Премини към съдържанието
RudeBoy

Помощ срещу MyWebSearch и PUP.FunWebProducts [РЕШЕН]

    Препоръчан отговор


    Здравейте, Снощи при периодично сканиране MBAM ми откри 16 зарази - 14 MyWebSearch и 2 PUP.FunWebProducts. След рестарта и повторно сканиране останаха само последните два. MBAM ги изчисти, и след това пак рестартирах. Но тъй като и двете бяха в C:\Windows, моля за помощ за окончателно изчистване на компютъра. Допълнителна информация - преди 20-ина дена махнах Avast Free, и реших да пробвам KAV Trial. След като открих заразата, пуснах пълен тест с Kaspersky - не откри нищо. Махнах го, сложих си пак Avast, сканирах и с него - пак нищо. Публикувам лога от MBAM преди втория рестарт, както и логовете от DDS: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6173 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 26.3.2011 г. 08:58:35 mbam-log-2011-03-26 (08-58-35).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 270080 Time elapsed: 26 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully. c:\Windows\SysWOW64\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте..!Направете следното сканиране:

    • Изтеглете програмата: ESET Online Scanner
    • Стартирайте esetsmartinstaller_enu.exe Публикувано изображение
    • Сложете отметка на YES, I accept the Terms of Use и изберете Start:

      Публикувано изображение

    • Скенерът ще започне да изтегля компонентите, които са му необходими:

      Публикувано изображение

    • Уверете се, че има отметки на следните редове:

      Публикувано изображение

      Накрая изберете Start

    • Скенерът ще започне да изтегля последните дефиниции.
    • След, като сканирането завърши изберете Finish.
    • Отидете в: C:\Program Files\ESET\ESET Online Scanner
    • Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си коментар.
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте, icotonev, благодаря за вниманието :handshake: Логът от ESET Online Scanner: ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=0 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=f54b003e200ceb4f94cb161d2e91a6ca # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-03-26 11:21:26 # local_time=2011-03-26 01:21:26 (+0200, FLE Standard Time) # country="Bulgaria" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=768 16777215 100 0 0 0 0 0 # compatibility_mode=1280 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776574 100 94 9880241 53588619 0 0 # compatibility_mode=8192 67108863 100 0 3647 3647 0 0 # scanned=0 # found=0 # cleaned=0 # scan_time=0

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте..!Благодаря за лога...той е чист...!Но все пак предлагам да направим едно сканиране с:

    Изтеглете ComboFix от тук или тук и го запазете на десктопа си.

    • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

    Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

    • Стартирайте Combo-Fix.com и следвайте инструкциите.

    Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

    • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

    • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

    ** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

    Публикувано изображение

    След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

    Публикувано изображение

    Изберете Yes, за да продължи сканирането за зловреден софтуер.

    Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

    Бележка:

    • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
    • ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
    • ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
    • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
    • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

    Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

    Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Съжалявам, имам проблем - по никакъв начин не мога да изключа Avast-а . Докато бях с Kaspersky е излязла нова версия, и никъде не мога да намеря опция за излизане. Опитах да спра щитовете, да спра Avast от Task Manager-а, дори я махнах от StartMenu-то и рестартирах - не става. При всяко стартиране на ComboFix ми излиза преупреждение, че щитовете са активни, и ще продължи работата си на моя отговорност. Затова не знам дали има смисъл, но все пак - това е логът: ComboFix 11-03-25.04 - McPherson 03.2011 г. 18:42:24.3.2 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.3070.2211 [GMT 2:00] Running from: c:\users\McPherson\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-02-26 to 2011-03-26 ))))))))))))))))))))))))))))))) . . 2011-03-26 16:58 . 2011-03-26 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-03-26 11:20 . 2011-03-26 11:20 -------- d-----w- c:\program files (x86)\ESET 2011-03-26 01:51 . 2011-02-23 14:57 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-03-26 01:51 . 2011-02-23 14:54 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-03-26 01:51 . 2011-02-23 14:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-03-26 01:51 . 2011-02-23 14:55 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-03-26 01:51 . 2011-02-23 14:55 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-03-26 01:51 . 2011-02-23 14:55 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-03-26 01:51 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr 2011-03-26 01:51 . 2011-02-23 15:04 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-03-26 01:51 . 2011-03-26 01:51 -------- d-----w- c:\programdata\AVAST Software 2011-03-26 01:51 . 2011-03-26 01:51 -------- d-----w- c:\program files\AVAST Software 2011-03-26 01:45 . 2011-03-26 01:45 241 ----a-w- C:\UnKIS.reg 2011-03-26 01:45 . 2011-03-26 01:45 -------- d-----w- C:\kleaner.tmp 2011-03-25 18:14 . 2011-03-25 18:13 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL 2011-03-25 18:14 . 2011-03-25 18:14 -------- d-----w- c:\programdata\Iterate Items 2011-03-25 18:14 . 2011-03-25 18:14 -------- d-----w- c:\programdata\Images 2011-03-25 18:14 . 2011-03-25 18:14 -------- d-----w- c:\programdata\Hybrid Morph 2011-03-25 06:03 . 2011-03-25 06:03 -------- d-----w- C:\MySlideshow 2011-03-25 05:37 . 2011-03-25 05:37 -------- d-----w- c:\programdata\Anvsoft 2011-03-25 05:37 . 2011-03-25 05:40 -------- d-----w- c:\users\McPherson\AppData\Roaming\Photo DVD Maker 2011-03-19 08:30 . 2011-03-19 08:30 -------- d-----w- c:\program files\Defraggler 2011-03-11 04:56 . 2011-03-11 04:56 -------- d-----w- c:\programdata\Nikon 2011-03-10 15:38 . 2011-03-10 15:38 -------- d-----w- c:\programdata\vhosts 2011-03-10 15:34 . 2011-03-25 18:04 57344 ----a-r- c:\users\McPherson\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe 2011-03-10 15:32 . 2011-03-25 18:02 -------- d-----w- c:\program files (x86)\Nikon 2011-03-04 22:32 . 2011-03-25 18:18 -------- d-----w- c:\users\McPherson\AppData\Local\Nikon 2011-03-04 22:31 . 2011-03-10 15:34 -------- d-----w- c:\program files (x86)\Common Files\Nikon 2011-03-04 22:30 . 2011-03-04 22:32 -------- d-----w- c:\users\McPherson\AppData\Roaming\Nikon 2011-03-04 22:30 . 2011-03-25 18:14 -------- d-----w- c:\programdata\Ultima_T15 2011-03-04 22:30 . 2011-03-25 18:14 -------- d-----w- c:\programdata\EnterNHelp 2011-03-04 12:02 . 2010-05-26 08:45 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys 2011-03-02 13:46 . 2011-03-02 13:46 -------- d-----w- c:\users\McPherson\AppData\Local\PassMark . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-23 15:04 . 2011-01-16 05:13 238968 ----a-w- c:\windows\system32\aswBoot.exe 2011-02-04 19:20 . 2011-01-31 05:06 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2011-02-04 19:19 . 