Прехвърляне към съдържание


SunyShadow

Регистриран на: 04 Aug 2018
Извън линия Активен: Днес, 19:36

Започнати от мен теми

HP Compaq nx9010 проблеми

24 August 2018 - 12:06

Здравейте!
Чудих се доста в кой раздел да пусна темата, но мотото на този раздел ми хареса: "... и точно преди да вземете чука - пишете тук." ... ха-ха
 Дори лаптопът който Ви представям за обсъждане май е след използване на чука - поне от предишния му притежател. В същност го е харизал на мой приятел, че не му трябвал, който пък ми го даде... "ако искам да му взема частите". Няма ни захранващ блок, ни знаех дали изобщо работи, но съм си любопитен - снабдих се със захранващ блок и за изненада се оказа, че дори и работи. Съответно има доста нередности, но смятам че ако се "постегне" (като разчитам на помощ и съвети от Вас), ще ми върши работа - да следя информация в едни сайтове.
Първото което направих е да сканирам за вируси и съответно имаше стотици заразени файлове.

Прикрепен файл  mbam-log-2018-07-13 (21-37-40).txt   76.15К   4 Брой изтегляния

Прикрепен файл  log ESEt.txt   2.67К   1 Брой изтегляния

Мисля, че поне тези - видимите за антивирусните скенери изчистих колкото можах.

Прикрепен файл  mbam-log-2018-08-05 (17-12-39).txt   1.03К   0 Брой изтегляния

Възможно е да има още или да са повредили сериозно системата. Също и не съм сигурен що за драйвери има, че имаше някаква програма за драйвери, но антивирусните я сочеха като вредна. Не съм ползвал много лаптопи, но ми се струва за този, че вентилаторите почти постоянно работят. след стартиране само 2 - 5 минути работи без включен вентилатор, след което се включва и работи постоянно поне един, като според натоварването ту се усилва шума (дали се променят обороти, или се включват и други вентилатори, нямам представа), ту се намалява. По-голям проблем ми се струва това, че може би при много голямо натоварване (примерно когато сканира Dr.Web Scanner, при гледане на някой филм...) лаптопът се е самозиключвал или рестартира. Понякога при стартиране остава на черен екран и не се зарежда Windows. След изключване от Power бутона и повторно стартиране обаче си тръгва и зарежда.
При рестарт са се показвали и съм снимал следните екрани:

Прикрепен файл  TRAP.JPG   103.03К   0 Брой изтегляния

 

Прикрепен файл  usb driver.JPG   140.93К   0 Брой изтегляния

Като не знам какво е правил предишния собственик, не знам как да процедирам... дали не му е правил overclock (нямам представа как се прави и какви последици има, т.е. как да разбера правен ли е) - свързвам го с товаренето което довежда до рестарти. Също в каталозите гледам процесорите са 2.6 GHz, а на този е 2.8 GHz
Друго което ме притеснява е захранването което е 17V за IBM (втора ръка), докато на Compaq-a пише 19V, но Амперите съответстват. Доста грее. Не мога точно да преценя, защото като пипам на други лаптопи, също ми се струват доста топли - почти горещи. Да не би като е ниско напрежението да се компенсира с по-висок консумиран ток. За всеки случай съм изключил дисплея на лаптопа и съм включил друг монитор, с цел да намаля консумацията която ще изисква и дисплея на лаптопа.
Други проблеми които забелязвам са:
    1.не винаги функционирaне на функцията copy-paste, дали от настройки или заради зловреден код - примерно избирам текст , с десен бутон - copy, но след това в notepad,  paste е активно, докато в wordpad не е и не може да се постави копираното;
    2.липсват и 4 бутона от клавиатурата, което не е проблем, защото съм с външна, но странно защо едната буква на която й липсва бутона ® понякога задейства непрекъснато, сякаш е натиснат бутона, а при натискане на съседна буква, спира действието. Възможно е и с някои други бутони да се случва нещо подобно, защото кликам да речем на една икона, а се маркират още няколко (може би има начин да се деактивира вградената клавиатура);
    3.отварям нов прозорец, но вместо да е активен, то той се отваря зад прозореца от който го отварям и ако е по-малък не се вижда и мисля, че не се е отворил (възможно ли е да се случва заради предния проблем на клавиатурата - някой клавиш да стои "натиснат");
    4.забравя, по-скоро забавя датата и часа - видимо когато не съм стартирал няколко дни;
    5.като отворя в "диспечера на задачи" таба "процеси" и наблюдавам синята лента маркираща процес то тя постоянно трепти на пресекулки - сякаш системата е стресирана. Няколко процеса (3-4 броя) периодично променят стойността си от 00 - не са в покой. Без да правя нещо постоянно около 5-20 % променяйки се се използва процесора.
    Win XP pro SP2 e инсталиран, а стикерите са за WIndows XP Home Edition. Проверих с Windows Update MiniTool и дава възможност да се актуализира със SP3. Иначе има инсталирани доста актуализации.

