Премини към съдържанието

jordanfena

Потребител
  • Публикации

    10
  • Регистрация

  • Последно онлайн

Харесвания

2 Неутрална репутация

Всичко за jordanfena

  • Титла
    Потребител
  1. Вируси в системата

    Много благодаря, да сте живи и здрави. Успех занапред
  2. Вируси в системата

    Добро утро, благодаря за помощта и търпението. Ето и логовете: Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01 Ran by Mobilen (2016-03-31 08:10:29) Run:2 Running from C:\Documents and Settings\Mobilen\Desktop Loaded Profiles: Mobilen (Available Profiles: Mobilen) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: C:\Documents and Settings\All Users\Documents\tmp\800245e09b8f938327135d299c74ac18 C:\Documents and Settings\Mobilen\Desktop\Стари данни Firefox C:\extensions\{997EF567-81DF-010C-C293-996559FB308A} DeleteKey: HKLM\SOFTWARE\Classes\AddonsFramework.PropertySyncObj.1 DeleteKey: HKLM\SOFTWARE\Classes\AddonsFramework.PropertySyncObj DeleteKey: HKLM\SOFTWARE\Classes\Interface\{82BACDC9-AFCE-41EE-92F5-B54F6DB45A1C} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{E7DFE909-EF92-4CB4-BB48-1A2AFF2A84A1} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4c297ddf-0a36-4b17-b8fa-0c0395f2c5bc} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{75faf80f-56c7-4bb3-b825-39d0a706b5a4} DeleteKey: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CHERIMOYA DeleteKey: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622 end ***************** Restore point was successfully created. Processes closed successfully. C:\Documents and Settings\All Users\Documents\tmp\800245e09b8f938327135d299c74ac18 => moved successfully C:\Documents and Settings\Mobilen\Desktop\Стари данни Firefox => moved successfully C:\extensions\{997EF567-81DF-010C-C293-996559FB308A} => moved successfully HKLM\SOFTWARE\Classes\AddonsFramework.PropertySyncObj.1 => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Classes\AddonsFramework.PropertySyncObj.1 => key removed successfully. HKLM\SOFTWARE\Classes\AddonsFramework.PropertySyncObj => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Classes\AddonsFramework.PropertySyncObj => key removed successfully. HKLM\SOFTWARE\Classes\Interface\{82BACDC9-AFCE-41EE-92F5-B54F6DB45A1C} => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Classes\Interface\{82BACDC9-AFCE-41EE-92F5-B54F6DB45A1C} => key removed successfully. HKLM\SOFTWARE\Classes\Interface\{E7DFE909-EF92-4CB4-BB48-1A2AFF2A84A1} => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Classes\Interface\{E7DFE909-EF92-4CB4-BB48-1A2AFF2A84A1} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4c297ddf-0a36-4b17-b8fa-0c0395f2c5bc} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{75faf80f-56c7-4bb3-b825-39d0a706b5a4} => key removed successfully. HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CHERIMOYA => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CHERIMOYA => key removed successfully. HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622 => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622 => key removed successfully. The system needed a reboot. ==== End of Fixlog 08:10:37 ==== ~ ZHPCleaner v2016.3.28.47 by Nicolas Coolman (2016/03/28) ~ Run by Mobilen (Administrator) (31/03/2016 08:27:12) ~ Site : http://www.nicolascoolman.com ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Repair ~ Report : C:\Documents and Settings\Mobilen\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Documents and Settings\Mobilen\Application Data\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) Windows XP, 32-bit Service Pack 3 (Build 2600) ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (4) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (4) MOVED file: C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage =>PUP.Optional.Chatango MOVED file: C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage-journal =>PUP.Optional.Chatango MOVED file: C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.bringmesports.com_0.localstorage =>.Superfluous.MindSpark MOVED file: C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.bringmesports.com_0.localstorage-journal =>.Superfluous.MindSpark ---\\ Registry ( Key, Value, Data) (25) DELETED key*: HKEY_USERS\.DEFAULT\Software\TBSB00001 [] =>.Superfluous.Conduit DELETED key*: HKLM\SOFTWARE\Classes\HPPUU.BrowserApplication [BrowserApplication Class] =>PUP.Optional.CrossRider DELETED key*: HKLM\SOFTWARE\Classes\HPPUU.BrowserApplication.1 [BrowserApplication Class] =>PUP.Optional.CrossRider DELETED key*: HKLM\SOFTWARE\Classes\Listbar.SSListBar [SSListBar Control] =>PUP.Optional.BHO DELETED key*: HKLM\SOFTWARE\Classes\Listbar.SSListBar.1 [SSListBar Control] =>PUP.Optional.BHO DELETED key*: HKLM\SOFTWARE\Classes\CLSID\{39E839BA-F661-4657-890B-D07F89721469} [BrowserApplication Class] =>PUP.Optional.CrossRider DELETED key*: HKLM\SOFTWARE\Classes\CLSID\{940D6050-66DF-4126-AABE-C346DB1AACC1} [NMCFEventManager Class] =>PUP.Optional.CrossRider DELETED key*: HKLM\SOFTWARE\Classes\CLSID\{F3EE3BEE-0101-466D-8DC8-F94517A042F4} [NMBAppPluginMediaBrowserVideo Class] =>PUP.Optional.CrossRider DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\somotoimeshmoviestoolbarCR [] =>.Superfluous.iMesh DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\somotoimeshmoviestoolbarFF [] =>.Superfluous.iMesh DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\somotoimeshmoviestoolbarIE [] =>.Superfluous.iMesh DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\somotomoviestoolbar181FF [] =>PUP.Optional.MegaSearch DELETED key: HKLM\SOFTWARE\Classes\CLSID\{39E839BA-F661-4657-890B-D07F89721469}\InprocServer32 [C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll] =>PUP.Optional.CrossRider DELETED key*: HKLM\SOFTWARE\Classes\CLSID\{926195BB-EF79-4201-A585-57E8CA8B9260} [SBOEPlugIn Class] =>.Superfluous.Paretologic DELETED key: HKLM\SOFTWARE\Classes\CLSID\{926195BB-EF79-4201-A585-57E8CA8B9260}\InprocServer32 [C:\Program Files\ParetoLogic\XoftSpy AntiVirus Pro\sbamoutlook.dll (Not File)] =>.Superfluous.Paretologic DELETED key: HKLM\SOFTWARE\Classes\CLSID\{940D6050-66DF-4126-AABE-C346DB1AACC1}\InprocServer32 [C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll] =>PUP.Optional.CrossRider DELETED key*: HKLM\SOFTWARE\Classes\CLSID\{9F8D3F3F-29DF-40C3-B09B-547A1E5C22E2} [PSFactoryBuffer] =>.Superfluous.Paretologic DELETED key: HKLM\SOFTWARE\Classes\CLSID\{9F8D3F3F-29DF-40C3-B09B-547A1E5C22E2}\InprocServer32 [C:\Program Files\ParetoLogic\XoftSpy AntiVirus Pro\sbamoutlook.dll (Not File)] =>.Superfluous.Paretologic DELETED key*: HKLM\SOFTWARE\Classes\CLSID\{A0695DC8-366E-4FEE-AC3C-A442E4E29C4E} [SBWLMailPlugIn Class] =>.Superfluous.Paretologic DELETED key: HKLM\SOFTWARE\Classes\CLSID\{A0695DC8-366E-4FEE-AC3C-A442E4E29C4E}\InprocServer32 [C:\Program Files\ParetoLogic\XoftSpy AntiVirus Pro\sbamoutlook.dll (Not File)] =>.Superfluous.Paretologic DELETED key*: HKLM\SOFTWARE\Classes\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C} [PSFactoryBuffer] =>.Superfluous.Paretologic DELETED key: HKLM\SOFTWARE\Classes\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C}\InprocServer32 [C:\Program Files\ParetoLogic\XoftSpy AntiVirus Pro\sbamsvcPs.dll (Not File)] =>.Superfluous.Paretologic DELETED key*: HKLM\SOFTWARE\Classes\CLSID\{E58A2D62-2CF0-4FD3-9C87-74966157CDDB} [SBOutlookPlugIn Class] =>.Superfluous.Paretologic DELETED key: HKLM\SOFTWARE\Classes\CLSID\{E58A2D62-2CF0-4FD3-9C87-74966157CDDB}\InprocServer32 [C:\Program Files\ParetoLogic\XoftSpy AntiVirus Pro\sbamoutlook.dll (Not File)] =>.Superfluous.Paretologic DELETED key: HKLM\SOFTWARE\Classes\CLSID\{F3EE3BEE-0101-466D-8DC8-F94517A042F4}\InprocServer32 [C:\Program Files\Nero\Nero 7\Nero Home\NeroMediaBrowserCorePlugins.dll] =>PUP.Optional.CrossRider ---\\ Summary of the elements found (8) http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.Chatango http://www.nicolascoolman.fr/?p=142 =>.Superfluous.MindSpark http://www.nicolascoolman.fr/?p=210 =>.Superfluous.Conduit http://www.nicolascoolman.fr/?p=180 =>PUP.Optional.CrossRider http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.BHO http://www.nicolascoolman.fr/?p=427 =>.Superfluous.iMesh http://www.nicolascoolman.fr/?p=431 =>PUP.Optional.MegaSearch http://www.nicolascoolman.fr/?p=5145 =>.Superfluous.Paretologic ---\\ Other deletions. (19) ~ Registry Keys Tracing deleted (19) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 652 ~ Items found : 0 ~ Items cancelled : 0 ~ Items repaired : 29 ~ End of clean in 00h00mn34s =================== ZHPCleaner-[R]-31032016-08_27_46.txt ZHPCleaner--29032016-08_28_11.txt ZHPCleaner--31032016-08_25_57.txt Поздрави, Йордан
  3. Вируси в системата

