Премини към съдържанието

evitta_22

Потребител
  • Публикации

    17
  • Регистрация

  • Последно онлайн

Харесвания

5 Неутрална репутация

Всичко за evitta_22

  • Титла
    Потребител

Информация

  • Пол
    Жена

Последни посетители

884 прегледа на профила
  1. Привет! За съжаление, не успях да инсталирам двете програми MSFixIt и Windows Repair (all in one) дава пак грешка .Ще кача снимка да видите за какво става на въпрос. http://prikachi.com/images.php?images/921/8695921m.jpg http://prikachi.com/images.php?images/924/8695924A.jpg
  2. Изникна проблем при стартирането на програмата Hitman Pro за 32-битова система.Изтеглих я но когато я стартирам тръгва автоматична актуализация, а след това изписва ,че актуализацията не е валидна/повредена е или не е цяла/ и до там.Бутончето Напред не се активира!Активни са само бутони Закупуване и Настройки.
  3. Определено вече нямам проблем с изскачащите, луди, прозорци.Мисля, че проблема е решен.Много ви благодаря за което .Едва ли щях да се справя без вашата помощ. П.С-Изключение са сайтовете като http://seriali.online/, но предполагам ,че просто трябва да спра блокиращата програма за реклами за въпросния сайт .Явно само така ще ме допусне да гледам филми.Само че, дали няма пак нещо да се вмъкне в компютъра?? Fixlog.txt
  4. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01 Ran by 1 (administrator) on MSHOME (14-03-2016 14:08:33) Running from H:\Documents and Settings\1\Desktop Loaded Profiles: 1 (Available Profiles: 1) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) H:\Program Files\AVAST Software\Avast\AvastSvc.exe (ABBYY) H:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe (NVIDIA Corporation) H:\WINDOWS\system32\nvsvc32.exe (RaMMicHaeL) H:\Program Files\Unchecky\bin\unchecky_svc.exe () H:\WINDOWS\system32\UAService7.exe (RaMMicHaeL) H:\Program Files\Unchecky\bin\unchecky_bg.exe (SONIX) H:\WINDOWS\tsnpstd3.exe (VIA Technologies, Inc.) H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe () H:\WINDOWS\vsnpstd3.exe (AVAST Software) H:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) H:\WINDOWS\system32\rundll32.exe (BitTorrent Inc.) H:\Documents and Settings\1\Application Data\uTorrent\uTorrent.exe (InterVideo Inc.) H:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (Microsoft Corporation) H:\WINDOWS\system32\wbem\unsecapp.exe (BitTorrent Inc.) H:\Documents and Settings\1\Application Data\uTorrent\updates\3.4.5_41865\utorrentie.exe (BitTorrent Inc.) H:\Documents and Settings\1\Application Data\uTorrent\updates\3.4.5_41865\utorrentie.exe (Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe (AVAST Software) H:\Program Files\AVAST Software\Avast\setup\instup.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => H:\WINDOWS\RTHDCPL.EXE [16125440 2007-02-26] (Realtek Semiconductor Corp.) HKLM\...\Run: [SkyTel] => H:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.) HKLM\...\Run: [NeroFilterCheck] => H:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [tsnpstd3] => H:\WINDOWS\tsnpstd3.exe [262144 2007-04-23] (SONIX) HKLM\...\Run: [HDAudDeck] => H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33747360 2010-05-24] (VIA Technologies, Inc.) HKLM\...\Run: [snpstd3] => H:\WINDOWS\vsnpstd3.exe [831488 2007-04-25] () HKLM\...\Run: [AvastUI.exe] => H:\Program Files\AVAST Software\Avast\AvastUI.exe [7137664 2016-03-12] (AVAST Software) HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [uTorrent] => H:\Documents and Settings\1\Application Data\uTorrent\uTorrent.exe [2094080 2016-03-05] (BitTorrent Inc.) HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [DAEMON Tools Lite] => H:\Program Files\DAEMON Tools Lite\daemon.exe [486856 2008-04-01] (DT Soft Ltd) HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [Avast-Browser-Cleanup] => H:\Program Files\AVAST Software\Avast\BrowserCleanup.exe [1503712 2015-12-16] (AVAST Software) HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [Xvid] => I:\PROGRAMI\Xvid-1.3.2-20110601\CheckUpdate.exe [8192 2011-01-17] () HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [CCleaner Monitoring] => I:\PROGRAMI\CCleaner512-програма за почистване на остатъчни файлове\CCleaner.exe [6602152 2015-11-16] (Piriform Ltd) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => H:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-12] (AVAST Software) Startup: H:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk [2016-02-25] ShortcutTarget: InterVideo WinCinema Manager.lnk -> H:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{22CD05BE-8069-4753-A8E5-436BCFBE9135}: [NameServer] 10.98.0.1 Tcpip\..\Interfaces\{948CFD05-098D-4396-92E2-FB3E18B8BC3F}: [NameServer] 10.98.0.1 Tcpip\..\Interfaces\{C43F650F-0CEE-484B-B008-EAE5A3EAC1AB}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{ED35FE50-A8CB-450B-B4D1-916DDF2590B2}: [NameServer] 10.98.0.1,77.71.11.2 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1343024091-527237240-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?PC=AV01 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1343024091-527237240-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1343024091-527237240-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.bg/ SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-1343024091-527237240-1801674531-1003 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-1343024091-527237240-1801674531-1003 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> H:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-12] (AVAST Software) Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-1343024091-527237240-1801674531-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} H:\Program Files\Yahoo!\Common\Yinsthelper.dll DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> H:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] () FF Plugin: @adobe.com/ShockwavePlayer -> H:\WINDOWS\system32\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> H:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> H:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.3 -> I:\PROGRAMI\VLC media player 1.0.0 RC2\VLC\npvlc.dll [2016-01-21] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> I:\PROGRAMI\VLC media player 1.0.0 RC2\VLC\npvlc.dll [2016-01-21] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> I:\PROGRAMI\VLC media player 1.0.0 RC2\VLC\npvlc.dll [2016-01-21] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> I:\PROGRAMI\VLC media player 1.0.0 RC2\VLC\npvlc.dll [2016-01-21] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.2 -> I:\PROGRAMI\VLC media player 1.0.0 RC2\VLC\npvlc.dll [2016-01-21] (VideoLAN) FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> H:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll [No File] FF Plugin HKU\S-1-5-21-1343024091-527237240-1801674531-1003: @Skype Limited.com/Facebook Video Calling Plugin -> H:\Documents and Settings\1\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File] FF Plugin HKU\S-1-5-21-1343024091-527237240-1801674531-1003: @unity3d.com/UnityPlayer,version=1.0 -> H:\Documents and Settings\1\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-04] (Unity Technologies ApS) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-12-10] [not signed] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - H:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - H:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-12] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - H:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - H:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-12] Chrome: ======= CHR HomePage: Default -> hxxps://www.google.bg/?gws_rd=ssl CHR StartupUrls: Default -> "hxxp://www.google.bg/","hxxp://www.mysites123.com/?type=hp&ts=1454508138&z=d0702c45a8dfadf347cc228gez1w0zdw9e0b6g7ceb&from=amt&uid=hitachixhdt725025vla380_vfl104rm02ljdz02ljdzx" CHR Profile: H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Презентации) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-11] CHR Extension: (Google Документи) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-11] CHR Extension: (Google Диск) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-11] CHR Extension: (Poper Blocker) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2016-03-12] CHR Extension: (YouTube) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-11] CHR Extension: (Adblock Plus) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-11] CHR Extension: (Електронни таблици от Google) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-11] CHR Extension: (Vbox7.com Downloader) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjhpfbclepcmobfifppimpdljeikohdf [2016-03-11] CHR Extension: (Picditor Photo Editor) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ggdplhaiiohpkafnlhlfikiomnboacoi [2016-03-11] CHR Extension: (Google Документи офлайн) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-11] CHR Extension: (AdBlock) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-11] CHR Extension: (Avast Online Security) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-12] CHR Extension: (Плащания в уеб магазина на Chrome) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-11] CHR Extension: (Gmail) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-11] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - H:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-12] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Corporate.11.0; H:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [819976 2011-10-12] (ABBYY) R2 avast! Antivirus; H:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-12] (AVAST Software) S3 IDriverT; H:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] S3 ServiceLayer; H:\Program Files\PC Connectivity Solution\ServiceLayer.exe [353280 2007-12-10] (Nokia.) [File not signed] R2 Unchecky; H:\Program Files\Unchecky\bin\unchecky_svc.exe [243448 2016-03-11] (RaMMicHaeL) R2 UserAccess7; H:\WINDOWS\system32\UAService7.exe [126976 2009-01-24] () [File not signed] S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; H:\WINDOWS\system32\drivers\aswHwid.sys [32792 2016-03-12] (AVAST Software) R2 aswMonFlt; H:\WINDOWS\system32\drivers\aswMonFlt.sys [91168 2016-03-12] (AVAST Software) R1 aswRdr; H:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-03-12] (AVAST Software) R0 aswRvrt; H:\WINDOWS\system32\Drivers\aswRvrt.sys [58776 2016-03-12] (AVAST Software) R1 aswSnx; H:\WINDOWS\system32\drivers\aswSnx.sys [816304 2016-03-12] (AVAST Software) R1 aswSP; H:\WINDOWS\system32\drivers\aswSP.sys [447848 2016-03-12] (AVAST Software) R3 aswStmXP; H:\WINDOWS\system32\drivers\aswStmXP.sys [171608 2016-03-12] (AVAST Software) S3 aswTdi; H:\WINDOWS\system32\drivers\aswTdi.sys [67088 2016-03-12] (AVAST Software) R0 aswVmm; H:\WINDOWS\system32\Drivers\aswVmm.sys [221240 2016-03-12] (AVAST Software) R2 atksgt; H:\WINDOWS\System32\DRIVERS\atksgt.sys [281760 2009-12-25] () S3 CCDECODE; H:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R2 fssfltr; H:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation) R2 lirsgt; H:\WINDOWS\System32\DRIVERS\lirsgt.sys [25888 2009-12-25] () R3 MTsensor; H:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () S3 NdisIP; H:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R3 NVENETFD; H:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation) R0 nvgts; H:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-08] (NVIDIA Corporation) R3 nvnetbus; H:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation) R3 pcouffin; H:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2008-12-15] (VSO Software) [File not signed] S3 rtl8139; H:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-14] (Realtek Semiconductor Corporation) S3 Secdrv; H:\WINDOWS\System32\DRIVERS\secdrv.sys [11973 2010-02-03] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] R0 sfsync02; H:\WINDOWS\System32\drivers\sfsync02.sys [19968 2005-08-10] (Protection Technology) [File not signed] R0 sfvfs02; H:\WINDOWS\System32\drivers\sfvfs02.sys [66048 2005-09-29] (Protection Technology) [File not signed] R3 SNPSTD3; H:\WINDOWS\System32\DRIVERS\snpstd3.sys [10252672 2007-04-24] (Sonix Co. Ltd.) [File not signed] R0 sptd; H:\WINDOWS\System32\Drivers\sptd.sys [721904 2010-01-02] () [File not signed] R3 VIAHdAudAddService; H:\WINDOWS\System32\drivers\viahduaa.sys [2136224 2010-05-15] (VIA Technologies, Inc.) U3 a8wlk85c; H:\WINDOWS\system32\Drivers\a8wlk85c.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) S3 catchme; \??\H:\ComboFix\catchme.sys [X] S3 FXDrv32; \??\G:\FXDrv32.sys [X] S4 InCDFs; system32\drivers\InCDFs.sys [X] S1 InCDPass; system32\drivers\InCDPass.sys [X] S1 InCDRm; system32\drivers\InCDRm.sys [X] S4 IntelIde; no ImagePath U5 StarOpen; H:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] S2 zumbus; system32\DRIVERS\zumbus.