Моля, дайте препоръки, съвети какво да направя за да оправя проблемите. Боря се до последно винаги да запазя инсталираната операционна система, но ако е нужно и препоръчате, ще направя чист преинстал. Отворен съм за предложения и Ви благодаря предварително. :)
Уверен съм, че ще стане нормална машина, която да ми върши малкото работа за която искам да го ползвам, този "харизан ми кон" ;)

 

Характеристики по каталог:

 

HP Compaq nx9010 C 2.6GHz, 15" - DJ347A
2.6 GHz Intel Celeron with 400-MHz Front Side Bus and 256-KB L2 cache
512 MB (266 MHz) DDR SDRAM (256 MB SODIMM in slots 1 and 2)
Chipset: ATI Radeon IGP 345M (RS200MP) / ALI M1535+
Hard Drive: 80GB 4200 RPM HDD (Hard Disc Drive)
Video:UMA architecture – ATI Mobility Radeon, AGP 4x and 3D Architecture, MPEG2 and DVD playback, shared w/128MB main memory
Platform: Windows XP Professional x86 (Build 2600), Service Pack 2 ( Вероятно преинсталиран защото стикерите са за XP Home )

 

BIOS info:

Product Name:         Hewlett-Packard
Notebook Model:     Presario 2500 (PD218PS)

Processor Type:     Intel Celeron
Processor Speed:     2800 Mhz

Bios Revision:          KH.F.24
Internal Hard Disk:     Hitachi HTS541680J9AT00-PM
F2 Delay (sec) :       [00]
UMA Video Memory:     [Auto]
Memory:        447 MB
 

 

Последни сканирания:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21.02.2018
Ran by Tisho (administrator) on BOBI_2F6CEE7C2 (21-08-2018 05:38:55)
Running from C:\Documents and Settings\Tisho\Desktop
Loaded Profiles: Tisho (Available Profiles: Tisho & Koral)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [98394 2004-11-04] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [688218 2004-11-04] (Synaptics, Inc.)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [335872 2004-05-15] (ATI Technologies, Inc.)
HKU\S-1-5-21-220523388-789336058-1060284298-1003\...\MountPoints2: {835506f0-4d1f-11e1-83ff-000f20ca7222} - F:\driver\usb\usb_driver.exe
HKU\S-1-5-21-220523388-789336058-1060284298-1003\...\MountPoints2: {c67250d0-76f6-11e1-83b6-000f20ca7222} - F:\driver\usb\usb_driver.exe
HKU\S-1-5-21-220523388-789336058-1060284298-1003\...\MountPoints2: {d90e7cd1-b69a-11e0-8376-000f20ca7222} - driver\usb\usb_driver.exe
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{59B8BAFB-DE1F-4D81-9BA3-E708C302E1E0}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-220523388-789336058-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-220523388-789336058-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-220523388-789336058-1060284298-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2008-02-01] (Skype Technologies)