    Добро утро, ето и лога от програмата: C:\AdwCleaner\FileQuarantine\C\Documents and Settings\Mobilen\Application Data\FirefoxToolbar\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF14.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\AdwCleaner\FileQuarantine\C\Documents and Settings\Mobilen\Application Data\FirefoxToolbar\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF17.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\AdwCleaner\FileQuarantine\C\Documents and Settings\Mobilen\Application Data\FirefoxToolbar\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF18.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\AdwCleaner\FileQuarantine\C\Documents and Settings\Mobilen\Application Data\FirefoxToolbar\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF21.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\AdwCleaner\FileQuarantine\C\Documents and Settings\Mobilen\Application Data\FirefoxToolbar\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF22.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\AdwCleaner\FileQuarantine\C\Documents and Settings\Mobilen\Application Data\FirefoxToolbar\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF23.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\AdwCleaner\FileQuarantine\C\Documents and Settings\Mobilen\Application Data\FirefoxToolbar\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF24.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\AdwCleaner\FileQuarantine\C\Documents and Settings\Mobilen\Application Data\FirefoxToolbar\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF25.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\AdwCleaner\FileQuarantine\C\Documents and Settings\Mobilen\Application Data\FirefoxToolbar\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF26.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\AdwCleaner\FileQuarantine\C\Documents and Settings\Mobilen\Application Data\FirefoxToolbar\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF27.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\AdwCleaner\FileQuarantine\C\Documents and Settings\Mobilen\Application Data\FirefoxToolbar\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF28.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\AdwCleaner\FileQuarantine\C\Documents and Settings\Mobilen\Application Data\FirefoxToolbar\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF30.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\AdwCleaner\FileQuarantine\C\Documents and Settings\Mobilen\Application Data\FirefoxToolbar\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF31.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\AdwCleaner\FileQuarantine\C\Documents and Settings\Mobilen\Application Data\FirefoxToolbar\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF9.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\AdwCleaner\FileQuarantine\C\Documents and Settings\Mobilen\Local Settings\Application Data\PerformerSoft\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll.vir a variant of Win32/Toolbar.Babylon.Q potentially unwanted application C:\AdwCleaner\FileQuarantine\C\Documents and Settings\Mobilen\Local Settings\Application Data\PerformerSoft\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\main.js.vir Win32/Toolbar.Perion.K potentially unwanted application C:\Documents and Settings\All Users\Documents\tmp\800245e09b8f938327135d299c74ac18 a variant of Win32/Toolbar.Softomate.A potentially unwanted application C:\Documents and Settings\Mobilen\Desktop\Стари данни Firefox\ywwu404i.default\extensions\{a4ad8fd9-b395-43e3-88b5-240710b48e27}\dtuser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application C:\extensions\{997EF567-81DF-010C-C293-996559FB308A}\components\SafetyNutHlpFF10.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\extensions\{997EF567-81DF-010C-C293-996559FB308A}\components\SafetyNutHlpFF11.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\extensions\{997EF567-81DF-010C-C293-996559FB308A}\components\SafetyNutHlpFF12.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\extensions\{997EF567-81DF-010C-C293-996559FB308A}\components\SafetyNutHlpFF13.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\extensions\{997EF567-81DF-010C-C293-996559FB308A}\components\SafetyNutHlpFF14.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\extensions\{997EF567-81DF-010C-C293-996559FB308A}\components\SafetyNutHlpFF15.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\extensions\{997EF567-81DF-010C-C293-996559FB308A}\components\SafetyNutHlpFF16.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\extensions\{997EF567-81DF-010C-C293-996559FB308A}\components\SafetyNutHlpFF17.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\extensions\{997EF567-81DF-010C-C293-996559FB308A}\components\SafetyNutHlpFF18.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\extensions\{997EF567-81DF-010C-C293-996559FB308A}\components\SafetyNutHlpFF21.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\extensions\{997EF567-81DF-010C-C293-996559FB308A}\components\SafetyNutHlpFF22.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\extensions\{997EF567-81DF-010C-C293-996559FB308A}\components\SafetyNutHlpFF23.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\extensions\{997EF567-81DF-010C-C293-996559FB308A}\components\SafetyNutHlpFF24.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\extensions\{997EF567-81DF-010C-C293-996559FB308A}\components\SafetyNutHlpFF25.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\extensions\{997EF567-81DF-010C-C293-996559FB308A}\components\SafetyNutHlpFF26.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\extensions\{997EF567-81DF-010C-C293-996559FB308A}\components\SafetyNutHlpFF27.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\extensions\{997EF567-81DF-010C-C293-996559FB308A}\components\SafetyNutHlpFF28.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\extensions\{997EF567-81DF-010C-C293-996559FB308A}\components\SafetyNutHlpFF9.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\FRST\Quarantine\C\Program Files\GamingWonderland\bar\1.bin\CREXT.DLL Win32/Toolbar.MyWebSearch.W potentially unwanted application C:\FRST\Quarantine\C\Program Files\GamingWonderland\bar\1.bin\CrExtPgt.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application C:\FRST\Quarantine\C\Program Files\GamingWonderland\bar\1.bin\gthtmlmu.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application C:\FRST\Quarantine\C\Program Files\GamingWonderland\bar\1.bin\gtsknlcr.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application C:\FRST\Quarantine\C\Program Files\GamingWonderland\bar\1.bin\T8EXTEX.DLL Win32/Toolbar.MyWebSearch.AA potentially unwanted application C:\FRST\Quarantine\C\Program Files\GamingWonderland\bar\1.bin\T8EXTPEX.DLL Win32/Toolbar.MyWebSearch.AA potentially unwanted application C:\FRST\Quarantine\C\Program Files\GamingWonderland\bar\1.bin\T8TICKER.DLL Win32/Toolbar.MyWebSearch.W potentially unwanted application Лек и успешен ден! Поздрави, Йордан
  4. Вируси в системата

    Win XP е тука
  5. Вируси в системата

    От EMSISOFT няма лог, защото излиза съобщение, че не работи с версии под WIN7 Прикачам останалите. HitmanPro_20160329_0907.log checkup.txt malware.txt ZHPCleaner.txt
  6. Вируси в системата