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-14 14:08 - 2016-03-14 14:08 - 00018361 _____ H:\Documents and Settings\1\Desktop\FRST.txt 2016-03-14 13:57 - 2016-03-14 13:57 - 00180684 _____ H:\Documents and Settings\1\Desktop\ClearLNK.zip 2016-03-14 13:57 - 2016-02-28 14:50 - 00409624 _____ (Alex Dragokas) H:\Documents and Settings\1\Desktop\ClearLNK.exe 2016-03-14 13:45 - 2016-03-14 13:46 - 76971416 _____ (Adobe Systems Incorporated) H:\Program Files\AdbeRdr11008_en_US.exe 2016-03-14 13:07 - 2016-03-14 13:07 - 00000000 ____D H:\WINDOWS\system32\Adobe 2016-03-14 13:07 - 2016-03-14 13:07 - 00000000 ____D H:\Program Files\Adobe Shockwave_Installer_Slim 2016-03-14 13:04 - 2016-03-14 13:04 - 00000000 ____D H:\Program Files\Common Files\Adobe AIR 2016-03-14 13:04 - 2016-03-14 13:04 - 00000000 ____D H:\Documents and Settings\Default User\Application Data\Macromedia 2016-03-14 13:03 - 2016-03-14 13:03 - 00000000 ____D H:\Program Files\AdobeAIRInstaller 2016-03-12 16:32 - 2016-03-12 16:32 - 00490673 _____ (glax24 (safezone.cc)) H:\Documents and Settings\1\Desktop\SecurityCheck.exe 2016-03-12 16:32 - 2016-03-12 16:32 - 00000000 ____D H:\SecurityCheck 2016-03-12 16:28 - 2016-03-14 13:57 - 00000000 ____D H:\Documents and Settings\1\Desktop\LOG 2016-03-12 16:28 - 2016-02-27 16:56 - 00671856 _____ (Alex Dragokas) H:\Documents and Settings\1\Desktop\Check Browsers LNK.exe 2016-03-12 16:27 - 2016-03-12 16:28 - 00242486 _____ H:\Documents and Settings\1\Desktop\CheckBrowsersLNK.zip 2016-03-12 16:27 - 2016-03-12 16:27 - 00334280 _____ (AVAST Software) H:\WINDOWS\system32\aswBoot.exe 2016-03-12 16:27 - 2016-03-12 16:27 - 00052184 _____ (AVAST Software) H:\WINDOWS\avastSS.scr 2016-03-12 16:24 - 2016-03-12 16:24 - 00002865 _____ H:\Documents and Settings\1\Desktop\JRT.txt 2016-03-12 16:21 - 2016-03-12 16:21 - 01609216 _____ (Malwarebytes) H:\Documents and Settings\1\Desktop\JRT.exe 2016-03-12 16:01 - 2016-03-12 16:43 - 00000000 ____D H:\Program Files\AdwCleaner 2016-03-12 16:00 - 2016-03-12 16:00 - 01524224 _____ H:\Documents and Settings\1\Desktop\adwcleaner_5.101.exe 2016-03-12 15:56 - 2016-03-12 15:57 - 00005716 _____ H:\Documents and Settings\1\Desktop\Rkill.txt 2016-03-12 15:55 - 2016-03-12 15:55 - 02032072 _____ (Bleeping Computer, LLC) H:\Documents and Settings\1\Desktop\rkill.exe 2016-03-12 09:31 - 2016-03-12 09:31 - 01725440 _____ (Farbar) H:\Documents and Settings\1\Desktop\FRST.exe 2016-03-11 23:51 - 2016-03-11 23:51 - 00000706 _____ H:\Documents and Settings\All Users\Desktop\Unchecky.lnk 2016-03-11 23:51 - 2016-03-11 23:51 - 00000000 ____D H:\Program Files\Unchecky 2016-03-11 23:51 - 2016-03-11 23:51 - 00000000 ____D H:\Documents and Settings\All Users\Start Menu\Programs\Unchecky 2016-03-11 23:51 - 2016-03-11 23:51 - 00000000 ____D H:\Documents and Settings\All Users\Application Data\Unchecky 2016-03-11 22:00 - 2016-03-11 22:00 - 00001817 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk 2016-03-11 22:00 - 2016-03-11 22:00 - 00001811 _____ H:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2016-03-11 20:58 - 2016-03-11 20:58 - 00000000 ____D H:\Documents and Settings\1\Application Data\vlc 2016-03-08 17:18 - 2016-03-08 17:18 - 00006174 _____ H:\Documents and Settings\1\My Documents\mp3-nero.txt 2016-02-25 13:11 - 2016-03-14 14:02 - 00000830 _____ H:\WINDOWS\Tasks\Adobe Flash Player Updater.job ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-14 14:08 - 2015-12-14 16:50 - 00000000 ____D H:\Documents and Settings\1\Local Settings\temp 2016-03-14 14:08 - 2015-12-07 22:39 - 00000000 ____D H:\FRST 2016-03-14 14:08 - 2008-11-06 20:49 - 00000000 ____D H:\Documents and Settings\1\Application Data\uTorrent 2016-03-14 13:58 - 2010-02-07 17:01 - 00000886 _____ H:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-14 13:57 - 2011-04-29 11:37 - 00000751 _____ H:\Documents and Settings\1\Start Menu\Programs\Internet Explorer.lnk 2016-03-14 13:57 - 2008-06-12 15:18 - 00000745 _____ H:\Documents and Settings\1\Desktop\Internet Explorer.lnk 2016-03-14 13:56 - 2015-03-20 19:00 - 00000000 ____D H:\Documents and Settings\1\Local Settings\Application Data\Adobe 2016-03-14 13:52 - 2015-12-16 16:16 - 00000364 ____H H:\WINDOWS\Tasks\avast! Emergency Update.job 2016-03-14 13:52 - 2010-02-07 17:01 - 00000882 _____ H:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-14 13:52 - 2008-06-12 15:14 - 00032610 _____ H:\WINDOWS\SchedLgU.Txt 2016-03-14 13:51 - 2011-05-15 09:25 - 00000000 __SHD H:\WINDOWS\CSC 2016-03-14 13:51 - 2008-06-12 15:14 - 00000006 ____H H:\WINDOWS\Tasks\SA.DAT 2016-03-14 13:10 - 2015-03-20 19:00 - 00000000 ____D H:\Documents and Settings\All Users\Application Data\Adobe 2016-03-14 13:10 - 2008-08-29 17:34 - 00000000 ____D H:\Program Files\Adobe 2016-03-14 13:10 - 2008-07-31 16:47 - 00000000 ____D H:\Program Files\Common Files\Adobe 2016-03-14 13:05 - 2015-03-20 18:59 - 00000000 ____D H:\Documents and Settings\1\Application Data\Adobe 2016-03-14 13:05 - 2008-10-23 19:58 - 00000000 ____D H:\Documents and Settings\1\Application Data\Macromedia 2016-03-14 13:05 - 2008-06-12 17:50 - 00000000 ___HD H:\WINDOWS\inf 2016-03-14 13:05 - 2008-06-12 15:03 - 00000000 ____D H:\WINDOWS\system32\Macromed 2016-03-14 12:33 - 2011-11-12 12:23 - 00000982 _____ H:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-527237240-1801674531-1003UA.job 2016-03-14 12:27 - 2009-05-29 18:06 - 00000000 ____D H:\Program Files\Windows Live 2016-03-14 12:20 - 2009-05-29 18:06 - 00000000 ____D H:\Documents and Settings\All Users\Start Menu\Programs\Windows Live 2016-03-14 12:17 - 2008-11-02 22:08 - 00000000 ____D H:\Documents and Settings\All Users\Application Data\Google 2016-03-14 12:15 - 2008-11-02 23:04 - 00000000 ____D H:\Documents and Settings\1\Local Settings\Application Data\Google 2016-03-14 12:15 - 2008-11-02 22:08 - 00000000 ____D H:\Program Files\Google 2016-03-14 09:33 - 2008-06-12 15:18 - 00000000 ___RD H:\Documents and Settings\1\My Documents\Moite kartinki 2016-03-13 23:47 - 2008-06-12 15:17 - 00000178 ___SH H:\Documents and Settings\1\ntuser.ini 2016-03-13 23:46 - 2008-06-12 15:17 - 00000000 ____D H:\Documents and Settings\1 2016-03-13 18:33 - 2011-11-12 12:23 - 00000960 _____ H:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-527237240-1801674531-1003Core.job 2016-03-13 10:51 - 2008-06-12 14:11 - 00000187 _____ H:\WINDOWS\winamp.ini 2016-03-12 16:28 - 2015-12-16 16:16 - 00816304 _____ (AVAST Software) H:\WINDOWS\system32\Drivers\aswsnx.sys 2016-03-12 16:28 - 2015-12-16 16:16 - 00447848 _____ (AVAST Software) H:\WINDOWS\system32\Drivers\aswsp.sys 2016-03-12 16:28 - 2015-12-16 16:16 - 00221240 _____ (AVAST Software) H:\WINDOWS\system32\Drivers\aswvmm.sys 2016-03-12 16:28 - 2015-12-16 16:16 - 00091168 _____ (AVAST Software) H:\WINDOWS\system32\Drivers\aswmonflt.sys 2016-03-12 16:27 - 2015-12-16 16:16 - 00171608 _____ (AVAST Software) H:\WINDOWS\system32\Drivers\aswStmXP.sys 2016-03-12 16:27 - 2015-12-16 16:16 - 00067088 _____ (AVAST Software) H:\WINDOWS\system32\Drivers\aswTdi.sys 2016-03-12 16:27 - 2015-12-16 16:16 - 00064272 _____ (AVAST Software) H:\WINDOWS\system32\Drivers\aswRdr.sys 2016-03-12 16:27 - 2015-12-16 16:16 - 00058776 _____ (AVAST Software) H:\WINDOWS\system32\Drivers\aswRvrt.sys 2016-03-12 16:27 - 2015-12-16 16:16 - 00032792 _____ (AVAST Software) H:\WINDOWS\system32\Drivers\aswHwid.sys 2016-03-12 16:22 - 2008-06-12 15:17 - 00000000 ___RD H:\Documents and Settings\1\My Documents 2016-03-12 00:57 - 2015-12-07 11:40 - 00170200 _____ (Malwarebytes) H:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-03-12 00:40 - 2015-12-13 17:34 - 00000000 ____D H:\Documents and Settings\1\Desktop\FRST-OlderVersion 2016-03-11 21:46 - 2015-01-13 21:17 - 00000000 __HDC H:\WINDOWS\$NtUninstallKB932716-v2$ 2016-03-11 20:58 - 2013-05-04 10:57 - 00000684 _____ H:\Documents and Settings\All Users\Desktop\VLC media player.lnk 2016-03-11 20:38 - 2013-02-25 18:42 - 00797376 _____ (Adobe Systems Incorporated) H:\WINDOWS\system32\FlashPlayerApp.exe 2016-03-11 20:38 - 2011-11-29 19:42 - 00142528 _____ (Adobe Systems Incorporated) H:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-03-10 10:25 - 2001-08-23 11:00 - 00002206 _____ H:\WINDOWS\system32\wpa.dbl 2016-03-08 17:21 - 2008-11-12 13:28 - 00000000 __RSD H:\Documents and Settings\1\Desktop\probna 2016-02-27 19:46 - 2008-12-11 00:39 - 00000176 _____ H:\WINDOWS\system32\test.aok 2016-02-26 20:51 - 2014-08-06 14:48 - 00000000 ____D H:\Documents and Settings\1\Desktop\tr 2016-02-25 13:06 - 2014-03-22 20:07 - 00000258 __RSH H:\Documents and Settings\All Users\ntuser.pol 2016-02-25 13:06 - 2008-06-12 17:55 - 00000000 ____D H:\Documents and Settings\All Users 2016-02-25 13:04 - 2015-12-10 11:50 - 00000000 __HDC H:\WINDOWS\$NtUninstallKB977816$ 2016-02-25 13:02 - 2016-01-31 18:01 - 00000813 _____ H:\Documents and Settings\All Users\Start Menu\Programs\SumatraPDF.lnk 2016-02-25 13:02 - 2015-12-31 00:10 - 00000654 _____ H:\Documents and Settings\All Users\Desktop\Speccy.lnk 2016-02-25 13:02 - 2015-12-16 16:17 - 00001689 _____ H:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk 2016-02-25 13:02 - 2015-12-09 19:36 - 00000786 _____ H:\Documents and Settings\All Users\Desktop\CCleaner.lnk 2016-02-25 13:02 - 2015-12-09 16:12 - 00002415 _____ H:\Documents and Settings\All Users\Desktop\Skype.lnk 2016-02-25 13:02 - 2015-12-07 11:36 - 00000796 _____ H:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2016-02-25 13:02 - 2015-11-27 22:40 - 00000522 _____ H:\Documents and Settings\All Users\Desktop\MailBooks.lnk 2016-02-25 13:02 - 2015-01-16 17:56 - 00000738 _____ H:\Documents and Settings\All Users\Desktop\GOM Player.lnk 2016-02-25 13:02 - 2014-03-09 22:43 - 00002771 _____ H:\Documents and Settings\All Users\Desktop\ABBYY FineReader 11.lnk 2016-02-25 13:02 - 2014-01-11 17:43 - 00000585 _____ H:\Documents and Settings\All Users\Desktop\Scooby-Doo(TM) First Frights.lnk 2016-02-25 13:02 - 2013-10-09 17:25 - 00001938 _____ H:\Documents and Settings\All Users\Desktop\LibreOffice 4.1.lnk 2016-02-25 13:02 - 2013-10-05 16:42 - 00002463 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Excel Viewer.lnk 2016-02-25 13:02 - 2013-10-03 11:46 - 00000625 _____ H:\Documents and Settings\All Users\Desktop\Ученически Синтезатор.lnk 2016-02-25 13:02 - 2012-03-08 16:32 - 00000654 _____ H:\Documents and Settings\All Users\Desktop\GOM Video Converter.lnk 2016-02-25 13:02 - 2011-06-28 16:46 - 00000855 _____ H:\Documents and Settings\All Users\Start Menu\Programs\HD ADeck.lnk 2016-02-25 13:02 - 2011-06-28 16:46 - 00000849 _____ H:\Documents and Settings\All Users\Desktop\HD ADeck.lnk 2016-02-25 13:02 - 2009-01-10 16:08 - 00001257 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Photo Story 3 for Windows.lnk 2016-02-25 13:02 - 2008-11-06 20:50 - 00000636 _____ H:\Documents and Settings\1\Start Menu\Programs\µTorrent.lnk 2016-02-25 13:02 - 2008-06-12 15:18 - 00000738 _____ H:\Documents and Settings\1\Start Menu\Programs\Outlook Express.lnk 2016-02-25 13:02 - 2008-06-12 15:17 - 00001599 _____ H:\Documents and Settings\1\Start Menu\Programs\Remote Assistance.lnk 2016-02-25 13:02 - 2008-06-12 15:17 - 00000788 _____ H:\Documents and Settings\1\Start Menu\Programs\Windows Media Player.lnk 2016-02-25 13:02 - 2008-06-12 15:04 - 00000786 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk 2016-02-25 13:02 - 2008-06-12 15:02 - 00000605 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk 2016-02-25 13:01 - 2016-01-24 20:59 - 00001127 _____ H:\Documents and Settings\1\Desktop\Adventurers Community.lnk 2016-02-25 13:01 - 2016-01-24 20:59 - 00000999 _____ H:\Documents and Settings\1\Desktop\Mortimer Beckett and the Time Paradox.lnk 2016-02-25 13:01 - 2013-02-24 22:47 - 00000551 _____ H:\Documents and Settings\1\Desktop\BS.Player FREE.lnk 2016-02-25 13:01 - 2010-11-12 20:07 - 00000697 _____ H:\Documents and Settings\1\Desktop\PDF2Word v3.0.lnk 2016-02-25 13:01 - 2010-11-11 20:25 - 00000781 _____ H:\Documents and Settings\1\Desktop\ReadManiac Builder Wizard.lnk 2016-02-25 13:01 - 2010-03-08 21:40 - 00000104 _____ H:\Documents and Settings\1\Desktop\Моят компютър.lnk 2016-02-25 13:01 - 2010-01-02 17:20 - 00000863 _____ H:\Documents and Settings\1\Desktop\Folder Marker.lnk 2016-02-25 13:01 - 2009-12-12 21:14 - 00000752 _____ H:\Documents and Settings\1\Desktop\Format Factory.lnk 2016-02-25 13:01 - 2009-11-05 19:37 - 00000676 _____ H:\Documents and Settings\1\Desktop\Mp3 Knife.lnk 2016-02-25 13:01 - 2009-06-07 14:29 - 00000983 _____ H:\Documents and Settings\1\Desktop\Subtitle Workshop.lnk 2016-02-25 13:01 - 2009-04-13 14:42 - 00000892 _____ H:\Documents and Settings\1\Desktop\DVDVideoSoft Free Studio.lnk 2016-02-25 13:01 - 2009-01-19 15:34 - 00000734 _____ H:\Documents and Settings\1\Desktop\Acrobat.com.lnk 2016-02-25 13:01 - 2008-12-20 18:52 - 00000571 _____ H:\Documents and Settings\1\Desktop\KMPlayer.lnk 2016-02-25 13:01 - 2008-12-11 00:35 - 00000665 _____ H:\Documents and Settings\1\Desktop\Allok Video to 3GP Converter.lnk 2016-02-25 13:01 - 2008-11-06 20:50 - 00000792 _____ H:\Documents and Settings\1\Desktop\µTorrent.lnk 2016-02-25 13:01 - 2008-10-23 10:57 - 00000398 _____ H:\Documents and Settings\1\Desktop\Free.lnk 2016-02-25 13:01 - 2008-06-12 15:29 - 00002319 _____ H:\Documents and Settings\1\Desktop\Nero StartSmart.lnk 2016-02-25 13:01 - 2008-06-12 15:23 - 00001637 _____ H:\Documents and Settings\1\Desktop\InterVideo WinDVD 7.lnk 2016-02-25 13:01 - 2008-06-12 14:11 - 00000654 _____ H:\Documents and Settings\1\Desktop\Winamp.lnk 2016-02-25 13:01 - 2008-06-12 14:04 - 00000733 _____ H:\Documents and Settings\1\Desktop\DAEMON Tools Lite.lnk ==================== Files in the root of some directories ======= 2016-03-14 13:45 - 2016-03-14 13:46 - 76971416 _____ (Adobe Systems Incorporated) H:\Program Files\AdbeRdr11008_en_US.exe 2008-12-15 17:37 - 2008-12-15 17:37 - 0087608 _____ () H:\Documents and Settings\1\Application Data\inst.exe 2008-12-15 17:37 - 2008-12-15 17:37 - 0007887 _____ () H:\Documents and Settings\1\Application Data\pcouffin.cat 2008-12-15 17:37 - 2008-12-15 17:37 - 0001144 _____ () H:\Documents and Settings\1\Application Data\pcouffin.inf 2008-12-15 17:37 - 2008-12-15 17:37 - 0000034 _____ () H:\Documents and Settings\1\Application Data\pcouffin.log 2008-12-15 17:37 - 2008-12-15 17:37 - 0047360 _____ (VSO Software) H:\Documents and Settings\1\Application Data\pcouffin.sys 2008-12-15 17:37 - 2014-01-09 13:42 - 0000671 _____ () H:\Documents and Settings\1\Application Data\vso_ts_preview.xml 2009-02-07 21:10 - 2009-02-07 21:10 - 0001024 _____ () H:\Documents and Settings\1\Application Data\WavCodec.wff 2008-06-12 21:45 - 2015-11-25 11:55 - 0187904 _____ () H:\Documents and Settings\1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-05-12 21:13 - 2011-05-12 21:13 - 0000124 _____ () H:\Documents and Settings\1\Local Settings\Application Data\fusioncache.dat 2008-06-12 14:34 - 2008-06-12 14:34 - 0000600 _____ () H:\Documents and Settings\1\Local Settings\Application Data\PUTTY.RND 2012-01-05 08:27 - 2012-01-05 08:27 - 0000000 _____ () H:\Documents and Settings\1\Local Settings\Application Data\{84E18409-91B6-4BB9-ACA1-CB862156C6C9} 2010-09-26 17:49 - 2010-09-26 17:49 - 0005067 _____ () H:\Documents and Settings\All Users\Application Data\hvcatrnw.tht 2008-07-31 17:19 - 2011-10-12 19:59 - 0000000 _____ () H:\Documents and Settings\All Users\Application Data\LauncherAccess.dt Some files in TEMP: ==================== H:\Documents and Settings\1\Local Settings\temp\Uninstall.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) H:\WINDOWS\explorer.exe => File is digitally signed H:\WINDOWS\system32\winlogon.exe => File is digitally signed H:\WINDOWS\system32\svchost.exe => File is digitally signed H:\WINDOWS\system32\services.exe => File is digitally signed H:\WINDOWS\system32\User32.dll => File is digitally signed H:\WINDOWS\system32\userinit.exe => File is digitally signed H:\WINDOWS\system32\rpcss.dll => File is digitally signed H:\WINDOWS\system32\dnsapi.dll => File is digitally signed H:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================Addition.txt ClearLNK-14.03.2016_13-57.log Не знам защо, но след като деинсталирах Adobe Reader и опитах да инсталирам новата версия, инсталацията не се осъществява дава ми някаква грешка.Отчита, че е започнала но след като си свали необходимите "неща" и вече би следвало да започне да инсталира дава грешка при инсталация.Иначе ехе файла го сваля без проблем.
