Премини към съдържанието
evitta_22

Изскачащи прозорци и пренасочвания при Google Chrome

Препоръчан отговор


Здравейте!

От известно време при Google Chrome имам  проблем.Проблема се появи след опит на инсталация на програма за блокиране на мишка и клавиатура, но с опция да може да гледаш примерно филм на компа.Тази мярка ни бе необходима защото имаме малко бебче което просто бара навсякъде.В интерес на истината програмата така и не тръгна, и за капак на всичко браузъра се скапа.Сигурно нещо е имало в програмата ...

Ето и какъв е проблема!  Когато отворя дадена страница,примерно във форум, и щракна да отворя някаква тема веднага се отваря нов раздел с някакви откачени сайтове!Или ще ми искат обновяване на плеъра или пък ми говори женски глас,че  система ми е в неизправност и неща в този дух.Отделно, че на няколко пъти се отвориха и и страници с 18+ съдържание,въобще е ужас отвсякъде.Интересното е ,че от днес вече и онлайн филми не ме оставя да гледам.Когато натисна бутончето да тръгне филма отваря се нова страница на сайта, а старата ми зарежда веднага рекламна страница.Всичко това се повтаря до безкрай...Опитах да се справя сама с проблема но не става.Деинсталирах  хром-а и изтрих всички остатъци от него,после наново го изтеглих-инсталирах си всичките му екстри, които уж блокират рекламни страници.Отделно поставих ръчно голяма част от адресите на досадните реклами в Адблок разширението но ефект нулев.Сканирах с Аваст -нищо,а с Malwarebytes Anti-Malware ми откри 9 проблема които изтрих но промяна нямаше.Просто вече не знам какво да правя:10:.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by 1 (administrator) on MSHOME (12-03-2016 00:42:15)
Running from H:\Documents and Settings\1\Desktop
Loaded Profiles: 1 (Available Profiles: 1)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) H:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ABBYY) H:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
(NVIDIA Corporation) H:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corp.) H:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
() H:\WINDOWS\system32\UAService7.exe
(SONIX) H:\WINDOWS\tsnpstd3.exe
(VIA Technologies, Inc.) H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
() H:\WINDOWS\vsnpstd3.exe
(AVAST Software) H:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) H:\WINDOWS\system32\rundll32.exe
(BitTorrent Inc.) H:\Documents and Settings\1\Application Data\uTorrent\uTorrent.exe
(InterVideo Inc.) H:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
(BitTorrent Inc.) H:\Documents and Settings\1\Application Data\uTorrent\updates\3.4.5_41865\utorrentie.exe
(BitTorrent Inc.) H:\Documents and Settings\1\Application Data\uTorrent\updates\3.4.5_41865\utorrentie.exe
(Microsoft Corporation) H:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe
(RaMMicHaeL) H:\Program Files\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) H:\Program Files\Unchecky\bin\unchecky_bg.exe
(Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => H:\WINDOWS\RTHDCPL.EXE [16125440 2007-02-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => H:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NeroFilterCheck] => H:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [tsnpstd3] => H:\WINDOWS\tsnpstd3.exe [262144 2007-04-23] (SONIX)
HKLM\...\Run: [HDAudDeck] => H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33747360 2010-05-24] (VIA Technologies, Inc.)
HKLM\...\Run: [snpstd3] => H:\WINDOWS\vsnpstd3.exe [831488 2007-04-25] ()
HKLM\...\Run: [AvastUI.exe] => H:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-16] (AVAST Software)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [uTorrent] => H:\Documents and Settings\1\Application Data\uTorrent\uTorrent.exe [2094080 2016-03-05] (BitTorrent Inc.)
HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [DAEMON Tools Lite] => H:\Program Files\DAEMON Tools Lite\daemon.exe [486856 2008-04-01] (DT Soft Ltd)
HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [Avast-Browser-Cleanup] => H:\Program Files\AVAST Software\Avast\BrowserCleanup.exe [1503712 2015-12-16] (AVAST Software)
HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [swg] => H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-02-04] (Google Inc.)
HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [Xvid] => I:\PROGRAMI\Xvid-1.3.2-20110601\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [CCleaner Monitoring] => I:\PROGRAMI\CCleaner512-програма за почистване на остатъчни файлове\CCleaner.exe [6602152 2015-11-16] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => H:\Program Files\AVAST Software\Avast\ashShell.dll [2015-12-16] (AVAST Software)
Startup: H:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk [2016-02-25]
ShortcutTarget: InterVideo WinCinema Manager.lnk -> H:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{22CD05BE-8069-4753-A8E5-436BCFBE9135}: [NameServer] 10.98.0.1
Tcpip\..\Interfaces\{948CFD05-098D-4396-92E2-FB3E18B8BC3F}: [NameServer] 10.98.0.1
Tcpip\..\Interfaces\{C43F650F-0CEE-484B-B008-EAE5A3EAC1AB}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ED35FE50-A8CB-450B-B4D1-916DDF2590B2}: [NameServer] 10.98.0.1,77.71.11.2

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1343024091-527237240-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?PC=AV01
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1343024091-527237240-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1343024091-527237240-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.bg/
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1343024091-527237240-1801674531-1003 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1343024091-527237240-1801674531-1003 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> H:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-16] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-1343024091-527237240-1801674531-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} H:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} 
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> H:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> H:\WINDOWS\system32\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> H:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> H:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> I:\PROGRAMI\VLC media player 1.0.0 RC2\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> I:\PROGRAMI\VLC media player 1.0.0 RC2\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> I:\PROGRAMI\VLC media player 1.0.0 RC2\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> I:\PROGRAMI\VLC media player 1.0.0 RC2\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> I:\PROGRAMI\VLC media player 1.0.0 RC2\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: Adobe Reader -> H:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> H:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll [No File]
FF Plugin HKU\S-1-5-21-1343024091-527237240-1801674531-1003: @Skype Limited.com/Facebook Video Calling Plugin -> H:\Documents and Settings\1\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-1343024091-527237240-1801674531-1003: @unity3d.com/UnityPlayer,version=1.0 -> H:\Documents and Settings\1\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-04] (Unity Technologies ApS)
FF Extension: GoPhotoIt - H:\Documents and Settings\1\Application Data\Mozilla\Firefox\profiles\extensions\gophoto@gophoto.it.xpi [2013-08-08] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-12-10] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - H:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - H:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-16]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - H:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - H:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-16]