    Добро утро, прилагам логовете: ~ ZHPCleaner v2016.3.28.47 by Nicolas Coolman (2016/03/28) ~ Run by Mobilen (Administrator) (29/03/2016 08:18:11) ~ Site : http://www.nicolascoolman.com ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Scan ~ Report : C:\Documents and Settings\Mobilen\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Documents and Settings\Mobilen\Application Data\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) Windows XP, 32-bit Service Pack 3 (Build 2600) ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (4) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (0) ~ No malicious or unnecessary items found. ---\\ Registry ( Key, Value, Data) (25) FOUND key: HKEY_USERS\.DEFAULT\Software\TBSB00001 [] =>.Superfluous.Conduit FOUND key: HKLM\SOFTWARE\Classes\HPPUU.BrowserApplication [BrowserApplication Class] =>PUP.Optional.CrossRider FOUND key: HKLM\SOFTWARE\Classes\HPPUU.BrowserApplication.1 [BrowserApplication Class] =>PUP.Optional.CrossRider FOUND key: HKLM\SOFTWARE\Classes\Listbar.SSListBar [SSListBar Control] =>PUP.Optional.BHO FOUND key: HKLM\SOFTWARE\Classes\Listbar.SSListBar.1 [SSListBar Control] =>PUP.Optional.BHO FOUND key: HKLM\SOFTWARE\Classes\CLSID\{39E839BA-F661-4657-890B-D07F89721469} [BrowserApplication Class] =>PUP.Optional.CrossRider FOUND key: HKLM\SOFTWARE\Classes\CLSID\{940D6050-66DF-4126-AABE-C346DB1AACC1} [NMCFEventManager Class] =>PUP.Optional.CrossRider FOUND key: HKLM\SOFTWARE\Classes\CLSID\{F3EE3BEE-0101-466D-8DC8-F94517A042F4} [NMBAppPluginMediaBrowserVideo Class] =>PUP.Optional.CrossRider FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\somotoimeshmoviestoolbarCR [] =>.Superfluous.iMesh FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\somotoimeshmoviestoolbarFF [] =>.Superfluous.iMesh FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\somotoimeshmoviestoolbarIE [] =>.Superfluous.iMesh FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\somotomoviestoolbar181FF [] =>PUP.Optional.MegaSearch FOUND key: HKLM\SOFTWARE\Classes\CLSID\{39E839BA-F661-4657-890B-D07F89721469}\InprocServer32 [C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll] =>PUP.Optional.CrossRider FOUND key: HKLM\SOFTWARE\Classes\CLSID\{926195BB-EF79-4201-A585-57E8CA8B9260}\InprocServer32 [C:\Program Files\ParetoLogic\XoftSpy AntiVirus Pro\sbamoutlook.dll (Not File)] =>.Superfluous.Paretologic FOUND key: HKLM\SOFTWARE\Classes\CLSID\{940D6050-66DF-4126-AABE-C346DB1AACC1}\InprocServer32 [C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll (Not File)] =>PUP.Optional.CrossRider FOUND key: HKLM\SOFTWARE\Classes\CLSID\{9F8D3F3F-29DF-40C3-B09B-547A1E5C22E2}\InprocServer32 [C:\Program Files\ParetoLogic\XoftSpy AntiVirus Pro\sbamoutlook.dll (Not File)] =>.Superfluous.Paretologic FOUND key: HKLM\SOFTWARE\Classes\CLSID\{A0695DC8-366E-4FEE-AC3C-A442E4E29C4E}\InprocServer32 [C:\Program Files\ParetoLogic\XoftSpy AntiVirus Pro\sbamoutlook.dll (Not File)] =>.Superfluous.Paretologic FOUND key: HKLM\SOFTWARE\Classes\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C}\InprocServer32 [C:\Program Files\ParetoLogic\XoftSpy AntiVirus Pro\sbamsvcPs.dll (Not File)] =>.Superfluous.Paretologic FOUND key: HKLM\SOFTWARE\Classes\CLSID\{E58A2D62-2CF0-4FD3-9C87-74966157CDDB}\InprocServer32 [C:\Program Files\ParetoLogic\XoftSpy AntiVirus Pro\sbamoutlook.dll (Not File)] =>.Superfluous.Paretologic FOUND key: HKLM\SOFTWARE\Classes\CLSID\{F3EE3BEE-0101-466D-8DC8-F94517A042F4}\InprocServer32 [C:\Program Files\Nero\Nero 7\Nero Home\NeroMediaBrowserCorePlugins.dll (Not File)] =>PUP.Optional.CrossRider FOUND key: HKLM\SOFTWARE\Classes\CLSID\{926195BB-EF79-4201-A585-57E8CA8B9260} [SBOEPlugIn Class] =>.Superfluous.Paretologic FOUND key: HKLM\SOFTWARE\Classes\CLSID\{9F8D3F3F-29DF-40C3-B09B-547A1E5C22E2} [PSFactoryBuffer] =>.Superfluous.Paretologic FOUND key: HKLM\SOFTWARE\Classes\CLSID\{A0695DC8-366E-4FEE-AC3C-A442E4E29C4E} [SBWLMailPlugIn Class] =>.Superfluous.Paretologic FOUND key: HKLM\SOFTWARE\Classes\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C} [PSFactoryBuffer] =>.Superfluous.Paretologic FOUND key: HKLM\SOFTWARE\Classes\CLSID\{E58A2D62-2CF0-4FD3-9C87-74966157CDDB} [SBOutlookPlugIn Class] =>.Superfluous.Paretologic ---\\ Summary of the elements found (6) http://www.nicolascoolman.fr/?p=210 =>.Superfluous.Conduit http://www.nicolascoolman.fr/?p=180 =>PUP.Optional.CrossRider http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.BHO http://www.nicolascoolman.fr/?p=427 =>.Superfluous.iMesh http://www.nicolascoolman.fr/?p=431 =>PUP.Optional.MegaSearch http://www.nicolascoolman.fr/?p=5145 =>.Superfluous.Paretologic ---\\ Result of repair ~ Any repair made ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 59136 ~ Items found : 28 ~ Items cancelled : 0 ~ Items repaired : 0 ~ End of search in 00h10mn00s =================== ZHPCleaner--29032016-08_28_11.txt ------------------------------------------------------------------------------------------------------------------------------ Results of screen317's Security Check version 1.014 --- 12/23/15 Windows XP Service Pack 3 x86 Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Windows Defender CCleaner Adobe Flash Player 21.0.0.197 Adobe Reader 8 Adobe Reader out of Date! Mozilla Firefox (45.0.1) Google Chrome (49.0.2623.108) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe Windows Defender MsMpEng.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log`````````````````````` ------------------------------------------------------------------------------------------------------------------------------ Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 28.3.2016 г. Scan Time: 17:35:10 Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.03.28.05 Rootkit Database: v2016.03.12.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: Mobilen Scan Type: Threat Scan Result: Completed Objects Scanned: 317353 Time Elapsed: 23 min, 50 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 6 PUP.Optional.MindSpark, HKU\S-1-5-21-746137067-879983540-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A899079D-206F-43A6-BE6A-07E0FA648EA0}, Quarantined, [cb5a8b02b6e3181ee15cb01e8b77966a], PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, Quarantined, [6db87f0e6435072f2e86423ebc4817e9], PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\daugava, Quarantined, [1510701dbbde7db93727d62c59abb947], PUP.Optional.MoviesToolBar, HKU\S-1-5-21-746137067-879983540-682003330-1003\SOFTWARE\somotoimeshmoviestoolbar, Quarantined, [bc69b2dbebae9f97f6bc0f19887c1ee2], PUP.Optional.MoviesToolBar, HKU\S-1-5-21-746137067-879983540-682003330-1003\SOFTWARE\somotomoviestoolbar181, Quarantined, [a2833657e5b4e94d7b3703252fd54eb2], PUP.Optional.SmartBar, HKU\S-1-5-21-746137067-879983540-682003330-1003\SOFTWARE\SMARTBAR, Quarantined, [49dcb8d57326270ff11cd364f0143dc3], Registry Values: 1 PUP.Optional.SmartBar, HKU\S-1-5-21-746137067-879983540-682003330-1003\SOFTWARE\SMARTBAR|GlobalUserId, 95EB4C8A-C0D7-41D5-876B-52FFA5A27B10, Quarantined, [49dcb8d57326270ff11cd364f0143dc3] Registry Data: 0 (No malicious items detected) Folders: 8 PUP.Optional.MindSpark, C:\Documents and Settings\NetworkService\Application Data\GamingWonderland, Quarantined, [47de563760392214f7b1a465d42f42be], PUP.Optional.MoviesToolBar, C:\Documents and Settings\Mobilen\Application Data\somotoimeshmoviestoolbar, Quarantined, [5bcadfae4f4abf7743f035d742c17888], PUP.Optional.MoviesToolBar, C:\Documents and Settings\Mobilen\Local Settings\Application Data\somotoimeshmoviestoolbar, Quarantined, [2cf9810c3d5cc76fd467ac60eb1851af], PUP.Optional.MoviesToolBar, C:\Documents and Settings\Mobilen\Local Settings\Application Data\somotoimeshmoviestoolbar\GC, Quarantined, [2cf9810c3d5cc76fd467ac60eb1851af], PUP.Optional.WList, C:\Documents and Settings\LocalService\Local Settings\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}, Quarantined, [65c0503ddfba9e98c79df42509fac13f], PUP.Optional.WList, C:\Documents and Settings\LocalService\Local Settings\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}, Quarantined, [65c0503ddfba9e98c79df42509fac13f], PUP.Optional.WList, C:\Documents and Settings\LocalService\Local Settings\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5, Quarantined, [65c0503ddfba9e98c79df42509fac13f], PUP.Optional.VBates.BrwsrFlsh, C:\Documents and Settings\LocalService\Application Data\ortmp, Quarantined, [4cd92964dabfe3532a27d14bab58fe02], Files: 24 PUP.Optional.Jabuticaba, C:\Documents and Settings\LocalService\Application Data\ortmp\uninstaller.exe, Quarantined, [e44105884356c86e7f0ae16db94c12ee], Trojan.Upatre, C:\Documents and Settings\Mobilen\Desktop\ExpertGPS.exe, Quarantined, [67be0d809306a2940968a5614eb7a759], PUP.Optional.SafetyNut, C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp\nsm4.tmp\Helper.dll, Quarantined, [5acbd1bc9aff4ee8d4087fcf6b9ae020], PUP.Optional.SafetyNut, C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp\nsm4.tmp\Starter.exe, Quarantined, [929391fcf3a65dd9c5177bd36f96fd03], PUP.Optional.Bandoo, C:\Documents