2011-01-31 05:06 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-02-04 05:24 . 2011-01-30 20:06 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-02-04 05:24 . 2011-01-30 20:06 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-01-30 20:06 . 2011-01-30 20:06 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-01-30 20:06 . 2011-01-30 20:06 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-01-05 03:37 . 2011-01-05 03:37 8283136 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2011-01-05 03:22 . 2011-01-05 03:22 22100480 ----a-w- c:\windows\system32\atio6axx.dll 2011-01-05 03:03 . 2011-01-05 03:03 17043968 ----a-w- c:\windows\SysWow64\atioglxx.dll 2011-01-05 03:02 . 2011-01-05 03:02 143360 ----a-w- c:\windows\system32\atiapfxx.exe 2011-01-05 03:02 . 2011-01-05 03:02 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll 2011-01-05 03:01 . 2010-10-27 02:54 708608 ----a-w- c:\windows\system32\aticfx64.dll 2011-01-05 02:58 . 2011-01-05 02:58 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-01-05 02:58 . 2011-01-05 02:58 480256 ----a-w- c:\windows\system32\atieclxx.exe 2011-01-05 02:57 . 2011-01-05 02:57 203776 ----a-w- c:\windows\system32\atiesrxx.exe 2011-01-05 02:56 . 2011-01-05 02:56 120320 ----a-w- c:\windows\system32\atitmm64.dll 2011-01-05 02:56 . 2011-01-05 02:56 423424 ----a-w- c:\windows\system32\atipdl64.dll 2011-01-05 02:56 . 2011-01-05 02:56 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll 2011-01-05 02:55 . 2011-01-05 02:55 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll 2011-01-05 02:55 . 2011-01-05 02:55 16384 ----a-w- c:\windows\system32\atimuixx.dll 2011-01-05 02:55 . 2011-01-05 02:55 59392 ----a-w- c:\windows\system32\atiedu64.dll 2011-01-05 02:55 . 2011-01-05 02:55 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2011-01-05 02:52 . 2011-01-05 02:52 4101632 ----a-w- c:\windows\SysWow64\atidxx32.dll 2011-01-05 02:43 . 2009-07-13 21:59 4844544 ----a-w- c:\windows\system32\atidxx64.dll 2011-01-05 02:33 . 2011-01-05 02:33 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2011-01-05 02:33 . 2011-01-05 02:33 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2011-01-05 02:33 . 2011-01-05 02:33 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2011-01-05 02:33 . 2011-01-05 02:33 4162048 ----a-w- c:\windows\SysWow64\atiumdag.dll 2011-01-05 02:33 . 2011-01-05 02:33 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2011-01-05 02:33 . 2011-01-05 02:33 6815232 ----a-w- c:\windows\system32\aticaldd64.dll 2011-01-05 02:32 . 2011-01-05 02:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll 2011-01-05 02:32 . 2009-07-13 21:59 3218944 ----a-w- c:\windows\system32\atiumd6a.dll 2011-01-05 02:31 . 2011-01-05 02:31 5441024 ----a-w- c:\windows\SysWow64\aticaldd.dll 2011-01-05 02:28 . 2010-10-27 02:14 58880 ----a-w- c:\windows\system32\coinst.dll 2011-01-05 02:27 . 2009-06-10 20:36 5305856 ----a-w- c:\windows\system32\atiumd64.dll 2011-01-05 02:25 . 2011-01-05 02:25 3461120 ----a-w- c:\windows\SysWow64\atiumdva.dll 2011-01-05 02:20 . 2011-01-05 02:20 353792 ----a-w- c:\windows\system32\atiadlxx.dll 2011-01-05 02:20 . 2011-01-05 02:20 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2011-01-05 02:19 . 2011-01-05 02:19 14848 ----a-w- c:\windows\system32\atig6pxx.dll 2011-01-05 02:19 . 2011-01-05 02:19 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2011-01-05 02:19 . 2011-01-05 02:19 12800 ----a-w- c:\windows\system32\atiglpxx.dll 2011-01-05 02:19 . 2011-01-05 02:19 32256 ----a-w- c:\windows\system32\atig6txx.dll 2011-01-05 02:19 . 2011-01-05 02:19 27648 ----a-w- c:\windows\SysWow64\atigktxx.dll 2011-01-05 02:19 . 2011-01-05 02:19 294400 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2011-01-05 02:18 . 2010-10-27 02:13 39936 ----a-w- c:\windows\system32\atiuxp64.dll 2011-01-05 02:18 . 2011-01-05 02:18 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2011-01-05 02:18 . 