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.bg/?gws_rd=ssl
CHR StartupUrls: Default -> "hxxp://www.google.bg/","hxxp://www.mysites123.com/?type=hp&ts=1454508138&z=d0702c45a8dfadf347cc228gez1w0zdw9e0b6g7ceb&from=amt&uid=hitachixhdt725025vla380_vfl104rm02ljdz02ljdzx"
CHR Profile: H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Презентации) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-11]
CHR Extension: (Google Документи) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-11]
CHR Extension: (Google Диск) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-11]
CHR Extension: (Poper Blocker) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2016-03-12]
CHR Extension: (YouTube) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-11]
CHR Extension: (Adblock Plus) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-11]
CHR Extension: (Електронни таблици от Google) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-11]
CHR Extension: (Vbox7.com Downloader) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjhpfbclepcmobfifppimpdljeikohdf [2016-03-11]
CHR Extension: (Picditor Photo Editor) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ggdplhaiiohpkafnlhlfikiomnboacoi [2016-03-11]
CHR Extension: (Google Документи офлайн) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-11]
CHR Extension: (AdBlock) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-11]
CHR Extension: (Плащания в уеб магазина на Chrome) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-11]
CHR Extension: (Gmail) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Corporate.11.0; H:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [819976 2011-10-12] (ABBYY)
R2 avast! Antivirus; H:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-16] (AVAST Software)
S3 IDriverT; H:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 ServiceLayer; H:\Program Files\PC Connectivity Solution\ServiceLayer.exe [353280 2007-12-10] (Nokia.) [File not signed]
R2 Unchecky; H:\Program Files\Unchecky\bin\unchecky_svc.exe [243448 2016-03-11] (RaMMicHaeL)
R2 UserAccess7; H:\WINDOWS\system32\UAService7.exe [126976 2009-01-24] () [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; H:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-12-16] (AVAST Software)
R2 aswMonFlt; H:\WINDOWS\system32\drivers\aswMonFlt.sys [81168 2015-12-19] (AVAST Software)
R1 aswRdr; H:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-12-16] (AVAST Software)
R0 aswRvrt; H:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-12-16] (AVAST Software)
R1 aswSnx; H:\WINDOWS\system32\drivers\aswSnx.sys [812720 2016-03-02] (AVAST Software)
R1 aswSP; H:\WINDOWS\system32\drivers\aswSP.sys [449384 2016-01-20] (AVAST Software)
R3 aswStmXP; H:\WINDOWS\system32\drivers\aswStmXP.sys [165104 2015-12-16] (AVAST Software)
S3 aswTdi; H:\WINDOWS\system32\drivers\aswTdi.sys [58016 2015-12-16] (AVAST Software)
R0 aswVmm; H:\WINDOWS\system32\Drivers\aswVmm.sys [209432 2015-12-16] (AVAST Software)
R2 atksgt; H:\WINDOWS\System32\DRIVERS\atksgt.sys [281760 2009-12-25] ()
S3 CCDECODE; H:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 fssfltr; H:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)
R2 lirsgt; H:\WINDOWS\System32\DRIVERS\lirsgt.sys [25888 2009-12-25] ()
R3 MTsensor; H:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; H:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVENETFD; H:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
R0 nvgts; H:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-08] (NVIDIA Corporation)
R3 nvnetbus; H:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
R3 pcouffin; H:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2008-12-15] (VSO Software) [File not signed]
S3 rtl8139; H:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-14] (Realtek Semiconductor Corporation)
S3 Secdrv; H:\WINDOWS\System32\DRIVERS\secdrv.sys [11973 2010-02-03] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R0 sfsync02; H:\WINDOWS\System32\drivers\sfsync02.sys [19968 2005-08-10] (Protection Technology) [File not signed]
R0 sfvfs02; H:\WINDOWS\System32\drivers\sfvfs02.sys [66048 2005-09-29] (Protection Technology) [File not signed]
R3 SNPSTD3; H:\WINDOWS\System32\DRIVERS\snpstd3.sys [10252672 2007-04-24] (Sonix Co. Ltd.) [File not signed]
R0 sptd; H:\WINDOWS\System32\Drivers\sptd.sys [721904 2010-01-02] () [File not signed]
R3 VIAHdAudAddService; H:\WINDOWS\System32\drivers\viahduaa.sys [2136224 2010-05-15] (VIA Technologies, Inc.)
U3 a8cch2kn; H:\WINDOWS\system32\Drivers\a8cch2kn.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\H:\ComboFix\catchme.sys [X]
S3 FXDrv32; \??\G:\FXDrv32.sys [X]
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S4 IntelIde; no ImagePath
U5 StarOpen; H:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S2 zumbus; system32\DRIVERS\zumbus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-12 00:42 - 2016-03-12 00:42 - 00019692 _____ H:\Documents and Settings\1\Desktop\FRST.txt
2016-03-11 23:51 - 2016-03-11 23:51 - 00000706 _____ H:\Documents and Settings\All Users\Desktop\Unchecky.lnk
2016-03-11 23:51 - 2016-03-11 23:51 - 00000000 ____D H:\Program Files\Unchecky
2016-03-11 23:51 - 2016-03-11 23:51 - 00000000 ____D H:\Documents and Settings\All Users\Start Menu\Programs\Unchecky
2016-03-11 23:51 - 2016-03-11 23:51 - 00000000 ____D H:\Documents and Settings\All Users\Application Data\Unchecky
2016-03-11 22:00 - 2016-03-11 22:00 - 00001817 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-03-11 22:00 - 2016-03-11 22:00 - 00001811 _____ H:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2016-03-11 20:58 - 2016-03-11 20:58 - 00000000 ____D H:\Documents and Settings\1\Application Data\vlc
2016-03-08 17:18 - 2016-03-08 17:18 - 00006174 _____ H:\Documents and Settings\1\My Documents\mp3-nero.txt
2016-02-25 13:11 - 2016-03-12 00:02 - 00000830 _____ H:\WINDOWS\Tasks\Adobe Flash Player Updater.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-12 00:42 - 2015-12-14 16:50 - 00000000 ____D H:\Documents and Settings\1\Local Settings\temp
2016-03-12 00:42 - 2015-12-07 22:39 - 00000000 ____D H:\FRST
2016-03-12 00:40 - 2015-12-14 00:36 - 01725440 _____ (Farbar) H:\Documents and Settings\1\Desktop\FRST.exe
2016-03-12 00:40 - 2015-12-13 17:34 - 00000000 ____D H:\Documents and Settings\1\Desktop\FRST-OlderVersion
2016-03-12 00:39 - 2008-11-06 20:49 - 00000000 ____D H:\Documents and Settings\1\Application Data\uTorrent
2016-03-12 00:33 - 2011-11-12 12:23 - 00000982 _____ H:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-527237240-1801674531-1003UA.job
2016-03-11 23:58 - 2010-02-07 17:01 - 00000886 _____ H:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-11 22:48 - 2015-12-07 11:40 - 00170200 _____ (Malwarebytes) H:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-11 22:06 - 2015-12-16 16:16 - 00000354 ____H H:\WINDOWS\Tasks\avast! Emergency Update.job
2016-03-11 22:06 - 2011-05-15 09:25 - 00000000 __SHD H:\WINDOWS\CSC
2016-03-11 22:06 - 2010-02-07 17:01 - 00000882 _____ H:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-11 22:06 - 2008-06-12 15:14 - 00000006 ____H H:\WINDOWS\Tasks\SA.DAT
2016-03-11 22:00 - 2008-11-02 23:04 - 00000000 ____D H:\Documents and Settings\1\Local Settings\Application Data\Google
2016-03-11 22:00 - 2008-11-02 22:08 - 00000000 ____D H:\Program Files\Google
2016-03-11 21:46 - 2015-01-13 21:17 - 00000000 __HDC H:\WINDOWS\$NtUninstallKB932716-v2$
2016-03-11 21:46 - 2008-06-12 15:17 - 00000178 ___SH H:\Documents and Settings\1\ntuser.ini
2016-03-11 21:46 - 2008-06-12 15:14 - 00032520 _____ H:\WINDOWS\SchedLgU.Txt
2016-03-11 21:44 - 2008-06-12 15:17 - 00000000 ____D H:\Documents and Settings\1
2016-03-11 20:58 - 2013-05-04 10:57 - 00000684 _____ H:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2016-03-11 20:38 - 2013-02-25 18:42 - 00797376 _____ (Adobe Systems Incorporated) H:\WINDOWS\system32\FlashPlayerApp.exe
2016-03-11 20:38 - 2011-11-29 19:42 - 00142528 _____ (Adobe Systems Incorporated) H:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-03-11 18:33 - 2011-11-12 12:23 - 00000960 _____ H:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-527237240-1801674531-1003Core.job
2016-03-11 16:12 - 2008-06-12 15:18 - 00000000 ___RD H:\Documents and Settings\1\My Documents\Moite kartinki
2016-03-10 10:25 - 2001-08-23 11:00 - 00002206 _____ H:\WINDOWS\system32\wpa.dbl
2016-03-08 17:21 - 2008-11-12 13:28 - 00000000 __RSD H:\Documents and Settings\1\Desktop\probna
2016-03-08 17:18 - 2008-06-12 15:17 - 00000000 ___RD H:\Documents and Settings\1\My Documents
2016-03-08 17:09 - 2008-06-12 14:11 - 00000187 _____ H:\WINDOWS\winamp.ini
2016-03-02 16:16 - 2015-12-16 16:16 - 00812720 _____ (AVAST Software) H:\WINDOWS\system32\Drivers\aswsnx.sys
2016-02-27 19:46 - 2008-12-11 00:39 - 00000176 _____ H:\WINDOWS\system32\test.aok
2016-02-26 20:51 - 2014-08-06 14:48 - 00000000 ____D H:\Documents and Settings\1\Desktop\tr
2016-02-25 13:12 - 2009-05-26 19:10 - 00000000 ____D H:\Program Files\Common Files\Adobe AIR
2016-02-25 13:06 - 2014-03-22 20:07 - 00000258 __RSH H:\Documents and Settings\All Users\ntuser.pol
2016-02-25 13:06 - 2008-06-12 17:55 - 00000000 ____D H:\Documents and Settings\All Users
2016-02-25 13:04 - 2015-12-10 11:50 - 00000000 __HDC H:\WINDOWS\$NtUninstallKB977816$
2016-02-25 13:02 - 2016-01-31 18:01 - 00000813 _____ H:\Documents and Settings\All Users\Start Menu\Programs\SumatraPDF.lnk
2016-02-25 13:02 - 2015-12-31 00:10 - 00000654 _____ H:\Documents and Settings\All Users\Desktop\Speccy.lnk
2016-02-25 13:02 - 2015-12-16 16:17 - 00001689 _____ H:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2016-02-25 13:02 - 2015-12-09 19:36 - 00000786 _____ H:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2016-02-25 13:02 - 2015-12-09 16:12 - 00002415 _____ H:\Documents and Settings\All Users\Desktop\Skype.lnk
2016-02-25 13:02 - 2015-12-07 11:36 - 00000796 _____ H:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-25 13:02 - 2015-11-27 22:40 - 00000522 _____ H:\Documents and Settings\All Users\Desktop\MailBooks.lnk
2016-02-25 13:02 - 2015-04-03 17:14 - 00002347 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2016-02-25 13:02 - 2015-04-03 17:14 - 00001734 _____ H:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2016-02-25 13:02 - 2015-01-16 17:56 - 00000738 _____ H:\Documents and Settings\All Users\Desktop\GOM Player.lnk
2016-02-25 13:02 - 2014-03-09 22:43 - 00002771 _____ H:\Documents and Settings\All Users\Desktop\ABBYY FineReader 11.lnk
2016-02-25 13:02 - 2014-01-11 17:43 - 00000585 _____ H:\Documents and Settings\All Users\Desktop\Scooby-Doo(TM) First Frights.lnk
2016-02-25 13:02 - 2013-10-09 17:25 - 00001938 _____ H:\Documents and Settings\All Users\Desktop\LibreOffice 4.1.lnk
2016-02-25 13:02 - 2013-10-05 16:42 - 00002463 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
2016-02-25 13:02 - 2013-10-03 11:46 - 00000625 _____ H:\Documents and Settings\All Users\Desktop\Ученически Синтезатор.lnk
2016-02-25 13:02 - 2012-03-08 16:32 - 00000654 _____ H:\Documents and Settings\All Users\Desktop\GOM Video Converter.lnk
2016-02-25 13:02 - 2011-06-28 16:46 - 00000855 _____ H:\Documents and Settings\All Users\Start Menu\Programs\HD ADeck.lnk
2016-02-25 13:02 - 2011-06-28 16:46 - 00000849 _____ H:\Documents and Settings\All Users\Desktop\HD ADeck.lnk
2016-02-25 13:02 - 2011-04-29 11:37 - 00000807 _____ H:\Documents and Settings\1\Start Menu\Programs\Internet Explorer.lnk
2016-02-25 13:02 - 2009-01-10 16:08 - 00001257 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Photo Story 3 for Windows.lnk
2016-02-25 13:02 - 2008-11-06 20:50 - 00000636 _____ H:\Documents and Settings\1\Start Menu\Programs\µTorrent.lnk
2016-02-25 13:02 - 2008-06-12 15:18 - 00000738 _____ H:\Documents and Settings\1\Start Menu\Programs\Outlook Express.lnk
2016-02-25 13:02 - 2008-06-12 15:17 - 00001599 _____ H:\Documents and Settings\1\Start Menu\Programs\Remote Assistance.lnk
2016-02-25 13:02 - 2008-06-12 15:17 - 00000788 _____ H:\Documents and Settings\1\Start Menu\Programs\Windows Media Player.lnk
2016-02-25 13:02 - 2008-06-12 15:04 - 00000786 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
2016-02-25 13:02 - 2008-06-12 15:02 - 00000605 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
2016-02-25 13:01 - 2016-01-24 20:59 - 00001127 _____ H:\Documents and Settings\1\Desktop\Adventurers Community.lnk
2016-02-25 13:01 - 2016-01-24 20:59 - 00000999 _____ H:\Documents and Settings\1\Desktop\Mortimer Beckett and the Time Paradox.lnk
2016-02-25 13:01 - 2013-02-24 22:47 - 00000551 _____ H:\Documents and Settings\1\Desktop\BS.Player FREE.lnk
2016-02-25 13:01 - 2010-11-12 20:07 - 00000697 _____ H:\Documents and Settings\1\Desktop\PDF2Word v3.0.lnk
2016-02-25 13:01 - 2010-11-11 20:25 - 00000781 _____ H:\Documents and Settings\1\Desktop\ReadManiac Builder Wizard.lnk
2016-02-25 13:01 - 2010-03-08 21:40 - 00000104 _____ H:\Documents and Settings\1\Desktop\Моят компютър.lnk
2016-02-25 13:01 - 2010-01-02 17:20 - 00000863 _____ H:\Documents and Settings\1\Desktop\Folder Marker.lnk
2016-02-25 13:01 - 2009-12-12 21:14 - 00000752 _____ H:\Documents and Settings\1\Desktop\Format Factory.lnk
2016-02-25 13:01 - 2009-11-05 19:37 - 00000676 _____ H:\Documents and Settings\1\Desktop\Mp3 Knife.lnk
2016-02-25 13:01 - 2009-06-07 14:29 - 00000983 _____ H:\Documents and Settings\1\Desktop\Subtitle Workshop.lnk
2016-02-25 13:01 - 2009-04-13 14:42 - 00000892 _____ H:\Documents and Settings\1\Desktop\DVDVideoSoft Free Studio.lnk
2016-02-25 13:01 - 2009-01-19 15:34 - 00000734 _____ H:\Documents and Settings\1\Desktop\Acrobat.com.lnk
2016-02-25 13:01 - 2008-12-20 18:52 - 00000571 _____ H:\Documents and Settings\1\Desktop\KMPlayer.lnk
2016-02-25 13:01 - 2008-12-11 00:35 - 00000665 _____ H:\Documents and Settings\1\Desktop\Allok Video to 3GP Converter.lnk
2016-02-25 13:01 - 2008-11-06 20:50 - 00000792 _____ H:\Documents and Settings\1\Desktop\µTorrent.lnk
2016-02-25 13:01 - 2008-10-23 10:57 - 00000398 _____ H:\Documents and Settings\1\Desktop\Free.lnk
2016-02-25 13:01 - 2008-06-12 15:29 - 00002319 _____ H:\Documents and Settings\1\Desktop\Nero StartSmart.lnk
2016-02-25 13:01 - 2008-06-12 15:23 - 00001637 _____ H:\Documents and Settings\1\Desktop\InterVideo WinDVD 7.lnk
2016-02-25 13:01 - 2008-06-12 15:18 - 00000801 _____ H:\Documents and Settings\1\Desktop\Internet Explorer.lnk
2016-02-25 13:01 - 2008-06-12 14:11 - 00000654 _____ H:\Documents and Settings\1\Desktop\Winamp.lnk
2016-02-25 13:01 - 2008-06-12 14:04 - 00000733 _____ H:\Documents and Settings\1\Desktop\DAEMON Tools Lite.lnk
2016-02-25 12:36 - 2014-06-16 16:03 - 00000000 ____D H:\Documents and Settings\1\Application Data\SkypEmoticons

