Премини към съдържанието
От 1-ви септември 2021 г., вход във форумите ще е възможен само с имейл адрес вместо потребителско име. Ако не помните имейла с който сте се регистрирали, вижте го в настройките на профила си. ×
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Проблем с прозорец CMD


Препоръчан отговор


Здравейте,

 

след зареждане на Windows-а на десктопа ми се появява командния прозорец CMD.exe със следното съдържание:

C:\WINDOWS\system32>start /b regsvr32.exe /s /n /i:“/64 SKEeAXn16uAfcUNPRJt3nW/4HhghOGQXtq0QTAZsJFeAktciwg+BM “ “C:\Documents and settings\All Users\Application Data\23405448\BIT37.tmp”

C:\WINDOWS\system32>

Може би е заплаха. Какво е необходимо да направя?

Линк към коментара
Сподели в други сайтове

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-11-2014 01
Ran by User (administrator) on AAA-D95ED3B117F on 09-11-2014 10:19:19
Running from C:\Documents and Settings\User\My Documents\Downloads
Loaded Profile: User (Available profiles: User & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
() C:\Program Files\Winamp\winampa.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Visicom Media Inc.) C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
() C:\WINDOWS\Datecs\FType2K.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [35328 2006-06-21] ()
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM\...\Run: [Panda Security URL Filtering] => C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe [304952 2014-09-19] (Visicom Media Inc.)
HKU\S-1-5-21-2052111302-1580436667-725345543-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [panda4_0dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_0dn_XP] => reg.exe delete "HKCU\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_XP] => reg.exe delete "HKCU\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_DATA_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering" /s /q
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_INSTALL_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\Default User\Local Settings\Application Data\panda4_1dn" /s /q
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_DATA_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering" /s /q
HKU\S-1-5-18\...\RunOnce: [panda_INSTALL_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\Default User\Local Settings\Application Data\panda" /s /q
IFEO: [Debugger] svchost.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk
ShortcutTarget: FlexType 2K.lnk -> C:\WINDOWS\Datecs\FType2K.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dir.bg/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1414846699&from=wpc&uid=SAMSUNGXSP0812N_S00MJ10L404124&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1414846699&from=wpc&uid=SAMSUNGXSP0812N_S00MJ10L404124&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1414846699&from=wpc&uid=SAMSUNGXSP0812N_S00MJ10L404124&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1414846699&from=wpc&uid=SAMSUNGXSP0812N_S00MJ10L404124&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 213.16.56.1 213.16.56.9

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\o6provv8.default
FF Homepage: hxxp://www.gbg.bg
FF Keyword.URL: hxxp://www.google.com/search?rlz=1V2IPYX&ie=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\911bg.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\diribg.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pe-bg.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\portalbgdict.xml
FF Extension: Panda Security Toolbar - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\o6provv8.default\Extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [2014-11-08]