2010-10-27 02:13 38400 ----a-w- c:\windows\system32\atiu9p64.dll 2011-01-05 02:18 . 2011-01-05 02:18 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2011-01-05 02:17 . 2011-01-05 02:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2011-01-05 02:11 . 2011-01-05 02:11 53760 ----a-w- c:\windows\system32\atimpc64.dll 2011-01-05 02:11 . 2011-01-05 02:11 53760 ----a-w- c:\windows\system32\amdpcom64.dll 2011-01-05 02:11 . 2011-01-05 02:11 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll 2011-01-05 02:11 . 2011-01-05 02:11 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-03-26_16.16.31 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2011-03-26 14:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-03-26 16:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-03-26 14:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-03-26 16:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-03-26 14:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-03-26 16:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 05:10 . 2011-03-26 16:38 33004 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2010-12-02 03:34 . 2011-03-26 14:51 6818 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1036006790-4025286069-3710240547-1000_UserData.bin + 2010-12-02 03:34 . 2011-03-26 16:38 6818 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1036006790-4025286069-3710240547-1000_UserData.bin - 2011-03-26 14:49 . 2011-03-26 14:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-03-26 16:36 . 2011-03-26 16:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-03-26 14:49 . 2011-03-26 14:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-03-26 16:36 . 2011-03-26 16:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:36 . 2011-03-26 14:54 606992 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-03-26 16:42 606992 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-03-26 16:42 103370 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2011-03-26 14:54 103370 c:\windows\system32\perfc009.dat - 2011-02-08 21:26 . 2011-03-26 11:37 491912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-02-08 21:26 . 2011-03-26 16:35 491912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-01-03 396152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "c:\windows\SysWOW64\V0350Ext.ax"="c:\windows\system32\RegSvr32.exe" [2009-07-14 14848] "V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-08-22 28672] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideFastUserSwitching"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R1 SABKUTIL;SABKUTIL;c:\program files\SUPERAntiSpyware\SABKUTIL.sys [x] R2 gupdate;Услуга Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 136176] R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\993B.tmp [x] R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x] R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\DRIVERS\V0350VFx.sys [x] R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\DRIVERS\V0350Vid.sys [x] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 15:28] . 2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 15:28] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-02-23 15:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "c:\windows\system32\V0350Ext.ax"="c:\windows\system32\RegSvr32.exe" [2009-07-14 19456] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.bg/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\993B.