==================== Files in the root of some directories =======

2008-12-15 17:37 - 2008-12-15 17:37 - 0087608 _____ () H:\Documents and Settings\1\Application Data\inst.exe
2008-12-15 17:37 - 2008-12-15 17:37 - 0007887 _____ () H:\Documents and Settings\1\Application Data\pcouffin.cat
2008-12-15 17:37 - 2008-12-15 17:37 - 0001144 _____ () H:\Documents and Settings\1\Application Data\pcouffin.inf
2008-12-15 17:37 - 2008-12-15 17:37 - 0000034 _____ () H:\Documents and Settings\1\Application Data\pcouffin.log
2008-12-15 17:37 - 2008-12-15 17:37 - 0047360 _____ (VSO Software) H:\Documents and Settings\1\Application Data\pcouffin.sys
2008-12-15 17:37 - 2014-01-09 13:42 - 0000671 _____ () H:\Documents and Settings\1\Application Data\vso_ts_preview.xml
2009-02-07 21:10 - 2009-02-07 21:10 - 0001024 _____ () H:\Documents and Settings\1\Application Data\WavCodec.wff
2008-06-12 21:45 - 2015-11-25 11:55 - 0187904 _____ () H:\Documents and Settings\1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-12 21:13 - 2011-05-12 21:13 - 0000124 _____ () H:\Documents and Settings\1\Local Settings\Application Data\fusioncache.dat
2008-06-12 14:34 - 2008-06-12 14:34 - 0000600 _____ () H:\Documents and Settings\1\Local Settings\Application Data\PUTTY.RND
2012-01-05 08:27 - 2012-01-05 08:27 - 0000000 _____ () H:\Documents and Settings\1\Local Settings\Application Data\{84E18409-91B6-4BB9-ACA1-CB862156C6C9}
2010-09-26 17:49 - 2010-09-26 17:49 - 0005067 _____ () H:\Documents and Settings\All Users\Application Data\hvcatrnw.tht
2008-07-31 17:19 - 2011-10-12 19:59 - 0000000 _____ () H:\Documents and Settings\All Users\Application Data\LauncherAccess.dt

Some files in TEMP:
====================
H:\Documents and Settings\1\Local Settings\temp\Uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

H:\WINDOWS\explorer.exe => File is digitally signed
H:\WINDOWS\system32\winlogon.exe => File is digitally signed
H:\WINDOWS\system32\svchost.exe => File is digitally signed
H:\WINDOWS\system32\services.exe => File is digitally signed
H:\WINDOWS\system32\User32.dll => File is digitally signed
H:\WINDOWS\system32\userinit.exe => File is digitally signed
H:\WINDOWS\system32\rpcss.dll => File is digitally signed
H:\WINDOWS\system32\dnsapi.dll => File is digitally signed
H:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Не знам дали е необходимо но ще пусна и какво откри програмата  "Malwarebytes Anti-Malware"

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Дата на сканиране: 11.3.2016 г.
Час на сканиране: 21:04:33
Дневник: 
Администратор: Да

Версия: 2.2.0.1024
База от данни за злонамерен софтуер: v2016.03.11.04
База от данни за рууткити: v2016.02.27.01
Лиценз: Безплатен
Защита от злонамерен софтуер: Забранено
Защита от злонамерени страници: Забранено
Самозащита: Забранено

ОС: Windows XP Service Pack 3
Процесор: x86
Файлова система: NTFS
Потребител: 1

Тип сканиране: Сканиране за заплахи
Резултат: Завършено
Сканиране обекти: 379859
Изминало време: 36 мин. 22 сек.

Памет: Разрешено
Начално стартиране: Разрешено
Файлова система: Разрешено
Архиви: Разрешено
Рууткити: Разрешено
Дълбоко сканиране за рууткити: Разрешено
Евристика: Разрешено
ПНП: Разрешено
ПНИ: Разрешено

Процеси: 0
(Не бяха открити злонамерени обекти)

Модули: 0
(Не бяха открити злонамерени обекти)

Ключове в системния регистър: 2
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\Conduit, Поставен под карантина, [39473353cfca6accab27f1929a6a37c9], 
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1343024091-527237240-1801674531-1003\SOFTWARE\Conduit, Поставен под карантина, [b1cf61254d4c78be27aa6b182cd8be42], 

Стойности в системния регистър: 1
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-1343024091-527237240-1801674531-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL, http://unblockservice.com/wpad.dat?88a13144f2d3161fed3d74711ef801975601775, Поставен под карантина, [acd491f53c5d59ddd6907c99ea1922de]

Данни в системния регистър: 3
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Добър: (0), Лош: (1),Заменен,[7f01d3b31584c175a200e72c6b9ab14f]
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Добър: (0), Лош: (1),Заменен,[b0d01d692277eb4ba7fce03311f442be]
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Добър: (0), Лош: (1),Заменен,[e0a031559504e4525351a96a7293bb45]

Папки: 0
(Не бяха открити злонамерени обекти)

Файлове: 3
PUP.Optional.InstallCore, H:\Documents and Settings\1\My Documents\Downloads\FlashVideoPlayer.exe, Поставен под карантина, [314f1d696534ac8a09f7858438cab749], 
PUP.Optional.InstallCore, H:\Documents and Settings\1\My Documents\Downloads\FlashVideoPlayer.zip, Поставен под карантина, [740c23635d3ce3539868c346a45e926e], 
PUP.Optional.InstallCore, H:\Documents and Settings\1\Local Settings\temp\Rar$DR00.641\FlashVideoPlayer.zip, Поставен под карантина, [d3ad8afce6b359dd06fa4ebb56ac3ac6], 

Физически сектори: 0
(Не бяха открити злонамерени обекти)


(end)

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте..Ще мога да пиша след обяд..сега съм на работа и не е удобно..! Между другото не мога да отворя файла Addition.txt

Копирайте съдържанието му в следващия си пост..!

icon1337347931.png  Сканиране с RKill

  • Отворете следния сайт и изтеглете RKill.exe и ги запазете на вашия десктоп.
  • Стартирате програмата с двоен клик върху файла и изчакайте търпеливо.
  • След приключване на проверката ще се генерира лог файл с извършените процедури.
  • Прикачете лог файла в следващия си пост.

BY4dvz9.png Сканиране с AdwCleaner

 
Моля, изтеглете и стартирайте програмата AdwCleaner (by Xplode):

  • Затворете всички стартирани програми и браузъри
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
  • Маркирайте Clean
  • Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта.
  • Моля, да публикувате съдържанието на този лог в отговора си

 

E3feWj5.png  Сканиране с Junkware Removal Tool
 
Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

122.jpg?1414578932  Моля, изтеглете  Check Browsers' LNK by Dragokas & regist

  • Запомнете архива на вашия декстоп,разархивирате.
  • Временно спрете вашия  антивирусен софтуер.
  • Стартирайте файла Check Browsers LNK.exe от името на администратор.
  • Изчакайте програмата да завърши работата си.Това може да отнеме до 5 минути. Моля бъдете търпеливи. След сканирането, отворете генерираната папка LOG и публикувайте отчета Check_Browsers_LNK.log, в следвашия си пост.

 

25.jpg?1426074241   Сканиране с SecurityCheck by glax24

  • Изтеглете SecurityCheck by glax24 от тук и запомнете инструмента на десктопа .
  • Стартирате програмата (ако използвате Windows XP) или стартирате с десен бутон на мишката от името на администратор (ако използвате Windows Vista/7/8/10)
  • Изчакайте да приключи сканирането.Ще се отвори в текстов файл с име SecurityCheck.txt. Копирайте съдържанието на  този файл  следващия си пост
  • Можете да намерите този файл в основната директория на системния диск в папка с име SecurityCheck, напр. C:\SecurityCheck\SecurityCheck.txt

 

pfNZP4A.png  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • Лог файл от RKill
  • AdwCleaner.txt
  • JRT.txt
  • Check_Browsers_LNK.log
  • SecurityCheck.txt
  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by 1 (2016-03-12 00:43:02)
Running from H:\Documents and Settings\1\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2008-06-12 13:10:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

1 (S-1-5-21-1343024091-527237240-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\1
Administrator (S-1-5-21-1343024091-527237240-1801674531-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1343024091-527237240-1801674531-1004 - Limited - Enabled)
Guest (S-1-5-21-1343024091-527237240-1801674531-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1343024091-527237240-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1343024091-527237240-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.)
ABBYY FineReader 11 Corporate Edition (HKLM\...\{F1100000-0009-0000-0000-074957833700}) (Version: 11.0.376 - ABBYY)
AC3Filter (remove only) (HKLM\...\AC3Filter) (Version:  - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2245 - AVAST Software)
BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.64.1073 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
CoreAAC (HKLM\...\CoreAAC) (Version:  - )
Creative DVD Audio Plugin for Audigy Series (HKLM\...\CTDVDAudio Plugin) (Version:  - )
DivX Total Pack (HKLM\...\DivX Total Pack) (Version:  - )
EAX Unified (HKLM\...\EAX Unified) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Folder Tweaker (remove only) (HKLM\...\Folder Tweaker) (Version: 1.1 - Quang Anh Do)
Free Video Dub version 1.4 (HKLM\...\Free Video Dub_is1) (Version:  - DVDVideoSoft Limited.)
GOM Picker (HKLM\...\GOM Picker) (Version: 1.0.0.7 - Gretech Corporation)
GOM Player (HKLM\...\GOM Player) (Version: 2.2.74.5237 - Gretech Corporation)
GOM Video Converter (HKLM\...\GOM Video Converter) (Version: 1.1.0.63 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
InterActual Player (HKLM\...\InterActual Player) (Version:  - )
InterVideo WinDVD 7 (HKLM\...\{90885A82-9673-49EA-AB39-AF776639C67C}) (Version: 7.0-B27.71 - InterVideo Inc.)
IPP Run-Time 5.3 (HKLM\...\IPP Run-Time 5.3) (Version:  - )
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LibreOffice 4.1.1.2 (HKLM\...\{F1EE568A-171F-4C06-9BE6-2395BED067A3}) (Version: 4.1.1.2 - The Document Foundation)
Malwarebytes Anti-Malware, версия 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0402-0000-0000000FF1CE}) (Version: 12.0.6334.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version:  - )
Microsoft User-Mode Driver Framework Feature Pack 1.5 (HKLM\...\Wudf01005) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mortimer Beckett and the Time Paradox (HKLM\...\Mortimer Beckett and the Time Paradox) (Version:  - )
Mp3 Knife 3.2 (HKLM\...\Mp3 Knife_is1) (Version:  - Vicky's Cool Softwares)
MPEG2 Codec(libmpeg2/mad) (HKLM\...\MPEG2 Codec(libmpeg2/mad)) (Version:  - )
MSN (HKLM\...\MSNINST) (Version:  - )
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
Nero 7 Premium (HKLM\...\{4781569D-5404-1F26-4B2B-6DF444441031}) (Version: 7.00.0087 - Nero AG)
Nokia Connectivity Cable Driver (HKLM\...\{0FF1922C-B6C4-40BB-AF30-BEF75A482444}) (Version: 6.82.4.0 - Nokia)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
PC Connectivity Solution (HKLM\...\{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}) (Version: 7.37.22.0 - Nokia)
Photo Story 3 for Windows (HKLM\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
Prince of Persia T2T (HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}) (Version:  - )
ReadManiac 2.5.2 (HKLM\...\ReadManiac_is1) (Version:  - Roman Lut)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5377 - Realtek Semiconductor Corp.)
Scooby-Doo!(TM) First Frights (HKLM\...\{A3D11978-F110-419E-8981-2CCFC17ADE64}) (Version: 1.00 - WB Games)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype™ 7.16 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Subtitle Workshop 2.51 (HKLM\...\SubtitleWorkshop) (Version:  - )
SumatraPDF 3.1.1 (HKLM\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version:  - )
Unchecky v0.4.2 (HKLM\...\Unchecky) (Version: 0.4.2 - RaMMicHaeL)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
USB PC Camera-168 (HKLM\...\{ECD03DA7-5952-406A-8156-5F0C93618D1F}) (Version: 5.18.1.006 - Sonix)
Vampire - The Masquerade Bloodlines (Version: 1.00.0000 - Activision) Hidden
VeryPDF PDF2Word v3.0 (HKLM\...\VeryPDF PDF2Word v3.0_is1) (Version:  - VeryPDF.com Inc)
VIA п»ї (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (remove only) (HKLM\...\Winamp) (Version:  - )
Windows Driver Package - Nokia Modem  (10/12/2007 3.6) (HKLM\...\6A630DCEC5EEC912115F2FF59D8C2C769798D930) (Version: 10/12/2007 3.6 - Nokia)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\E77704EF5E71F4F18CADFBFA68595AFE036D5D97) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090411.134454 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{06A395CE-60A6-471E-A73C-73634310EDB3}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WWE RAW (HKLM\...\{689838DE-8467-45AE-A7FF-087B7C0E48C6}) (Version:  - )
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Инструмент за качване на Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Семейна безопасност на Windows Live (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Ученически Синтезатор (HKLM\...\Ученически Синтезатор) (Version:  - )
Фотогалерия на Windows Live (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1343024091-527237240-1801674531-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> H:\Documents and Settings\1\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-527237240-1801674531-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> H:\Documents and Settings\1\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-527237240-1801674531-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> H:\Documents and Settings\1\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: H:\WINDOWS\Tasks\Adobe Flash Player Updater.job => H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: H:\WINDOWS\Tasks\avast! Emergency Update.job => H:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: H:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-527237240-1801674531-1003Core.job => H:\Documents and Settings\1\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: H:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-527237240-1801674531-1003UA.job => H:\Documents and Settings\1\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: H:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => H:\Program Files\Google\Update\GoogleUpdate.exe
Task: H:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => H:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-16 16:16 - 2015-12-16 16:16 - 00103888 _____ () H:\Program Files\AVAST Software\Avast\log.dll
2015-12-16 16:16 - 2015-12-16 16:16 - 00125512 _____ () H:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-11 19:16 - 2016-03-11 19:16 - 02839552 _____ () H:\Program Files\AVAST Software\Avast\defs\16031101\algo.dll
2015-12-16 16:16 - 2015-12-16 16:16 - 00469008 _____ () H:\Program Files\AVAST Software\Avast\ffl2.dll
2009-01-24 16:44 - 2009-01-24 16:44 - 00126976 _____ () H:\WINDOWS\system32\UAService7.exe
2009-01-11 00:15 - 2009-01-11 00:15 - 00159744 _____ () I:\PROGRAMI\format faktory-encoder\FormatFactory\FFModules\Filters\Haali\mmfinfo.dll
2009-01-11 00:14 - 2009-01-11 00:14 - 00023552 _____ () I:\PROGRAMI\format faktory-encoder\FormatFactory\FFModules\Filters\Haali\mkunicode.dll
2008-04-14 04:41 - 2008-04-14 04:41 - 00059904 _____ () H:\WINDOWS\system32\devenum.dll
2008-04-14 04:42 - 2008-04-14 04:42 - 00014336 _____ () H:\WINDOWS\system32\msdmo.dll
2008-10-23 10:56 - 2007-04-25 09:32 - 00831488 _____ () H:\WINDOWS\vsnpstd3.exe
2015-12-16 16:16 - 2015-12-16 16:16 - 40539648 _____ () H:\Program Files\AVAST Software\Avast\libcef.dll
2016-03-11 23:21 - 2014-02-10 12:44 - 04592128 _____ () H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2016-03-11 23:21 - 2014-02-10 12:44 - 00112128 _____ () H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> www.125sms.co.uk

