»
O4 — HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 — HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
O4 — HKLM\..\Run: [BackupNowEZtray] «D:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe» -k
O4 — HKLM\..\Run: [Adobe ARM] «C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe»
O4 — HKLM\..\Run: [SunJavaUpdateSched] «C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe»
O4 — HKCU\..\Run: [Power2GoExpress] «C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe»
O4 — HKCU\..\Run: [Plextool] C:\Program Files (x86)\Plextool\Plextool.exe
O4 — HKCU\..\Run: [GameCenterMailRu] «C:\Users\U\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe» -autostart
O4 — HKCU\..\Run: [MAgent] C:\Users\U\AppData\Roaming\Mail.Ru\Agent\magent.exe -CU
O4 — HKCU\..\Run: [ccleaner] «C:\Program Files\CCleaner\CCleaner64.exe» /AUTO
O4 — HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe -update plugin
O4 — HKLM\..\Policies\Explorer\Run: [BtvStack] «C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe»
O8 — Extra context menu item: Add to Google Photos Screensa&ver — res://C:\Windows\system32\GPhotos.scr/200
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 — Extra context menu item: Se&nd to OneNote — res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 — Extra button: Отправить в OneNote — — C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — — C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 — Extra button: Звонок щелчком Lync — — C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 — Extra ‘Tools’ menuitem: Звонок щелчком Lync — — C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 — Extra button: &Связанные заметки OneNote — — C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 — Extra ‘Tools’ menuitem: &Связанные заметки OneNote — — C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 — Extra button: Mail.Ru Агент — — C:\Users\U\AppData\Roaming\Mail.Ru\Agent\magent.exe (HKCU)
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — — C:\Users\U\AppData\Roaming\Mail.Ru\Agent\magent.exe (HKCU)
O11 — Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 — Protocol: osf — — C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 — Protocol: wlpg — — C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 — Filter hijack: text/xml — — C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 — AppInit_DLLs: C:\WINDOWS\SysWOW64\nvinit.dll,C:\Windows\SysWOW64\nvinit.dll
O23 — Service: Acronis Scheduler2 Service (AcrSch2Svc) — Acronis — C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 — Service: Adobe Acrobat Update Service (AdobeARMservice) — Adobe Systems Incorporated — C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 — Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) — Adobe Systems Incorporated — C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 — Service: Acronis Nonstop Backup Service (afcdpsrv) — Acronis — C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 — Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) — Unknown owner — C:\Windows\System32\alg.exe (file missing)
O23 — Service: ASLDR Service (ASLDRService) — ASUSTek Computer Inc. — C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 — Service: ASUS InstantOn Service (ASUS InstantOn) — ASUS — C:\Program Files\ASUS\P4G\InsOnSrv.exe
O23 — Service: Asus WebStorage Windows Service — Unknown owner — C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
O23 — Service: AtherosSvc — Windows (R) Win 7 DDK provider — C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 — Service: ATKGFNEX Service (ATKGFNEXSrv) — ASUS — C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 — Service: Intel(R) Content Protection HECI Service (cphs) — Intel Corporation — C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 — Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) — Unknown owner — C:\Windows\System32\lsass.exe (file missing)
O23 — Service: ESET Service (ekrn) — ESET — C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 — Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) — Unknown owner — C:\Windows\system32\fxssvc.exe (file missing)
O23 — Service: FLEXnet Licensing Service — Acresso Software Inc. — C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 — Service: Служба Google Update (gupdate) (gupdate) — Google Inc. — C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 — Service: Служба Google Update (gupdatem) (gupdatem) — Google Inc. — C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 — Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) — Unknown owner — C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 — Service: Intel(R) Capability Licensing Service Interface — Intel(R) Corporation — C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 — Service: Intel(R) Capability Licensing Service TCP IP Interface — Intel(R) Corporation — C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 — Service: Intel(R) ME Service — Intel Corporation — C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 — Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) — Intel Corporation — C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 — Service: @keyiso.dll,-100 (KeyIso) — Unknown owner — C:\Windows\system32\lsass.exe (file missing)