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}] @DACL=(02 0000) @="Folder Redirection" "ProcessGroupPolicyEx"="ProcessGroupPolicyEx" "DllName"=expand:"fdeploy.dll" "NoMachinePolicy"=dword:00000001 "NoSlowLink"=dword:00000001 "PerUserLocalSettings"=dword:00000001 "NoGPOListChanges"=dword:00000000 "NoBackgroundPolicy"=dword:00000000 "GenerateGroupPolicy"="GenerateGroupPolicy" "EventSources"=multi:"(Folder Redirection,Application)\00\00" "DisplayName"=expand:"@fdeploy.dll,-261" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}] @DACL=(02 0000) @="Microsoft Disk Quota" "DisplayName"=expand:"@%SystemRoot%\\System32\\dskquota.dll,-100" "NoMachinePolicy"=dword:00000000 "NoUserPolicy"=dword:00000001 "NoSlowLink"=dword:00000001 "NoBackgroundPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "PerUserLocalSettings"=dword:00000000 "RequiresSuccessfulRegistry"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000000 "DllName"=expand:"%SystemRoot%\\System32\\dskquota.dll" "ProcessGroupPolicy"="ProcessGroupPolicy" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}] @DACL=(02 0000) @="QoS Packet Scheduler" "DisplayName"=expand:"@gptext.dll,-201" "ProcessGroupPolicy"="ProcessPSCHEDPolicy" "DllName"=expand:"gptext.dll" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}] @DACL=(02 0000) @="Windows Search Group Policy Extension" "ProcessGroupPolicy"="ProcessGroupPolicy" "DllName"=expand:"%SystemRoot%\\System32\\srchadmin.dll" "RequiresSuccessfulRegistry"=dword:00000001 "NoSlowLink"=dword:00000000 "NoGPOListChanges"=dword:00000001 "NoUserPolicy"=dword:00000000 "NoMachinePolicy"=dword:00000000 "PerUserLocalSettings"=dword:00000000 "EnableAsynchronousProcessing"=dword:00000001 "NoBackgroundPolicy"=dword:00000000 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}] @DACL=(02 0000) @="Deployed Printer Connections" "DisplayName"=expand:"@%systemroot%\\system32\\gpprnext.dll,-1" "DllName"=expand:"%systemroot%\\system32\\gpprnext.dll" "EnableAsynchronousProcessing"=dword:00000001 "ExtensionEventSource"="" "GenerateGroupPolicy"="PrinterGenerateGroupPolicy" "MaxNoGPOListChangesInterval"=dword:00000000 "NoBackgroundPolicy"=dword:00000000 "NoGPOListChanges"=dword:00000000 "NoMachinePolicy"=dword:00000000 "NoSlowLink"=dword:00000001 "NotifyLinkTransition"=dword:00000000 "NoUserPolicy"=dword:00000000 "PerUserLocalSettings"=dword:00000000 "ProcessGroupPolicy"="PrinterProcessGroupPolicy" "ProcessGroupPolicyEx"="PrinterProcessGroupPolicyEx" "RequiresSuccessfulRegistry"=dword:00000000 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}] @DACL=(02 0000) @="TCPIP" "DisplayName"=expand:"@gptext.dll,-204" "ProcessGroupPolicy"="ProcessTCPIPPolicy" "DllName"=expand:"gptext.dll" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "RequiresSuccessfulRegistry"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}] @DACL=(02 0000) @="IP Security" "ProcessGroupPolicyEx"="ProcessIPSECPolicyEx" "GenerateGroupPolicy"="GenerateIPSECPolicy" "DllName"=expand:"%SystemRoot%\\System32\\polstore.dll" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000000 "DisplayName"=expand:"@c:\\Windows\\system32\\polstore.dll,-5012" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}] @DACL=(02 0000) @="Audit Policy Configuration" "ProcessGroupPolicyEx"="ProcessGroupPolicyEx" "GenerateGroupPolicy"="GenerateGroupPolicy" "DllName"=expand:"auditcse.dll" "NoUserPolicy"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 "MaxNoGPOListChangesInterval"=dword:000003c0 "ForceRefreshFG"=dword:00000000 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}] @DACL=(02 0000) @="Enterprise QoS" "DisplayName"=expand:"@gptext.dll,-203" "ProcessGroupPolicy"="ProcessEQoSPolicy" "DllName"=expand:"gptext.dll" "RequiresSuccessfulRegistry"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}] @DACL=(02 0000) @="CP" "DisplayName"=expand:"@gptext.dll,-205" "ProcessGroupPolicy"="ProcessConnectivityPlatformPolicy" "DllName"=expand:"gptext.dll" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "RequiresSuccessfulRegistry"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-03-26 19:05:48 ComboFix-quarantined-files.txt 2011-03-26 17:05 ComboFix2.txt 2011-03-26 16:27 ComboFix3.txt 2011-03-26 16:18 . Pre-Run: 13 036 322 816 bytes free Post-Run: 12 986 613 760 bytes free . - - End Of File - - 9EA81FFF7649DEA43EBC582A28911DC5