There are 5213 more sites.

IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\125sms.co.uk -> www.125sms.co.uk

There are 5211 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 11:00 - 2016-03-11 23:51 - 00001227 ____A H:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1343024091-527237240-1801674531-1003\Control Panel\Desktop\\Wallpaper -> H:\Documents and Settings\1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BingSvc => H:\Documents and Settings\1\Local Settings\Application Data\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: Bonus.SSR.FR11 => "I:\PROGRAMI\Obrabotka na dokymenti\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: CCleaner Monitoring => "I:\PROGRAMI\CCleaner512-програма за почистване на остатъчни файлове\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: MSMSGS => "H:\Program Files\Messenger\msmsgs.exe" /background

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [H:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
DomainProfile\AuthorizedApplications: [H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [H:\Program Files\InterVideo\DVD7\WinDVD.exe] => Enabled:WinDVD
StandardProfile\AuthorizedApplications: [H:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [H:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [H:\Documents and Settings\1\Application Data\uTorrent\uTorrent.exe] => Enabled:?Torrent
StandardProfile\AuthorizedApplications: [H:\Documents and Settings\1\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe] => Enabled:Facebook Video Calling Plugin
StandardProfile\AuthorizedApplications: [H:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [H:\DOCUME~1\1\LOCALS~1\Temp\RarSFX3\key.exe] => Enabled:key
StandardProfile\AuthorizedApplications: [H:\Program Files\LuckyBrowse\app\LuckyBrowse.exe] => Enabled:LuckyBrowse
StandardProfile\AuthorizedApplications: [H:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Restore Points =========================

19-02-2016 18:36:10 Контролна точка на системата
19-02-2016 19:52:59 Chrome Cleanup Tool
20-02-2016 21:53:09 Контролна точка на системата
22-02-2016 10:00:36 Контролна точка на системата
23-02-2016 11:21:54 Контролна точка на системата
24-02-2016 16:05:53 Контролна точка на системата
25-02-2016 18:01:19 Контролна точка на системата
26-02-2016 19:29:12 Контролна точка на системата
28-02-2016 08:46:48 Контролна точка на системата
02-03-2016 01:35:18 Контролна точка на системата
03-03-2016 22:40:03 Контролна точка на системата
05-03-2016 01:15:46 Контролна точка на системата
06-03-2016 13:10:25 Контролна точка на системата
08-03-2016 00:38:50 Контролна точка на системата
09-03-2016 10:19:37 Контролна точка на системата
10-03-2016 23:44:06 Контролна точка на системата

==================== Faulty Device Manager Devices =============

Name: Nokia E51
Description: Nokia E51
Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2016 09:33:14 AM) (Source: Google Update) (EventID: 20) (User: MSHOME)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7

Error: (01/25/2016 09:36:16 AM) (Source: Google Update) (EventID: 20) (User: MSHOME)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7

Error: (01/25/2016 03:36:14 AM) (Source: Google Update) (EventID: 20) (User: MSHOME)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7

Error: (01/17/2016 09:36:15 AM) (Source: Google Update) (EventID: 20) (User: MSHOME)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7

Error: (12/10/2015 12:22:19 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (12/10/2015 12:12:33 PM) (Source: VSSetup) (EventID: 5000) (User: )
Description: EventType vssetup, P1 kb2736428, P2 10.0.30319, P3 10.0.30319.297, P4 1, P5 ndp40-kb2736428.msp, P6 install_i_silent_error, P7 1635, P8 0, P9 vssetup0, P10 vssetup1.

Error: (12/10/2015 11:40:38 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb982168, P2 1026, P3 1635, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.

Error: (12/10/2015 11:39:58 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: WindowsBase, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020

Error: (12/10/2015 11:36:11 AM) (Source: System.ServiceModel.Install 3.0.0.0) (EventID: 0) (User: )
Description: System.IO.IOException: The process cannot access the file 'H:\WINDOWS\TEMP\8kfg4hp2.dll' because it is being used by another process.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
   at Microsoft.CSharp.CSharpCodeGenerator.FromFileBatch(CompilerParameters options, String[] fileNames)
   at Microsoft.CSharp.CSharpCodeGenerator.FromSourceBatch(CompilerParameters options, String[] sources)
   at Microsoft.CSharp.CSharpCodeGenerator.System.CodeDom.Compiler.ICodeCompiler.CompileAssemblyFromSourceBatch(CompilerParameters options, String[] sources)
   at System.CodeDom.Compiler.CodeDomProvider.CompileAssemblyFromSource(CompilerParameters options, String[] sources)
   at System.Xml.Serialization.Compiler.Compile(Assembly parent, String ns, XmlSerializerCompilerParameters xmlParameters, Evidence evidence)
   at System.Xml.Serialization.TempAssembly.GenerateAssembly(XmlMapping[] xmlMappings, Type[] types, String defaultNamespace, Evidence evidence, XmlSerializerCompilerParameters parameters, Assembly assembly, Hashtable assemblies)
   at System.Xml.Serialization.TempAssembly..ctor(XmlMapping[] xmlMappings, Type[] types, String defaultNamespace, String location, Evidence evidence)
   at System.Xml.Serialization.XmlSerializer.GenerateTempAssembly(XmlMapping xmlMapping, Type type, String defaultNamespace)
   at System.Xml.Serialization.XmlSerializer..ctor(Type type, String defaultNamespace)
   at System.Xml.Serialization.XmlSerializer..ctor(Type type)
   at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent..ctor(ConfigurationLoader configLoader)
   at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent.CreateNativeConfigurationHandlersInstallComponent()
   at Microsoft.Tools.ServiceModel.ServiceModelReg.BuildActionQueue()
   at Microsoft.Tools.ServiceModel.ServiceModelReg.Run(String[] args)
   at Microsoft.Tools.ServiceModel.ServiceModelReg.TryRun(String[] args)

Error: (12/10/2015 11:30:36 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2729450, P2 1026, P3 1604, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.


System errors:
=============
Error: (03/11/2016 10:06:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error: 
%%2

Error: (03/11/2016 09:47:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error: 
%%2

Error: (03/11/2016 10:21:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error: 
%%2

Error: (03/10/2016 10:26:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error: 
%%2

Error: (03/09/2016 09:21:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error: 
%%2

Error: (03/08/2016 09:45:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error: 
%%2

Error: (03/07/2016 06:57:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error: 
%%2

Error: (03/07/2016 06:54:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error: 
%%2

Error: (03/07/2016 11:09:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error: 
%%2

Error: (03/06/2016 10:50:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error: 
%%2


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X2 250 Processor
Percentage of memory in use: 69%
Total physical RAM: 1791.15 MB
Available physical RAM: 549.34 MB
Total Virtual: 3684.92 MB
Available Virtual: 2268.87 MB

==================== Drives ================================

Drive h: () (Fixed) (Total:39.06 GB) (Free:12 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive i: () (Fixed) (Total:193.82 GB) (Free:67.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: DBB5DBB5)
Partition 1: (Active) - (Size=39.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=193.8 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

 

# AdwCleaner v5.101 - Лог файлът е създаден 12/03/2016 при 16:09:06
# Обновен 07/03/2016 от Xplode
# База данни : 2016-03-08.1 [Сървър]
# Операционна система : Microsoft Windows XP Service Pack 3 (x86)
# Потребителско име : 1 - MSHOME
# Изпълнява се от : H:\Documents and Settings\1\Desktop\adwcleaner_5.101.exe
# Опция : Изчистване
# Поддръжка : http://toolslib.net/forum