and Settings\Mobilen\Local Settings\Application Data\somotoimeshmoviestoolbar\GC\IACNativeMsgHost.exe, Quarantined, [5ec77e0ffb9ebb7b4ce5e568c34230d0], PUP.Optional.SafetyNut, C:\Documents and Settings\Mobilen\Local Settings\Application Data\Temp\nsh1E.tmp\Starter.exe, Quarantined, [3fe69cf180193bfb25b7bb93679e8d73], PUP.Optional.SafetyNut, C:\Documents and Settings\Mobilen\Local Settings\Application Data\Temp\nsl10.tmp\Starter.exe, Quarantined, [94910c81f0a9c86eb12bd27c887db34d], PUP.Optional.SafetyNut, C:\Documents and Settings\Mobilen\Local Settings\Application Data\Temp\nsoC.tmp\Starter.exe, Quarantined, [b66f701df3a67eb89d3f7dd104019d63], PUP.Optional.SafetyNut, C:\Documents and Settings\Mobilen\Local Settings\Application Data\Temp\nsp9.tmp\Starter.exe, Quarantined, [6db8b4d9c1d8e3530cd0a9a561a416ea], Trojan.Upatre, C:\Documents and Settings\Mobilen\Desktop\ExpertGPS 4.19\SKEL\c8e5378ab8342178834ee6a8e3101294182c72.Console.EXE, Quarantined, [240175184554ff376d0421e535d0a45c], PUP.Optional.MindSpark, C:\Documents and Settings\NetworkService\Application Data\GamingWonderland\AE08742A-59CD-404E-9C94-D525A76F86DA.sqlite, Quarantined, [47de563760392214f7b1a465d42f42be], PUP.Optional.MoviesToolBar, C:\Documents and Settings\Mobilen\Application Data\somotoimeshmoviestoolbar\apnuserid.dat, Quarantined, [5bcadfae4f4abf7743f035d742c17888], PUP.Optional.MoviesToolBar, C:\Documents and Settings\Mobilen\Application Data\somotoimeshmoviestoolbar\appid.dat, Quarantined, [5bcadfae4f4abf7743f035d742c17888], PUP.Optional.MoviesToolBar, C:\Documents and Settings\Mobilen\Application Data\somotoimeshmoviestoolbar\dtx.ini, Quarantined, [5bcadfae4f4abf7743f035d742c17888], PUP.Optional.MoviesToolBar, C:\Documents and Settings\Mobilen\Application Data\somotoimeshmoviestoolbar\geodata.xml, Quarantined, [5bcadfae4f4abf7743f035d742c17888], PUP.Optional.MoviesToolBar, C:\Documents and Settings\Mobilen\Application Data\somotoimeshmoviestoolbar\guid.dat, Quarantined, [5bcadfae4f4abf7743f035d742c17888], PUP.Optional.MoviesToolBar, C:\Documents and Settings\Mobilen\Application Data\somotoimeshmoviestoolbar\setupCfg.xml, Quarantined, [5bcadfae4f4abf7743f035d742c17888], PUP.Optional.MoviesToolBar, C:\Documents and Settings\Mobilen\Application Data\somotoimeshmoviestoolbar\sysid.dat, Quarantined, [5bcadfae4f4abf7743f035d742c17888], PUP.Optional.MoviesToolBar, C:\Documents and Settings\Mobilen\Application Data\somotoimeshmoviestoolbar\trackid.dat, Quarantined, [5bcadfae4f4abf7743f035d742c17888], PUP.Optional.MoviesToolBar, C:\Documents and Settings\Mobilen\Local Settings\Application Data\somotoimeshmoviestoolbar\GC\com.apn.native_messaging_host_aaaaafeopjhkcolncjbedbhofpocmdbn.json, Quarantined, [2cf9810c3d5cc76fd467ac60eb1851af], PUP.Optional.MoviesToolBar, C:\Documents and Settings\Mobilen\Local Settings\Application Data\somotoimeshmoviestoolbar\GC\com.apn.native_messaging_host_aaaaaigjndjblmpeckabiffcpogflfgl.json, Quarantined, [2cf9810c3d5cc76fd467ac60eb1851af], PUP.Optional.WList, C:\Documents and Settings\LocalService\Local Settings\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\config.js, Quarantined, [65c0503ddfba9e98c79df42509fac13f], PUP.Optional.WList, C:\Documents and Settings\LocalService\Local Settings\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\wlist.js, Quarantined, [65c0503ddfba9e98c79df42509fac13f], PUP.Optional.HijackHosts.Gen, C:\WINDOWS\system32\ivh\ofav\iwel.dat, Quarantined, [3bea0c818d0cce6866f8f85a56af9769], Physical Sectors: 0 (No malicious items detected) ------------------------------------------------------------------------------------------------------------------------------------------------------- HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : WORK-PC Windows . . . . . . . : 5.1.3.2600.X86/1 User name . . . . . . : WORK-PC\Mobilen License . . . . . . . : Free Scan date . . . . . . : 2016-03-29 08:57:52 Scan mode . . . . . . : Normal Scan duration . . . . : 4m 32s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 40 Objects scanned . . . : 734 480 Files scanned . . . . : 17 867 Remnants scanned . . : 80 046 files / 636 567 keys Suspicious files ____________________________________________________________ C:\Documents and Settings\Mobilen\Desktop\FRST.exe Size . . . . . . . : 1 725 440 bytes Age . . . . . . . : 0.8 days (2016-03-28 12:52:57) Entropy . . . . . : 7.5 SHA-256 . . . . . : EDB662EF9C4A97718C0389AB1745337E8FAD0E627E2E7F3AFA81E680A12D815B Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. References HKU\S-1-5-21-746137067-879983540-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Mobilen\Desktop\FRST.exe C:\WINDOWS\Datecs\Flex2K.exe Size . . . . . . . : 151 552 bytes Age . . . . . . . : 2957.4 days (2008-02-22 23:27:48) Entropy . . . . . : 7.9 SHA-256 . . . . . : E090365CB15BC2ED95ADFBEF20B44A9829B2F6610BA54CA6145D0BDC2BD0AD27 Parent Name . . . : C:\WINDOWS\Explorer.EXE Running processes : 2496 Fuzzy . . . . . . : 31.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Uses the Startup folder in the Start Menu to run each time the user logs on. Program is running but currently exposes no human-computer interface (GUI). The Entry Point of this file lies in a resource section. This is an indication of malware infection. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. Program contains PE structure anomalies. This is not typical for most programs. The file is in use by one or more active processes. Startup C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk References C:\Documents and Settings\Mobilen\Start Menu\Programs\Datecs Applications\FlexType 2K.lnk HKU\S-1-5-21-746137067-879983540-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\Datecs\Flex2K.exe C:\WINDOWS\system32\SSLstBar.ocx Size . . . . . . . : 233 760 bytes Age . . . . . . . : 2954.9 days (2008-02-25 10:20:33) Entropy . . . . . : 6.4 SHA-256 . . . . . : 4585F4156D180C67B553DCCC55C0EE71FDB8BDE1DF4D99D67A6FDD7142FFD302 Product . . . . . : ActiveListBar Publisher . . . . : Sheridan Software Systems, Inc. Description . . . : ActiveListbar Control Version . . . . . : 1.0.0024 Copyright . . . . : Copyright(c) 1997 Sheridan Software Systems, Inc. RSA Key Size . . . : 512 LanguageID . . . . : 1033 Authenticode . . . : Self-signed Fuzzy . . . . . . : 26.0 Program is code signed with a weak certificate. This is common to malware. Program is code self-signed. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Classes\AddonsFramework.PropertySyncObj.1\ (SpeedAnalysis) HKLM\SOFTWARE\Classes\AddonsFramework.PropertySyncObj\ (SpeedAnalysis) HKLM\SOFTWARE\Classes\Interface\{82BACDC9-AFCE-41EE-92F5-B54F6DB45A1C}\ (MindSpark) HKLM\SOFTWARE\Classes\Interface\{E7DFE909-EF92-4CB4-BB48-1A2AFF2A84A1}\ (MindSpark) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4c297ddf-0a36-4b17-b8fa-0c0395f2c5bc}\ (MindSpark) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{75faf80f-56c7-4bb3-b825-39d0a706b5a4}\ (MindSpark) HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CHERIMOYA\ (Shopperz) HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey) HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CHERIMOYA\ (Shopperz) HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey) HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CHERIMOYA\ (Shopperz) HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey) Cookies _____________________________________________________________________ C:\Documents and Settings\Mobilen\Application Data\Mozilla\Firefox\Profiles\v81btjgb.default-1458905384000\cookies.sqlite:m.webtrends.com C:\Documents and Settings\Mobilen\Cookies\mobilen@scorecardresearch[2].txt C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:262855726.log.optimizely.com C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:abmr.net C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:addthis.com C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:adfarm1.adition.com C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:adform.net C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:adnxs.com C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.kaldata.com C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:erne.co C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:everesttech.net C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:gwallet.com C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:in.getclicky.com C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:m6r.eu C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:pagefair.com C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:revsci.net C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:rfihub.com C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:simpli.fi C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:sitescout.com
  7. Вируси в системата