    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Копирайте текста в карето на notepad и го запазваш с име CFScript.txt на десктопа си:

    KILLALL::
    
    File::
    c:\windows\system32\993B.tmp
    
    
    Driver::
    MEMSWEEP2
    
    Reboot::
    
    

    След съхранението премести CFScript.txt на иконата на ComboFix.exe

    Публикувано изображение

    Генерирания рапорт прикачете в следващия си пост..!

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ComboFix 11-03-25.04 - McPherson 03.2011 г. 20:26:34.4.2 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.3070.1792 [GMT 2:00] Running from: c:\users\McPherson\Desktop\ComboFix.exe Command switches used :: c:\users\McPherson\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\993B.tmp" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_MEMSWEEP2 . . ((((((((((((((((((((((((( Files Created from 2011-02-26 to 2011-03-26 ))))))))))))))))))))))))))))))) . . 2011-03-26 18:30 . 2011-03-26 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-03-26 18:22 . 2011-03-26 18:25 -------- d-----w- C:\32788R22FWJFW.0.tmp 2011-03-26 11:20 . 2011-03-26 11:20 -------- d-----w- c:\program files (x86)\ESET 2011-03-26 01:51 . 2011-02-23 14:57 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-03-26 01:51 . 2011-02-23 14:54 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-03-26 01:51 . 2011-02-23 14:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-03-26 01:51 . 2011-02-23 14:55 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-03-26 01:51 . 2011-02-23 14:55 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-03-26 01:51 . 2011-02-23 14:55 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-03-26 01:51 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr 2011-03-26 01:51 . 2011-02-23 15:04 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-03-26 01:51 . 2011-03-26 01:51 -------- d-----w- c:\programdata\AVAST Software 2011-03-26 01:51 . 2011-03-26 01:51 -------- d-----w- c:\program files\AVAST Software 2011-03-26 01:45 . 2011-03-26 01:45 241 ----a-w- C:\UnKIS.reg 2011-03-26 01:45 . 2011-03-26 01:45 -------- d-----w- C:\kleaner.tmp 2011-03-25 18:14 . 2011-03-25 18:13 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL 2011-03-25 18:14 . 2011-03-25 18:14 -------- d-----w- c:\programdata\Iterate Items 2011-03-25 18:14 . 2011-03-25 18:14 -------- d-----w- c:\programdata\Images 2011-03-25 18:14 . 2011-03-25 18:14 -------- d-----w- c:\programdata\Hybrid Morph 2011-03-25 06:03 . 2011-03-25 06:03 -------- d-----w- C:\MySlideshow 2011-03-25 05:37 . 2011-03-25 05:37 -------- d-----w- c:\programdata\Anvsoft 2011-03-25 05:37 . 2011-03-25 05:40 -------- d-----w- c:\users\McPherson\AppData\Roaming\Photo DVD Maker 2011-03-19 08:30 . 2011-03-19 08:30 -------- d-----w- c:\program files\Defraggler 2011-03-11 04:56 . 2011-03-11 04:56 -------- d-----w- c:\programdata\Nikon 2011-03-10 15:38 . 2011-03-10 15:38 -------- d-----w- c:\programdata\vhosts 2011-03-10 15:34 . 2011-03-25 18:04 57344 ----a-r- c:\users\McPherson\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe 2011-03-10 15:32 . 2011-03-25 18:02 -------- d-----w- c:\program files (x86)\Nikon 2011-03-04 22:32 . 2011-03-25 18:18 -------- d-----w- c:\users\McPherson\AppData\Local\Nikon 2011-03-04 22:31 . 2011-03-10 15:34 -------- d-----w- c:\program files (x86)\Common Files\Nikon 2011-03-04 22:30 . 2011-03-04 22:32 -------- d-----w- c:\users\McPherson\AppData\Roaming\Nikon 2011-03-04 22:30 . 2011-03-25 18:14 -------- d-----w- c:\programdata\Ultima_T15 2011-03-04 22:30 . 2011-03-25 18:14 -------- d-----w- c:\programdata\EnterNHelp 2011-03-04 12:02 . 2010-05-26 08:45 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys 2011-03-02 13:46 . 2011-03-02 13:46 -------- d-----w- c:\users\McPherson\AppData\Local\PassMark . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-23 15:04 . 2011-01-16 05:13 238968 ----a-w- c:\windows\system32\aswBoot.exe 2011-02-04 19:20 . 2011-01-31 05:06 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2011-02-04 19:19 . 2011-01-31 05:06 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-02-04 05:24 . 2011-01-30 20:06 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-02-04 05:24 . 2011-01-30 20:06 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-01-30 20:06 . 2011-01-30 20:06 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-01-30 20:06 . 2011-01-30 20:06 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-01-05 03:37 . 2011-01-05 03:37 8283136 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2011-01-05 03:22 . 2011-01-05 03:22 22100480 ----a-w- c:\windows\system32\atio6axx.dll 2011-01-05 03:03 . 2011-01-05 03:03 17043968 ----a-w- c:\windows\SysWow64\atioglxx.dll 2011-01-05 03:02 . 2011-01-05 03:02 143360 ----a-w- c:\windows\system32\atiapfxx.exe 2011-01-05 03:02 . 2011-01-05 03:02 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll 2011-01-05 03:01 . 