  5. Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01 Ran by 1 (2016-03-12 00:43:02) Running from H:\Documents and Settings\1\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) (2008-06-12 13:10:26) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= 1 (S-1-5-21-1343024091-527237240-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\1 Administrator (S-1-5-21-1343024091-527237240-1801674531-500 - Administrator - Enabled) ASPNET (S-1-5-21-1343024091-527237240-1801674531-1004 - Limited - Enabled) Guest (S-1-5-21-1343024091-527237240-1801674531-501 - Limited - Enabled) HelpAssistant (S-1-5-21-1343024091-527237240-1801674531-1000 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-1343024091-527237240-1801674531-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.) ABBYY FineReader 11 Corporate Edition (HKLM\...\{F1100000-0009-0000-0000-074957833700}) (Version: 11.0.376 - ABBYY) AC3Filter (remove only) (HKLM\...\AC3Filter) (Version: - ) Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.) Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2245 - AVAST Software) BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.64.1073 - AB Team, d.o.o.) CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform) CoreAAC (HKLM\...\CoreAAC) (Version: - ) Creative DVD Audio Plugin for Audigy Series (HKLM\...\CTDVDAudio Plugin) (Version: - ) DivX Total Pack (HKLM\...\DivX Total Pack) (Version: - ) EAX Unified (HKLM\...\EAX Unified) (Version: - ) Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Folder Tweaker (remove only) (HKLM\...\Folder Tweaker) (Version: 1.1 - Quang Anh Do) Free Video Dub version 1.4 (HKLM\...\Free Video Dub_is1) (Version: - DVDVideoSoft Limited.) GOM Picker (HKLM\...\GOM Picker) (Version: 1.0.0.7 - Gretech Corporation) GOM Player (HKLM\...\GOM Player) (Version: 2.2.74.5237 - Gretech Corporation) GOM Video Converter (HKLM\...\GOM Video Converter) (Version: 1.1.0.63 - Gretech Corporation) Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation) InterActual Player (HKLM\...\InterActual Player) (Version: - ) InterVideo WinDVD 7 (HKLM\...\{90885A82-9673-49EA-AB39-AF776639C67C}) (Version: 7.0-B27.71 - InterVideo Inc.) IPP Run-Time 5.3 (HKLM\...\IPP Run-Time 5.3) (Version: - ) Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden LibreOffice 4.1.1.2 (HKLM\...\{F1EE568A-171F-4C06-9BE6-2395BED067A3}) (Version: 4.1.1.2 - The Document Foundation) Malwarebytes Anti-Malware, версия 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Games for Windows - LIVE (HKLM\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation) Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0402-0000-0000000FF1CE}) (Version: 12.0.6334.5000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version: - ) Microsoft User-Mode Driver Framework Feature Pack 1.5 (HKLM\...\Wudf01005) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mortimer Beckett and the Time Paradox (HKLM\...\Mortimer Beckett and the Time Paradox) (Version: - ) Mp3 Knife 3.2 (HKLM\...\Mp3 Knife_is1) (Version: - Vicky's Cool Softwares) MPEG2 Codec(libmpeg2/mad) (HKLM\...\MPEG2 Codec(libmpeg2/mad)) (Version: - ) MSN (HKLM\...\MSNINST) (Version: - ) MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation) Nero 7 Premium (HKLM\...\{4781569D-5404-1F26-4B2B-6DF444441031}) (Version: 7.00.0087 - Nero AG) Nokia Connectivity Cable Driver (HKLM\...\{0FF1922C-B6C4-40BB-AF30-BEF75A482444}) (Version: 6.82.4.0 - Nokia) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation) NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation) NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation) PC Connectivity Solution (HKLM\...\{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}) (Version: 7.37.22.0 - Nokia) Photo Story 3 for Windows (HKLM\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation) Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden Prince of Persia T2T (HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}) (Version: - ) ReadManiac 2.5.2 (HKLM\...\ReadManiac_is1) (Version: - Roman Lut) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5377 - Realtek Semiconductor Corp.) Scooby-Doo!(TM) First Frights (HKLM\...\{A3D11978-F110-419E-8981-2CCFC17ADE64}) (Version: 1.00 - WB Games) Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden Skype™ 7.16 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.) Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform) Subtitle Workshop 2.51 (HKLM\...\SubtitleWorkshop) (Version: - ) SumatraPDF 3.1.1 (HKLM\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: - ) Unchecky v0.4.2 (HKLM\...\Unchecky) (Version: 0.4.2 - RaMMicHaeL) Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - ) Unity Web Player (HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\UnityWebPlayer) (Version: - Unity Technologies ApS) USB PC Camera-168 (HKLM\...\{ECD03DA7-5952-406A-8156-5F0C93618D1F}) (Version: 5.18.1.006 - Sonix) Vampire - The Masquerade Bloodlines (Version: 1.00.0000 - Activision) Hidden VeryPDF PDF2Word v3.0 (HKLM\...\VeryPDF PDF2Word v3.0_is1) (Version: - VeryPDF.com Inc) VIA п»ї (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Winamp (remove only) (HKLM\...\Winamp) (Version: - ) Windows Driver Package - Nokia Modem (10/12/2007 3.6) (HKLM\...\6A630DCEC5EEC912115F2FF59D8C2C769798D930) (Version: 10/12/2007 3.6 - Nokia) Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\E77704EF5E71F4F18CADFBFA68595AFE036D5D97) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090411.134454 - Microsoft Corporation) Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Sync (HKLM\...\{06A395CE-60A6-471E-A73C-73634310EDB3}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) WWE RAW (HKLM\...\{689838DE-8467-45AE-A7FF-087B7C0E48C6}) (Version: - ) Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team) Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - ) Инструмент за качване на Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Семейна безопасност на Windows Live (Version: 14.0.8118.427 - Microsoft Corporation) Hidden Ученически Синтезатор (HKLM\...\Ученически Синтезатор) (Version: - ) Фотогалерия на Windows Live (Version: 14.0.8117.416 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1343024091-527237240-1801674531-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> H:\Documents and Settings\1\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-1343024091-527237240-1801674531-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> H:\Documents and Settings\1\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-1343024091-527237240-1801674531-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> H:\Documents and Settings\1\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: H:\WINDOWS\Tasks\Adobe Flash Player Updater.job => H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: H:\WINDOWS\Tasks\avast! Emergency Update.job => H:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: H:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-527237240-1801674531-1003Core.job => H:\Documents and Settings\1\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe Task: H:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-527237240-1801674531-1003UA.job => H:\Documents and Settings\1\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe Task: H:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => H:\Program Files\Google\Update\GoogleUpdate.exe Task: H:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => H:\Program Files\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-12-16 16:16 - 2015-12-16 16:16 - 00103888 _____ () H:\Program Files\AVAST Software\Avast\log.dll 2015-12-16 16:16 - 2015-12-16 16:16 - 00125512 _____ () H:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-03-11 19:16 - 2016-03-11 19:16 - 02839552 _____ () H:\Program Files\AVAST Software\Avast\defs\16031101\algo.dll 2015-12-16 16:16 - 2015-12-16 16:16 - 00469008 _____ () H:\Program Files\AVAST Software\Avast\ffl2.dll 2009-01-24 16:44 - 2009-01-24 16:44 - 00126976 _____ () H:\WINDOWS\system32\UAService7.exe 2009-01-11 00:15 - 2009-01-11 00:15 - 00159744 _____ () I:\PROGRAMI\format faktory-encoder\FormatFactory\FFModules\Filters\Haali\mmfinfo.dll 2009-01-11 00:14 - 2009-01-11 00:14 - 00023552 _____ () I:\PROGRAMI\format faktory-encoder\FormatFactory\FFModules\Filters\Haali\mkunicode.dll 2008-04-14 04:41 - 2008-04-14 04:41 - 00059904 _____ () H:\WINDOWS\system32\devenum.dll 2008-04-14 04:42 - 2008-04-14 04:42 - 00014336 _____ () H:\WINDOWS\system32\msdmo.dll 2008-10-23 10:56 - 2007-04-25 09:32 - 00831488 _____ () H:\WINDOWS\vsnpstd3.exe 2015-12-16 16:16 - 2015-12-16 16:16 - 40539648 _____ () H:\Program Files\AVAST Software\Avast\libcef.dll 2016-03-11 23:21 - 2014-02-10 12:44 - 04592128 _____ () H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll 2016-03-11 23:21 - 2014-02-10 12:44 - 00112128 _____ () H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> www.125sms.co.uk There are 5213 more sites. IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\123simsen.com -> www.123simsen.com IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\123topsearch.com -> www.123topsearch.com IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\125sms.co.uk -> www.125sms.co.uk There are 5211 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2001-08-23 11:00 - 2016-03-11 23:51 - 00001227 ____A H:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com 0.0.0.0 cdn.bispd.com There are 4 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1343024091-527237240-1801674531-1003\Control Panel\Desktop\\Wallpaper -> H:\Documents and Settings\1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp DNS Servers: 192.168.0.1 Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BingSvc => H:\Documents and Settings\1\Local Settings\Application Data\Microsoft\BingSvc\BingSvc.exe MSCONFIG\startupreg: Bonus.SSR.FR11 => "I:\PROGRAMI\Obrabotka na dokymenti\Bonus.ScreenshotReader.exe" /autorun MSCONFIG\startupreg: CCleaner Monitoring => "I:\PROGRAMI\CCleaner512-програма за почистване на остатъчни файлове\CCleaner.exe" /MONITOR MSCONFIG\startupreg: MSMSGS => "H:\Program Files\Messenger\msmsgs.exe" /background ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) DomainProfile\AuthorizedApplications: [H:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger DomainProfile\AuthorizedApplications: [H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync StandardProfile\AuthorizedApplications: [H:\Program Files\InterVideo\DVD7\WinDVD.exe] => Enabled:WinDVD StandardProfile\AuthorizedApplications: [H:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger StandardProfile\AuthorizedApplications: [H:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger StandardProfile\AuthorizedApplications: [H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync StandardProfile\AuthorizedApplications: [H:\Documents and Settings\1\Application Data\uTorrent\uTorrent.exe] => Enabled:?Torrent StandardProfile\AuthorizedApplications: [H:\Documents and Settings\1\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe] => Enabled:Facebook Video Calling Plugin StandardProfile\AuthorizedApplications: [H:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype StandardProfile\AuthorizedApplications: [H:\DOCUME~1\1\LOCALS~1\Temp\RarSFX3\key.exe] => Enabled:key StandardProfile\AuthorizedApplications: [H:\Program Files\LuckyBrowse\app\LuckyBrowse.exe] => Enabled:LuckyBrowse StandardProfile\AuthorizedApplications: [H:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007 DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008 DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004 DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005 DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001 DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002 StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007 StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008 StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004 StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005 StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001 StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002 ==================== Restore Points ========================= 19-02-2016 18:36:10 Контролна точка на системата 19-02-2016 19:52:59 Chrome Cleanup Tool 20-02-2016 21:53:09 Контролна точка на системата 22-02-2016 10:00:36 Контролна точка на системата 23-02-2016 11:21:54 Контролна точка на системата 24-02-2016 16:05:53 Контролна точка на системата 25-02-2016 18:01:19 Контролна точка на системата 26-02-2016 19:29:12 Контролна точка на системата 28-02-2016 08:46:48 Контролна точка на системата 02-03-2016 01:35:18 Контролна точка на системата 03-03-2016 22:40:03 Контролна точка на системата 05-03-2016 01:15:46 Контролна точка на системата 06-03-2016 13:10:25 Контролна точка на системата 08-03-2016 00:38:50 Контролна точка на системата 09-03-2016 10:19:37 Контролна точка на системата 10-03-2016 23:44:06 Контролна точка на системата ==================== Faulty Device Manager Devices ============= Name: Nokia E51 Description: Nokia E51 Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A} Manufacturer: Nokia Service: WUDFRd Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/31/2016 09:33:14 AM) (Source: Google Update) (EventID: 20) (User: MSHOME) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7 Error: (01/25/2016 09:36:16 AM) (Source: Google Update) (EventID: 20) (User: MSHOME) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7 Error: (01/25/2016 03:36:14 AM) (Source: Google Update) (EventID: 20) (User: MSHOME) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7 Error: (01/17/2016 09:36:15 AM) (Source: Google Update) (EventID: 20) (User: MSHOME) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7 Error: (12/10/2015 12:22:19 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (12/10/2015 12:12:33 PM) (Source: VSSetup) (EventID: 5000) (User: ) Description: EventType vssetup, P1 kb2736428, P2 10.0.30319, P3 10.0.30319.297, P4 1, P5 ndp40-kb2736428.msp, P6 install_i_silent_error, P7 1635, P8 0, P9 vssetup0, P10 vssetup1. Error: (12/10/2015 11:40:38 AM) (Source: HotFixInstaller) (EventID: 5000) (User: ) Description: EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb982168, P2 1026, P3 1635, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1. Error: (12/10/2015 11:39:58 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: WindowsBase, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020 Error: (12/10/2015 11:36:11 AM) (Source: System.ServiceModel.Install 3.0.0.0) (EventID: 0) (User: ) Description: System.IO.IOException: The process cannot access the file 'H:\WINDOWS\TEMP\8kfg4hp2.dll' because it is being used by another process. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at Microsoft.CSharp.CSharpCodeGenerator.FromFileBatch(CompilerParameters options, String[] fileNames) at Microsoft.CSharp.CSharpCodeGenerator.FromSourceBatch(CompilerParameters options, String[] sources) at Microsoft.CSharp.CSharpCodeGenerator.System.CodeDom.Compiler.ICodeCompiler.CompileAssemblyFromSourceBatch(CompilerParameters options, String[] sources) at System.CodeDom.Compiler.CodeDomProvider.CompileAssemblyFromSource(CompilerParameters options, String[] sources) at System.Xml.Serialization.Compiler.Compile(Assembly parent, String ns, XmlSerializerCompilerParameters xmlParameters, Evidence evidence) at System.Xml.Serialization.TempAssembly.GenerateAssembly(XmlMapping[] xmlMappings, Type[] types, String defaultNamespace, Evidence evidence, XmlSerializerCompilerParameters parameters, Assembly assembly, Hashtable assemblies) at System.Xml.Serialization.TempAssembly..ctor(XmlMapping[] xmlMappings, Type[] types, String defaultNamespace, String location, Evidence evidence) at System.Xml.Serialization.XmlSerializer.GenerateTempAssembly(XmlMapping xmlMapping, Type type, String defaultNamespace) at System.Xml.Serialization.XmlSerializer..ctor(Type type, String defaultNamespace) at System.Xml.Serialization.XmlSerializer..ctor(Type type) at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent..ctor(ConfigurationLoader configLoader) at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent.CreateNativeConfigurationHandlersInstallComponent() at Microsoft.Tools.ServiceModel.ServiceModelReg.BuildActionQueue() at Microsoft.Tools.ServiceModel.ServiceModelReg.Run(String[] args) at Microsoft.Tools.ServiceModel.ServiceModelReg.TryRun(String[] args) Error: (12/10/2015 11:30:36 AM) (Source: HotFixInstaller) (EventID: 5000) (User: ) Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2729450, P2 1026, P3 1604, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1. System errors: ============= Error: (03/11/2016 10:06:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Zune Bus Enumerator Driver service failed to start due to the following error: %%2 Error: (03/11/2016 09:47:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Zune Bus Enumerator Driver service failed to start due to the following error: %%2 Error: (03/11/2016 10:21:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Zune Bus Enumerator Driver service failed to start due to the following error: %%2 Error: (03/10/2016 10:26:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Zune Bus Enumerator Driver service failed to start due to the following error: %%2 Error: (03/09/2016 09:21:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Zune Bus Enumerator Driver service failed to start due to the following error: %%2 Error: (03/08/2016 09:45:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Zune Bus Enumerator Driver service failed to start due to the following error: %%2 Error: (03/07/2016 06:57:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Zune Bus Enumerator Driver service failed to start due to the following error: %%2 Error: (03/07/2016 06:54:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Zune Bus Enumerator Driver service failed to start due to the following error: %%2 Error: (03/07/2016 11:09:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Zune Bus Enumerator Driver service failed to start due to the following error: %%2 Error: (03/06/2016 10:50:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Zune Bus Enumerator Driver service failed to start due to the following error: %%2 ==================== Memory info =========================== Processor: AMD Athlon(tm) II X2 250 Processor Percentage of memory in use: 69% Total physical RAM: 1791.15 MB Available physical RAM: 549.34 MB Total Virtual: 3684.92 MB Available Virtual: 2268.87 MB ==================== Drives ================================ Drive h: () (Fixed) (Total:39.06 GB) (Free:12 GB) NTFS ==>[drive with boot components (Windows XP)] Drive i: () (Fixed) (Total:193.82 GB) (Free:67.63 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: DBB5DBB5) Partition 1: (Active) - (Size=39.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=193.8 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================ # AdwCleaner v5.101 - Лог файлът е създаден 12/03/2016 при 16:09:06 # Обновен 07/03/2016 от Xplode # База данни : 2016-03-08.1 [Сървър] # Операционна система : Microsoft Windows XP Service Pack 3 (x86) # Потребителско име : 1 - MSHOME # Изпълнява се от : H:\Documents and Settings\1\Desktop\adwcleaner_5.101.exe # Опция : Изчистване # Поддръжка : http://toolslib.net/forum ***** [ Сервизи ] ***** ***** [ Папки ] ***** [-] Папка Изтрито : H:\Documents and Settings\1\Application Data\Babylon [-] Папка Изтрито : H:\Documents and Settings\1\Application Data\PerformerSoft [-] Папка Изтрито : H:\Documents and Settings\1\Application Data\ProgSense [-] Папка Изтрито : H:\Documents and Settings\1\Application Data\SkypEmoticons [-] Папка Изтрито : H:\Documents and Settings\1\Application Data\Systweak [-] Папка Изтрито : H:\Documents and Settings\1\Local Settings\Application Data\FileViewPro [-] Папка Изтрито : H:\Documents and Settings\1\Local Settings\Application Data\iac [-] Папка Изтрито : H:\Documents and Settings\1\Local Settings\Application Data\Ilivid Player [-] Папка Изтрито : H:\Documents and Settings\1\Local Settings\Application Data\PackageAware [-] Папка Изтрито : H:\Documents and Settings\1\Local Settings\Application Data\torch [-] Папка Изтрито : H:\Documents and Settings\1\Local Settings\Application Data\28050 [-] Папка Изтрито : H:\Documents and Settings\All Users\Application Data\apn [-] Папка Изтрито : H:\Documents and Settings\All Users\Application Data\Babylon [-] Папка Изтрито : H:\Documents and Settings\All Users\Application Data\saave on [-] Папка Изтрито : H:\Documents and Settings\All Users\Application Data\save on [-] Папка Изтрито : H:\Documents and Settings\All Users\Application Data\TeakeTheCoupon [J] Папка Не е Изтрито : H:\Documents and Settings\All Users\Application Data\saave on [J] Папка Не е Изтрито : H:\Documents and Settings\All Users\Application Data\save on [-] Папка Изтрито : H:\Documents and Settings\All Users\Application Data\ShaopDrop [J] Папка Не е Изтрито : H:\Documents and Settings\All Users\Application Data\TeakeTheCoupon [-] Папка Изтрито : H:\Program Files\iLivid [-] Папка Изтрито : H:\Program Files\saave on [-] Папка Изтрито : H:\Program Files\save on [-] Папка Изтрито : H:\Program Files\TeakeTheCoupon [J] Папка Не е Изтрито : H:\Program Files\saave on [J] Папка Не е Изтрито : H:\Program Files\save on [J] Папка Не е Изтрито : H:\Program Files\TeakeTheCoupon ***** [ Файлове ] ***** ***** [ DLLs ] ***** ***** [ Преки пътища ] ***** ***** [ Планирани задачи ] ***** ***** [ Регистър ] ***** [-] Ключ Изтрито : HKCU\Toolbar [-] Ключ Изтрито : HKLM\SOFTWARE\Classes\AppID\escort.DLL [-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll [-] Ключ Изтрито : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Ключ Изтрито : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} [-] Ключ Изтрито : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} [-] Ключ Изтрито : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} [-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} [-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} [-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} [-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B} [-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD} [-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A} [-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} [-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} [-] Ключ Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} [-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214} [-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED} [-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7} [-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} [-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} [-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} [-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} [-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5347542D-5637-006A-76A7-7A786E7484D7} [-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068} [-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5637-00A7-7A786E7484D7} [-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} [-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} [-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} [-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5347542D-5637-006A-76A7-7A786E7484D7} [-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068} [-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} [-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} [-] Ключ Изтрито : HKCU\Software\Burn4Free [-] Ключ Изтрито : HKCU\Software\Headlight [-] Ключ Изтрито : HKCU\Software\ilivid [-] Ключ Изтрито : HKCU\Software\Optimizer Pro [-] Ключ Изтрито : HKCU\Software\ProgSense [-] Ключ Изтрито : HKCU\Software\Softonic [-] Ключ Изтрито : HKCU\Software\StartSearch [-] Ключ Изтрито : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} [#] Ключ Изтрито : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Ключ Изтрито : HKLM\SOFTWARE\Babylon [-] Ключ Изтрито : HKLM\SOFTWARE\SimpleFiles [-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53B21E29-3967-C332-57EB-C02631658584} [-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} [-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF987D06-1DCF-7B36-5B43-13BC8699C44C} [-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 [-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} [-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar [-] Ключ Изтрито : HKU\.DEFAULT\Software\AVG Security Toolbar [-] Ключ Изтрито : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Ключ Изтрито : HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Ключ Изтрито : HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Стойност Изтрито : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [H:\Program Files\LuckyBrowse\app\LuckyBrowse.exe] ***** [ Уеб браузъри ] ***** [-] [H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Изтрито : aol.com [-] [H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Изтрито : hxxp://www.mysites123.com/?type=hp&ts=1454508138&z=d0702c45a8dfadf347cc228gez1w0zdw9e0b6g7ceb&from=amt&uid=hitachixhdt725025vla380_vfl104rm02ljdz02ljdzx ************************* :: "Tracing" ключове отстраняват :: Настройките на Winsock са нулирани ************************* H:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [9948 байта] - [12/03/2016 16:09:06] H:\Program Files\AdwCleaner\AdwCleaner[S1].txt - [9594 байта] - [12/03/2016 16:02:35] H:\Program Files\AdwCleaner\AdwCleaner[S2].txt - [9684 байта] - [12/03/2016 16:08:19] ########## EOF - H:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [10224 байта] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.3 (02.09.2016) Operating System: Microsoft Windows XP x86 Ran by 1 (Administrator) on 12.03.2016 г. at 16:21:47,10 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 17 Successfully deleted: H:\Documents and Settings\1\Application Data\getrighttogo (Folder) Successfully deleted: H:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\extensions\gophoto@gophoto.it.xpi (File) Successfully deleted: H:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\user.js (File) Successfully deleted: H:\Documents and Settings\1\Application Data\nico mak computing (Folder) Successfully deleted: H:\Documents and Settings\1\My Documents\add-in express (Folder) Successfully deleted: H:\user.js (File) Successfully deleted: H:\WINDOWS\wininit.ini (File) Successfully deleted: H:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BVLSWO8E (Temporary Internet Files Folder) Successfully deleted: H:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZ7K384A (Temporary Internet Files Folder) Successfully deleted: H:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RMZ267PX (Temporary Internet Files Folder) Successfully deleted: H:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZCJZWLAX (Temporary Internet Files Folder) Successfully deleted: H:\WINDOWS\prefetch\GOOGLETOOLBARMANAGER_A6282D74-37DAEF49.pf (File) Successfully deleted: H:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-3629C61D.pf (File) Successfully deleted: H:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BVLSWO8E (Temporary Internet Files Folder) Successfully deleted: H:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ7K384A (Temporary Internet Files Folder) Successfully deleted: H:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\RMZ267PX (Temporary Internet Files Folder) Successfully deleted: H:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZCJZWLAX (Temporary Internet Files Folder) Registry: 2 Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 12.03.2016 г. at 16:24:16,60 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SecurityCheck by glax24 & Severnyj v.1.4.0.37 [05.03.16] WebSite: www.safezone.cc DateLog: 12.03.2016 16:32:22 Path starting: H:\Documents and Settings\1\Local Settings\temp\SecurityCheck\SecurityCheck.exe Log directory: H:\SecurityCheck\ IsAdmin: True User: 1 VersionXML: 2.59is-10.03.2016 ___________________________________________________________________________ Windows XP(5.1.2600) Service Pack 3 (x86) Lang: English(0409) Installation date OS: 12.06.2008 13:10:26 Boot Mode: Normal Default Browser: H:\Program Files\Google\Chrome\Application\chrome.exe SystemDrive: H: FS: [NTFS] Capacity: [39.1 Gb] Used: [26.8 Gb] Free: [12.3 Gb] ------------------------------- [ Windows ] ------------------------------- Extended support has ended 08.04.2014, Your operating system may be vulnerable to new types of threats Internet Explorer 8.0.6001.18702 Warning! Download Update Online installation. Last version available when Windows update is enabled throught the Internet. Automatic Updates disabled Date install updates: 2015-12-10 10:18:08 Automatic Updates (wuauserv) - The service is running Security Center (wscsvc) - The service is running Remote Registry (RemoteRegistry) - The service is running Terminal Services (TermService) - The service is running SSDP Discovery Service (SSDPSRV) - The service is running Account guest is enabled. Not require a password. ---------------------------- [ Antivirus_WMI ] ---------------------------- avast! Antivirus (enabled and up to date) ---------------------- [ AntiVirusFirewallInstall ] ----------------------- Avast Free Antivirus v.11.1.2253 -------------------------- [ SecurityUtilities ] -------------------------- Malwarebytes Anti-Malware, версия 2.2.0.1024 v.2.2.0.1024 Unchecky v0.4.2 v.0.4.2 --------------------------- [ OtherUtilities ] ---------------------------- VLC media player v.2.2.2 WinRAR archiver LibreOffice 4.1.1.2 v.4.1.1.2 --------------------------------- [ IM ] ---------------------------------- Skype™ 7.16 v.7.16.102 Warning! Download Update ^Optional update.^ --------------------------------- [ P2P ] --------------------------------- µTorrent v.3.4.5.41865 Warning! P2P-client. --------------------------- [ AdobeProduction ] --------------------------- Adobe AIR v.20.0.0.260 Warning! Download Update Adobe Flash Player 21 ActiveX v.21.0.0.182 Adobe Flash Player 21 NPAPI v.21.0.0.182 Adobe Shockwave Player 12.2 v.12.2.2.172 Warning! Download Update Adobe Reader XI (11.0.08) v.11.0.08 Warning! Download Update Uninstall old version and install new one. ------------------------------- [ Browser ] ------------------------------- Google Chrome v.49.0.2623.87 ----------------------------- [ EmailClient ] ----------------------------- Windows Live Mail v.14.0.8117.0416 --------------------------- [ RunningProcess ] ---------------------------- H:\Program Files\Google\Chrome\Application\chrome.exe v.49.0.2623.87 H:\Program Files\AVAST Software\Avast\AvastSvc.exe v.11.1.2245.1540 H:\Program Files\AVAST Software\Avast\AvastUI.exe v.11.1.2245.1540 ---------------------------- [ UnwantedApps ] ----------------------------- Google Toolbar for Internet Explorer v.1.0.0 << Hidden Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems. Windows Live Toolbar v.14.0.8117.416 << Hidden Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems. ----------------------------- [ End of Log ] ------------------------------ Rkill.txt Check_Browsers_LNK.log