***** [ Сервизи ] *****


***** [ Папки ] *****

[-] Папка Изтрито : H:\Documents and Settings\1\Application Data\Babylon
[-] Папка Изтрито : H:\Documents and Settings\1\Application Data\PerformerSoft
[-] Папка Изтрито : H:\Documents and Settings\1\Application Data\ProgSense
[-] Папка Изтрито : H:\Documents and Settings\1\Application Data\SkypEmoticons
[-] Папка Изтрито : H:\Documents and Settings\1\Application Data\Systweak
[-] Папка Изтрито : H:\Documents and Settings\1\Local Settings\Application Data\FileViewPro
[-] Папка Изтрито : H:\Documents and Settings\1\Local Settings\Application Data\iac
[-] Папка Изтрито : H:\Documents and Settings\1\Local Settings\Application Data\Ilivid Player
[-] Папка Изтрито : H:\Documents and Settings\1\Local Settings\Application Data\PackageAware
[-] Папка Изтрито : H:\Documents and Settings\1\Local Settings\Application Data\torch
[-] Папка Изтрито : H:\Documents and Settings\1\Local Settings\Application Data\28050
[-] Папка Изтрито : H:\Documents and Settings\All Users\Application Data\apn
[-] Папка Изтрито : H:\Documents and Settings\All Users\Application Data\Babylon
[-] Папка Изтрито : H:\Documents and Settings\All Users\Application Data\saave on
[-] Папка Изтрито : H:\Documents and Settings\All Users\Application Data\save  on
[-] Папка Изтрито : H:\Documents and Settings\All Users\Application Data\TeakeTheCoupon
[J] Папка Не е Изтрито : H:\Documents and Settings\All Users\Application Data\saave on
[J] Папка Не е Изтрито : H:\Documents and Settings\All Users\Application Data\save  on
[-] Папка Изтрито : H:\Documents and Settings\All Users\Application Data\ShaopDrop
[J] Папка Не е Изтрито : H:\Documents and Settings\All Users\Application Data\TeakeTheCoupon
[-] Папка Изтрито : H:\Program Files\iLivid
[-] Папка Изтрито : H:\Program Files\saave on
[-] Папка Изтрито : H:\Program Files\save  on
[-] Папка Изтрито : H:\Program Files\TeakeTheCoupon
[J] Папка Не е Изтрито : H:\Program Files\saave on
[J] Папка Не е Изтрито : H:\Program Files\save  on
[J] Папка Не е Изтрито : H:\Program Files\TeakeTheCoupon

***** [ Файлове ] *****


***** [ DLLs ] *****


***** [ Преки пътища ] *****


***** [ Планирани задачи ] *****


***** [ Регистър ] *****

[-] Ключ Изтрито : HKCU\Toolbar
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
[-] Ключ Изтрито : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
[-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
[-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7}
[-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
[-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
[-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5347542D-5637-006A-76A7-7A786E7484D7}
[-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5637-00A7-7A786E7484D7}
[-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
[-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
[-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5347542D-5637-006A-76A7-7A786E7484D7}
[-] Ключ Изтрито : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
[-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
[-] Ключ Изтрито : HKCU\Software\Burn4Free
[-] Ключ Изтрито : HKCU\Software\Headlight
[-] Ключ Изтрито : HKCU\Software\ilivid
[-] Ключ Изтрито : HKCU\Software\Optimizer Pro
[-] Ключ Изтрито : HKCU\Software\ProgSense
[-] Ключ Изтрито : HKCU\Software\Softonic
[-] Ключ Изтрито : HKCU\Software\StartSearch
[-] Ключ Изтрито : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[#] Ключ Изтрито : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Ключ Изтрито : HKLM\SOFTWARE\Babylon
[-] Ключ Изтрито : HKLM\SOFTWARE\SimpleFiles
[-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53B21E29-3967-C332-57EB-C02631658584}
[-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF987D06-1DCF-7B36-5B43-13BC8699C44C}
[-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
[-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
[-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
[-] Ключ Изтрито : HKU\.DEFAULT\Software\AVG Security Toolbar
[-] Ключ Изтрито : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Ключ Изтрито : HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Ключ Изтрито : HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Стойност Изтрито : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [H:\Program Files\LuckyBrowse\app\LuckyBrowse.exe]

***** [ Уеб браузъри ] *****

[-] [H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Изтрито : aol.com
[-] [H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Изтрито : hxxp://www.mysites123.com/?type=hp&ts=1454508138&z=d0702c45a8dfadf347cc228gez1w0zdw9e0b6g7ceb&from=amt&uid=hitachixhdt725025vla380_vfl104rm02ljdz02ljdzx

*************************

:: "Tracing" ключове отстраняват
:: Настройките на Winsock са нулирани

*************************

H:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [9948 байта] - [12/03/2016 16:09:06]
H:\Program Files\AdwCleaner\AdwCleaner[S1].txt - [9594 байта] - [12/03/2016 16:02:35]
H:\Program Files\AdwCleaner\AdwCleaner[S2].txt - [9684 байта] - [12/03/2016 16:08:19]

########## EOF - H:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [10224 байта] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Microsoft Windows XP x86 
Ran by 1 (Administrator) on 12.03.2016 г. at 16:21:47,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 17 

Successfully deleted: H:\Documents and Settings\1\Application Data\getrighttogo (Folder) 
Successfully deleted: H:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\extensions\gophoto@gophoto.it.xpi (File) 
Successfully deleted: H:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\user.js (File) 
Successfully deleted: H:\Documents and Settings\1\Application Data\nico mak computing (Folder) 
Successfully deleted: H:\Documents and Settings\1\My Documents\add-in express (Folder) 
Successfully deleted: H:\user.js (File) 
Successfully deleted: H:\WINDOWS\wininit.ini (File) 
Successfully deleted: H:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BVLSWO8E (Temporary Internet Files Folder) 
Successfully deleted: H:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZ7K384A (Temporary Internet Files Folder) 
Successfully deleted: H:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RMZ267PX (Temporary Internet Files Folder) 
Successfully deleted: H:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZCJZWLAX (Temporary Internet Files Folder) 
Successfully deleted: H:\WINDOWS\prefetch\GOOGLETOOLBARMANAGER_A6282D74-37DAEF49.pf (File) 
Successfully deleted: H:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-3629C61D.pf (File) 
Successfully deleted: H:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BVLSWO8E (Temporary Internet Files Folder) 
Successfully deleted: H:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZ7K384A (Temporary Internet Files Folder) 
Successfully deleted: H:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\RMZ267PX (Temporary Internet Files Folder) 
Successfully deleted: H:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZCJZWLAX (Temporary Internet Files Folder) 

Registry: 2 

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.03.2016 г. at 16:24:16,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

SecurityCheck by glax24 & Severnyj v.1.4.0.37 [05.03.16]
WebSite: www.safezone.cc
DateLog: 12.03.2016 16:32:22
Path starting: H:\Documents and Settings\1\Local Settings\temp\SecurityCheck\SecurityCheck.exe
Log directory: H:\SecurityCheck\
IsAdmin: True
User: 1
VersionXML: 2.59is-10.03.2016
___________________________________________________________________________

Windows XP(5.1.2600) Service Pack 3 (x86) Lang: English(0409)
Installation date OS: 12.06.2008 13:10:26
Boot Mode: Normal
Default Browser: H:\Program Files\Google\Chrome\Application\chrome.exe
SystemDrive: H: FS: [NTFS] Capacity: [39.1 Gb] Used: [26.8 Gb] Free: [12.3 Gb]
------------------------------- [ Windows ] -------------------------------
Extended support has ended 08.04.2014, Your operating system may be vulnerable to new types of threats
Internet Explorer 8.0.6001.18702 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
Automatic Updates disabled
Date install updates: 2015-12-10 10:18:08
Automatic Updates (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service is running
Terminal Services (TermService) - The service is running
SSDP Discovery Service (SSDPSRV) - The service is running
Account guest is enabled. Not require a password.
---------------------------- [ Antivirus_WMI ] ----------------------------
avast! Antivirus (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avast Free Antivirus v.11.1.2253
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware, версия 2.2.0.1024 v.2.2.0.1024
Unchecky v0.4.2 v.0.4.2
--------------------------- [ OtherUtilities ] ----------------------------
VLC media player v.2.2.2
WinRAR archiver
LibreOffice 4.1.1.2 v.4.1.1.2
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.16 v.7.16.102 Warning! Download Update
^Optional update.^
--------------------------------- [ P2P ] ---------------------------------
µTorrent v.3.4.5.41865 Warning! P2P-client.
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.20.0.0.260 Warning! Download Update
Adobe Flash Player 21 ActiveX v.21.0.0.182
Adobe Flash Player 21 NPAPI v.21.0.0.182
Adobe Shockwave Player 12.2 v.12.2.2.172 Warning! Download Update
Adobe Reader XI (11.0.08) v.11.0.08 Warning! Download Update
Uninstall old version and install new one.
------------------------------- [ Browser ] -------------------------------
Google Chrome v.49.0.2623.87
----------------------------- [ EmailClient ] -----------------------------
Windows Live Mail v.14.0.8117.0416
--------------------------- [ RunningProcess ] ----------------------------
H:\Program Files\Google\Chrome\Application\chrome.exe v.49.0.2623.87
H:\Program Files\AVAST Software\Avast\AvastSvc.exe v.11.1.2245.1540
H:\Program Files\AVAST Software\Avast\AvastUI.exe v.11.1.2245.1540
---------------------------- [ UnwantedApps ] -----------------------------
Google Toolbar for Internet Explorer v.1.0.0 << Hidden Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
Windows Live Toolbar v.14.0.8117.416 << Hidden Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------
 

 

 

 

 

 

 

 

Rkill.txt

Check_Browsers_LNK.log

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Деинсталирайте следния софтуер:

Цитат

Google Toolbar for Internet Explorer v.1.0.0

Windows Live Toolbar v.14.0.8117.416

 

Обновете следния софтуер:

Цитат

Adobe AIR v.20.0.0.260 Warning! Download Update
Adobe Shockwave Player 12.2 v.12.2.2.172 Warning! Download Update
Adobe Reader XI (11.0.08) v.11.0.08 Warning! Download Update  

Uninstall old version and install new one.

 

 

102.jpg?1414583023 Моля, изтеглете ClearLNK by Dragokas & regist.

  • Запомнете архива на вашия декстоп,разархивирате програмата ClearLNK
  • Влачите и пускате файла Check_Browsers_LNK.log (логът генериран от програмата Check Browsers LNK в предния ми пост) на иконката на програмата ClearLNK.


[IMG]

  • Ще се генерира отчет ClearLNK-<Дата>.log, който ще бъде създаден в папката LOG. Публикувайте дневника в следващия си пост.

 

Направете ново  сканиране с Farbar Recovery Scan Tool като предварително изтриете вашето копие и карантинната папка на инструмента разположена в C:FRS\Quarantine. Изтеглете последна свежа версия и сканирайте..!

Сканиране с Farbar Recovery Scan Tool

  • Моля изтеглете icon1337953436.pngFarbar Recovery Scan Tool (според версията на Windows изберете 32 битовата или 64 битовата версия) и го запазете на десктопа.
  • Стартирайте файла FRST.exe (или FRST64.exe)
  • Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
  • Натиснете бутона YClYkft.jpg.
  • Изчакайте търпеливо проверката да приключи.
  • Ще се създадат два лог файла с името - FRST.txt и Addition.txt на десктопа.
  • Копирайте съдържанието на файла FRST.txt в следващия си пост. Прикачете Addition.txt в коментар си (погледнете опцията Прикачване на файлове, когато публикувате мнение). 

Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • FRST.txt (копирате цялото съдържание)
  • Addition.txt (прикачате..)