2010-10-27 02:54 708608 ----a-w- c:\windows\system32\aticfx64.dll 2011-01-05 02:58 . 2011-01-05 02:58 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-01-05 02:58 . 2011-01-05 02:58 480256 ----a-w- c:\windows\system32\atieclxx.exe 2011-01-05 02:57 . 2011-01-05 02:57 203776 ----a-w- c:\windows\system32\atiesrxx.exe 2011-01-05 02:56 . 2011-01-05 02:56 120320 ----a-w- c:\windows\system32\atitmm64.dll 2011-01-05 02:56 . 2011-01-05 02:56 423424 ----a-w- c:\windows\system32\atipdl64.dll 2011-01-05 02:56 . 2011-01-05 02:56 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll 2011-01-05 02:55 . 2011-01-05 02:55 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll 2011-01-05 02:55 . 2011-01-05 02:55 16384 ----a-w- c:\windows\system32\atimuixx.dll 2011-01-05 02:55 . 2011-01-05 02:55 59392 ----a-w- c:\windows\system32\atiedu64.dll 2011-01-05 02:55 . 2011-01-05 02:55 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2011-01-05 02:52 . 2011-01-05 02:52 4101632 ----a-w- c:\windows\SysWow64\atidxx32.dll 2011-01-05 02:43 . 2009-07-13 21:59 4844544 ----a-w- c:\windows\system32\atidxx64.dll 2011-01-05 02:33 . 2011-01-05 02:33 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2011-01-05 02:33 . 2011-01-05 02:33 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2011-01-05 02:33 . 2011-01-05 02:33 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2011-01-05 02:33 . 2011-01-05 02:33 4162048 ----a-w- c:\windows\SysWow64\atiumdag.dll 2011-01-05 02:33 . 2011-01-05 02:33 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2011-01-05 02:33 . 2011-01-05 02:33 6815232 ----a-w- c:\windows\system32\aticaldd64.dll 2011-01-05 02:32 . 2011-01-05 02:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll 2011-01-05 02:32 . 2009-07-13 21:59 3218944 ----a-w- c:\windows\system32\atiumd6a.dll 2011-01-05 02:31 . 2011-01-05 02:31 5441024 ----a-w- c:\windows\SysWow64\aticaldd.dll 2011-01-05 02:28 . 2010-10-27 02:14 58880 ----a-w- c:\windows\system32\coinst.dll 2011-01-05 02:27 . 2009-06-10 20:36 5305856 ----a-w- c:\windows\system32\atiumd64.dll 2011-01-05 02:25 . 2011-01-05 02:25 3461120 ----a-w- c:\windows\SysWow64\atiumdva.dll 2011-01-05 02:20 . 2011-01-05 02:20 353792 ----a-w- c:\windows\system32\atiadlxx.dll 2011-01-05 02:20 . 2011-01-05 02:20 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2011-01-05 02:19 . 2011-01-05 02:19 14848 ----a-w- c:\windows\system32\atig6pxx.dll 2011-01-05 02:19 . 2011-01-05 02:19 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2011-01-05 02:19 . 2011-01-05 02:19 12800 ----a-w- c:\windows\system32\atiglpxx.dll 2011-01-05 02:19 . 2011-01-05 02:19 32256 ----a-w- c:\windows\system32\atig6txx.dll 2011-01-05 02:19 . 2011-01-05 02:19 27648 ----a-w- c:\windows\SysWow64\atigktxx.dll 2011-01-05 02:19 . 2011-01-05 02:19 294400 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2011-01-05 02:18 . 2010-10-27 02:13 39936 ----a-w- c:\windows\system32\atiuxp64.dll 2011-01-05 02:18 . 2011-01-05 02:18 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2011-01-05 02:18 . 2010-10-27 02:13 38400 ----a-w- c:\windows\system32\atiu9p64.dll 2011-01-05 02:18 . 2011-01-05 02:18 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2011-01-05 02:17 . 2011-01-05 02:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2011-01-05 02:11 . 2011-01-05 02:11 53760 ----a-w- c:\windows\system32\atimpc64.dll 2011-01-05 02:11 . 2011-01-05 02:11 53760 ----a-w- c:\windows\system32\amdpcom64.dll 2011-01-05 02:11 . 2011-01-05 02:11 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll 2011-01-05 02:11 . 2011-01-05 02:11 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-01-03 396152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "c:\windows\SysWOW64\V0350Ext.ax"="c:\windows\system32\RegSvr32.exe" [2009-07-14 14848] "V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-08-22 28672] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideFastUserSwitching"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R1 SABKUTIL;SABKUTIL;c:\program files\SUPERAntiSpyware\SABKUTIL.sys [x] R2 gupdate;Услуга Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 136176] R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x] R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\DRIVERS\V0350VFx.sys [x] R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\DRIVERS\V0350Vid.sys [x] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 15:28] . 