FireFox:
========
StartMenuInternet: FIREFOX.EXE - C:\Documents and Settings\Koral\Local Settings\Application Data\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Documents and Settings\Tisho\Local Settings\Application Data\Google\Chrome\User Data\Default [2018-08-14]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Tisho\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome - C:\Documents and Settings\Tisho\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aliadwdm; C:\WINDOWS\System32\drivers\ac97ali.sys [231552 2004-08-04] (Acer Laboratories Inc.)
R3 ALiIRDA; C:\WINDOWS\System32\DRIVERS\aliirda.sys [27648 2003-01-23] (ALi Corporation)
R0 caboagp; C:\WINDOWS\System32\DRIVERS\atisgkaf.sys [14671 2005-04-20] (ATI Technologies Inc.)
S1 Changer; C:\WINDOWS\system32\Drivers\Changer.sys [8192 2004-08-03] (Microsoft Corporation)
R3 FA312; C:\WINDOWS\System32\DRIVERS\FA312nd5.sys [16074 2001-08-17] (NETGEAR Corp.)
S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2011-07-25] (Windows ® 2000 DDK provider)
S1 lbrtfdc; C:\WINDOWS\system32\Drivers\lbrtfdc.sys [34688 2004-08-03] (Toshiba Corp.)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [2833296 2015-02-12] (MediaTek Inc.)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-04] ()
S3 HWiNFO; \??\C:\DOCUME~1\Tisho\LOCALS~1\Temp\HWiNFO32.SYS [X]
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-21 05:38 - 2018-08-21 05:40 - 000006014 _____ C:\Documents and Settings\Tisho\Desktop\FRST.txt
2018-08-05 17:18 - 2018-08-21 05:38 - 000000000 ____D C:\FRST
2018-08-05 16:57 - 2018-08-05 16:57 - 000000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
2018-08-05 16:57 - 2018-08-05 16:57 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2018-08-05 16:57 - 2011-08-31 17:00 - 000022216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2018-08-05 16:54 - 2018-02-21 21:47 - 001763328 _____ (Farbar) C:\Documents and Settings\Tisho\Desktop\FRST.exe
2018-08-03 18:50 - 2018-08-03 18:50 - 000095762 _____ C:\Documents and Settings\Tisho\Desktop\OTL custum.txt
2018-08-03 18:23 - 2018-08-03 18:23 - 000032600 _____ C:\Documents and Settings\Tisho\Desktop\SchedLgU.Txt
2018-08-03 17:35 - 2018-08-03 17:56 - 000001382 _____ C:\Documents and Settings\Tisho\Desktop\Hash.txt
2018-08-01 16:01 - 2018-08-01 16:01 - 000105463 _____ C:\Documents and Settings\Tisho\Desktop\Logs_Tisho_01.08_16.01.zip
2018-08-01 15:07 - 2018-08-01 15:07 - 000001582 _____ C:\Documents and Settings\Tisho\Desktop\Logs_Tisho_01.08_15.07.zip
2018-08-01 15:04 - 2018-08-01 15:04 - 000101789 _____ C:\Documents and Settings\Tisho\Desktop\Logs_Tisho_01.08_15.04.zip
2018-08-01 14:10 - 2018-08-01 13:46 - 008440035 _____ (Rapture Central Computing ) C:\Documents and Settings\Tisho\Desktop\Glyph.exe
2018-07-26 11:46 - 2013-01-15 04:00 - 000602112 _____ (OldTimer Tools) C:\Documents and Settings\Tisho\Desktop\OTL.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-21 05:40 - 2011-01-25 22:36 - 000000000 ____D C:\Documents and Settings\Tisho\Local Settings\Temp
2018-08-21 05:37 - 2012-04-12 06:50 - 000000000 ____D C:\Documents and Settings\Tisho\Desktop\123456789
2018-08-21 05:13 - 2012-04-12 03:01 - 000000260 _____ C:\WINDOWS\Tasks\WGASetup.job
2018-08-21 05:12 - 2011-01-25 22:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-21 05:12 - 2004-08-04 15:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2018-08-14 20:06 - 2011-01-25 22:36 - 000000178 ___SH C:\Documents and Settings\Tisho\ntuser.ini
2018-08-14 20:06 - 2011-01-25 22:34 - 000032498 _____ C:\WINDOWS\SchedLgU.Txt
2018-08-14 19:48 - 2018-07-20 21:26 - 000000000 ____D C:\WINDOWS\system32\NtmsData
2018-08-14 19:48 - 2011-01-25 22:36 - 000000000 ____D C:\Documents and Settings\Tisho
2018-08-14 19:39 - 2011-01-25 22:40 - 000042944 _____ C:\Documents and Settings\Tisho\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2018-08-05 16:57 - 2018-07-13 21:01 - 000000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2018-08-03 19:11 - 2018-07-15 19:21 - 000000178 ___SH C:\Documents and Settings\Koral\ntuser.ini
2018-08-03 19:09 - 2018-07-15 19:21 - 000000000 ____D C:\Documents and Settings\Koral\Local Settings\Temp
2018-08-03 17:26 - 2011-10-11 23:42 - 000000000 ____D C:\Documents and Settings\Tisho\Application Data\Skype
2018-08-03 16:22 - 2011-01-25 22:19 - 000189792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-08-01 16:31 - 2011-01-25 22:07 - 000000000 RSHDC C:\WINDOWS\system32\dllcache