  6. Здравейте! От известно време при Google Chrome имам проблем.Проблема се появи след опит на инсталация на програма за блокиране на мишка и клавиатура, но с опция да може да гледаш примерно филм на компа.Тази мярка ни бе необходима защото имаме малко бебче което просто бара навсякъде.В интерес на истината програмата така и не тръгна, и за капак на всичко браузъра се скапа.Сигурно нещо е имало в програмата ... Ето и какъв е проблема! Когато отворя дадена страница,примерно във форум, и щракна да отворя някаква тема веднага се отваря нов раздел с някакви откачени сайтове!Или ще ми искат обновяване на плеъра или пък ми говори женски глас,че система ми е в неизправност и неща в този дух.Отделно, че на няколко пъти се отвориха и и страници с 18+ съдържание,въобще е ужас отвсякъде.Интересното е ,че от днес вече и онлайн филми не ме оставя да гледам.Когато натисна бутончето да тръгне филма отваря се нова страница на сайта, а старата ми зарежда веднага рекламна страница.Всичко това се повтаря до безкрай...Опитах да се справя сама с проблема но не става.Деинсталирах хром-а и изтрих всички остатъци от него,после наново го изтеглих-инсталирах си всичките му екстри, които уж блокират рекламни страници.Отделно поставих ръчно голяма част от адресите на досадните реклами в Адблок разширението но ефект нулев.Сканирах с Аваст -нищо,а с Malwarebytes Anti-Malware ми откри 9 проблема които изтрих но промяна нямаше.Просто вече не знам какво да правя. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01 Ran by 1 (administrator) on MSHOME (12-03-2016 00:42:15) Running from H:\Documents and Settings\1\Desktop Loaded Profiles: 1 (Available Profiles: 1) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) H:\Program Files\AVAST Software\Avast\AvastSvc.exe (ABBYY) H:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe (NVIDIA Corporation) H:\WINDOWS\system32\nvsvc32.exe (Microsoft Corp.) H:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe () H:\WINDOWS\system32\UAService7.exe (SONIX) H:\WINDOWS\tsnpstd3.exe (VIA Technologies, Inc.) H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe () H:\WINDOWS\vsnpstd3.exe (AVAST Software) H:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) H:\WINDOWS\system32\rundll32.exe (BitTorrent Inc.) H:\Documents and Settings\1\Application Data\uTorrent\uTorrent.exe (InterVideo Inc.) H:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (BitTorrent Inc.) H:\Documents and Settings\1\Application Data\uTorrent\updates\3.4.5_41865\utorrentie.exe (BitTorrent Inc.) H:\Documents and Settings\1\Application Data\uTorrent\updates\3.4.5_41865\utorrentie.exe (Microsoft Corporation) H:\WINDOWS\system32\wbem\unsecapp.exe (Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe (RaMMicHaeL) H:\Program Files\Unchecky\bin\unchecky_svc.exe (RaMMicHaeL) H:\Program Files\Unchecky\bin\unchecky_bg.exe (Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => H:\WINDOWS\RTHDCPL.EXE [16125440 2007-02-26] (Realtek Semiconductor Corp.) HKLM\...\Run: [SkyTel] => H:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.) HKLM\...\Run: [NeroFilterCheck] => H:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [tsnpstd3] => H:\WINDOWS\tsnpstd3.exe [262144 2007-04-23] (SONIX) HKLM\...\Run: [HDAudDeck] => H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33747360 2010-05-24] (VIA Technologies, Inc.) HKLM\...\Run: [snpstd3] => H:\WINDOWS\vsnpstd3.exe [831488 2007-04-25] () HKLM\...\Run: [AvastUI.exe] => H:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-16] (AVAST Software) HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [uTorrent] => H:\Documents and Settings\1\Application Data\uTorrent\uTorrent.exe [2094080 2016-03-05] (BitTorrent Inc.) HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [DAEMON Tools Lite] => H:\Program Files\DAEMON Tools Lite\daemon.exe [486856 2008-04-01] (DT Soft Ltd) HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [Avast-Browser-Cleanup] => H:\Program Files\AVAST Software\Avast\BrowserCleanup.exe [1503712 2015-12-16] (AVAST Software) HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [swg] => H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-02-04] (Google Inc.) HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [Xvid] => I:\PROGRAMI\Xvid-1.3.2-20110601\CheckUpdate.exe [8192 2011-01-17] () HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [CCleaner Monitoring] => I:\PROGRAMI\CCleaner512-програма за почистване на остатъчни файлове\CCleaner.exe [6602152 2015-11-16] (Piriform Ltd) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => H:\Program Files\AVAST Software\Avast\ashShell.dll [2015-12-16] (AVAST Software) Startup: H:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk [2016-02-25] ShortcutTarget: InterVideo WinCinema Manager.lnk -> H:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{22CD05BE-8069-4753-A8E5-436BCFBE9135}: [NameServer] 10.98.0.1 Tcpip\..\Interfaces\{948CFD05-098D-4396-92E2-FB3E18B8BC3F}: [NameServer] 10.98.0.1 Tcpip\..\Interfaces\{C43F650F-0CEE-484B-B008-EAE5A3EAC1AB}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{ED35FE50-A8CB-450B-B4D1-916DDF2590B2}: [NameServer] 10.98.0.1,77.71.11.2 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1343024091-527237240-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?PC=AV01 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1343024091-527237240-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1343024091-527237240-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.bg/ SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} SearchScopes: HKU\S-1-5-21-1343024091-527237240-1801674531-1003 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-1343024091-527237240-1801674531-1003 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> H:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-16] (AVAST Software) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.) Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.) Toolbar: HKU\S-1-5-21-1343024091-527237240-1801674531-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} H:\Program Files\Yahoo!\Common\Yinsthelper.dll DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> H:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] () FF Plugin: @adobe.com/ShockwavePlayer -> H:\WINDOWS\system32\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> H:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> H:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.3 -> I:\PROGRAMI\VLC media player 1.0.0 RC2\VLC\npvlc.dll [2016-01-21] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> I:\PROGRAMI\VLC media player 1.0.0 RC2\VLC\npvlc.dll [2016-01-21] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> I:\PROGRAMI\VLC media player 1.0.0 RC2\VLC\npvlc.dll [2016-01-21] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> I:\PROGRAMI\VLC media player 1.0.0 RC2\VLC\npvlc.dll [2016-01-21] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.2 -> I:\PROGRAMI\VLC media player 1.0.0 RC2\VLC\npvlc.dll [2016-01-21] (VideoLAN) FF Plugin: Adobe Reader -> H:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> H:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll [No File] FF Plugin HKU\S-1-5-21-1343024091-527237240-1801674531-1003: @Skype Limited.com/Facebook Video Calling Plugin -> H:\Documents and Settings\1\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File] FF Plugin HKU\S-1-5-21-1343024091-527237240-1801674531-1003: @unity3d.com/UnityPlayer,version=1.0 -> H:\Documents and Settings\1\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-04] (Unity Technologies ApS) FF Extension: GoPhotoIt - H:\Documents and Settings\1\Application Data\Mozilla\Firefox\profiles\extensions\gophoto@gophoto.it.xpi [2013-08-08] [not signed] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-12-10] [not signed] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - H:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - H:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-16] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - H:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - H:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-16] Chrome: ======= CHR HomePage: Default -> hxxps://www.google.bg/?gws_rd=ssl CHR StartupUrls: Default -> "hxxp://www.google.bg/","hxxp://www.mysites123.com/?type=hp&ts=1454508138&z=d0702c45a8dfadf347cc228gez1w0zdw9e0b6g7ceb&from=amt&uid=hitachixhdt725025vla380_vfl104rm02ljdz02ljdzx" CHR Profile: H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Презентации) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-11] CHR Extension: (Google Документи) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-11] CHR Extension: (Google Диск) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-11] CHR Extension: (Poper Blocker) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2016-03-12] CHR Extension: (YouTube) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-11] CHR Extension: (Adblock Plus) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-11] CHR Extension: (Електронни таблици от Google) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-11] CHR Extension: (Vbox7.com Downloader) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjhpfbclepcmobfifppimpdljeikohdf [2016-03-11] CHR Extension: (Picditor Photo Editor) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ggdplhaiiohpkafnlhlfikiomnboacoi [2016-03-11] CHR Extension: (Google Документи офлайн) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-11] CHR Extension: (AdBlock) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-11] CHR Extension: (Плащания в уеб магазина на Chrome) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-11] CHR Extension: (Gmail) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-11] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Corporate.11.0; H:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [819976 2011-10-12] (ABBYY) R2 avast! Antivirus; H:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-16] (AVAST Software) S3 IDriverT; H:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] S3 ServiceLayer; H:\Program Files\PC Connectivity Solution\ServiceLayer.exe [353280 2007-12-10] (Nokia.) [File not signed] R2 Unchecky; H:\Program Files\Unchecky\bin\unchecky_svc.exe [243448 2016-03-11] (RaMMicHaeL) R2 UserAccess7; H:\WINDOWS\system32\UAService7.exe [126976 2009-01-24] () [File not signed] S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; H:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-12-16] (AVAST Software) R2 aswMonFlt; H:\WINDOWS\system32\drivers\aswMonFlt.sys [81168 2015-12-19] (AVAST Software) R1 aswRdr; H:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-12-16] (AVAST Software) R0 aswRvrt; H:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-12-16] (AVAST Software) R1 aswSnx; H:\WINDOWS\system32\drivers\aswSnx.sys [812720 2016-03-02] (AVAST Software) R1 aswSP; H:\WINDOWS\system32\drivers\aswSP.sys [449384 2016-01-20] (AVAST Software) R3 aswStmXP; H:\WINDOWS\system32\drivers\aswStmXP.sys [165104 2015-12-16] (AVAST Software) S3 aswTdi; H:\WINDOWS\system32\drivers\aswTdi.sys [58016 2015-12-16] (AVAST Software) R0 aswVmm; H:\WINDOWS\system32\Drivers\aswVmm.sys [209432 2015-12-16] (AVAST Software) R2 atksgt; H:\WINDOWS\System32\DRIVERS\atksgt.sys [281760 2009-12-25] () S3 CCDECODE; H:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R2 fssfltr; H:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation) R2 lirsgt; H:\WINDOWS\System32\DRIVERS\lirsgt.sys [25888 2009-12-25] () R3 MTsensor; H:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () S3 NdisIP; H:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R3 NVENETFD; H:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation) R0 nvgts; H:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-08] (NVIDIA Corporation) R3 nvnetbus; H:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation) R3 pcouffin; H:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2008-12-15] (VSO Software) [File not signed] S3 rtl8139; H:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-14] (Realtek Semiconductor Corporation) S3 Secdrv; H:\WINDOWS\System32\DRIVERS\secdrv.sys [11973 2010-02-03] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] R0 sfsync02; H:\WINDOWS\System32\drivers\sfsync02.sys [19968 2005-08-10] (Protection Technology) [File not signed] R0 sfvfs02; H:\WINDOWS\System32\drivers\sfvfs02.sys [66048 2005-09-29] (Protection Technology) [File not signed] R3 SNPSTD3; H:\WINDOWS\System32\DRIVERS\snpstd3.sys [10252672 2007-04-24] (Sonix Co. Ltd.) [File not signed] R0 sptd; H:\WINDOWS\System32\Drivers\sptd.sys [721904 2010-01-02] () [File not signed] R3 VIAHdAudAddService; H:\WINDOWS\System32\drivers\viahduaa.sys [2136224 2010-05-15] (VIA Technologies, Inc.) U3 a8cch2kn; H:\WINDOWS\system32\Drivers\a8cch2kn.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) S3 catchme; \??\H:\ComboFix\catchme.sys [X] S3 FXDrv32; \??\G:\FXDrv32.sys [X] S4 InCDFs; system32\drivers\InCDFs.sys [X] S1 InCDPass; system32\drivers\InCDPass.sys [X] S1 InCDRm; system32\drivers\InCDRm.sys [X] S4 IntelIde; no ImagePath U5 StarOpen; H:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] S2 zumbus; system32\DRIVERS\zumbus.