O23 — Service: Intel(R) Management and Security Application Local Management Service (LMS) — Intel Corporation — C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 — Service: @comres.dll,-2797 (MSDTC) — Unknown owner — C:\Windows\System32\msdtc.exe (file missing)
O23 — Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) — Unknown owner — C:\Windows\system32\lsass.exe (file missing)
O23 — Service: NTI BackupNowEZSvr — NewTech Infosystems, Inc. — D:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
O23 — Service: NVIDIA Network Service (NvNetworkService) — NVIDIA Corporation — C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 — Service: NVIDIA Streamer Service (NvStreamSvc) — NVIDIA Corporation — C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 — Service: NVIDIA Display Driver Service (nvsvc) — Unknown owner — C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 — Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) — Unknown owner — C:\Windows\system32\locator.exe (file missing)
O23 — Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) — Unknown owner — C:\Windows\system32\lsass.exe (file missing)
O23 — Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) — Unknown owner — C:\Windows\System32\snmptrap.exe (file missing)
O23 — Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) — Unknown owner — C:\Windows\System32\spoolsv.exe (file missing)
O23 — Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) — Unknown owner — C:\Windows\system32\sppsvc.exe (file missing)
O23 — Service: Acronis Sync Agent Service (syncagentsrv) — Acronis — C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 — Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) — Unknown owner — C:\Windows\system32\UI0Detect.exe (file missing)
O23 — Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) — Unknown owner — C:\Windows\system32\lsass.exe (file missing)
O23 — Service: @%SystemRoot%\system32\vds.exe,-100 (vds) — Unknown owner — C:\Windows\System32\vds.exe (file missing)
O23 — Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) — Unknown owner — C:\Windows\system32\vssvc.exe (file missing)
O23 — Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) — Unknown owner — C:\Windows\system32\wbengine.exe (file missing)
O23 — Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) — Unknown owner — C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 — Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) — Unknown owner — C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 — Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) — Unknown owner — C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 — Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) — Unknown owner — C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 — Service: ZAtheros Bt and Wlan Coex Agent — Atheros — C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
—
End of file — 13700 bytes
ПОДСКАЖИТЕ, ЧТО ЗА ХЕРНЯ? Как ее убрать?
Troyan файлы зашифрованы с расширением better_call_saul. Помогите, пожалуйста. (заявка № 198953)
Junior Member Регистрация 29.03.2016 Сообщений 9 Вес репутации 28
Troyan файлы зашифрованы с расширением better_call_saul. Помогите, пожалуйста.
Добрый день.
Вчера по почту мне пришло письмо с каким-то счетом. Я его открыла — и вот результат, все файлы на ноутбуке зашифрованы better_call_saul.
Помогите, пожалуйста, разобраться. На этом ноуте, конечно же, вся информация по работе
Большое спасибо за помощь.
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 15:32:39, on 29.03.2016
Platform: Unknown Windows (WinNT 6.02.100
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\WINDOWS\SysWOW64\regsvr32.exe
C:\WINDOWS\SysWOW64\regsvr32.exe
C:\Users\Дмитрий\AppData\Local\Yandex\YandexBrowse r\Application\browser.exe
C:\Users\Дмитрий\AppData\Local\Yandex\YandexBrowse r\Application\47.0.2526.6796\crash_service.exe
C:\Users\Дмитрий\AppData\Local\Yandex\YandexBrowse r\Application\browser.exe
C:\Users\Дмитрий\AppData\Local\Yandex\YandexBrowse r\Application\browser.exe
C:\Users\Дмитрий\AppData\Local\Adbworks\6F81A61F.e xe
C:\Users\Дмитрий\AppData\Local\Yandex\YandexBrowse r\Application\browser.exe
C:\Users\Дмитрий\AppData\Local\Yandex\YandexBrowse r\Application\browser.exe
C:\Users\Дмитрий\AppData\Local\Yandex\YandexBrowse r\Application\browser.exe
C:\Users\Дмитрий\AppData\Local\Yandex\YandexBrowse r\Application\browser.exe
C:\Users\Дмитрий\AppData\Local\Yandex\YandexBrowse r\Application\browser.exe
C:\Users\Дмитрий\AppData\Local\Yandex\YandexBrowse r\Application\browser.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Дмитрий\Downloads\HijackThis.exe