==================== Files in the root of some directories =======

2011-07-30 11:21 - 2018-07-11 18:15 - 000101888 _____ () C:\Documents and Settings\Tisho\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21.02.2018
Ran by Tisho (21-08-2018 05:42:17)
Running from C:\Documents and Settings\Tisho\Desktop
Microsoft Windows XP Professional Service Pack 2 (X86) (2011-01-25 19:31:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-220523388-789336058-1060284298-500 - Administrator - Enabled)
Guest (S-1-5-21-220523388-789336058-1060284298-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-220523388-789336058-1060284298-1000 - Limited - Disabled)
Koral (S-1-5-21-220523388-789336058-1060284298-1004 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Koral
SUPPORT_388945a0 (S-1-5-21-220523388-789336058-1060284298-1002 - Limited - Disabled)
Tisho (S-1-5-21-220523388-789336058-1060284298-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Tisho

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1008 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5102 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.003.3-040515a-016016C - )
Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20 (HKLM\...\Chicken Invaders: Revenge of the Yolk (Christmas Edition)_is1) (Version:  - InterAction studios)
Google Chrome (HKU\S-1-5-21-220523388-789336058-1060284298-1003\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Malwarebytes' Anti-Malware, версия 1.51.2.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.51.2.1300 - Malwarebytes Corporation)
Mediatek RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.39.126 - MediatekWiFi)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Mozilla Firefox 20.0.1 (x86 bg) (HKLM\...\Mozilla Firefox 20.0.1 (x86 bg)) (Version: 20.0.1 - Mozilla)
Skype™ 3.6 (HKLM\...\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}) (Version: 3.6.248 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 7.12.7.0 - )
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version:  - )
ULi Audio Accelerator WDM Driver (HKLM\...\ULi Audio Accelerator WDM Driver) (Version:  - )
ULi FIR Driver (HKLM\...\ULi FIR Driver) (Version:  - )
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.61  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-220523388-789336058-1060284298-1003\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-220523388-789336058-1060284298-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Tisho\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-220523388-789336058-1060284298-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-220523388-789336058-1060284298-1003_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Documents and Settings\Tisho\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-220523388-789336058-1060284298-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Tisho\Local Settings\Application Data\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-220523388-789336058-1060284298-1003_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\Tisho\Local Settings\Application Data\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-220523388-789336058-1060284298-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Tisho\Local Settings\Application Data\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-220523388-789336058-1060284298-1003_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\Tisho\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-220523388-789336058-1060284298-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-220523388-789336058-1060284298-1003_Classes\CLSID\{47052E2F-3D7D-43F9-93CB-AD85D062D097}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\spmServices.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-220523388-789336058-1060284298-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Tisho\Local Settings\Application Data\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-220523388-789336058-1060284298-1003_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\spmServices.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-220523388-789336058-1060284298-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Tisho\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-220523388-789336058-1060284298-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Tisho\Local Settings\Application Data\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-220523388-789336058-1060284298-1003_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-220523388-789336058-1060284298-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\spmServices.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-220523388-789336058-1060284298-1003_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\spmServices.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-220523388-789336058-1060284298-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Tisho\Local Settings\Application Data\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-220523388-789336058-1060284298-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Tisho\Local Settings\Application Data\Google\Update\1.3.33.17\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-220523388-789336058-1060284298-1003_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Documents and Settings\Tisho\Local Settings\Application Data\Google\Update\1.3.33.17\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-220523388-789336058-1060284298-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Tisho\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll => No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [2011-08-31] (Malwarebytes Corporation)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [2011-08-31] (Malwarebytes Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware\Деинсталиране на Malwarebytes' Anti-Malware.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe () <==== Cyrillic

ShortcutWithArgument: C:\Documents and Settings\Tisho\Start Menu\Programs\Google Chrome\Деинсталиране на Google Chrome.lnk -> C:\Documents and Settings\Tisho\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\Installer\setup.exe (Google Inc.) ->  --uninstall --multi-install --chrome --verbose-logging

==================== Loaded Modules (Whitelisted) ==============

2011-10-15 10:30 - 2011-03-02 12:40 - 000140288 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 15:00 - 2004-08-04 15:00 - 000000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-220523388-789336058-1060284298-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Tisho\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Tisho\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype. Take a deep breath
StandardProfile\AuthorizedApplications: [F:\driver\usb\usb_driver.exe] => Disabled:TaskManager
StandardProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Disabled:Winamp
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/05/2018 05:19:13 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/05/2018 04:55:33 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/05/2018 04:55:33 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/05/2018 04:55:33 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/05/2018 04:55:33 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/05/2018 04:55:33 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/05/2018 04:55:33 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/05/2018 04:55:33 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (08/14/2018 06:34:30 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.0.104 on the
Network Card with network address 000F20CA7222.