2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 15:28] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-02-23 15:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "combofix"="c:\combofix\CF27384.cfxxe" [X] "c:\windows\system32\V0350Ext.ax"="c:\windows\system32\RegSvr32.exe" [2009-07-14 19456] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.bg/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}] @DACL=(02 0000) @="Folder Redirection" "ProcessGroupPolicyEx"="ProcessGroupPolicyEx" "DllName"=expand:"fdeploy.dll" "NoMachinePolicy"=dword:00000001 "NoSlowLink"=dword:00000001 "PerUserLocalSettings"=dword:00000001 "NoGPOListChanges"=dword:00000000 "NoBackgroundPolicy"=dword:00000000 "GenerateGroupPolicy"="GenerateGroupPolicy" "EventSources"=multi:"(Folder Redirection,Application)\00\00" "DisplayName"=expand:"@fdeploy.dll,-261" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}] @DACL=(02 0000) @="Microsoft Disk Quota" "DisplayName"=expand:"@%SystemRoot%\\System32\\dskquota.dll,-100" "NoMachinePolicy"=dword:00000000 "NoUserPolicy"=dword:00000001 "NoSlowLink"=dword:00000001 "NoBackgroundPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "PerUserLocalSettings"=dword:00000000 "RequiresSuccessfulRegistry"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000000 "DllName"=expand:"%SystemRoot%\\System32\\dskquota.dll" "ProcessGroupPolicy"="ProcessGroupPolicy" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}] @DACL=(02 0000) @="QoS Packet Scheduler" "DisplayName"=expand:"@gptext.dll,-201" "ProcessGroupPolicy"="ProcessPSCHEDPolicy" "DllName"=expand:"gptext.dll" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}] @DACL=(02 0000) @="Windows Search Group Policy Extension" "ProcessGroupPolicy"="ProcessGroupPolicy" "DllName"=expand:"%SystemRoot%\\System32\\srchadmin.dll" "RequiresSuccessfulRegistry"=dword:00000001 "NoSlowLink"=dword:00000000 "NoGPOListChanges"=dword:00000001 "NoUserPolicy"=dword:00000000 "NoMachinePolicy"=dword:00000000 "PerUserLocalSettings"=dword:00000000 "EnableAsynchronousProcessing"=dword:00000001 "NoBackgroundPolicy"=dword:00000000 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}] @DACL=(02 0000) @="Deployed Printer Connections" "DisplayName"=expand:"@%systemroot%\\system32\\gpprnext.dll,-1" "DllName"=expand:"%systemroot%\\system32\\gpprnext.dll" "EnableAsynchronousProcessing"=dword:00000001 "ExtensionEventSource"="" "GenerateGroupPolicy"="PrinterGenerateGroupPolicy" "MaxNoGPOListChangesInterval"=dword:00000000 "NoBackgroundPolicy"=dword:00000000 "NoGPOListChanges"=dword:00000000 "NoMachinePolicy"=dword:00000000 "NoSlowLink"=dword:00000001 "NotifyLinkTransition"=dword:00000000 "NoUserPolicy"=dword:00000000 "PerUserLocalSettings"=dword:00000000 "ProcessGroupPolicy"="PrinterProcessGroupPolicy" "ProcessGroupPolicyEx"="PrinterProcessGroupPolicyEx" "RequiresSuccessfulRegistry"=dword:00000000 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}] @DACL=(02 0000) @="TCPIP" "DisplayName"=expand:"@gptext.dll,-204" "ProcessGroupPolicy"="ProcessTCPIPPolicy" "DllName"=expand:"gptext.dll" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "RequiresSuccessfulRegistry"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}] @DACL=(02 0000) @="IP Security" "ProcessGroupPolicyEx"="ProcessIPSECPolicyEx" "GenerateGroupPolicy"="GenerateIPSECPolicy" "DllName"=expand:"%SystemRoot%\\System32\\polstore.dll" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000000 "DisplayName"=expand:"@c:\\Windows\\system32\\polstore.dll,-5012" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}] @DACL=(02 0000) @="Audit Policy Configuration" "ProcessGroupPolicyEx"="ProcessGroupPolicyEx" "GenerateGroupPolicy"="GenerateGroupPolicy" "DllName"=expand:"auditcse.dll" "NoUserPolicy"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 "MaxNoGPOListChangesInterval"=dword:000003c0 "ForceRefreshFG"=dword:00000000 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}] @DACL=(02 0000) @="Enterprise QoS" "DisplayName"=expand:"@gptext.dll,-203" "ProcessGroupPolicy"="ProcessEQoSPolicy" "DllName"=expand:"gptext.dll" "RequiresSuccessfulRegistry"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}] @DACL=(02 0000) @="CP" "DisplayName"=expand:"@gptext.dll,-205" "ProcessGroupPolicy"="ProcessConnectivityPlatformPolicy" "DllName"=expand:"gptext.dll" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "RequiresSuccessfulRegistry"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe . ************************************************************************** . Completion time: 2011-03-26 20:40:40 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-26 18:40 ComboFix2.txt 2011-03-26 17:05 ComboFix3.txt 2011-03-26 16:27 ComboFix4.txt 2011-03-26 16:18 . Pre-Run: 13 032 091 648 bytes free Post-Run: 12 930 121 728 bytes free . - - End Of File - - FF4401DE8A34C62E03EB68A0E41741CA

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Прекрасно..!След процедурата наблюдавате ли някъкви проблеми по системата си..?:rolleyes:

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Деинсталирайте Комбофикс така:

    1.Натиснете Start ==> Run ==> въведете командата Combofix /Uninstall ==> OK

    Публикувано изображение

    2.Изтеглете OTCleanIt или от тук,стартирайте и натиснете Clean up

    Ами това беше от мен ..Не виждам активни зарази...Пожелавам ви лека вечер..!:mark:

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.