 

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by 1 (administrator) on MSHOME (14-03-2016 14:08:33)
Running from H:\Documents and Settings\1\Desktop
Loaded Profiles: 1 (Available Profiles: 1)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) H:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ABBYY) H:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
(NVIDIA Corporation) H:\WINDOWS\system32\nvsvc32.exe
(RaMMicHaeL) H:\Program Files\Unchecky\bin\unchecky_svc.exe
() H:\WINDOWS\system32\UAService7.exe
(RaMMicHaeL) H:\Program Files\Unchecky\bin\unchecky_bg.exe
(SONIX) H:\WINDOWS\tsnpstd3.exe
(VIA Technologies, Inc.) H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
() H:\WINDOWS\vsnpstd3.exe
(AVAST Software) H:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) H:\WINDOWS\system32\rundll32.exe
(BitTorrent Inc.) H:\Documents and Settings\1\Application Data\uTorrent\uTorrent.exe
(InterVideo Inc.) H:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
(Microsoft Corporation) H:\WINDOWS\system32\wbem\unsecapp.exe
(BitTorrent Inc.) H:\Documents and Settings\1\Application Data\uTorrent\updates\3.4.5_41865\utorrentie.exe
(BitTorrent Inc.) H:\Documents and Settings\1\Application Data\uTorrent\updates\3.4.5_41865\utorrentie.exe
(Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) H:\Program Files\Google\Chrome\Application\chrome.exe
(AVAST Software) H:\Program Files\AVAST Software\Avast\setup\instup.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => H:\WINDOWS\RTHDCPL.EXE [16125440 2007-02-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => H:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NeroFilterCheck] => H:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [tsnpstd3] => H:\WINDOWS\tsnpstd3.exe [262144 2007-04-23] (SONIX)
HKLM\...\Run: [HDAudDeck] => H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33747360 2010-05-24] (VIA Technologies, Inc.)
HKLM\...\Run: [snpstd3] => H:\WINDOWS\vsnpstd3.exe [831488 2007-04-25] ()
HKLM\...\Run: [AvastUI.exe] => H:\Program Files\AVAST Software\Avast\AvastUI.exe [7137664 2016-03-12] (AVAST Software)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [uTorrent] => H:\Documents and Settings\1\Application Data\uTorrent\uTorrent.exe [2094080 2016-03-05] (BitTorrent Inc.)
HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [DAEMON Tools Lite] => H:\Program Files\DAEMON Tools Lite\daemon.exe [486856 2008-04-01] (DT Soft Ltd)
HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [Avast-Browser-Cleanup] => H:\Program Files\AVAST Software\Avast\BrowserCleanup.exe [1503712 2015-12-16] (AVAST Software)
HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [Xvid] => I:\PROGRAMI\Xvid-1.3.2-20110601\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1343024091-527237240-1801674531-1003\...\Run: [CCleaner Monitoring] => I:\PROGRAMI\CCleaner512-програма за почистване на остатъчни файлове\CCleaner.exe [6602152 2015-11-16] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => H:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-12] (AVAST Software)
Startup: H:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk [2016-02-25]
ShortcutTarget: InterVideo WinCinema Manager.lnk -> H:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{22CD05BE-8069-4753-A8E5-436BCFBE9135}: [NameServer] 10.98.0.1
Tcpip\..\Interfaces\{948CFD05-098D-4396-92E2-FB3E18B8BC3F}: [NameServer] 10.98.0.1
Tcpip\..\Interfaces\{C43F650F-0CEE-484B-B008-EAE5A3EAC1AB}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ED35FE50-A8CB-450B-B4D1-916DDF2590B2}: [NameServer] 10.98.0.1,77.71.11.2

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1343024091-527237240-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?PC=AV01
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1343024091-527237240-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1343024091-527237240-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.bg/
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1343024091-527237240-1801674531-1003 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1343024091-527237240-1801674531-1003 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> H:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-12] (AVAST Software)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1343024091-527237240-1801674531-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} H:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} 
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> H:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> H:\WINDOWS\system32\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> H:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> H:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> I:\PROGRAMI\VLC media player 1.0.0 RC2\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> I:\PROGRAMI\VLC media player 1.0.0 RC2\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> I:\PROGRAMI\VLC media player 1.0.0 RC2\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> I:\PROGRAMI\VLC media player 1.0.0 RC2\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> I:\PROGRAMI\VLC media player 1.0.0 RC2\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> H:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll [No File]
FF Plugin HKU\S-1-5-21-1343024091-527237240-1801674531-1003: @Skype Limited.com/Facebook Video Calling Plugin -> H:\Documents and Settings\1\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-1343024091-527237240-1801674531-1003: @unity3d.com/UnityPlayer,version=1.0 -> H:\Documents and Settings\1\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-04] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-12-10] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - H:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - H:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-12]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - H:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - H:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-12]