Error: (08/14/2018 04:47:01 PM) (Source: 0) (EventID: 8003) (User: )
Description: Event-ID 8003

Error: (08/14/2018 04:34:24 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 0.0.0.0 for the Network Card with network address 000F20CA7222 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/14/2018 04:10:27 PM) (Source: W32Time) (EventID: 34) (User: )
Description: The time service has detected that the system time needs to be
changed by +66268 seconds. The time service will not change the system
time by more than +54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.0.103:123->51.141.32.51:123) is working properly.

Error: (08/05/2018 04:50:43 PM) (Source: DCOM) (EventID: 10005) (User: BOBI_2F6CEE7C2)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (08/05/2018 04:00:17 PM) (Source: DCOM) (EventID: 10005) (User: BOBI_2F6CEE7C2)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (08/01/2018 01:38:06 PM) (Source: 0) (EventID: 4321) (User: )
Description: Event-ID 4321

Error: (08/01/2018 01:19:12 PM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7


==================== Memory info ===========================

Processor:  Intel® Celeron® CPU 2.80GHz
Percentage of memory in use: 47%
Total physical RAM: 446.98 MB
Available physical RAM: 233.72 MB
Total Virtual: 1057.6 MB
Available Virtual: 925.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:45.23 GB) (Free:12.84 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:29.29 GB) (Free:4 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 23B423B4)
Partition 1: (Active) - (Size=45.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=29.3 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================


Нужда от помощ

05 August 2018 - 13:42

Здравейте! От много време чета форума Ви и научавам много неща за компютрите. Опитвам се сам през годините, като използвам наученото да се справям с проблемите.
Все пак ми е нужно компетентно мнение и затова се обръщам към Вас.
Първо става дума за компютър на който преди години ползвах активнa защита с DrWeb (бях доволен), за който си намирах ключове, но секна "далаверата" - не можеше вече да се обновяват дефинициите, а и за да ми е по-бърз компютъра реших да деинсталирам антивирусната. Оказа се, че в "Център за защита" все още си приема, че имам защита от вируси от Dr Web, а използвах само преиодични сканирания с Malwarebytes Anti-Malware и Dr.Web CureIt. Единственото което не направих е да ползвам ограничен акаунт. Този компютър оставих на детето да си играе игри и гледахме филми. Добавих преди година и Hitman.Pro, но този скенер беше активен и при стартиране на компютъра си правеше сканиране - понякога показваше кукита с проблеми. Изчиствах ги веднага.
Симптоми за нередности: последните години - крашвания на игри докато се стартират или при игра (рядко), Firefox крашва при гледане на клипчета (инцидентно). Приятел ми беше дал RAM 1GB която бях добавил преди около 3 години и мислех дали заради нея не се получава така ?!?
Преди около година Hitman.Pro започна да показва Malware - SFC_OS.dll при сканиранията си...

 

Прикрепен файл  Virus 1.JPG   156.19К   1 Брой изтегляния

 

Прикрепен файл  Virus 2.JPG   155.46К   1 Брой изтегляния

 

Прикрепен файл  Virus 3.JPG   173.27К   1 Брой изтегляния

 

понякога и се рестартираше компютърът инцидентно. Детето амбицирано в игрите "не ме допускаше" да доближавам компютъра, а и нямах много време да проверявам какво става. От ноември компютърът не се ползва и "почива". Пролетта се занимавах с него - четох и пробвах, четох и пробвах... и мисля, че оправих проблема с SFC_OS.dll  - използвах инсталационен диск и с команда за поправка... А, и още един проблем мисля има със CD -то - дълго чете дисковете (понякога не ги прочита) и дори правеше проблем със записването... как извърши поправката чрез инсталационен диск нямам представа. Помня, че слагах един диск, после сменях с друг в процеса, когато показваше, че нямало диск - кой знае как са се омазали нещата :)
Скоро мисля да го ползвам компютъра, а последният проблем който се появи - когато искам да го изключа и от "СТАРТ" > "Иключи компютъра", след това не се появяваше след минути прозорчето "Изключване на компютъра". Като подготвях докладите според ИНСТРУКЦИИТЕ, Malwarebytes Anti-Malware откри заплахи - нови и стари (за които знам и умишлено съм ги архивирал - да не се активират) - в карантината са. Мисля, че има и програми които е редно да се деинсталират. Също и последните два пъти изключването става без чакане както описах преди (дали тези заплахи са били причина). Дано не съм прекалил с обясненията.

 

Прикрепен файл  mbam 2.txt   3.94К   2 Брой изтегляния

 

Прикрепен файл  FRST.txt   15.57К   3 Брой изтегляния

 

Прикрепен файл  Addition.txt   29.89К   3 Брой изтегляния