    Здравейте отново, прилагам файловете. # AdwCleaner v5.106 - Logfile created 28/03/2016 at 17:05:39 # Updated 27/03/2016 by Xplode # Database : 2016-03-28.1 [Server] # Operating system : Microsoft Windows XP Service Pack 3 (x86) # Username : Mobilen - WORK-PC # Running from : f:\My Documents\Downloads\adwcleaner_5.106.exe # Option : Clean # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} [-] Folder Deleted : C:\Documents and Settings\All Users\Documents\iWin [-] Folder Deleted : C:\Documents and Settings\Mobilen\Application Data\B1Toolbar [-] Folder Deleted : C:\Documents and Settings\Mobilen\Application Data\FirefoxToolbar [-] Folder Deleted : C:\Documents and Settings\Mobilen\Application Data\HPAppData [-] Folder Deleted : C:\Documents and Settings\Mobilen\Application Data\PerformerSoft [-] Folder Deleted : C:\Documents and Settings\Mobilen\Application Data\somotomoviestoolbar181 [-] Folder Deleted : C:\Documents and Settings\Mobilen\Application Data\StatusWinks [-] Folder Deleted : C:\Documents and Settings\Mobilen\Application Data\GamingWonderland [-] Folder Deleted : C:\Documents and Settings\Mobilen\Local Settings\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} [-] Folder Deleted : C:\Documents and Settings\Mobilen\Local Settings\Application Data\b1e [-] Folder Deleted : C:\Documents and Settings\Mobilen\Local Settings\Application Data\eSupport.com [-] Folder Deleted : C:\Documents and Settings\Mobilen\Local Settings\Application Data\PerformerSoft [-] Folder Deleted : C:\Documents and Settings\Mobilen\Start Menu\Programs\Browser Manager [-] Folder Deleted : C:\Program Files\file scout [-] Folder Deleted : C:\Program Files\GamingWonderland ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** [-] Task Deleted : Browser Manager ***** [ Registry ] ***** [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\FilesFrog Update Checker [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE [-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe [-] Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\A7BD54B233B5B2F70AF86F5BD1A0C0A772A59FC6 [-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SystemCertificates\Root\Certificates\D830B6B8939ACB4928401060203BB648456BB4F8 [-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SystemCertificates\Root\Certificates\F53E693DDABF57A88A9B12B608B09B26C0608B74 [-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@GamingWonderland.com/Plugin [-] Key Deleted : HKCU\Software\e28ddee06def49 [-] Key Deleted : HKLM\SOFTWARE\e28ddee06def49 [-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 [-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253 [-] Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.HTMLMenu [-] Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.HTMLMenu.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.PseudoTransparentPlugin [-] Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.PseudoTransparentPlugin.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.Radio [-] Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.Radio.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.SkinLauncher [-] Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.SkinLauncher.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.SkinLauncherSettings [-] Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.SkinLauncherSettings.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\MoviesToolbarHelper.DNSGuard [-] Key Deleted : HKLM\SOFTWARE\Classes\MoviesToolbarHelper.DNSGuard.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983} [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26A73C38-B71A-4D3A-80B7-E010420DA1E7} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D387608-5C81-413C-B952-1B6C374F6CC7} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4183B481-25E2-4007-A91C-4AC1FC80393B} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4EC1AD3D-473F-4A35-9DF5-43675D4E7A17} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{26A73C38-B71A-4D3A-80B7-E010420DA1E7} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16fbdf8c-476f-4d6b-8009-84471903cf96} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8b70e4e8-100a-4b4f-b928-6d8126b730bb} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c1151fbb-ef5b-4a2b-91e4-e8776f091f37} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e65f4fe3-b8a9-408f-9e8d-37689e565618} [-] Key Deleted : HKCU\Software\APNDTX [-] Key Deleted : HKCU\Software\Conduit [-] Key Deleted : HKCU\Software\ConduitSearchScopes [-] Key Deleted : HKCU\Software\DataMngr [-] Key Deleted : HKCU\Software\eSupport.com [-] Key Deleted : HKCU\Software\filescout [-] Key Deleted : HKCU\Software\IB Updater [-] Key Deleted : HKCU\Software\IM [-] Key Deleted : HKCU\Software\ParetoLogic [-] Key Deleted : HKCU\Software\performersoft llc [-] Key Deleted : HKCU\Software\SafetyNut [-] Key Deleted : HKCU\Software\Softonic [-] Key Deleted : HKCU\Software\GamingWonderland [-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit [-] Key Deleted : HKLM\SOFTWARE\Babylon [-] Key Deleted : HKLM\SOFTWARE\Conduit [-] Key Deleted : HKLM\SOFTWARE\DataMngr [-] Key Deleted : HKLM\SOFTWARE\IB Updater [-] Key Deleted : HKLM\SOFTWARE\ParetoLogic [-] Key Deleted : HKLM\SOFTWARE\SafetyNut [-] Key Deleted : HKLM\SOFTWARE\GamingWonderland [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Smiley Bar for Facebook [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service [-] Key Deleted : HKU\.DEFAULT\Software\IB Updater [-] Key Deleted : HKU\.DEFAULT\Software\IBUpdaterService [-] Key Deleted : HKU\.DEFAULT\Software\WNLT [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-746137067-879983540-682003330-1003\Software\SweetIM [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\FLV Player ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [10258 bytes] - [28/03/2016 17:05:39] C:\AdwCleaner\AdwCleaner[S1].txt - [11415 bytes] - [28/03/2016 17:02:40] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10406 bytes] ########## Ето и другия: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.4 (03.14.2016) Operating System: Microsoft Windows XP x86 Ran by Mobilen (Administrator) on 28.03.2016 Ј. at 17:13:02.75 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 14 Failed to delete: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\29R5SOUL (Temporary Internet Files Folder) Failed to delete: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6SW0N861 (Temporary Internet Files Folder) Failed to delete: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K0XPDAKB (Temporary Internet Files Folder) Failed to delete: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VLI2Y4PU (Temporary Internet Files Folder) Successfully deleted: C:\Documents and Settings\Mobilen\Application Data\company (Folder) Successfully deleted: C:\Documents and Settings\Mobilen\Local Settings\Application Data\cre (Folder) Successfully deleted: C:\user.js (File) Successfully deleted: C:\WINDOWS\System32\newsoft (File) Successfully deleted: C:\WINDOWS\wininit.ini (File) Successfully deleted: C:\WINDOWS\prefetch\AVAST_FREE_ANTIVIRUS_SETUP_ON-390E2C97.pf (File) Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\29R5SOUL (Temporary Internet Files Folder) Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6SW0N861 (Temporary Internet Files Folder) Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K0XPDAKB (Temporary Internet Files Folder) Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VLI2Y4PU (Temporary Internet Files Folder) Registry: 1 Successfully deleted: HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 28.03.2016 Ј. at 17:15:56.82 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Поздрави, Йордан
  8. Вируси в системата