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-12 00:42 - 2016-03-12 00:42 - 00019692 _____ H:\Documents and Settings\1\Desktop\FRST.txt 2016-03-11 23:51 - 2016-03-11 23:51 - 00000706 _____ H:\Documents and Settings\All Users\Desktop\Unchecky.lnk 2016-03-11 23:51 - 2016-03-11 23:51 - 00000000 ____D H:\Program Files\Unchecky 2016-03-11 23:51 - 2016-03-11 23:51 - 00000000 ____D H:\Documents and Settings\All Users\Start Menu\Programs\Unchecky 2016-03-11 23:51 - 2016-03-11 23:51 - 00000000 ____D H:\Documents and Settings\All Users\Application Data\Unchecky 2016-03-11 22:00 - 2016-03-11 22:00 - 00001817 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk 2016-03-11 22:00 - 2016-03-11 22:00 - 00001811 _____ H:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2016-03-11 20:58 - 2016-03-11 20:58 - 00000000 ____D H:\Documents and Settings\1\Application Data\vlc 2016-03-08 17:18 - 2016-03-08 17:18 - 00006174 _____ H:\Documents and Settings\1\My Documents\mp3-nero.txt 2016-02-25 13:11 - 2016-03-12 00:02 - 00000830 _____ H:\WINDOWS\Tasks\Adobe Flash Player Updater.job ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-12 00:42 - 2015-12-14 16:50 - 00000000 ____D H:\Documents and Settings\1\Local Settings\temp 2016-03-12 00:42 - 2015-12-07 22:39 - 00000000 ____D H:\FRST 2016-03-12 00:40 - 2015-12-14 00:36 - 01725440 _____ (Farbar) H:\Documents and Settings\1\Desktop\FRST.exe 2016-03-12 00:40 - 2015-12-13 17:34 - 00000000 ____D H:\Documents and Settings\1\Desktop\FRST-OlderVersion 2016-03-12 00:39 - 2008-11-06 20:49 - 00000000 ____D H:\Documents and Settings\1\Application Data\uTorrent 2016-03-12 00:33 - 2011-11-12 12:23 - 00000982 _____ H:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-527237240-1801674531-1003UA.job 2016-03-11 23:58 - 2010-02-07 17:01 - 00000886 _____ H:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-11 22:48 - 2015-12-07 11:40 - 00170200 _____ (Malwarebytes) H:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-03-11 22:06 - 2015-12-16 16:16 - 00000354 ____H H:\WINDOWS\Tasks\avast! Emergency Update.job 2016-03-11 22:06 - 2011-05-15 09:25 - 00000000 __SHD H:\WINDOWS\CSC 2016-03-11 22:06 - 2010-02-07 17:01 - 00000882 _____ H:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-11 22:06 - 2008-06-12 15:14 - 00000006 ____H H:\WINDOWS\Tasks\SA.DAT 2016-03-11 22:00 - 2008-11-02 23:04 - 00000000 ____D H:\Documents and Settings\1\Local Settings\Application Data\Google 2016-03-11 22:00 - 2008-11-02 22:08 - 00000000 ____D H:\Program Files\Google 2016-03-11 21:46 - 2015-01-13 21:17 - 00000000 __HDC H:\WINDOWS\$NtUninstallKB932716-v2$ 2016-03-11 21:46 - 2008-06-12 15:17 - 00000178 ___SH H:\Documents and Settings\1\ntuser.ini 2016-03-11 21:46 - 2008-06-12 15:14 - 00032520 _____ H:\WINDOWS\SchedLgU.Txt 2016-03-11 21:44 - 2008-06-12 15:17 - 00000000 ____D H:\Documents and Settings\1 2016-03-11 20:58 - 2013-05-04 10:57 - 00000684 _____ H:\Documents and Settings\All Users\Desktop\VLC media player.lnk 2016-03-11 20:38 - 2013-02-25 18:42 - 00797376 _____ (Adobe Systems Incorporated) H:\WINDOWS\system32\FlashPlayerApp.exe 2016-03-11 20:38 - 2011-11-29 19:42 - 00142528 _____ (Adobe Systems Incorporated) H:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-03-11 18:33 - 2011-11-12 12:23 - 00000960 _____ H:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-527237240-1801674531-1003Core.job 2016-03-11 16:12 - 2008-06-12 15:18 - 00000000 ___RD H:\Documents and Settings\1\My Documents\Moite kartinki 2016-03-10 10:25 - 2001-08-23 11:00 - 00002206 _____ H:\WINDOWS\system32\wpa.dbl 2016-03-08 17:21 - 2008-11-12 13:28 - 00000000 __RSD H:\Documents and Settings\1\Desktop\probna 2016-03-08 17:18 - 2008-06-12 15:17 - 00000000 ___RD H:\Documents and Settings\1\My Documents 2016-03-08 17:09 - 2008-06-12 14:11 - 00000187 _____ H:\WINDOWS\winamp.ini 2016-03-02 16:16 - 2015-12-16 16:16 - 00812720 _____ (AVAST Software) H:\WINDOWS\system32\Drivers\aswsnx.sys 2016-02-27 19:46 - 2008-12-11 00:39 - 00000176 _____ H:\WINDOWS\system32\test.aok 2016-02-26 20:51 - 2014-08-06 14:48 - 00000000 ____D H:\Documents and Settings\1\Desktop\tr 2016-02-25 13:12 - 2009-05-26 19:10 - 00000000 ____D H:\Program Files\Common Files\Adobe AIR 2016-02-25 13:06 - 2014-03-22 20:07 - 00000258 __RSH H:\Documents and Settings\All Users\ntuser.pol 2016-02-25 13:06 - 2008-06-12 17:55 - 00000000 ____D H:\Documents and Settings\All Users 2016-02-25 13:04 - 2015-12-10 11:50 - 00000000 __HDC H:\WINDOWS\$NtUninstallKB977816$ 2016-02-25 13:02 - 2016-01-31 18:01 - 00000813 _____ H:\Documents and Settings\All Users\Start Menu\Programs\SumatraPDF.lnk 2016-02-25 13:02 - 2015-12-31 00:10 - 00000654 _____ H:\Documents and Settings\All Users\Desktop\Speccy.lnk 2016-02-25 13:02 - 2015-12-16 16:17 - 00001689 _____ H:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk 2016-02-25 13:02 - 2015-12-09 19:36 - 00000786 _____ H:\Documents and Settings\All Users\Desktop\CCleaner.lnk 2016-02-25 13:02 - 2015-12-09 16:12 - 00002415 _____ H:\Documents and Settings\All Users\Desktop\Skype.lnk 2016-02-25 13:02 - 2015-12-07 11:36 - 00000796 _____ H:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2016-02-25 13:02 - 2015-11-27 22:40 - 00000522 _____ H:\Documents and Settings\All Users\Desktop\MailBooks.lnk 2016-02-25 13:02 - 2015-04-03 17:14 - 00002347 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk 2016-02-25 13:02 - 2015-04-03 17:14 - 00001734 _____ H:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk 2016-02-25 13:02 - 2015-01-16 17:56 - 00000738 _____ H:\Documents and Settings\All Users\Desktop\GOM Player.lnk 2016-02-25 13:02 - 2014-03-09 22:43 - 00002771 _____ H:\Documents and Settings\All Users\Desktop\ABBYY FineReader 11.lnk 2016-02-25 13:02 - 2014-01-11 17:43 - 00000585 _____ H:\Documents and Settings\All Users\Desktop\Scooby-Doo(TM) First Frights.lnk 2016-02-25 13:02 - 2013-10-09 17:25 - 00001938 _____ H:\Documents and Settings\All Users\Desktop\LibreOffice 4.1.lnk 2016-02-25 13:02 - 2013-10-05 16:42 - 00002463 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Excel Viewer.lnk 2016-02-25 13:02 - 2013-10-03 11:46 - 00000625 _____ H:\Documents and Settings\All Users\Desktop\Ученически Синтезатор.lnk 2016-02-25 13:02 - 2012-03-08 16:32 - 00000654 _____ H:\Documents and Settings\All Users\Desktop\GOM Video Converter.lnk 2016-02-25 13:02 - 2011-06-28 16:46 - 00000855 _____ H:\Documents and Settings\All Users\Start Menu\Programs\HD ADeck.lnk 2016-02-25 13:02 - 2011-06-28 16:46 - 00000849 _____ H:\Documents and Settings\All Users\Desktop\HD ADeck.lnk 2016-02-25 13:02 - 2011-04-29 11:37 - 00000807 _____ H:\Documents and Settings\1\Start Menu\Programs\Internet Explorer.lnk 2016-02-25 13:02 - 2009-01-10 16:08 - 00001257 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Photo Story 3 for Windows.lnk 2016-02-25 13:02 - 2008-11-06 20:50 - 00000636 _____ H:\Documents and Settings\1\Start Menu\Programs\µTorrent.lnk 2016-02-25 13:02 - 2008-06-12 15:18 - 00000738 _____ H:\Documents and Settings\1\Start Menu\Programs\Outlook Express.lnk 2016-02-25 13:02 - 2008-06-12 15:17 - 00001599 _____ H:\Documents and Settings\1\Start Menu\Programs\Remote Assistance.lnk 2016-02-25 13:02 - 2008-06-12 15:17 - 00000788 _____ H:\Documents and Settings\1\Start Menu\Programs\Windows Media Player.lnk 2016-02-25 13:02 - 2008-06-12 15:04 - 00000786 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk 2016-02-25 13:02 - 2008-06-12 15:02 - 00000605 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk 2016-02-25 13:01 - 2016-01-24 20:59 - 00001127 _____ H:\Documents and Settings\1\Desktop\Adventurers Community.lnk 2016-02-25 13:01 - 2016-01-24 20:59 - 00000999 _____ H:\Documents and Settings\1\Desktop\Mortimer Beckett and the Time Paradox.lnk 2016-02-25 13:01 - 2013-02-24 22:47 - 00000551 _____ H:\Documents and Settings\1\Desktop\BS.Player FREE.lnk 2016-02-25 13:01 - 2010-11-12 20:07 - 00000697 _____ H:\Documents and Settings\1\Desktop\PDF2Word v3.0.lnk 2016-02-25 13:01 - 2010-11-11 20:25 - 00000781 _____ H:\Documents and Settings\1\Desktop\ReadManiac Builder Wizard.lnk 2016-02-25 13:01 - 2010-03-08 21:40 - 00000104 _____ H:\Documents and Settings\1\Desktop\Моят компютър.lnk 2016-02-25 13:01 - 2010-01-02 17:20 - 00000863 _____ H:\Documents and Settings\1\Desktop\Folder Marker.lnk 2016-02-25 13:01 - 2009-12-12 21:14 - 00000752 _____ H:\Documents and Settings\1\Desktop\Format Factory.lnk 2016-02-25 13:01 - 2009-11-05 19:37 - 00000676 _____ H:\Documents and Settings\1\Desktop\Mp3 Knife.lnk 2016-02-25 13:01 - 2009-06-07 14:29 - 00000983 _____ H:\Documents and Settings\1\Desktop\Subtitle Workshop.lnk 2016-02-25 13:01 - 2009-04-13 14:42 - 00000892 _____ H:\Documents and Settings\1\Desktop\DVDVideoSoft Free Studio.lnk 2016-02-25 13:01 - 2009-01-19 15:34 - 00000734 _____ H:\Documents and Settings\1\Desktop\Acrobat.com.lnk 2016-02-25 13:01 - 2008-12-20 18:52 - 00000571 _____ H:\Documents and Settings\1\Desktop\KMPlayer.lnk 2016-02-25 13:01 - 2008-12-11 00:35 - 00000665 _____ H:\Documents and Settings\1\Desktop\Allok Video to 3GP Converter.lnk 2016-02-25 13:01 - 2008-11-06 20:50 - 00000792 _____ H:\Documents and Settings\1\Desktop\µTorrent.lnk 2016-02-25 13:01 - 2008-10-23 10:57 - 00000398 _____ H:\Documents and Settings\1\Desktop\Free.lnk 2016-02-25 13:01 - 2008-06-12 15:29 - 00002319 _____ H:\Documents and Settings\1\Desktop\Nero StartSmart.lnk 2016-02-25 13:01 - 2008-06-12 15:23 - 00001637 _____ H:\Documents and Settings\1\Desktop\InterVideo WinDVD 7.lnk 2016-02-25 13:01 - 2008-06-12 15:18 - 00000801 _____ H:\Documents and Settings\1\Desktop\Internet Explorer.lnk 2016-02-25 13:01 - 2008-06-12 14:11 - 00000654 _____ H:\Documents and Settings\1\Desktop\Winamp.lnk 2016-02-25 13:01 - 2008-06-12 14:04 - 00000733 _____ H:\Documents and Settings\1\Desktop\DAEMON Tools Lite.lnk 2016-02-25 12:36 - 2014-06-16 16:03 - 00000000 ____D H:\Documents and Settings\1\Application Data\SkypEmoticons ==================== Files in the root of some directories ======= 2008-12-15 17:37 - 2008-12-15 17:37 - 0087608 _____ () H:\Documents and Settings\1\Application Data\inst.exe 2008-12-15 17:37 - 2008-12-15 17:37 - 0007887 _____ () H:\Documents and Settings\1\Application Data\pcouffin.cat 2008-12-15 17:37 - 2008-12-15 17:37 - 0001144 _____ () H:\Documents and Settings\1\Application Data\pcouffin.inf 2008-12-15 17:37 - 2008-12-15 17:37 - 0000034 _____ () H:\Documents and Settings\1\Application Data\pcouffin.log 2008-12-15 17:37 - 2008-12-15 17:37 - 0047360 _____ (VSO Software) H:\Documents and Settings\1\Application Data\pcouffin.sys 2008-12-15 17:37 - 2014-01-09 13:42 - 0000671 _____ () H:\Documents and Settings\1\Application Data\vso_ts_preview.xml 2009-02-07 21:10 - 2009-02-07 21:10 - 0001024 _____ () H:\Documents and Settings\1\Application Data\WavCodec.wff 2008-06-12 21:45 - 2015-11-25 11:55 - 0187904 _____ () H:\Documents and Settings\1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-05-12 21:13 - 2011-05-12 21:13 - 0000124 _____ () H:\Documents and Settings\1\Local Settings\Application Data\fusioncache.dat 2008-06-12 14:34 - 2008-06-12 14:34 - 0000600 _____ () H:\Documents and Settings\1\Local Settings\Application Data\PUTTY.RND 2012-01-05 08:27 - 2012-01-05 08:27 - 0000000 _____ () H:\Documents and Settings\1\Local Settings\Application Data\{84E18409-91B6-4BB9-ACA1-CB862156C6C9} 2010-09-26 17:49 - 2010-09-26 17:49 - 0005067 _____ () H:\Documents and Settings\All Users\Application Data\hvcatrnw.tht 2008-07-31 17:19 - 2011-10-12 19:59 - 0000000 _____ () H:\Documents and Settings\All Users\Application Data\LauncherAccess.dt Some files in TEMP: ==================== H:\Documents and Settings\1\Local Settings\temp\Uninstall.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) H:\WINDOWS\explorer.exe => File is digitally signed H:\WINDOWS\system32\winlogon.exe => File is digitally signed H:\WINDOWS\system32\svchost.exe => File is digitally signed H:\WINDOWS\system32\services.exe => File is digitally signed H:\WINDOWS\system32\User32.dll => File is digitally signed H:\WINDOWS\system32\userinit.exe => File is digitally signed H:\WINDOWS\system32\rpcss.dll => File is digitally signed H:\WINDOWS\system32\dnsapi.dll => File is digitally signed H:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================ Не знам дали е необходимо но ще пусна и какво откри програмата "Malwarebytes Anti-Malware" Malwarebytes Anti-Malware www.malwarebytes.org Дата на сканиране: 11.3.2016 г. Час на сканиране: 21:04:33 Дневник: Администратор: Да Версия: 2.2.0.1024 База от данни за злонамерен софтуер: v2016.03.11.04 База от данни за рууткити: v2016.02.27.01 Лиценз: Безплатен Защита от злонамерен софтуер: Забранено Защита от злонамерени страници: Забранено Самозащита: Забранено ОС: Windows XP Service Pack 3 Процесор: x86 Файлова система: NTFS Потребител: 1 Тип сканиране: Сканиране за заплахи Резултат: Завършено Сканиране обекти: 379859 Изминало време: 36 мин. 22 сек. Памет: Разрешено Начално стартиране: Разрешено Файлова система: Разрешено Архиви: Разрешено Рууткити: Разрешено Дълбоко сканиране за рууткити: Разрешено Евристика: Разрешено ПНП: Разрешено ПНИ: Разрешено Процеси: 0 (Не бяха открити злонамерени обекти) Модули: 0 (Не бяха открити злонамерени обекти) Ключове в системния регистър: 2 PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\Conduit, Поставен под карантина, [39473353cfca6accab27f1929a6a37c9], PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1343024091-527237240-1801674531-1003\SOFTWARE\Conduit, Поставен под карантина, [b1cf61254d4c78be27aa6b182cd8be42], Стойности в системния регистър: 1 Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-1343024091-527237240-1801674531-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL, http://unblockservice.com/wpad.dat?88a13144f2d3161fed3d74711ef801975601775, Поставен под карантина, [acd491f53c5d59ddd6907c99ea1922de] Данни в системния регистър: 3 PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Добър: (0), Лош: (1),Заменен,[7f01d3b31584c175a200e72c6b9ab14f] PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Добър: (0), Лош: (1),Заменен,[b0d01d692277eb4ba7fce03311f442be] PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Добър: (0), Лош: (1),Заменен,[e0a031559504e4525351a96a7293bb45] Папки: 0 (Не бяха открити злонамерени обекти) Файлове: 3 PUP.Optional.InstallCore, H:\Documents and Settings\1\My Documents\Downloads\FlashVideoPlayer.exe, Поставен под карантина, [314f1d696534ac8a09f7858438cab749], PUP.Optional.InstallCore, H:\Documents and Settings\1\My Documents\Downloads\FlashVideoPlayer.zip, Поставен под карантина, [740c23635d3ce3539868c346a45e926e], PUP.Optional.InstallCore, H:\Documents and Settings\1\Local Settings\temp\Rar$DR00.641\FlashVideoPlayer.zip, Поставен под карантина, [d3ad8afce6b359dd06fa4ebb56ac3ac6], Физически сектори: 0 (Не бяха открити злонамерени обекти) (end) Addition.txt
  7. Много ви благодаря за помощта.Всичко вече си работи нормално .