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.bg/?gws_rd=ssl
CHR StartupUrls: Default -> "hxxp://www.google.bg/","hxxp://www.mysites123.com/?type=hp&ts=1454508138&z=d0702c45a8dfadf347cc228gez1w0zdw9e0b6g7ceb&from=amt&uid=hitachixhdt725025vla380_vfl104rm02ljdz02ljdzx"
CHR Profile: H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Презентации) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-11]
CHR Extension: (Google Документи) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-11]
CHR Extension: (Google Диск) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-11]
CHR Extension: (Poper Blocker) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2016-03-12]
CHR Extension: (YouTube) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-11]
CHR Extension: (Adblock Plus) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-11]
CHR Extension: (Електронни таблици от Google) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-11]
CHR Extension: (Vbox7.com Downloader) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjhpfbclepcmobfifppimpdljeikohdf [2016-03-11]
CHR Extension: (Picditor Photo Editor) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ggdplhaiiohpkafnlhlfikiomnboacoi [2016-03-11]
CHR Extension: (Google Документи офлайн) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-11]
CHR Extension: (AdBlock) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-11]
CHR Extension: (Avast Online Security) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-12]
CHR Extension: (Плащания в уеб магазина на Chrome) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-11]
CHR Extension: (Gmail) - H:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-11]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - H:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Corporate.11.0; H:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [819976 2011-10-12] (ABBYY)
R2 avast! Antivirus; H:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-12] (AVAST Software)
S3 IDriverT; H:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 ServiceLayer; H:\Program Files\PC Connectivity Solution\ServiceLayer.exe [353280 2007-12-10] (Nokia.) [File not signed]
R2 Unchecky; H:\Program Files\Unchecky\bin\unchecky_svc.exe [243448 2016-03-11] (RaMMicHaeL)
R2 UserAccess7; H:\WINDOWS\system32\UAService7.exe [126976 2009-01-24] () [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; H:\WINDOWS\system32\drivers\aswHwid.sys [32792 2016-03-12] (AVAST Software)
R2 aswMonFlt; H:\WINDOWS\system32\drivers\aswMonFlt.sys [91168 2016-03-12] (AVAST Software)
R1 aswRdr; H:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-03-12] (AVAST Software)
R0 aswRvrt; H:\WINDOWS\system32\Drivers\aswRvrt.sys [58776 2016-03-12] (AVAST Software)
R1 aswSnx; H:\WINDOWS\system32\drivers\aswSnx.sys [816304 2016-03-12] (AVAST Software)
R1 aswSP; H:\WINDOWS\system32\drivers\aswSP.sys [447848 2016-03-12] (AVAST Software)
R3 aswStmXP; H:\WINDOWS\system32\drivers\aswStmXP.sys [171608 2016-03-12] (AVAST Software)
S3 aswTdi; H:\WINDOWS\system32\drivers\aswTdi.sys [67088 2016-03-12] (AVAST Software)
R0 aswVmm; H:\WINDOWS\system32\Drivers\aswVmm.sys [221240 2016-03-12] (AVAST Software)
R2 atksgt; H:\WINDOWS\System32\DRIVERS\atksgt.sys [281760 2009-12-25] ()
S3 CCDECODE; H:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 fssfltr; H:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)
R2 lirsgt; H:\WINDOWS\System32\DRIVERS\lirsgt.sys [25888 2009-12-25] ()
R3 MTsensor; H:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; H:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVENETFD; H:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
R0 nvgts; H:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-08] (NVIDIA Corporation)
R3 nvnetbus; H:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
R3 pcouffin; H:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2008-12-15] (VSO Software) [File not signed]
S3 rtl8139; H:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-14] (Realtek Semiconductor Corporation)
S3 Secdrv; H:\WINDOWS\System32\DRIVERS\secdrv.sys [11973 2010-02-03] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R0 sfsync02; H:\WINDOWS\System32\drivers\sfsync02.sys [19968 2005-08-10] (Protection Technology) [File not signed]
R0 sfvfs02; H:\WINDOWS\System32\drivers\sfvfs02.sys [66048 2005-09-29] (Protection Technology) [File not signed]
R3 SNPSTD3; H:\WINDOWS\System32\DRIVERS\snpstd3.sys [10252672 2007-04-24] (Sonix Co. Ltd.) [File not signed]
R0 sptd; H:\WINDOWS\System32\Drivers\sptd.sys [721904 2010-01-02] () [File not signed]
R3 VIAHdAudAddService; H:\WINDOWS\System32\drivers\viahduaa.sys [2136224 2010-05-15] (VIA Technologies, Inc.)
U3 a8wlk85c; H:\WINDOWS\system32\Drivers\a8wlk85c.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\H:\ComboFix\catchme.sys [X]
S3 FXDrv32; \??\G:\FXDrv32.sys [X]
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S4 IntelIde; no ImagePath
U5 StarOpen; H:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S2 zumbus; system32\DRIVERS\zumbus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-14 14:08 - 2016-03-14 14:08 - 00018361 _____ H:\Documents and Settings\1\Desktop\FRST.txt
2016-03-14 13:57 - 2016-03-14 13:57 - 00180684 _____ H:\Documents and Settings\1\Desktop\ClearLNK.zip
2016-03-14 13:57 - 2016-02-28 14:50 - 00409624 _____ (Alex Dragokas) H:\Documents and Settings\1\Desktop\ClearLNK.exe
2016-03-14 13:45 - 2016-03-14 13:46 - 76971416 _____ (Adobe Systems Incorporated) H:\Program Files\AdbeRdr11008_en_US.exe
2016-03-14 13:07 - 2016-03-14 13:07 - 00000000 ____D H:\WINDOWS\system32\Adobe
2016-03-14 13:07 - 2016-03-14 13:07 - 00000000 ____D H:\Program Files\Adobe Shockwave_Installer_Slim
2016-03-14 13:04 - 2016-03-14 13:04 - 00000000 ____D H:\Program Files\Common Files\Adobe AIR
2016-03-14 13:04 - 2016-03-14 13:04 - 00000000 ____D H:\Documents and Settings\Default User\Application Data\Macromedia
2016-03-14 13:03 - 2016-03-14 13:03 - 00000000 ____D H:\Program Files\AdobeAIRInstaller
2016-03-12 16:32 - 2016-03-12 16:32 - 00490673 _____ (glax24 (safezone.cc)) H:\Documents and Settings\1\Desktop\SecurityCheck.exe
2016-03-12 16:32 - 2016-03-12 16:32 - 00000000 ____D H:\SecurityCheck
2016-03-12 16:28 - 2016-03-14 13:57 - 00000000 ____D H:\Documents and Settings\1\Desktop\LOG
2016-03-12 16:28 - 2016-02-27 16:56 - 00671856 _____ (Alex Dragokas) H:\Documents and Settings\1\Desktop\Check Browsers LNK.exe
2016-03-12 16:27 - 2016-03-12 16:28 - 00242486 _____ H:\Documents and Settings\1\Desktop\CheckBrowsersLNK.zip
2016-03-12 16:27 - 2016-03-12 16:27 - 00334280 _____ (AVAST Software) H:\WINDOWS\system32\aswBoot.exe
2016-03-12 16:27 - 2016-03-12 16:27 - 00052184 _____ (AVAST Software) H:\WINDOWS\avastSS.scr
2016-03-12 16:24 - 2016-03-12 16:24 - 00002865 _____ H:\Documents and Settings\1\Desktop\JRT.txt
2016-03-12 16:21 - 2016-03-12 16:21 - 01609216 _____ (Malwarebytes) H:\Documents and Settings\1\Desktop\JRT.exe
2016-03-12 16:01 - 2016-03-12 16:43 - 00000000 ____D H:\Program Files\AdwCleaner
2016-03-12 16:00 - 2016-03-12 16:00 - 01524224 _____ H:\Documents and Settings\1\Desktop\adwcleaner_5.101.exe
2016-03-12 15:56 - 2016-03-12 15:57 - 00005716 _____ H:\Documents and Settings\1\Desktop\Rkill.txt
2016-03-12 15:55 - 2016-03-12 15:55 - 02032072 _____ (Bleeping Computer, LLC) H:\Documents and Settings\1\Desktop\rkill.exe
2016-03-12 09:31 - 2016-03-12 09:31 - 01725440 _____ (Farbar) H:\Documents and Settings\1\Desktop\FRST.exe
2016-03-11 23:51 - 2016-03-11 23:51 - 00000706 _____ H:\Documents and Settings\All Users\Desktop\Unchecky.lnk
2016-03-11 23:51 - 2016-03-11 23:51 - 00000000 ____D H:\Program Files\Unchecky
2016-03-11 23:51 - 2016-03-11 23:51 - 00000000 ____D H:\Documents and Settings\All Users\Start Menu\Programs\Unchecky
2016-03-11 23:51 - 2016-03-11 23:51 - 00000000 ____D H:\Documents and Settings\All Users\Application Data\Unchecky
2016-03-11 22:00 - 2016-03-11 22:00 - 00001817 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-03-11 22:00 - 2016-03-11 22:00 - 00001811 _____ H:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2016-03-11 20:58 - 2016-03-11 20:58 - 00000000 ____D H:\Documents and Settings\1\Application Data\vlc
2016-03-08 17:18 - 2016-03-08 17:18 - 00006174 _____ H:\Documents and Settings\1\My Documents\mp3-nero.txt
2016-02-25 13:11 - 2016-03-14 14:02 - 00000830 _____ H:\WINDOWS\Tasks\Adobe Flash Player Updater.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-14 14:08 - 2015-12-14 16:50 - 00000000 ____D H:\Documents and Settings\1\Local Settings\temp
2016-03-14 14:08 - 2015-12-07 22:39 - 00000000 ____D H:\FRST
2016-03-14 14:08 - 2008-11-06 20:49 - 00000000 ____D H:\Documents and Settings\1\Application Data\uTorrent
2016-03-14 13:58 - 2010-02-07 17:01 - 00000886 _____ H:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-14 13:57 - 2011-04-29 11:37 - 00000751 _____ H:\Documents and Settings\1\Start Menu\Programs\Internet Explorer.lnk
2016-03-14 13:57 - 2008-06-12 15:18 - 00000745 _____ H:\Documents and Settings\1\Desktop\Internet Explorer.lnk
2016-03-14 13:56 - 2015-03-20 19:00 - 00000000 ____D H:\Documents and Settings\1\Local Settings\Application Data\Adobe
2016-03-14 13:52 - 2015-12-16 16:16 - 00000364 ____H H:\WINDOWS\Tasks\avast! Emergency Update.job
2016-03-14 13:52 - 2010-02-07 17:01 - 00000882 _____ H:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-14 13:52 - 2008-06-12 15:14 - 00032610 _____ H:\WINDOWS\SchedLgU.Txt
2016-03-14 13:51 - 2011-05-15 09:25 - 00000000 __SHD H:\WINDOWS\CSC
2016-03-14 13:51 - 2008-06-12 15:14 - 00000006 ____H H:\WINDOWS\Tasks\SA.DAT
2016-03-14 13:10 - 2015-03-20 19:00 - 00000000 ____D H:\Documents and Settings\All Users\Application Data\Adobe
2016-03-14 13:10 - 2008-08-29 17:34 - 00000000 ____D H:\Program Files\Adobe
2016-03-14 13:10 - 2008-07-31 16:47 - 00000000 ____D H:\Program Files\Common Files\Adobe
2016-03-14 13:05 - 2015-03-20 18:59 - 00000000 ____D H:\Documents and Settings\1\Application Data\Adobe
2016-03-14 13:05 - 2008-10-23 19:58 - 00000000 ____D H:\Documents and Settings\1\Application Data\Macromedia
2016-03-14 13:05 - 2008-06-12 17:50 - 00000000 ___HD H:\WINDOWS\inf
2016-03-14 13:05 - 2008-06-12 15:03 - 00000000 ____D H:\WINDOWS\system32\Macromed
2016-03-14 12:33 - 2011-11-12 12:23 - 00000982 _____ H:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-527237240-1801674531-1003UA.job
2016-03-14 12:27 - 2009-05-29 18:06 - 00000000 ____D H:\Program Files\Windows Live
2016-03-14 12:20 - 2009-05-29 18:06 - 00000000 ____D H:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
2016-03-14 12:17 - 2008-11-02 22:08 - 00000000 ____D H:\Documents and Settings\All Users\Application Data\Google
2016-03-14 12:15 - 2008-11-02 23:04 - 00000000 ____D H:\Documents and Settings\1\Local Settings\Application Data\Google
2016-03-14 12:15 - 2008-11-02 22:08 - 00000000 ____D H:\Program Files\Google
2016-03-14 09:33 - 2008-06-12 15:18 - 00000000 ___RD H:\Documents and Settings\1\My Documents\Moite kartinki
2016-03-13 23:47 - 2008-06-12 15:17 - 00000178 ___SH H:\Documents and Settings\1\ntuser.ini
2016-03-13 23:46 - 2008-06-12 15:17 - 00000000 ____D H:\Documents and Settings\1
2016-03-13 18:33 - 2011-11-12 12:23 - 00000960 _____ H:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-527237240-1801674531-1003Core.job
2016-03-13 10:51 - 2008-06-12 14:11 - 00000187 _____ H:\WINDOWS\winamp.ini
2016-03-12 16:28 - 2015-12-16 16:16 - 00816304 _____ (AVAST Software) H:\WINDOWS\system32\Drivers\aswsnx.sys
2016-03-12 16:28 - 2015-12-16 16:16 - 00447848 _____ (AVAST Software) H:\WINDOWS\system32\Drivers\aswsp.sys
2016-03-12 16:28 - 2015-12-16 16:16 - 00221240 _____ (AVAST Software) H:\WINDOWS\system32\Drivers\aswvmm.sys
2016-03-12 16:28 - 2015-12-16 16:16 - 00091168 _____ (AVAST Software) H:\WINDOWS\system32\Drivers\aswmonflt.sys
2016-03-12 16:27 - 2015-12-16 16:16 - 00171608 _____ (AVAST Software) H:\WINDOWS\system32\Drivers\aswStmXP.sys
2016-03-12 16:27 - 2015-12-16 16:16 - 00067088 _____ (AVAST Software) H:\WINDOWS\system32\Drivers\aswTdi.sys
2016-03-12 16:27 - 2015-12-16 16:16 - 00064272 _____ (AVAST Software) H:\WINDOWS\system32\Drivers\aswRdr.sys
2016-03-12 16:27 - 2015-12-16 16:16 - 00058776 _____ (AVAST Software) H:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-03-12 16:27 - 2015-12-16 16:16 - 00032792 _____ (AVAST Software) H:\WINDOWS\system32\Drivers\aswHwid.sys
2016-03-12 16:22 - 2008-06-12 15:17 - 00000000 ___RD H:\Documents and Settings\1\My Documents
2016-03-12 00:57 - 2015-12-07 11:40 - 00170200 _____ (Malwarebytes) H:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-12 00:40 - 2015-12-13 17:34 - 00000000 ____D H:\Documents and Settings\1\Desktop\FRST-OlderVersion
2016-03-11 21:46 - 2015-01-13 21:17 - 00000000 __HDC H:\WINDOWS\$NtUninstallKB932716-v2$
2016-03-11 20:58 - 2013-05-04 10:57 - 00000684 _____ H:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2016-03-11 20:38 - 2013-02-25 18:42 - 00797376 _____ (Adobe Systems Incorporated) H:\WINDOWS\system32\FlashPlayerApp.exe
2016-03-11 20:38 - 2011-11-29 19:42 - 00142528 _____ (Adobe Systems Incorporated) H:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-03-10 10:25 - 2001-08-23 11:00 - 00002206 _____ H:\WINDOWS\system32\wpa.dbl
2016-03-08 17:21 - 2008-11-12 13:28 - 00000000 __RSD H:\Documents and Settings\1\Desktop\probna
2016-02-27 19:46 - 2008-12-11 00:39 - 00000176 _____ H:\WINDOWS\system32\test.aok
2016-02-26 20:51 - 2014-08-06 14:48 - 00000000 ____D H:\Documents and Settings\1\Desktop\tr
2016-02-25 13:06 - 2014-03-22 20:07 - 00000258 __RSH H:\Documents and Settings\All Users\ntuser.pol
2016-02-25 13:06 - 2008-06-12 17:55 - 00000000 ____D H:\Documents and Settings\All Users
2016-02-25 13:04 - 2015-12-10 11:50 - 00000000 __HDC H:\WINDOWS\$NtUninstallKB977816$
2016-02-25 13:02 - 2016-01-31 18:01 - 00000813 _____ H:\Documents and Settings\All Users\Start Menu\Programs\SumatraPDF.lnk
2016-02-25 13:02 - 2015-12-31 00:10 - 00000654 _____ H:\Documents and Settings\All Users\Desktop\Speccy.lnk
2016-02-25 13:02 - 2015-12-16 16:17 - 00001689 _____ H:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2016-02-25 13:02 - 2015-12-09 19:36 - 00000786 _____ H:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2016-02-25 13:02 - 2015-12-09 16:12 - 00002415 _____ H:\Documents and Settings\All Users\Desktop\Skype.lnk
2016-02-25 13:02 - 2015-12-07 11:36 - 00000796 _____ H:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-25 13:02 - 2015-11-27 22:40 - 00000522 _____ H:\Documents and Settings\All Users\Desktop\MailBooks.lnk
2016-02-25 13:02 - 2015-01-16 17:56 - 00000738 _____ H:\Documents and Settings\All Users\Desktop\GOM Player.lnk
2016-02-25 13:02 - 2014-03-09 22:43 - 00002771 _____ H:\Documents and Settings\All Users\Desktop\ABBYY FineReader 11.lnk
2016-02-25 13:02 - 2014-01-11 17:43 - 00000585 _____ H:\Documents and Settings\All Users\Desktop\Scooby-Doo(TM) First Frights.lnk
2016-02-25 13:02 - 2013-10-09 17:25 - 00001938 _____ H:\Documents and Settings\All Users\Desktop\LibreOffice 4.1.lnk
2016-02-25 13:02 - 2013-10-05 16:42 - 00002463 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
2016-02-25 13:02 - 2013-10-03 11:46 - 00000625 _____ H:\Documents and Settings\All Users\Desktop\Ученически Синтезатор.lnk
2016-02-25 13:02 - 2012-03-08 16:32 - 00000654 _____ H:\Documents and Settings\All Users\Desktop\GOM Video Converter.lnk
2016-02-25 13:02 - 2011-06-28 16:46 - 00000855 _____ H:\Documents and Settings\All Users\Start Menu\Programs\HD ADeck.lnk
2016-02-25 13:02 - 2011-06-28 16:46 - 00000849 _____ H:\Documents and Settings\All Users\Desktop\HD ADeck.lnk
2016-02-25 13:02 - 2009-01-10 16:08 - 00001257 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Photo Story 3 for Windows.lnk
2016-02-25 13:02 - 2008-11-06 20:50 - 00000636 _____ H:\Documents and Settings\1\Start Menu\Programs\µTorrent.lnk
2016-02-25 13:02 - 2008-06-12 15:18 - 00000738 _____ H:\Documents and Settings\1\Start Menu\Programs\Outlook Express.lnk
2016-02-25 13:02 - 2008-06-12 15:17 - 00001599 _____ H:\Documents and Settings\1\Start Menu\Programs\Remote Assistance.lnk
2016-02-25 13:02 - 2008-06-12 15:17 - 00000788 _____ H:\Documents and Settings\1\Start Menu\Programs\Windows Media Player.lnk
2016-02-25 13:02 - 2008-06-12 15:04 - 00000786 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
2016-02-25 13:02 - 2008-06-12 15:02 - 00000605 _____ H:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
2016-02-25 13:01 - 2016-01-24 20:59 - 00001127 _____ H:\Documents and Settings\1\Desktop\Adventurers Community.lnk
2016-02-25 13:01 - 2016-01-24 20:59 - 00000999 _____ H:\Documents and Settings\1\Desktop\Mortimer Beckett and the Time Paradox.lnk
2016-02-25 13:01 - 2013-02-24 22:47 - 00000551 _____ H:\Documents and Settings\1\Desktop\BS.Player FREE.lnk
2016-02-25 13:01 - 2010-11-12 20:07 - 00000697 _____ H:\Documents and Settings\1\Desktop\PDF2Word v3.0.lnk
2016-02-25 13:01 - 2010-11-11 20:25 - 00000781 _____ H:\Documents and Settings\1\Desktop\ReadManiac Builder Wizard.lnk
2016-02-25 13:01 - 2010-03-08 21:40 - 00000104 _____ H:\Documents and Settings\1\Desktop\Моят компютър.lnk
2016-02-25 13:01 - 2010-01-02 17:20 - 00000863 _____ H:\Documents and Settings\1\Desktop\Folder Marker.lnk
2016-02-25 13:01 - 2009-12-12 21:14 - 00000752 _____ H:\Documents and Settings\1\Desktop\Format Factory.lnk
2016-02-25 13:01 - 2009-11-05 19:37 - 00000676 _____ H:\Documents and Settings\1\Desktop\Mp3 Knife.lnk
2016-02-25 13:01 - 2009-06-07 14:29 - 00000983 _____ H:\Documents and Settings\1\Desktop\Subtitle Workshop.lnk
2016-02-25 13:01 - 2009-04-13 14:42 - 00000892 _____ H:\Documents and Settings\1\Desktop\DVDVideoSoft Free Studio.lnk
2016-02-25 13:01 - 2009-01-19 15:34 - 00000734 _____ H:\Documents and Settings\1\Desktop\Acrobat.com.lnk
2016-02-25 13:01 - 2008-12-20 18:52 - 00000571 _____ H:\Documents and Settings\1\Desktop\KMPlayer.lnk
2016-02-25 13:01 - 2008-12-11 00:35 - 00000665 _____ H:\Documents and Settings\1\Desktop\Allok Video to 3GP Converter.lnk
2016-02-25 13:01 - 2008-11-06 20:50 - 00000792 _____ H:\Documents and Settings\1\Desktop\µTorrent.lnk
2016-02-25 13:01 - 2008-10-23 10:57 - 00000398 _____ H:\Documents and Settings\1\Desktop\Free.lnk
2016-02-25 13:01 - 2008-06-12 15:29 - 00002319 _____ H:\Documents and Settings\1\Desktop\Nero StartSmart.lnk
2016-02-25 13:01 - 2008-06-12 15:23 - 00001637 _____ H:\Documents and Settings\1\Desktop\InterVideo WinDVD 7.lnk
2016-02-25 13:01 - 2008-06-12 14:11 - 00000654 _____ H:\Documents and Settings\1\Desktop\Winamp.lnk
2016-02-25 13:01 - 2008-06-12 14:04 - 00000733 _____ H:\Documents and Settings\1\Desktop\DAEMON Tools Lite.lnk