Chrome:
=======
CHR Profile: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-24]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-24]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [1332544 2005-05-12] (C-Media Inc)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 ip100xp; C:\WINDOWS\System32\DRIVERS\ipfnd51.sys [26752 2005-02-02] (IC Plus Corp.                                                                                                                                                                                                                                                 )
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.)
R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [46464 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52384 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [140688 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103312 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [172432 2014-10-02] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [114704 2014-10-02] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [124944 2014-10-02] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [100496 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-03-12] (Sonic Solutions) [File not signed]
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation                           )
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [21696 2010-12-18] (Almico Software)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 10:19 - 2014-11-09 10:19 - 00000000 ____D () C:\FRST
2014-11-08 22:17 - 2014-03-25 15:15 - 00048736 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2014-11-08 20:16 - 2014-11-08 20:16 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\panda
2014-11-08 20:15 - 2014-11-08 20:15 - 00000000 ____D () C:\Program Files\pandasecuritytb
2014-11-08 20:14 - 2014-11-08 20:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus
2014-11-07 19:59 - 2014-11-07 19:59 - 00000402 _____ () C:\Documents and Settings\User\My Documents\CMD.txt
2014-11-07 08:16 - 2014-11-07 08:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-11-07 08:10 - 2014-11-07 08:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-05 21:56 - 2014-11-05 22:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IObit
2014-11-05 21:55 - 2014-11-05 22:01 - 00000000 ____D () C:\Documents and Settings\User\Application Data\IObit
2014-11-05 21:55 - 2014-11-05 21:55 - 00000000 ____D () C:\Program Files\IObit
2014-11-05 20:38 - 2014-11-05 20:38 - 00000000 ____D () C:\Program Files\Elex-tech
2014-11-04 20:37 - 2014-11-04 20:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\23405448
2014-10-22 13:11 - 2014-10-22 13:11 - 00011726 _____ () C:\WINDOWS\EAConfigInfo.txt
2014-10-13 22:04 - 2014-10-13 22:04 - 00140688 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINAflt.sys
2014-10-13 22:04 - 2014-10-13 22:04 - 00103312 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINFile.sys
2014-10-13 22:04 - 2014-10-13 22:04 - 00100496 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINReg.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 10:20 - 2008-10-29 14:18 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Temp
2014-11-09 10:18 - 2001-08-23 10:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-09 10:06 - 2008-10-29 14:06 - 01502136 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-09 10:05 - 2014-08-03 07:27 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-09 10:05 - 2014-08-03 07:27 - 00000053 _____ () C:\WINDOWS\wiaservc.log
2014-11-09 10:05 - 2012-11-25 13:51 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-08 22:39 - 2012-08-16 19:08 - 20971520 _____ () C:\WINDOWS\system32\config\Nano.evt
2014-11-08 22:39 - 2008-10-29 14:18 - 00000278 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-11-08 22:39 - 2008-10-29 14:16 - 00032488 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-08 22:37 - 2008-10-29 16:26 - 00002483 _____ () C:\Documents and Settings\User\Desktop\Microsoft Word.lnk
2014-11-08 21:56 - 2012-06-18 18:39 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-08 21:55 - 2014-08-06 18:04 - 00013201 _____ () C:\WINDOWS\setupapi.log
2014-11-08 21:38 - 2014-06-16 20:15 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\panda
2014-11-08 21:36 - 2008-10-29 18:20 - 00027312 _____ () C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-11-08 21:36 - 2008-10-29 15:55 - 00158752 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-07 19:23 - 2008-10-29 17:47 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Skype
2014-11-07 19:22 - 2014-09-14 19:18 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-11-07 09:49 - 2013-07-01 18:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-07 09:13 - 2008-10-29 14:18 - 00001599 _____ () C:\Documents and Settings\User\Start Menu\Programs\Remote Assistance.lnk
2014-11-07 08:36 - 2008-10-29 14:08 - 00001599 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2014-11-07 08:32 - 2012-06-27 17:30 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-11-05 20:43 - 2013-11-24 13:43 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-05 20:43 - 2013-11-24 13:43 - 00000982 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-05 20:42 - 2009-07-16 15:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ICQ
2014-11-05 15:07 - 2008-10-29 15:37 - 00002489 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2014-10-29 09:47 - 2014-08-19 19:35 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Adobe
2014-10-29 09:47 - 2012-06-18 18:39 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-10-29 09:47 - 2011-08-29 13:48 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-10-26 08:35 - 2008-10-29 15:56 - 00458340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-25 19:44 - 2008-11-02 17:00 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-10-15 21:37 - 2010-07-17 20:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-10-11 19:51 - 2010-07-08 14:37 - 00003527 _____ () C:\WINDOWS\Ascd_tmp.ini

Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\sSetup-se.exe
C:\Documents and Settings\User\Local Settings\Temp\SSUPDATE.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================Addition.txt

Линк към коментара
Сподели в други сайтове

Здравейте,

 

Системета рестартирана ли е след инсталацията на Panda, защото виждам доста RunOnce ключове в регистрите...?

 

Преди да изтрием папката, нека да видя нейното съдържание:

 

Изтеглете edit-text.giffixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

Направете нова проверка с Farbar Recovery Scan Tool и публикувайте новите резултати.

 

 

Поздрави!