  8. Здравейте, и за много години . Поради факта ,че компа отдавна не беше поглеждан от вещо око реших и го оставих в едно сервисче да го почистят от праха и до го огледат дали всичко си му е ок.След като отидох да си го взема ми казаха ,че освен многото прах нямало нищо обезпокоително и ако не искам друга операционна система различна от хр нямало нужда преинсталация.Благодарение на вас и вашите съвети горката антика се спаси от преинсталация.Благодаря ви за което. Светнаха ме и ,че хардуерната му конфигурация не била първа младост.С други думи това прекъсване при гледане онлайн се дължало и на това. Сега обаче ми изскочи друг проблем.Големината на екрана на монитора ми се смали и контролния панел на видео картата изчезна безследно.Къде ли не рових няма оправия !При опит да отворя контролния панел на NVIDIA от иконката която изрових из недрата на компа изписва това: NVIDIA Display The NVIDIA Display Panel extansion cannot be created Possible reason include: Version mismatch. Reinstalling display drivers may solve this problem. Стана ми ясно ,че иска нови драйвери. Но какви точно, и от къде да ги набавя,а и как да разбера кои драйвери да изтрия от старите /и от къде /? Знам ,че малко се изменя темата на поста, но не знам къде другаде да пиша пък не искам да карам компа пак на сервиз.Отидоха пак 2 седмици без компютър което си е много време.... Ако можете помагайте,ето и конфигурацията на компа. Операционна система Windows XP Professional 32-bit SP3 Процесор AMD Athlon II X2 250 99 °C Regor 45nm технология Оперативна памет 2,00ГБ Двуканална-канална DDR3 @ 803 MHz (9-9-9-28) Дънна платка ASUSTeK Computer INC. M4N68T-M-LE-V2 (AM3) 33 °C Графика Default Monitor (1360x768@60Hz) 256 MBNVIDIA GeForce 7025 / nForce 630a (ASUStek Computer Inc) Storage 232GB Hitachi HDT725025VLA SCSI Disk Device (SATA) 40 °C Оптични дискове HL-DT-ST DVD-RAM GSA-H58N JH1541F VHS134Q SCSI CdRom Device Звук VIA High Definition Audio Графика Монитор Име Default Monitor on NVIDIA GeForce 7025 / NVIDIA nForce 630a Текущ растер 1360x768 пиксела Работен растер 1360x738 пиксела Състояние Enabled, Primary Широчина на монитора 1360 Височина на монитора 768 Бита за пиксел на монитора 32 бита за пиксел Честота на монитора 60 Hz Устройство \\.\DISPLAY1\Monitor0 NVIDIA GeForce 7025 / nForce 630a Manufacturer NVIDIA Model GeForce 7025 / nForce 630a Графичен процесор MCP61 ИД на устройство 10DE-03D6 Редакция A3 Поддоставчик ASUStek Computer Inc (1043) Current Performance Level Level 0 DirectX поддръжка 9.0c DirectX шейдър модел 3.0 OpenGL поддръжка 2.0 Интерфейс на шината FPCI Часовник на графичния процесор 425 MHz Часовник на паметта 1600 MHz Версия на драйвер 6.14.13.783 Версия на BIOS 5.61.32.28.00 Брой растерни операции 2 Шейдъри Ръбови 2/Пикселни 21 Тип на паметта System Физическа памет 256 MB Виртуална памет 512 MB Скорост на визуализационна обраборка на пиксели 0,8 G пиксела/s Скорост на текстурна обработка на пиксели 0,8 G тексела/s Count of performance levels : 1 Level 1 - "Perf Level 0" Часовник на графичния процесор 425 MHz Часовник на шейдъра 1600 MHz Процесор AMD Athlon II X2 250 Ядра 2 Нишки 2 Име AMD Athlon II X2 250 Кодово име Regor Съвместяване Socket AM3 (938) Технология 45nm Спецификация AMD Athlon II X2 250 Processor Фамилия F Разширена фамилия 10 Модел 6 Разширен модел 6 Развитие на версията 3 Редакция DA-C3 Инструкции MMX (+), 3DNow! (+), SSE, SSE2, SSE3, SSE4A, AMD 64, NX, VMX Virtualization Supported, Enabled Hyperthreading Not supported Скорост на вентилатора 2800 min⁻¹ Скорост на шината 200.9 MHz Номинална скорост на шината 1004.4 MHz Базова скорост на ядрото 3000 MHz Базова скорост на шината 200 MHz Средна температура 99 °C Буфери Размер на буфер за данни 1-во ниво 2 x 64 KB Размер на буфер за инструкции 1-во ниво 2 x 64 KB Размер на L2 съвкупен буфер 2 x 1024 KB Ядра Скорост на ядрото Множител Скорост на шината Номинална скорост на шината Температура Нишки Ядро 0 3013.3 MHz x 15.0 200.9 MHz 1004.4 MHz 99 °C Ид. на APIC: 0 Ядро 1 3013.3 MHz x 15.0 200.9 MHz 1004.4 MHz 99 °C
  9. Деинсталирах Аваст и след това я изтрих и изтеглих наново.За сега не товари процесора.Явно нещо накъде е било прецакано!При инсталирането обаче компа заби яко и дойде на себе си едва след два рестарта.Това ме навява на мисълта дали не е прекалено тежка за моя комп? Сеченето при гледане онлайн вече не е постоянно ,но на моменти пак си прави старите номера.Процесора се товари на 60-75% при гледане на клипове .Не е ли пак твърде много?
  10. ComboFix 15-12-12.01 - 1 12.2015 г. 16:43:35.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.1791.1300 [GMT 2:00] Running from: h:\documents and settings\1\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . h:\documents and settings\1\My DocumentsPfS0Hu_cfdg.exe h:\documents and settings\1\My DocumentsYfq3N6_cfdg.exe h:\documents and settings\1\sqlite3.dll h:\documents and settings\1\WINDOWS h:\documents and settings\All Users\Application Data\TEMP h:\program files\Adblocker h:\windows\system32\Cache h:\windows\system32\Cache\272512937d9e61a4.fb h:\windows\system32\Cache\287204568329e189.fb h:\windows\system32\Cache\28bc8f716fd76a47.fb h:\windows\system32\Cache\31a0997e9a5b5eb3.fb h:\windows\system32\Cache\32c84fe32bb74d60.fb h:\windows\system32\Cache\3917078cb68ec657.fb h:\windows\system32\Cache\590ba23ce359fd0c.fb h:\windows\system32\Cache\610289e025a3ee9a.fb h:\windows\system32\Cache\651c5d3cdbfb8bd1.fb h:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb h:\windows\system32\Cache\6d03dad1035885d3.fb h:\windows\system32\Cache\6d0f0f9303ac1f16.fb h:\windows\system32\Cache\a8556537add6dfc5.fb h:\windows\system32\Cache\ad10a52aff5e038d.fb h:\windows\system32\Cache\c1fa887b03019701.fb h:\windows\system32\Cache\c4d28dca2e7648be.fb h:\windows\system32\Cache\ccdb64e17d2feae2.fb h:\windows\system32\Cache\d201ef9910cd39de.fb h:\windows\system32\Cache\d2e94710a5708128.fb h:\windows\system32\Cache\d79b9dfe81484ec4.fb h:\windows\system32\Cache\f998975c9cc711ee.fb h:\windows\system32\NEW3B.tmp h:\windows\system32\NEW61.tmp h:\windows\system32\NEW67.tmp h:\windows\system32\SET236D.tmp h:\windows\system32\SET2370.tmp h:\windows\system32\SET2372.tmp h:\windows\system32\SET27A9.tmp h:\windows\system32\SET27AA.tmp h:\windows\system32\SET28A7.tmp h:\windows\system32\SET28A8.tmp h:\windows\system32\SET28A9.tmp h:\windows\system32\SET28AD.tmp h:\windows\system32\SET28AE.tmp h:\windows\system32\SET28AF.tmp h:\windows\system32\SET28B4.tmp h:\windows\system32\SET28B5.tmp h:\windows\system32\tmp94.tmp h:\windows\system32\tmp95.tmp I:\install.exe I:\Setup.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SSHNAS . . ((((((((((((((((((((((((( Files Created from 2015-11-14 to 2015-12-14 ))))))))))))))))))))))))))))))) . . 2015-12-13 22:26 . 2015-12-13 22:35 -------- d-----w- h:\documents and settings\1\Application Data\Geek Uninstaller 2015-12-10 10:17 . 2015-12-10 10:17 1072544 ----a-w- h:\windows\system32\nvdrsdb0.bin 2015-12-10 10:17 . 2015-12-10 10:17 1 ----a-w- h:\windows\system32\nvdrssel.bin 2015-12-10 10:17 . 2015-12-10 10:17 1072544 ----a-w- h:\windows\system32\nvdrsdb1.bin 2015-12-10 10:02 . 2015-12-10 10:02 -------- d-----w- h:\windows\system32\KB905474 2015-12-10 09:29 . 2015-12-10 09:29 -------- d-----w- h:\documents and settings\1\Local Settings\Application Data\PCHealth 2015-12-10 08:13 . 2015-12-10 08:17 -------- d-----w- h:\windows\ie8updates 2015-12-10 07:53 . 2008-06-13 11:05 272128 -c----w- h:\windows\system32\dllcache\bthport.sys 2015-12-10 07:53 . 2008-06-13 11:05 272128 ------w- h:\windows\system32\drivers\bthport.sys 2015-12-10 00:26 . 2013-07-03 02:12 25088 -c----w- h:\windows\system32\dllcache\hidparse.sys 2015-12-10 00:25 . 2013-07-17 00:58 46848 -c----w- h:\windows\system32\dllcache\irbus.sys 2015-12-10 00:24 . 2013-02-12 00:32 12928 -c----w- h:\windows\system32\dllcache\usb8023x.sys 2015-12-09 23:46 . 2013-09-23 18:33 12800 -c----w- h:\windows\system32\dllcache\xpshims.dll 2015-12-09 23:46 . 2013-09-23 18:33 55296 -c----w- h:\windows\system32\dllcache\msfeedsbs.dll 2015-12-09 23:46 . 2013-09-23 18:33 247808 -c----w- h:\windows\system32\dllcache\ieproxy.dll 2015-12-09 23:46 . 2013-09-23 18:33 43520 -c--a-w- h:\windows\system32\dllcache\licmgr10.dll 2015-12-09 23:46 . 2013-09-23 18:33 43520 ----a-w- h:\windows\system32\licmgr10.dll 2015-12-09 23:46 . 2013-09-23 18:33 743424 -c----w- h:\windows\system32\dllcache\iedvtool.dll 2015-12-09 23:46 . 2013-09-23 18:33 630272 -c----w- h:\windows\system32\dllcache\msfeeds.dll 2015-12-09 23:46 . 2013-09-23 18:33 105984 -c--a-w- h:\windows\system32\dllcache\url.dll 2015-12-09 23:46 . 2013-09-23 18:33 11113472 -c----w- h:\windows\system32\dllcache\ieframe.dll 2015-12-09 23:45 . 2013-09-23 18:33 2006016 -c----w- h:\windows\system32\dllcache\iertutil.dll 2015-12-09 23:45 . 2013-09-23 18:33 522240 -c----w- h:\windows\system32\dllcache\jsdbgui.dll 2015-12-09 23:45 . 2013-09-23 18:33 522240 ------w- h:\program files\Internet Explorer\jsdbgui.dll 2015-12-09 23:31 . 2013-08-09 00:55 144128 -c----w- h:\windows\system32\dllcache\usbport.sys 2015-12-09 23:31 . 2013-08-09 00:55 5376 -c----w- h:\windows\system32\dllcache\usbd.sys 2015-12-09 23:31 . 2009-03-18 11:02 30336 -c----w- h:\windows\system32\dllcache\usbehci.sys 2015-12-09 23:02 . 2013-07-04 03:03 2149888 -c----w- h:\windows\system32\dllcache\ntkrnlmp.exe 2015-12-09 23:02 . 2013-07-04 02:59 2193536 -c----w- h:\windows\system32\dllcache\ntoskrnl.exe 2015-12-09 23:02 . 2013-07-04 02:08 2070144 -c----w- h:\windows\system32\dllcache\ntkrnlpa.exe 2015-12-09 23:02 . 2013-07-04 02:08 2028544 -c----w- h:\windows\system32\dllcache\ntkrpamp.exe 2015-12-09 23:01 . 2013-11-06 01:03 7168 ----a-w- h:\windows\system32\xpsp4res.dll 2015-12-09 22:54 . 2012-01-11 19:06 3072 -c----w- h:\windows\system32\dllcache\iacenc.dll 2015-12-09 22:54 . 2012-01-11 19:06 3072 ------w- h:\windows\system32\iacenc.dll 2015-12-09 22:43 . 2010-10-11 14:59 45568 ----a-w- h:\program files\Outlook Express\wab.exe 2015-12-09 14:12 . 2015-12-09 14:12 -------- d-----w- h:\program files\Common Files\Skype 2015-12-07 20:39 . 2015-12-13 22:44 -------- d-----w- H:\FRST 2015-12-07 09:40 . 2015-12-13 14:07 170200 ----a-w- h:\windows\system32\drivers\MBAMSwissArmy.sys 2015-12-07 09:36 . 2015-12-07 09:36 -------- d-----w- h:\documents and settings\All Users\Application Data\Malwarebytes 2015-12-07 09:36 . 2015-10-05 07:50 121560 ----a-w- h:\windows\system32\drivers\mbamchameleon.sys 2015-12-07 09:36 . 2015-10-05 07:50 23256 ----a-w- h:\windows\system32\drivers\mbam.sys 2015-12-06 21:18 . 2015-12-06 21:18 -------- d-----w- h:\documents and settings\LocalService\Local Settings\Application Data\Temp 2015-12-06 09:14 . 2015-12-06 09:14 165104 ----a-w- h:\windows\system32\drivers\aswStmXP.sys 2015-12-06 09:14 . 2015-12-06 09:14 322760 ----a-w- h:\windows\system32\aswBoot.exe 2015-12-06 09:14 . 2015-12-06 09:14 43112 ----a-w- h:\windows\avastSS.scr 2015-11-26 15:03 . 2011-05-30 13:42 240640 ----a-w- h:\windows\system32\xvidvfw.dll 2015-11-26 15:03 . 2011-05-23 09:52 153088 ----a-w- h:\windows\system32\xvid.ax 2015-11-26 15:03 . 2011-05-23 07:46 645632 ----a-w- h:\windows\system32\xvidcore.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-12-06 09:14 . 2014-07-26 08:02 24016 ----a-w- h:\windows\system32\drivers\aswHwid.sys 2015-12-06 09:14 . 2014-01-11 12:01 58016 ----a-w- h:\windows\system32\drivers\aswTdi.sys 2015-12-06 09:14 . 2014-01-11 12:01 49776 ----a-w- h:\windows\system32\drivers\aswRvrt.sys 2015-12-06 09:14 . 