==================== Files in the root of some directories =======

2016-03-14 13:45 - 2016-03-14 13:46 - 76971416 _____ (Adobe Systems Incorporated) H:\Program Files\AdbeRdr11008_en_US.exe
2008-12-15 17:37 - 2008-12-15 17:37 - 0087608 _____ () H:\Documents and Settings\1\Application Data\inst.exe
2008-12-15 17:37 - 2008-12-15 17:37 - 0007887 _____ () H:\Documents and Settings\1\Application Data\pcouffin.cat
2008-12-15 17:37 - 2008-12-15 17:37 - 0001144 _____ () H:\Documents and Settings\1\Application Data\pcouffin.inf
2008-12-15 17:37 - 2008-12-15 17:37 - 0000034 _____ () H:\Documents and Settings\1\Application Data\pcouffin.log
2008-12-15 17:37 - 2008-12-15 17:37 - 0047360 _____ (VSO Software) H:\Documents and Settings\1\Application Data\pcouffin.sys
2008-12-15 17:37 - 2014-01-09 13:42 - 0000671 _____ () H:\Documents and Settings\1\Application Data\vso_ts_preview.xml
2009-02-07 21:10 - 2009-02-07 21:10 - 0001024 _____ () H:\Documents and Settings\1\Application Data\WavCodec.wff
2008-06-12 21:45 - 2015-11-25 11:55 - 0187904 _____ () H:\Documents and Settings\1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-12 21:13 - 2011-05-12 21:13 - 0000124 _____ () H:\Documents and Settings\1\Local Settings\Application Data\fusioncache.dat
2008-06-12 14:34 - 2008-06-12 14:34 - 0000600 _____ () H:\Documents and Settings\1\Local Settings\Application Data\PUTTY.RND
2012-01-05 08:27 - 2012-01-05 08:27 - 0000000 _____ () H:\Documents and Settings\1\Local Settings\Application Data\{84E18409-91B6-4BB9-ACA1-CB862156C6C9}
2010-09-26 17:49 - 2010-09-26 17:49 - 0005067 _____ () H:\Documents and Settings\All Users\Application Data\hvcatrnw.tht
2008-07-31 17:19 - 2011-10-12 19:59 - 0000000 _____ () H:\Documents and Settings\All Users\Application Data\LauncherAccess.dt

Some files in TEMP:
====================
H:\Documents and Settings\1\Local Settings\temp\Uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

H:\WINDOWS\explorer.exe => File is digitally signed
H:\WINDOWS\system32\winlogon.exe => File is digitally signed
H:\WINDOWS\system32\svchost.exe => File is digitally signed
H:\WINDOWS\system32\services.exe => File is digitally signed
H:\WINDOWS\system32\User32.dll => File is digitally signed
H:\WINDOWS\system32\userinit.exe => File is digitally signed
H:\WINDOWS\system32\rpcss.dll => File is digitally signed
H:\WINDOWS\system32\dnsapi.dll => File is digitally signed
H:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================Addition.txt

ClearLNK-14.03.2016_13-57.log

 

Не знам защо, но след като деинсталирах  Adobe Reader  и опитах да инсталирам новата версия, инсталацията не се осъществява дава ми някаква грешка.Отчита, че е започнала но след като си свали необходимите "неща" и вече би следвало да започне да инсталира дава грешка при инсталация.Иначе ехе файла го сваля без проблем.


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Фикс с Farbar Recovery Scan Tool

 
icon13.gif Изтеглете прикачения файл - fixlist.txt и го запазете там, където сте свалили FRST.exe
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.
Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.

 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

 

Какво е състоянието на системата ви след процедурите до тук..! Наблюдавате ли още някакви проблеми..?

 

  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • FixLog.txt
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Определено вече нямам проблем с изскачащите, луди, прозорци.Мисля, че проблема е решен.Много ви благодаря за което :happy-minion:.Едва ли щях да се справя без вашата помощ.

П.С-Изключение са сайтовете като  http://seriali.online/, но предполагам ,че просто трябва да спра блокиращата програма  за реклами  за въпросния сайт .Явно само така ще ме допусне да гледам филми.Само че, дали няма пак нещо да се вмъкне в компютъра??

Fixlog.txt

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Прекрасно...! :)

Според Вирустотал сайта е чист..!

https://www.virustotal.com/bg/url/2720774fd708bac6a59719cb5a0d1f95cfa9529b369071433a6d4cd6c1911466/analysis/1457977419/

 

Да направим контролни сканирания:

1.Изтеглете Hitman Pro.

За 32-битова система - dEMD6.gif.
За 64-битова система - Download-button3.gif

2.Стартирайте програмата.
3.След като сте стартирали програмата като кликнете върху иконата 5vo5F.jpg и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).

4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

5.Натиснете бутона „Напред“.

6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.
 
Забележка: Ако няма падащо меню, където да изберете ignore както на снимката:
 
6-scanfin-choose.jpg
 
Тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:\Programdata\HitmanPro\Logs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.

Забележка: Папката C:\ProgramData е скрита и затова трябва да направите скритите файлове видими по-следния начин:

От My Computer => Tools => Folder Options => View:

Сложете отметка пред "Show hidden files, folders and drives"

и махнете отметката пред "Hide protected operating system files (recommended)".

Натиснете Apply.

Сега проверете за лог файла в папката C:\Programdata\HitmanPro\Logs и го прикачете в следващия си коментар. :)

 

Сканиране с ESET Online Scan
 
 
i_arrow-r.gif Изтеглете програмата: ESET Online Scanner

  • Стартирайте esetsmartinstaller_enu.exe 7c9e83b53227ef3d.jpg
  • Сложете отметка на YES, I accept the Terms of Use и изберете Start:

04ed1c15c0abe843.jpg

  • Скенерът ще започне да изтегля компонентите, които са му необходими:

3b734079c5ccd713.jpg

  • Уверете се, че Enable detection of potentially unwanted applications е избран.

Уверете се, че е премахната отметката от:

  • Remove found threats

Уверете се че са маркирани следните позиции:

  • Scan Archives

Кликнете върху Advanced Settings и маркирайте следните опции:

  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

Накрая изберете Start
 
2.JPG
 
Скенерът ще започне да изтегля последните дефиниции и ще започне сканиране на вашия компютър.
Моля, бъдете търпеливи, тъй като това може да отнеме известно време.

  • След, като сканирането завърши кликнете на List of found threats.
  • Щракнете върху Export, и запишете файла на вашия работен плот с  име  ESETScan. Копирайте съдържанието на този доклад, в следващия си отговор.
  • Изберете бутона Back.
  • Изберете бутона Finish.

  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • Дневник от HitmanPro
  • Дневник от ESET Online Scanner ( List of found threats )
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изникна проблем при стартирането на програмата  Hitman Pro за 32-битова система.Изтеглих я но когато я стартирам тръгва автоматична актуализация, а след това изписва ,че актуализацията не е валидна/повредена е или не е цяла/ и до там.Бутончето Напред не се активира!Активни са само бутони Закупуване и Настройки.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
на 14.03.2016 г. at 14:51, evitta_22 написа:

Не знам защо, но след като деинсталирах  Adobe Reader  и опитах да инсталирам новата версия, инсталацията не се осъществява дава ми някаква грешка.Отчита, че е започнала но след като си свали необходимите "неща" и вече би следвало да започне да инсталира дава грешка при инсталация.Иначе ехе файла го сваля без проблем.

За сега спрете контролните сканирания и с двете програми...Има някакъв проблем ..и с Adobe Reader  и сега с HitmanPro..Да се опитаме да поправим този проблем и след това ще направите контролните сканирания..!

Изтеглете този инструмент MSFixIt и поправете с него  инсталирането и деинсталирането на програми на вашия компютър.След това:

 

Изтеглете програмата Windows Repair (all in one) оттук.
Кликнете с десен бутон върху иконата на програмата и изберете "Run As Administrator".

Oтидете до Стъпка 5 (Step 5: Backup) и създайте нова точка за възстановяване на системата и бекъп на текущото състояние на регистрите...
 
Под 1.Registry Backup натиснете бутона Backup.
Под 2.System Restore натиснете бутона Create.

60p53Ct.jpg

Сега вече отидете до Start Repairs и натиснете бутона Start.
 
76G7OMh.jpg


 
Сложете отметка на квадратчета 01 и 14 ..На всички останали премахнете отметките..!

и сложете отметка пред Restart/Shutdown System When Finished => Restart System и натиснете бутона Start.
 
N1qOYNx.jpg
 

НЕ използвайте компютъра докато се извършва поправката.
След като всички приключи, компютъра ще се рестартира.

Архивирайте всички логове от папката
32-bit system - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
64-bit system - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs

и качете архива на следния адрес => dox.bg и публикувайте линка към архива в следващия си коментар.
 

После опитайте да си инсталирате Adobe Reader  както и да направите контролните сканирания..!
 

 

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Привет!

За съжаление, не успях да инсталирам двете програми  MSFixIt  и  Windows Repair (all in one) дава пак грешка .Ще кача снимка да видите за какво става на въпрос.:(

http://prikachi.com/images.php?images/921/8695921m.jpg

http://prikachi.com/images.php?images/924/8695924A.jpg

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.