    Ето и прикачени файловете. След рестарта ми показа, че Win не е оригинален Има промяна в натоварването на процесора...преди работеше почти постоянно на 90-100%...сега е така само за няколко секунди когато оъварям нов таб на хром или зареждам някакъв друг сайт, или отварям някоя програма, като след 5-6-7 сек пада на около 30-40%, в зависимост колко таба и програми са отворени....разнирам, че това е стар процесор и чудеса няма как да станат, но определено се държи по-добре. Addition.txt Fixlog.txt FRST.txt
  9. Здравейте, изчетох доста от темите, пробвах различни инструменти, но явно не мога да мина без вашата помощ. Лаптопа не е мой, не е ползван мн отдавна и нямаше антивирусна на него. Проблема е, че CPU работи на 100% почти винаги при отворен Хром с 1-2 таба. Примерно работи на 100% няколко секунди, после пада малко и след малко отново на 100%. Това е постоянно. Ограничил съм автоматично стартиращите се процеси, до колкото мога и разбирам кое за какво е, махнах много ненужни програми, тулбарове и т.н, но си е пак така. Сложих Аваст и колкото и пъти да сканирам винаги изкарва по 20-30 заплахи malware i adware. Ще съм благодарен, ако може да помогнете и да се избегне чиста инсталация ( крайно нежелателно е от собственика). Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01 Ran by Mobilen (administrator) on WORK-PC (27-03-2016 11:30:39) Running from F:\My Documents\Downloads Loaded Profiles: Mobilen (Available Profiles: Mobilen) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 7 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard Company) C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Hewlett-Packard Company) C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDH.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe () C:\WINDOWS\Datecs\Flex2K.exe () C:\WINDOWS\Datecs\FlexWord2K\FlexWord2K.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Mobilen\Desktop\procexp.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [QlbCtrl] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [163840 2007-06-11] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-06-07] (Synaptics, Inc.) HKLM\...\Run: [PUStarter] => C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe [73728 2010-06-07] (Hewlett-Packard Company) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated) HKLM\...\Run: [Synchronization Manager] => C:\WINDOWS\system32\mobsync.exe [143360 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [866584 2006-11-03] (Microsoft Corporation) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [872448 2007-01-05] (Analog Devices, Inc.) HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [729088 2006-07-13] (Analog Devices, Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-25] (AVAST Software) Winlogon\Notify\avgrsstarter: HKU\S-1-5-19\...\RunOnce: [ShowDeskFix] => regsvr32 /s /n /i:u shell32 HKU\S-1-5-20\...\RunOnce: [ShowDeskFix] => regsvr32 /s /n /i:u shell32 HKU\S-1-5-21-746137067-879983540-682003330-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-746137067-879983540-682003330-1003\...\Policies\Explorer: [NoAutoUpdate] 0 HKU\S-1-5-21-746137067-879983540-682003330-1003\...\MountPoints2: {69742f7e-6fd4-11e3-8059-001a73c6c079} - E:\AutoRun.exe HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [ShowDeskFix] => regsvr32 /s /n /i:u shell32 IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] tasklist.exe IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe Lsa: [Authentication Packages] msv1_0 nwprovau HKLM\...\AppCertDlls: [x64] -> c:\program files\movies app\safetynut\x64\safetycrt.dll ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-25] (AVAST Software) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk [2008-02-22] ShortcutTarget: FlexType 2K.lnk -> C:\WINDOWS\Datecs\Flex2K.exe () Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexWord 2K.lnk [2008-02-22] ShortcutTarget: FlexWord 2K.lnk -> C:\WINDOWS\Datecs\FlexWord2K\FlexWord2K.exe () BootExecute: autocheck autochk * sdnclean.exe GroupPolicyScripts: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 172.16.1.1 Tcpip\..\Interfaces\{CE8A3C31-4EF2-49DE-8B25-06679F57F990}: [DhcpNameServer] 172.16.1.1 Internet Explorer: ================== HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-746137067-879983540-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=bg-BG&Src=MSE&Tid=0003295F&OHP=&OSP=http%3A%2F%2Fhome.allgameshome.com%2Fresults.php%3Fcategory%3Dweb%26s%3D%7BsearchTerms%7D HKU\S-1-5-21-746137067-879983540-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.b1.org/?bsrc=4hixr&chid=c162341 HKU\S-1-5-21-746137067-879983540-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKU\S-1-5-21-746137067-879983540-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^Z7^xdm189^YY^bg&ptb=AE08742A-59CD-404E-9C94-D525A76F86DA&si=jenya2 SearchScopes: HKLM -> DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = SearchScopes: HKLM -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Z7^xdm189^YY^bg&si=jenya2&ptb=AE08742A-59CD-404E-9C94-D525A76F86DA&psa=&ind=2012122901&st=sb&n=77ee8f15&searchfor={searchTerms} SearchScopes: HKLM -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=473&v=a15005-332&apn_uid=8903646931124144&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\.DEFAULT -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://home.allgameshome.com/results.php?category=web&s={searchTerms} SearchScopes: HKU\S-1-5-21-746137067-879983540-682003330-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-746137067-879983540-682003330-1003 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Z7^xdm189^YY^bg&si=jenya2&ptb=AE08742A-59CD-404E-9C94-D525A76F86DA&psa=&ind=2012122901&st=sb&n=77ee8f15&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-746137067-879983540-682003330-1003 -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=473&v=a15005-332&apn_uid=8903646931124144&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKU\S-1-5-21-746137067-879983540-682003330-1003 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-746137067-879983540-682003330-1003 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://home.gamesgofree.com/results.php?category=web&s={searchTerms} SearchScopes: HKU\S-1-5-21-746137067-879983540-682003330-1003 -> ЫџЖоZ§’2№ЮpvЁIНб*X(Ћ2s(ЫОАJєФУµќ± vЛ°!Ч—(дј48Рёpatm6кo^Mp`Лхч_iЈwѕ!„Бы†ђxў8ЂЩjАяю ґС;бaґ[¦†8 є~ЏRЩxњтЬ8'Ј-)x­д­ URL = BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-25] (AVAST Software) Toolbar: HKLM - No Name - {a899079d-206f-43a6-be6a-07e0fa648ea0} - No File Toolbar: HKLM - No Name - {a4ad8fd9-b395-43e3-88b5-240710b48e27} - No File Toolbar: HKU\S-1-5-21-746137067-879983540-682003330-1003 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/Land%20Desktop%203/AcDcToday.ocx DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} DPF: {C6637286-300D-11D4-AE0A-0010830243BD} DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/Land%20Desktop%203/AcPreview.ocx Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll [2010-06-07] (Hewlett-Packard Company) Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll [2010-06-07] (Hewlett-Packard Company) Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll [2010-06-07] (Hewlett-Packard Company) Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll [2010-06-07] (Hewlett-Packard Company) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Documents and Settings\Mobilen\Application Data\Mozilla\Firefox\Profiles\v81btjgb.default-1458905384000 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\WINDOWS\system32\TVUAx\npTVUAx.dll [2010-04-23] (TVU networks) FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2006-10-07] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2006-10-07] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-17] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2012-01-12] (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011-08-30] (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml [2015-01-06] FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-26] [not signed] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-14] [not signed] FF HKLM\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Documents and Settings\Mobilen\Application Data\Mozilla\Extensions\statuswinks@StatusWinks FF Extension: Smiley Bar for Facebook - C:\Documents and Settings\Mobilen\Application Data\Mozilla\Extensions\statuswinks@StatusWinks [2012-12-10] [not signed] FF HKLM\...\Firefox\Extensions: [gtffxtbr@GamingWonderland.com] - C:\Program Files\GamingWonderland\bar\1.bin FF Extension: No Name - C:\Program Files\GamingWonderland\bar\1.bin [2013-01-04] [not signed] FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox => not found FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox => not found FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-26] FF HKU\S-1-5-21-746137067-879983540-682003330-1003\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Documents and Settings\Mobilen\Application Data\Mozilla\Extensions\statuswinks@StatusWinks FF HKU\S-1-5-21-746137067-879983540-682003330-1003\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension => not found Chrome: ======= CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-101&v=u12281-332&t=4 CHR DefaultSearchURL: Default -> hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=101&systemid=473&v=u12281-332&apn_uid=8903646931124144&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} CHR Profile: C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-19] CHR HKLM\...