2014-01-11 12:01 435976 ----a-w- h:\windows\system32\drivers\aswSP.sys 2015-12-06 09:14 . 2014-01-11 12:01 209432 ----a-w- h:\windows\system32\drivers\aswVmm.sys 2015-12-06 09:14 . 2014-01-11 12:01 81168 ----a-w- h:\windows\system32\drivers\aswMonFlt.sys 2015-12-06 09:14 . 2014-01-11 12:01 55200 ----a-w- h:\windows\system32\drivers\aswRdr.sys 2015-12-06 09:13 . 2014-01-11 12:01 794952 ----a-w- h:\windows\system32\drivers\aswSnx.sys 2015-11-27 14:06 . 2013-02-25 16:42 780488 ----a-w- h:\windows\system32\FlashPlayerApp.exe 2015-11-27 14:06 . 2011-11-29 17:42 142536 ----a-w- h:\windows\system32\FlashPlayerCPLApp.cpl . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-05-19 . D374EB1426ADBE6F919B96037432B5CE . 1614848 . . [5.1.2600.5512] . . h:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2015-12-06 09:13 750216 ----a-w- h:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Avast-Browser-Cleanup"="h:\program files\AVAST Software\Avast\BrowserCleanup.exe/RunOnce" [X] "uTorrent"="h:\documents and settings\1\Application Data\uTorrent\uTorrent.exe" [2015-12-01 2026520] "DAEMON Tools Lite"="h:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "swg"="h:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2015-02-04 39408] "Xvid"="i:\programi\Xvid-1.3.2-20110601\CheckUpdate.exe" [2011-01-17 8192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "NeroFilterCheck"="h:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "tsnpstd3"="h:\windows\tsnpstd3.exe" [2007-04-23 262144] "HDAudDeck"="h:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-05-24 33747360] "snpstd3"="h:\windows\vsnpstd3.exe" [2007-04-25 831488] "AvastUI.exe"="h:\program files\AVAST Software\Avast\AvastUI.exe" [2015-12-06 7021880] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . h:\documents and settings\All Users\Start Menu\Programs\Startup\ InterVideo WinCinema Manager.lnk - h:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-12 278528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2014-05-08 13:48 959904 ----a-w- h:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BingSvc] 2015-11-18 19:28 144008 ----a-w- h:\documents and settings\1\Local Settings\Application Data\Microsoft\BingSvc\BingSvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR11] 2011-09-04 22:58 925960 ----a-w- i:\programi\Obrabotka na dokymenti\Bonus.ScreenshotReader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring] 2015-11-16 16:54 6602152 ----a-w- i:\programi\CCleaner512-програма за почистване на остатъчни файлове\CCleaner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:42 1695232 ------w- h:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "h:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "h:\\Program Files\\Messenger\\msmsgs.exe"= "h:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "h:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "h:\\Documents and Settings\\1\\Application Data\\uTorrent\\uTorrent.exe"= "h:\\Documents and Settings\\1\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"= "h:\\Program Files\\Skype\\Phone\\Skype.exe"= "h:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"= . R0 aswRvrt;avast! Revert;h:\windows\system32\drivers\aswRvrt.sys [11.1.2014 г. 14:01 49776] R0 aswVmm;avast! VM Monitor;h:\windows\system32\drivers\aswVmm.sys [11.1.2014 г. 14:01 209432] R0 sptd;sptd;h:\windows\system32\drivers\sptd.sys [12.6.2008 г. 14:03 721904] R1 aswSnx;aswSnx;h:\windows\system32\drivers\aswSnx.sys [11.1.2014 г. 14:01 794952] R1 aswSP;aswSP;h:\windows\system32\drivers\aswSP.sys [11.1.2014 г. 14:01 435976] R2 ABBYY.Licensing.FineReader.Corporate.11.0;ABBYY FineReader 11 CE Licensing Service;h:\program files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [12.10.2011 г. 19:54 819976] R2 aswHwid;avast! HardwareID;h:\windows\system32\drivers\aswHwid.sys [26.7.2014 г. 10:02 24016] R2 aswMonFlt;aswMonFlt;h:\windows\system32\drivers\aswMonFlt.sys [11.1.2014 г. 14:01 81168] R3 pcouffin;VSO Software pcouffin;h:\windows\system32\drivers\pcouffin.sys [15.12.2008 г. 17:37 47360] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;h:\windows\system32\drivers\viahduaa.sys [28.6.2011 г. 16:45 2136224] S2 SkypeUpdate;Skype Updater;h:\program files\Skype\Updater\Updater.exe [09.7.2015 г. 12:14 327296] S3 aswStmXP;Avast StreamFilter Driver;h:\windows\system32\drivers\aswStmXP.sys [06.12.2015 г. 11:14 165104] S3 FXDrv32;FXDrv32;\??\g:\fxdrv32.sys --> g:\FXDrv32.sys [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-12-13 22:59 1000264 ----a-w- h:\program files\Google\Chrome\Application\47.0.2526.80\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-12-14 h:\windows\Tasks\avast! Emergency Update.job - h:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-06 09:13] . 2015-12-13 h:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-527237240-1801674531-1003Core.job - h:\documents and settings\1\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-11-12 15:28] . 2015-12-14 h:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-527237240-1801674531-1003UA.job - h:\documents and settings\1\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-11-12 15:28] . 2015-12-14 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job - h:\program files\Google\Update\GoogleUpdate.exe [2015-02-04 08:12] . 2015-12-14 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job - h:\program files\Google\Update\GoogleUpdate.exe [2015-02-04 08:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.bg/ TCP: Interfaces\{22CD05BE-8069-4753-A8E5-436BCFBE9135}: NameServer = 10.98.0.1 TCP: Interfaces\{948CFD05-098D-4396-92E2-FB3E18B8BC3F}: NameServer = 10.98.0.1 TCP: Interfaces\{ED35FE50-A8CB-450B-B4D1-916DDF2590B2}: NameServer = 10.98.0.1,77.71.11.2 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-NWEReboot - (no file) Notify-AtiExtEvent - (no file) Notify-avgrsstarter - (no file) MSConfigStartUp-FlashGet - h:\program files\FlashGet Network\FlashGet universal\FlashGet.exe MSConfigStartUp-Picasa Media Detector - h:\program files\Picasa2\PicasaMediaDetector.exe AddRemove-Aliens versus Predator - i:\games\pc-alien vs predator-gold edition\Uninst.isu AddRemove-Tomb Raider III - i:\games\tomb rider iii adventures of lara croft - westsideteam\Uninst.isu . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2015-12-14 17:03 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = h:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1343024091-527237240-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\B20@O=5 *=0 *C*C*l*e*a*n*e*r*& \command] @="i:\\PROGRAMI\\CCleaner512-програма за почистване на остатъчни файлове\\ccleaner.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@h:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="h:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2644) h:\windows\system32\ieframe.dll h:\windows\system32\webcheck.dll h:\windows\system32\WPDShServiceObj.dll h:\windows\system32\PortableDeviceTypes.dll h:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . h:\program files\AVAST Software\Avast\AvastSvc.exe h:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe h:\windows\system32\UAService7.exe h:\windows\system32\wscntfy.exe h:\documents and settings\1\Application Data\uTorrent\updates\3.4.5_41372\utorrentie.exe h:\documents and settings\1\Application Data\uTorrent\updates\3.4.5_41372\utorrentie.exe h:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Completion time: 2015-12-14 17:08:16 - machine was rebooted ComboFix-quarantined-files.txt 2015-12-14 15:08 . Pre-Run: 13 444 313 088 bytes free Post-Run: 15 756 128 256 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 129858C892CC7F441F28AD85012EA8DD 8F558EB6672622401DA993E1E865C861 .Направих няколко снимки на Task Manager-a как работи когато се гледа онлайн и когато не се прави нищо на компа.Дано да се вижда нещо.
  11. Всичко е изпълнено ,за съжаление подобрение няма...все така забива .Процесора все се товари 100% като пусна да гледам онлайн в ю-туб.А, когато не гледам нищо пада до 60 % и ми показва ,че има 41 рапотещи процеса...каквото и да значи това.Май компа се е прецакал тотално... Файлчето е прекачено. Fixlog.txt
  12. Изпълних всички стъпки още веднъж. Malwarebytes Anti-Malware www.malwarebytes.org Дата на сканиране: 13.12.2015 г. Час на сканиране: 16:07:06 Дневник: Администратор: Да Версия: 2.2.0.1024 База от данни за злонамерен софтуер: v2015.12.13.03 База от данни за рууткити: v2015.12.07.01 Лиценз: Безплатен Защита от злонамерен софтуер: Забранено Защита от злонамерени страници: Забранено Самозащита: Забранено ОС: Windows XP Service Pack 3 Процесор: x86 Файлова система: NTFS Потребител: 1 Тип сканиране: Сканиране за заплахи Резултат: Завършено Сканиране обекти: 371547 Изминало време: 1 ч., 7 мин., 34 сек. Памет: Разрешено Начално стартиране: Разрешено Файлова система: Разрешено Архиви: Разрешено Рууткити: Разрешено Дълбоко сканиране за рууткити: Разрешено Евристика: Разрешено ПНП: Разрешено ПНИ: Разрешено Процеси: 0 (Не бяха открити злонамерени обекти) Модули: 0 (Не бяха открити злонамерени обекти) Ключове в системния регистър: 0 (Не бяха открити злонамерени обекти) Стойности в системния регистър: 0 (Не бяха открити злонамерени обекти) Данни в системния регистър: 0 (Не бяха открити злонамерени обекти) Папки: 0 (Не бяха открити злонамерени обекти) Файлове: 0 (Не бяха открити злонамерени обекти) Физически сектори: 0 (Не бяха открити злонамерени обекти) (end) Addition.txt FRST.txt
  13. Благодаря ,за търпението което проявихте към мен.Най-после се справих и изтрих всички гадини от компа. Обаче при гледане онлайн това "сечене" продължава и процесора също пак е на 90-100%. Прикачам рапортите: Malwarebytes Anti-Malware www.malwarebytes.org Дата на сканиране: 09.12.2015 г. Час на сканиране: 13:25:31 Дневник: Администратор: Да Версия: 2.2.0.1024 База от данни за злонамерен софтуер: v2015.12.09.01 База от данни за рууткити: v2015.12.07.01 Лиценз: Безплатен Защита от злонамерен софтуер: Забранено Защита от злонамерени страници: Забранено Самозащита: Забранено ОС: Windows XP Service Pack 3 Процесор: x86 Файлова система: NTFS Потребител: 1 Тип сканиране: Сканиране за заплахи Резултат: Завършено Сканиране обекти: 395783 Изминало време: 1 ч., 26 мин., 34 сек. Памет: Разрешено Начално стартиране: Разрешено Файлова система: Разрешено Архиви: Разрешено Рууткити: Разрешено Дълбоко сканиране за рууткити: Разрешено Евристика: Разрешено ПНП: Разрешено ПНИ: Разрешено Процеси: 0 (Не бяха открити злонамерени обекти) Модули: 0 (Не бяха открити злонамерени обекти) Ключове в системния регистър: 0 (Не бяха открити злонамерени обекти) Стойности в системния регистър: 0 (Не бяха открити злонамерени обекти) Данни в системния регистър: 0 (Не бяха открити злонамерени обекти) Папки: 0 (Не бяха открити злонамерени обекти) Файлове: 0 (Не бяха открити злонамерени обекти) Физически сектори: 0 (Не бяха открити злонамерени обекти) (end) Addition.txt
  14. Извинявам се за навярно глупавия въпрос ,но възстановяването на системния регистър след всички манипулации с горепосочените програми ли се прави .Много съм невежа относно тези неща,извинявам се още веднъж.....
  15. Здравейте,опитах да създам нова точка на възстановяване по горепосочения начин ,но когато въведа това % SystemRoot%\system32\restore\rstrui.exe и натисна ок ми излиза ето този надпис:" Windows не може да намери "%".Уверете се ,че сте въвели името правилно , и след това опитайте отново".Опитах няколко пъти но все същото ми изписва.
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.