Линк към коментара
Сподели в други сайтове

Антивирусната програма е изключена и не съм рестартирал системата.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-11-2014
Ran by User at 2014-11-09 18:50:42 Run:2
Running from D:\FSRT
Loaded Profile: User (Available profiles: User & Administrator)
Boot Mode: Normal

 

==============================================

Content of fixlist:
*****************
start
IFEO: [Debugger] svchost.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Folder: C:\Documents and Settings\All Users\Application Data\23405448
emtytemp:
reboot:
end
*****************

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\\Debugger => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key not found.

========================= Folder: C:\Documents and Settings\All Users\Application Data\23405448 ========================

2014-11-04 20:37 - 2014-11-04 20:37 - 0000000 ____H () C:\Documents and Settings\All Users\Application Data\23405448\BIT37.tmp

====== End of Folder: ======

emtytemp: => Error: No automatic fix found for this entry.


The system needed a reboot.

==== End of Fixlog ====


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014
Ran by User (administrator) on AAA-D95ED3B117F on 09-11-2014 19:10:29
Running from D:\FSRT
Loaded Profile: User (Available profiles: User & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
() C:\Program Files\Winamp\winampa.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Visicom Media Inc.) C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
() C:\WINDOWS\Datecs\FType2K.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [35328 2006-06-21] ()
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM\...\Run: [Panda Security URL Filtering] => C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe [304952 2014-09-19] (Visicom Media Inc.)
HKU\S-1-5-21-2052111302-1580436667-725345543-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [panda4_0dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_0dn_XP] => reg.exe delete "HKCU\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_XP] => reg.exe delete "HKCU\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_DATA_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering" /s /q
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_INSTALL_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\Default User\Local Settings\Application Data\panda4_1dn" /s /q
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_DATA_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering" /s /q
HKU\S-1-5-18\...\RunOnce: [panda_INSTALL_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\Default User\Local Settings\Application Data\panda" /s /q
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk
ShortcutTarget: FlexType 2K.lnk -> C:\WINDOWS\Datecs\FType2K.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dir.bg/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 213.16.56.1 213.16.56.9

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\o6provv8.default
FF Homepage: hxxp://www.gbg.bg
FF Keyword.URL: hxxp://www.google.com/search?rlz=1V2IPYX&ie=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\911bg.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\diribg.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pe-bg.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\portalbgdict.xml
FF Extension: Panda Security Toolbar - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\o6provv8.default\Extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [2014-11-08]