\Chrome\Extension: [aaaaaigjndjblmpeckabiffcpogflfgl] - C:\Documents and Settings\Mobilen\Local Settings\Application Data\somotoimeshmoviestoolbar\GC\toolbar.crx [2014-07-03] CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found> CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-25] CHR HKLM\...\Chrome\Extension: [hahpjplbmicfkmoccokbjejahjjpnena] - C:\Documents and Settings\Mobilen\Local Settings\Application Data\B1E\B1Tool.crx [2013-01-08] CHR HKLM\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - C:\Documents and Settings\Mobilen\Application Data\StatusWinks\statuswinks.crx [2012-10-11] CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Documents and Settings\Mobilen\Local Settings\Application Data\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17] CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.crx <not found> CHR HKU\S-1-5-21-746137067-879983540-682003330-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Documents and Settings\Mobilen\Local Settings\Application Data\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-25] (AVAST Software) R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [266295 2007-02-06] (Broadcom Corporation.) [File not signed] R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-06-04] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-06-04] (Hewlett-Packard Co.) [File not signed] R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed] R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-04-07] (Hewlett-Packard) [File not signed] R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-04-07] (Hewlett-Packard) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation) S2 asektnlu; C:\Program Files\Movie Maker\oxyoe.dll [X] S2 Browser Manager; no ImagePath S2 chhsflpnu; C:\WINDOWS\system32\oxyoe.dll [X] S2 dsgwihc; C:\WINDOWS\system32\oxyoe.dll [X] S2 fzgem; C:\WINDOWS\system32\oxyoe.dll [X] S2 kbphd; C:\Program Files\Internet Explorer\oxyoe.dll [X] S2 qhynrp; C:\WINDOWS\system32\oxyoe.dll [X] S2 SBAMSvc; "C:\Program Files\ParetoLogic\XoftSpy AntiVirus Pro\SBAMSvc.exe" [X] S2 tbcvffyl; C:\WINDOWS\system32\oxyoe.dll [X] S2 tiyjv; C:\WINDOWS\system32\oxyoe.dll [X] S2 utnpyn; C:\WINDOWS\system32\oxyoe.dll [X] S2 wxsfuf; C:\WINDOWS\system32\oxyoe.dll [X] S2 xtrzydhy; C:\WINDOWS\system32\oxyoe.dll [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [17005 2002-08-14] (Adaptec) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [32792 2016-03-25] (AVAST Software) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-03-26] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91168 2016-03-25] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-03-25] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [58776 2016-03-25] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [816304 2016-03-25] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [447848 2016-03-25] (AVAST Software) S3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [171608 2016-03-25] (AVAST Software) S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [67088 2016-03-25] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [221240 2016-03-25] (AVAST Software) R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [822272 2008-01-31] (Broadcom Corporation) R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [530861 2007-02-14] (Broadcom Corporation.) R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [30459 2007-02-14] (Broadcom Corporation.) R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [868298 2007-02-14] (Broadcom Corporation.) S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2007-02-14] (Broadcom Corporation.) S3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [30285 2007-02-14] (Broadcom Corporation.) S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-02-14] (Broadcom Corporation.) R1 cbdlmsas; C:\WINDOWS\System32\drivers\cbdlmsas.sys [11120 2009-04-27] () S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R1 eabfiltr; C:\WINDOWS\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.) R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed] S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.) R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [138752 2007-09-20] (Windows (R) Server 2003 DDK provider) [File not signed] S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-19] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-19] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-19] (HP) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation) R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2001-08-23] (Microsoft Corporation) R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-23] (Microsoft Corporation) R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation) R2 rspndr; C:\WINDOWS\System32\DRIVERS\rspndr.sys [62336 2007-09-20] (Microsoft Corporation) [File not signed] R1 SbFw; C:\WINDOWS\System32\drivers\SbFw.sys [337184 2012-09-20] (GFI Software) S3 SBFWIMCL; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [95488 2012-09-12] (GFI Software) R3 SBFWIMCLMP; C:\WINDOWS\System32\DRIVERS\SBFWIM.sys [95488 2012-09-12] (GFI Software) S3 sbhips; C:\WINDOWS\System32\drivers\sbhips.sys [94496 2012-09-20] (GFI Software) R1 sbtis; C:\WINDOWS\System32\drivers\sbtis.sys [222368 2012-09-20] (GFI Software) S3 SE27bus; C:\WINDOWS\System32\DRIVERS\SE27bus.sys [61600 2006-09-18] (MCCI) [File not signed] S3 SE27mdfl; C:\WINDOWS\System32\DRIVERS\SE27mdfl.sys [9360 2006-09-18] (MCCI) [File not signed] S3 SE27mdm; C:\WINDOWS\System32\DRIVERS\SE27mdm.sys [97184 2006-09-18] (MCCI) [File not signed] S3 SE27mgmt; C:\WINDOWS\System32\DRIVERS\SE27mgmt.sys [88688 2006-09-18] (MCCI) [File not signed] S3 se27nd5; C:\WINDOWS\System32\DRIVERS\se27nd5.sys [18704 2006-09-18] (MCCI) [File not signed] S3 SE27obex; C:\WINDOWS\System32\DRIVERS\SE27obex.sys [86560 2006-09-18] (MCCI) [File not signed] S3 se27unic; C:\WINDOWS\System32\DRIVERS\se27unic.sys [90800 2006-09-18] (MCCI) [File not signed] R0 sfdrv01; C:\WINDOWS\System32\drivers\sfdrv01.sys [50688 2005-08-10] (Protection Technology) [File not signed] R0 sfhlp02; C:\WINDOWS\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed] R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software) S3 CamAv; System32\Drivers\CamAv.sys [X] S1 cherimoya; system32\drivers\cherimoya.sys [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S1 F06DEFF2-5B9C-490D-910F-35D3A91196222; \??\C:\Program Files\Movies Toolbar\SafetyNut\configmgrc2.cfg [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X] S4 IntelIde; no ImagePath S1 lguhtvij; \??\C:\WINDOWS\system32\drivers\lguhtvij.sys [X] S1 qrgcffrm; \??\C:\WINDOWS\system32\drivers\qrgcffrm.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation) S3 WDC_SAM; system32\DRIVERS\wdcsam.sys [X] U1 WS2IFSL; no ImagePath S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: fzgem -> C:\WINDOWS\system32\oxyoe.dll ==> No File NETSVC: wxsfuf -> C:\WINDOWS\system32\oxyoe.dll ==> No File NETSVC: tiyjv -> C:\WINDOWS\system32\oxyoe.dll ==> No File NETSVC: dsgwihc -> C:\WINDOWS\system32\oxyoe.dll ==> No File NETSVC: xtrzydhy -> C:\WINDOWS\system32\oxyoe.dll ==> No File NETSVC: asektnlu -> C:\Program Files\Movie Maker\oxyoe.dll ==> No File NETSVC: tbcvffyl -> C:\WINDOWS\system32\oxyoe.dll ==> No File NETSVC: kbphd -> C:\Program Files\Internet Explorer\oxyoe.dll ==> No File NETSVC: chhsflpnu -> C:\WINDOWS\system32\oxyoe.dll ==> No File NETSVC: qhynrp -> C:\WINDOWS\system32\oxyoe.dll ==> No File NETSVC: utnpyn -> C:\WINDOWS\system32\oxyoe.dll ==> No File ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-27 10:56 - 2016-03-27 11:30 - 00000000 ____D C:\FRST 2016-03-26 21:18 - 2016-03-26 21:18 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2016-03-26 21:17 - 2016-03-27 11:30 - 00000330 ____H C:\WINDOWS\Tasks\MP Scheduled Scan.job 2016-03-26 20:26 - 2016-03-27 10:54 - 00001293 _____ C:\WINDOWS\wininit.ini 2016-03-26 19:56 - 2012-09-20 06:11 - 00222368 _____ (GFI Software) C:\WINDOWS\system32\Drivers\sbtis.sys 2016-03-26 19:56 - 2012-09-20 06:11 - 00094496 _____ (GFI Software) C:\WINDOWS\system32\Drivers\sbhips.sys 2016-03-26 19:56 - 2008-01-31 17:56 - 00000781 __RSH C:\WINDOWS\system32\Drivers\etc\hosts.20160326-185619.backup 2016-03-26 19:54 - 2016-03-26 19:54 - 00000000 ____D C:\WINDOWS\system32\Drivers\VDD 2016-03-26 19:54 - 2012-09-20 06:11 - 00337184 _____ (GFI Software) C:\WINDOWS\system32\Drivers\SbFw.sys 2016-03-26 19:54 - 2012-09-12 21:19 - 00095488 _____ (GFI Software) C:\WINDOWS\system32\Drivers\SbFwIm.sys 2016-03-26 19:52 - 2016-03-26 21:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ParetoLogic 2016-03-26 19:40 - 2016-03-26 19:40 - 00000000 ____D C:\Program Files\Common Files\AV 2016-03-26 19:40 - 2015-07-28 18:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Documents and Settings\All Users\Desktop\Post Win10 Spybot-install.exe 2016-03-26 19:36 - 2016-03-27 11:26 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2 2016-03-26 19:36 - 2016-03-27 10:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2016-03-26 19:36 - 2016-03-26 21:14 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt 2016-03-26 19:06 - 2016-03-26 19:06 - 00004227 _____ C:\Documents and Settings\Mobilen\Desktop\Hardware Interrupts and DPCs.txt 2016-03-26 18:52 - 2016-02-05 08:11 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Mobilen\Desktop\procexp.exe 2016-03-26 18:44 - 2016-03-25 18:52 - 00334280 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2016-03-26 18:22 - 2016-03-26 18:22 - 00001817 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk 2016-03-26 18:22 - 2016-03-26 18:22 - 00001811 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2016-03-26 17:47 - 2016-03-26 17:47 - 00000000 ____D C:\Mozilla 2016-03-26 17:25 - 2016-03-26 17:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software 2016-03-26 17:24 - 2016-03-26 17:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TuneXP 2016-03-25 18:57 - 2016-03-25 18:57 - 00000000 ____D C:\Documents and Settings\Mobilen\Application Data\AVAST Software 2016-03-25 18:56 - 2016-03-26 17:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$ 2016-03-25 18:56 - 2016-03-25 18:56 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk 2016-03-25 18:53 - 2016-03-27 11:27 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2016-03-25 18:53 - 2016-03-25 18:54 - 00816304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2016-03-25 18:53 - 2016-03-25 18:54 - 00447848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2016-03-25 18:53 - 2016-03-25 18:54 - 00221240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2016-03-25 18:53 - 2016-03-25 18:54 - 00091168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2016-03-25 18:53 - 2016-03-25 18:53 - 00171608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys 2016-03-25 18:53 - 2016-03-25 18:53 - 00067088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2016-03-25 18:53 - 2016-03-25 18:53 - 00064272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2016-03-25 18:53 - 2016-03-25 18:53 - 00058776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2016-03-25 18:53 - 2016-03-25 18:53 - 00032792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2016-03-25 18:52 - 2016-03-25 18:52 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2016-03-25 18:51 - 2016-03-26 21:18 - 00000000 ____D C:\Program Files\AVAST Software 2016-03-25 18:50 - 2016-03-26 21:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software 2016-03-25 17:46 - 2016-03-26 17:24 - 00000000 ____D C:\Program Files\Analog Devices 2016-03-25 17:46 - 2006-07-10 15:42 - 00049152 _____ (Analog Devices Inc.) C:\WINDOWS\system32\DSndUp.exe 2016-03-25 17:46 - 2005-05-04 09:20 - 00053248 ____N (Analog Devices Inc.) C:\WINDOWS\system32\wdmioctl.dll 2016-03-25 17:46 - 2002-04-17 15:05 - 00045056 ____N (adi) C:\WINDOWS\system32\CleanUp.exe 2016-03-25 17:46 - 2001-09-11 15:20 - 01285632 ____N (Analog Devices) C:\WINDOWS\system32\SMMedia.dll 2016-03-25 16:52 - 2016-03-25 16:52 - 00000654 _____ C:\Documents and Settings\Mobilen\Desktop\TuneXP 1.5.lnk 2016-03-25 16:51 - 2016-03-26 17:24 - 00000000 ____D C:\Program Files\TuneXP 2016-03-25 16:51 - 2016-03-25 16:51 - 00720896 _____ (Indigo Rose Corporation) C:\WINDOWS\iun6002.exe 2016-03-25 15:43 - 2016-03-25 15:43 - 00031832 _____ (Phoenix Technologies) C:\WINDOWS\system32\Drivers\DrvAgent32.sys 2016-03-25 15:43 - 2016-03-25 15:43 - 00000000 ____D C:\Documents and Settings\Mobilen\Local Settings\Application Data\eSupport.com 2016-03-25 14:29 - 2016-03-25 14:29 - 00000000 ____D C:\Documents and Settings\Mobilen\Desktop\Стари данни Firefox 2016-03-25 13:19 - 2016-03-26 18:37 - 00000000 ____D C:\WINDOWS\pss 2016-03-25 12:41 - 2016-03-25 12:41 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk 2016-03-25 12:41 - 2016-03-25 12:41 - 00000000 ____D C:\Program Files\CCleaner 2016-03-25 12:41 - 2016-03-25 12:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner 2016-03-24 09:22 - 2016-03-26 18:47 - 00000000 ____D C:\Program Files\SpeedFan 2016-03-24 09:22 - 2016-03-24 09:22 - 00000682 _____ C:\Documents and Settings\Mobilen\Desktop\SpeedFan.lnk 2016-03-24 09:22 - 2016-03-24 09:22 - 00000045 _____ C:\WINDOWS\system32\initdebug.nfo 2016-03-24 09:22 - 2016-03-24 09:22 - 00000000 ____D C:\Documents and Settings\Mobilen\Start Menu\Programs\SpeedFan ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-27 11:31 - 2012-12-30 16:42 - 00000294 _____ C:\WINDOWS\Tasks\Browser Manager.job 2016-03-27 11:31 - 2008-01-31 17:17 - 00000000 ____D C:\Documents and Settings\Mobilen\Local Settings\Temp 2016-03-27 11:28 - 2001-08-23 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2016-03-27 11:27 - 2014-02-05 20:48 - 00000432 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2016-03-27 11:27 - 2011-01-08 13:44 - 00000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-27 11:27 - 2008-01-31 17:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-03-27 11:26 - 2008-01-31 17:17 - 00000278 ___SH C:\Documents and Settings\Mobilen\ntuser.ini 2016-03-27 11:26 - 2008-01-31 17:17 - 00000000 ____D C:\Documents and Settings\Mobilen 2016-03-27 11:26 - 2008-01-31 17:15 - 00032614 _____ C:\WINDOWS\SchedLgU.Txt 2016-03-27 10:44 - 2011-01-08 13:44 - 00000986 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-27 10:44 - 2008-01-31 18:36 - 00512960 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-03-27 10:35 - 2012-04-01 11:52 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-03-26 20:26 - 2013-03-15 15:47 - 00000000 ____D C:\Documents and Settings\Mobilen\Application Data\PriceGong 2016-03-26 20:26 - 2011-11-20 12:25 - 00000000 ____D C:\Program Files\Conduit 2016-03-26 19:54 - 2008-01-31 18:27 - 00000000 ___HD C:\WINDOWS\inf 2016-03-26 18:40 - 2008-01-31 18:33 - 00000211 ___SH C:\boot.ini 2016-03-26 18:40 - 2001-08-23 15:00 - 00000973 _____ C:\WINDOWS\win.ini 2016-03-26 18:40 - 2001-08-23 15:00 - 00000246 _____ C:\WINDOWS\system.ini 2016-03-26 18:21 - 2008-02-22 23:15 - 00000000 ____D C:\Program Files\Google 2016-03-26 17:25 - 2015-12-05 09:30 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-03-26 17:25 - 2014-05-01 13:22 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp 2016-03-26 17:24 - 2008-01-31 18:27 - 00000000 RSHDC C:\WINDOWS\system32\dllcache 2016-03-26 17:22 - 2012-12-31 16:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN 2016-03-26 17:06 - 2012-12-31 16:20 - 00000719 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk 2016-03-26 16:39 - 2011-01-08 17:00 - 00000000 ____D C:\WINDOWS\system32\NtmsData 2016-03-25 18:57 - 2013-11-16 11:41 - 00001945 _____ C:\WINDOWS\epplauncher.mif 2016-03-25 17:46 - 2008-01-31 17:25 - 00000000 ____D C:\swsetup 2016-03-25 17:36 - 2008-01-31 17:06 - 00000000 ____D C:\WINDOWS\Registration 2016-03-25 15:49 - 2008-01-31 17:05 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files 2016-03-25 15:13 - 2011-02-24 14:06 - 00000000 ____D C:\Program Files\pdf995 2016-03-25 15:13 - 2011-02-24 14:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Software995 2016-03-25 15:12 - 2010-02-20 12:10 - 00000000 ____D C:\Program Files\The KMPlayer 2016-03-25 15:12 - 2009-07-13 13:08 - 00000000 ____D C:\Documents and Settings\Mobilen\Application Data\Skype 2016-03-25 15:12 - 2009-07-13 13:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype 2016-03-25 15:11 - 2011-12-17 11:04 - 00000000 ____D C:\Program Files\TeamViewer 2016-03-25 15:09 - 2010-02-20 11:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HP 2016-03-25 14:39 - 2010-01-19 22:06 - 00000000 ____D C:\WINDOWS\system32\SupportAppXL 2016-03-25 14:39 - 2008-01-31 17:26 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2016-03-25 14:31 - 2011-11-09 11:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DataCardService 2016-03-25 13:11 - 2011-01-08 13:53 - 00000000 ____D C:\Documents and Settings\Mobilen\Application Data\TeamViewer 2016-03-25 13:09 - 2011-08-25 19:35 - 00000000 ____D C:\WINDOWS\Minidump 2016-03-25 12:37 - 2008-01-31 18:27 - 00000000 ____D C:\WINDOWS\repair 2016-03-25 12:05 - 2008-01-31 17:14 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp 2016-03-25 11:54 - 2015-01-06 10:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SafetyNut 2016-03-24 10:35 - 2012-04-01 11:52 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-03-24 10:35 - 2012-04-01 11:52 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-03-17 19:09 - 2008-02-22 23:16 - 00000000 ____D C:\Documents and Settings\Mobilen\Local Settings\Application Data\Google ==================== Files in the root of some directories ======= 2008-01-31 17:42 - 2008-01-31 17:42 - 0000000 _____ () C:\Documents and Settings\Mobilen\Local Settings\Application Data\AtStart.txt 2008-02-29 23:04 - 2014-06-19 09:05 - 0130560 _____ () C:\Documents and Settings\Mobilen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2008-01-31 17:42 - 2008-01-31 17:42 - 0000000 _____ () C:\Documents and Settings\Mobilen\Local Settings\Application Data\DSwitch.txt 2011-07-14 21:40 - 2011-07-14 21:40 - 0000000 _____ () C:\Documents and Settings\Mobilen\Local Settings\Application Data\FnF4.txt 2013-11-30 13:28 - 2013-11-30 13:28 - 0004096 ____H () C:\Documents and Settings\Mobilen\Local Settings\Application Data\keyfile3.drm 2008-01-31 17:42 - 2008-01-31 17:42 - 0000000 _____ () C:\Documents and Settings\Mobilen\Local Settings\Application Data\QSwitch.txt 2010-02-20 11:38 - 2016-03-25 15:09 - 0003748 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log Some files in TEMP: ==================== C:\Documents and Settings\Mobilen\Local Settings\Temp\sdpupdater.exe C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-36b5b39.exe C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-e3949b15.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================ Addition.txt
  10. Здравейте, много ви моля за малко помощ. Всички интернет експлорери отварят само 3-4 сайта и това е. Отварят този сайт, ФБ и май това само. Когато търся нещо в търсачката излиза, но ако натисна да отварям някой от резултатите, директно се опитва да даунлодва, а не да отваря в нов подпрозорец. Какво мога да направя? Благодаря предварително.
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.