Chrome:
=======
CHR Profile: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-24]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-24]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [1332544 2005-05-12] (C-Media Inc)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 ip100xp; C:\WINDOWS\System32\DRIVERS\ipfnd51.sys [26752 2005-02-02] (IC Plus Corp.                                                                                                                                                                                                                                                 )
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.)
R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [46464 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52384 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [140688 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103312 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [172432 2014-10-02] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [114704 2014-10-02] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [124944 2014-10-02] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [100496 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-03-12] (Sonic Solutions) [File not signed]
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation                           )
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [21696 2010-12-18] (Almico Software)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 18:26 - 2014-03-25 15:15 - 00048736 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2014-11-09 10:36 - 2014-11-09 10:36 - 00017301 _____ () C:\Documents and Settings\User\My Documents\Addition.txt
2014-11-09 10:19 - 2014-11-09 19:10 - 00000000 ____D () C:\FRST
2014-11-08 20:16 - 2014-11-08 20:16 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\panda
2014-11-08 20:15 - 2014-11-08 20:15 - 00000000 ____D () C:\Program Files\pandasecuritytb
2014-11-08 20:14 - 2014-11-08 20:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus
2014-11-07 19:59 - 2014-11-07 19:59 - 00000402 _____ () C:\Documents and Settings\User\My Documents\CMD.txt
2014-11-07 08:16 - 2014-11-07 08:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-11-07 08:10 - 2014-11-07 08:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-05 21:56 - 2014-11-05 22:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IObit
2014-11-05 21:55 - 2014-11-05 22:01 - 00000000 ____D () C:\Documents and Settings\User\Application Data\IObit
2014-11-05 21:55 - 2014-11-05 21:55 - 00000000 ____D () C:\Program Files\IObit
2014-11-05 20:38 - 2014-11-05 20:38 - 00000000 ____D () C:\Program Files\Elex-tech
2014-11-04 20:37 - 2014-11-04 20:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\23405448
2014-10-22 13:11 - 2014-10-22 13:11 - 00011726 _____ () C:\WINDOWS\EAConfigInfo.txt
2014-10-13 22:04 - 2014-10-13 22:04 - 00140688 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINAflt.sys
2014-10-13 22:04 - 2014-10-13 22:04 - 00103312 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINFile.sys
2014-10-13 22:04 - 2014-10-13 22:04 - 00100496 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINReg.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 19:10 - 2008-10-29 14:18 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Temp
2014-11-09 18:56 - 2012-06-18 18:39 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-09 18:53 - 2008-10-29 14:06 - 01518103 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-09 18:52 - 2014-08-03 07:27 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-09 18:52 - 2014-08-03 07:27 - 00000053 _____ () C:\WINDOWS\wiaservc.log
2014-11-09 18:52 - 2012-11-25 13:51 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-09 18:51 - 2012-08-16 19:08 - 20971520 _____ () C:\WINDOWS\system32\config\Nano.evt
2014-11-09 18:51 - 2008-10-29 14:18 - 00000278 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-11-09 18:51 - 2008-10-29 14:16 - 00032488 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-09 10:18 - 2001-08-23 10:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-08 22:37 - 2008-10-29 16:26 - 00002483 _____ () C:\Documents and Settings\User\Desktop\Microsoft Word.lnk
2014-11-08 21:55 - 2014-08-06 18:04 - 00013201 _____ () C:\WINDOWS\setupapi.log
2014-11-08 21:38 - 2014-06-16 20:15 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\panda
2014-11-08 21:36 - 2008-10-29 18:20 - 00027312 _____ () C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-11-08 21:36 - 2008-10-29 15:55 - 00158752 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-07 19:23 - 2008-10-29 17:47 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Skype
2014-11-07 19:22 - 2014-09-14 19:18 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-11-07 09:49 - 2013-07-01 18:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-07 09:13 - 2008-10-29 14:18 - 00001599 _____ () C:\Documents and Settings\User\Start Menu\Programs\Remote Assistance.lnk
2014-11-07 08:36 - 2008-10-29 14:08 - 00001599 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2014-11-07 08:32 - 2012-06-27 17:30 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-11-05 20:43 - 2013-11-24 13:43 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-05 20:43 - 2013-11-24 13:43 - 00000982 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-05 20:42 - 2009-07-16 15:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ICQ
2014-11-05 15:07 - 2008-10-29 15:37 - 00002489 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2014-10-29 09:47 - 2014-08-19 19:35 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Adobe
2014-10-29 09:47 - 2012-06-18 18:39 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-10-29 09:47 - 2011-08-29 13:48 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-10-26 08:35 - 2008-10-29 15:56 - 00458340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-25 19:44 - 2008-11-02 17:00 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-10-15 21:37 - 2010-07-17 20:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-10-11 19:51 - 2010-07-08 14:37 - 00003527 _____ () C:\WINDOWS\Ascd_tmp.ini

Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\sSetup-se.exe
C:\Documents and Settings\User\Local Settings\Temp\SSUPDATE.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Addition.txt


Линк към коментара
Сподели в други сайтове

Изтеглете edit-text.giffixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

Пишете дали проблема остава...рестартирайте системата за да може Runonce стойностите в регистрите да изчезнат и вижте дали проблема остава.

 

 

Поздрави!

Линк към коментара
Сподели в други сайтове

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-11-2014
Ran by User at 2014-11-09 19:58:42 Run:3
Running from D:\FSRT
Loaded Profile: User (Available profiles: User & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:

*****************
start
2014-11-04 20:37 - 2014-11-04 20:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\23405448

emptytemp:
end
*****************

 

C:\Documents and Settings\All Users\Application Data\23405448 => Moved successfully.
EmptyTemp: => Removed 937.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

При рестартирането прозорецът cmd.exe вече не се появи. Изтрита е историята на браузърите.

Линк към коментара
Сподели в други сайтове

Предполагам, че е заради командата за почистването на Temp папката. Но така или иначе историята на браузъра е добре да се почиства от време на време с CCleaner. :)

 

Няколко финални препоръки:

 

1. Проверете за стари приложения с помощта на PatchMyPC.

 

2. Изтеглете Delfix.exe и го стартирайте. Сложете отметка пред Remove disinfection tools (трябва да има такава по-подразбиране, но все пак да си кажа) => натиснете бутона Run

Инструмента ще се самоизтрие след като приключи своята задача!

 

3. За подобряване на производителността (ако системата ви се вижда мудна) вижте следните няколко теми:

 

Оптимизиране на Windows с цел по-добра производителност

Ръководство за поддръжка на Windows (XP, Vista и 7) [Revision 2.0]

Какво да направя, ако компютърът ми работи бавно

Профилактика на компютъра,как?

 

Направете и една дефрагментация с MyDefrag за повишаване на производителноста при дисковите операции: (ще се отрази благоприятно и при често използваните програми):

 

Изтеглете MyDefrag и я инсталирайте.

 

Изтеглете следния архив и го разархивирайте в C:\Program Files\MyDefrag v4.3.1\Scripts

 

Стартирайте MyDefrag.exe и изберете System Disk Level V и посочете системния дял C: и натиснете Run

 

KcdlAEi.jpg

 

Може да отнеме доста време, защото за основа на скрипта са използвани скриптовете на Jaspion и на някои други потребители + мои лични настройки и модификации.

Скрипта ще направи приоритизация на често използваните програми и файлове.

След като приключи ще изпише Finished и можете да затворите програмата от X-са.

 

Рестартирайте системата.

 

Проверете системата си актуални драйвери от сайтовете на производителите на компонентите ако ви се занимава и направете пълна проверка за гадини с наличната ви антивирусна програма.

 

Поздрави и усмихната седмица! Ще маркирам случая като РЕШЕН. :bye1:

Линк към коментара
Сподели в други сайтове

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от CaptainJord
      Здравейте, от известно време системата ми не работи както обикновенно. Много често процесора е към 100%, както и другите статистики. Също така, докато съм пуснал някоя игра получавам рязки спадове на FPS, което не е нормално за компютъра ми. Имам стабилна конфигурация GTX 1050 TI 4gb I5 6600k. Теглих какви ли не програми за сканиране на malware - намираха доста зловредни файлове, но уж ги чистят, а пак продължава проблема...
       

       
      Addition.txt FRST.txt

    • от FrankyF
      Здравейте, на скоро ми излезе един попъп :

      И понеже нямах антивирусна преди това исках да направя профилактична проверка.
      Прикачвам FRST & Adition.
      Adition - https://dox.abv.bg/download?id=ec814d8d64# - Линк за сваляне
      ckfiles - https://dox.abv.bg/download?id=e280a29d87# - Линк за сваляне
      FRST - https://dox.abv.bg/download?id=bb2866b435# - Линк за сваляне
      Днес като стартирах PC  видях за около части от секундата 4 терминала които се отвориха и затвориха.
       
      Благодаря предварително.
      Поздрави
    • от blazarow09
      От скоро ползвам машината и след като я закупих(нова) Windows defender беше спрян по подразбиране и на негово място имаше Norton Security, като аз прецених да го оставя, въпреки, че винаги съм ползвал Windows Defender. Преди седмица-две, след сканиране на системата ми излязоха няколко зловредни файла и антивирусната започна да спрами за някакви BitCoin Miners, аз мислех, че съм ги зачистил, но явно все още има останали зловредни файлове и днес ми се наложи да отворя Device Manager-a, като получих това съобщение.
       
      Не усещам разлика в performance-a на самата машина, но искам да съм сигурен, че всичко е наред и няма файлове, които могат да ми навредят за в бъдеще.

      Прикачвам логовете от Farbar и се надявам да ми помогнете. Благодаря предварително!
      Addition.txt FRST.txt
    • от Yanichka
      Здравейте. Имам проблеми с лаптопа ми от известно време - много е бавен, пренатоварва се и CPU-то работи на по-малко от  50%.. Бях посъветвана първо да проверя за вируси и нежелани софтуери, преди да предприема други мерки. Лаптопът е DELL Latitude E5540, Intel inside core i7 vPro. Да кажем, че  е средно на около 6 годинки :)) Коя антивирусна програма бихте ми препоръчали? Ако имате нужда от още информация за лаптопа, само пишете ;))  Благодаря предварително
  • Дарение

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване