Премини към съдържанието

    Препоръчан отговор


    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:57:06 ч., on 11.6.2011 г. Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe C:\Program Files\AVG\AVGLS\avgtray.exe C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Child Defender\chdefmon32.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Users\User\AppData\Roaming\Transcend\JFSW2\JFSW2Launch.exe C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\HiJackthis\post.exe C:\Windows\system32\mspaint.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/application.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVGLS\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVGLS\avgtray.exe O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Child Defender] "C:\Program Files\Child Defender\chdefmon32.exe" -a O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [JFSW2Launch] C:\Users\User\AppData\Roaming\Transcend\JFSW2\JFSW2Launch.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\chdeflsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\chdeflsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\chdeflsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\chdeflsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\chdeflsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\chdeflsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\chdeflsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\chdeflsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\chdeflsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\chdeflsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\chdeflsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0026D49A-341D-4777-8A4F-3F1B22173CD0}: NameServer = 89.190.211.1,89.190.192.166 O17 - HKLM\System\CS1\Services\Tcpip\..\{0026D49A-341D-4777-8A4F-3F1B22173CD0}: NameServer = 89.190.211.1,89.190.192.166 O17 - HKLM\System\CS2\Services\Tcpip\..\{0026D49A-341D-4777-8A4F-3F1B22173CD0}: NameServer = 89.190.211.1,89.190.192.166 O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVGLS\avgpp.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe O23 - Service: AVG LinkScanner® WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVGLS\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- End of file - 9849 bytes Ето това е файла от програмата. Иначе по време на скана се появи съобщение: For some reason your system denied write access to the Hosts file. Иначе системата съм я сканирал с CureIt, Malwarebytes, Spybot, SuperAntimalware, Panda Cloud Antivirus, Kaspersky, CCleaner. Пандата, SuperAntimalware и Kaspersky махнаха някакви нещо, но Проблема обаче си ми седи. Секюрити Център не ще да се стартира, а вече се появиха и препратки към нежелани сайтове когато търся нещо в гугъл - например френдфайндъри, програми за усилване на скоростта на компютъра и други такива глупости. Моля ви за помощ :yanim:

    Редактирано от changel (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте..!Хм ..как ще се включи като виждам McAfee + Panda Cloud Antivirus + AVG + Microsoft Security Essentials -четири антивируса или остатъци от тях...ТОВА Е НЕДОПУСТИМО....!!!

    Деинсталирайте всички с изключение само на една ..по ваш избор..Кажете ми коя си избирате да остане за да ви кажа другите как се деинсталират ПРАВИЛНО..!!!

    След това изпълнете това за да видя резултата...!!!

    • Изтеглете Security Check от тук или от тук и го запишете на десктопа.
    • Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.
    • Когато програмата завърши работата си, ще се отвори един текстов документ: checkup.txt.
    • Копирайте съдържанието с Копирай (Copy) на checkup.txt и с Постави (Paste) го поставете в следващия си коментар.

    И още нещо ...в този раздел си имаме строго определени правила..и аз и екипа държим да започнете с тази инструкция: Системата ми е инфектирана - Какво да правя сега? , а не със програми по ваш избор...!!!:)

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Първо, благодаря за бързия отговор! Иначе с DDS не се справих и затова реших да пробвам с Hijack. А относно проблема ми - с тях съм от около 1 година и допреди ден нямах никакви проблеми. Коя от тях ще препоръчате да оставя като най-добра? Моят фаворит е Есеншълс, но все пак искам да попитам. ПС: Необходимо ли е да се помъча пак с DDS или от този лог файл стават ясни нещата?

    Редактирано от changel (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Добър избор...!!!:)(ако операционната ви система е лицензирана)

    Деинсталирате така:

    McAfee - инструмента MCPR.exe

    Panda Cloud Antivirus - Cloud_AV_Uninstaller.exe

    AVG - avgremover.exe

    А, иначе да допълня - лога въобще не изглежда добре....ще се лекуваме..!:biggrin:

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Results of screen317's Security Check version 0.99.13

    Windows 7 Service Pack 1 (UAC is enabled)

    Internet Explorer 8

    ``````````````````````````````

    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!

    Windows Firewall Enabled!

    ESET Online Scanner v3

    Microsoft Security Essentials

    WMI entry may not exist for antivirus; attempting automatic update.

    ```````````````````````````````

    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware

    CCleaner

    Flash Player Out of Date!

    Adobe Flash Player 10.2.152.32

    Mozilla Firefox (x86 en-US..)

    ````````````````````````````````

    Process Check:

    objlist.exe by Laurent

    Child Defender chdefmon32.exe

    ``````````End of Log````````````

    Това е файла от секюрити чека, изтрих MacAfee и Panda, но при AVG ми дава следната грешка:

    Local machine: install actions planned

    Installation:

    Error: @AvgErrorCode_0x0127

    Child Defender го инсталирах за да не ме прерпраща към СПАМ сайтовете, а да ги блокира, но пак продължава.

    Редактирано от changel (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Добре...опитайте сега да сканирате с DDS ....ако не успеете....преименувайте dds.scr => dds.pif.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    DDS.txt DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by User at 20:11:37 on 2011-06-13 Microsoft Windows 7 Professional 6.1.7601.1.1251.359.1033.18.2558.1821 [GMT 3:00] . AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59} SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\rundll32.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Child Defender\chdefmon32.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Users\User\AppData\Roaming\Transcend\JFSW2\JFSW2Launch.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uURLSearchHooks: H - No File BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll uRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon uRun: [JFSW2Launch] c:\users\user\appdata\roaming\transcend\jfsw2\JFSW2Launch.exe uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Child Defender] "c:\program files\child defender\chdefmon32.exe" -a StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: c:\windows\system32\ChDefLsp.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab TCP: Interfaces\{0026D49A-341D-4777-8A4F-3F1B22173CD0} : NameServer = 89.190.211.1,89.190.192.166 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\9871sirn.default\ FF - prefs.js: browser.startup.homepage - about blank FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - component: c:\program files\avg\avgls\firefox\components\avgssff.dll FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-10-11 90112] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-13 136176] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest ultimate edition\kerneld.wnt [2010-7-30 23152] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-11 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-13 136176] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2010-10-11 86824] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2010-10-11 15016] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2010-10-11 114600] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2010-10-11 108328] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2010-10-11 26024] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2010-10-11 104616] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2010-10-11 109736] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-11 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-30 1343400] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== File Associations =============== . .scr=AutoCADScriptFile . =============== Created Last 30 ================ . 2011-06-13 13:48:17 -------- d-----w- C:\SMCLpav 2011-06-11 17:55:18 -------- d-----w- C:\HiJackthis 2011-06-11 17:33:23 388096 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-06-11 15:56:18 -------- d-----w- c:\windows\system32\SPReview 2011-06-11 15:55:27 -------- d-----w- c:\windows\system32\EventProviders 2011-06-11 15:48:53 -------- d-----w- c:\windows\en 2011-06-11 15:44:36 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2011-06-11 15:40:40 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2011-06-11 15:32:58 -------- d-----w- c:\program files\Microsoft 2011-06-11 15:32:55 -------- d-----w- c:\program files\MSN Toolbar 2011-06-11 15:32:40 -------- d-----w- c:\program files\Bing Bar Installer 2011-06-11 15:32:37 469256 ----a-w- c:\program files\common files\windows live\.cache\c9a07d991cc284c05\InstallManager_WLE_WLE.exe 2011-06-11 15:32:14 15712 ----a-w- c:\program files\common files\windows live\.cache\bcec76111cc284c04\MeshBetaRemover.exe 2011-06-11 15:32:02 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2011-06-11 15:32:02 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2011-06-11 15:32:02 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2011-06-11 15:31:59 94040 ----a-w- c:\program files\common files\windows live\.cache\b3d0ba3d1cc284c03\DSETUP.dll 2011-06-11 15:31:59 525656 ----a-w- c:\program files\common files\windows live\.cache\b3d0ba3d1cc284c03\DXSETUP.exe 2011-06-11 15:31:59 1691480 ----a-w- c:\program files\common files\windows live\.cache\b3d0ba3d1cc284c03\dsetup32.dll 2011-06-11 15:31:44 94040 ----a-w- c:\program files\common files\windows live\.cache\aa3dc8d51cc284c02\DSETUP.dll 2011-06-11 15:31:44 525656 ----a-w- c:\program files\common files\windows live\.cache\aa3dc8d51cc284c02\DXSETUP.exe 2011-06-11 15:31:44 1691480 ----a-w- c:\program files\common files\windows live\.cache\aa3dc8d51cc284c02\dsetup32.dll 2011-06-11 15:30:50 -------- d-----w- c:\users\user\appdata\local\Windows Live 2011-06-11 15:30:49 -------- d-----w- c:\program files\common files\Windows Live 2011-06-11 15:22:59 762880 ----a-w- c:\windows\system32\azroles.dll 2011-06-11 15:21:59 65536 ----a-w- c:\windows\system32\drivers\IPMIDrv.sys 2011-06-11 15:20:35 323072 ----a-w- c:\windows\system32\drvstore.dll 2011-06-11 15:20:34 257024 ----a-w- c:\windows\system32\dpx.dll 2011-06-11 15:16:17 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2011-06-11 15:16:16 219136 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-06-11 13:21:09 -------- d-----w- c:\users\user\appdata\roaming\SUPERAntiSpyware.com 2011-06-11 13:21:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-06-11 13:20:57 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-06-11 08:20:46 -------- d-----w- c:\users\user\DoctorWeb 2011-06-10 19:19:52 -------- d-----w- c:\programdata\Kaspersky Lab 2011-06-10 14:45:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-06-10 14:45:20 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-06-10 13:31:36 -------- d-----w- c:\users\user\appdata\roaming\Child Defender 2011-06-10 13:29:28 105984 ----a-w- c:\windows\system32\ChDefLsp.dll 2011-06-10 13:29:27 -------- d--h--w- c:\program files\Child Defender 2011-06-08 18:48:30 114176 --sha-r- c:\windows\system32\g711codca.dll 2011-06-08 18:00:04 -------- d-----w- c:\programdata\MAGIX 2011-06-08 17:57:29 -------- d-----w- c:\users\user\appdata\roaming\MAGIX 2011-06-08 17:57:27 -------- d-----w- c:\users\user\appdata\local\Xara 2011-06-08 17:55:11 -------- d-----w- c:\programdata\Xara 2011-06-08 17:55:11 -------- d-----w- c:\program files\Xara 2011-06-08 17:47:17 -------- d-----w- c:\users\user\appdata\local\Xenocode 2011-06-07 17:37:14 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0af42273-6c3c-41fb-b53c-eb446b856fa6}\mpengine.dll 2011-06-04 16:55:04 -------- d-----w- c:\windows\system32\Adobe 2011-05-25 09:55:36 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-05-24 09:47:00 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-05-20 07:02:33 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dc05c98c-c085-4473-b473-6528f2494291}\gapaengine.dll . ==================== Find3M ==================== . 2011-06-11 16:34:17 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-03-25 02:58:37 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys 2011-03-25 02:58:07 284672 ----a-w- c:\windows\system32\drivers\usbport.sys 2011-03-25 02:58:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-03-25 02:57:58 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys 2011-03-25 02:57:58 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys 2011-03-25 02:57:56 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2011-03-25 02:57:53 5888 ----a-w- c:\windows\system32\drivers\usbd.sys . ============= FINISH: 20:13:24,75 =============== Atatch.txt UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-03.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 30.7.2010 г. 17:43:55 System Uptime: 13.6.2011 г. 16:50:22 (4 hours ago) . Motherboard: ASUSTeK Computer INC. | | P4P800-VM Processor: Intel® Pentium® 4 CPU 2.60GHz | CPU 1 | 2593/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 98 GiB total, 61,011 GiB free. D: is FIXED (NTFS) - 368 GiB total, 342,765 GiB free. E: is CDROM () F: is CDROM () G: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKsl8e0157ad Device ID: ROOT\LEGACY_MPKSL8E0157AD\0000 Manufacturer: Name: MpKsl8e0157ad PNP Device ID: ROOT\LEGACY_MPKSL8E0157AD\0000 Service: MpKsl8e0157ad . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKsl99ee3865 Device ID: ROOT\LEGACY_MPKSL99EE3865\0000 Manufacturer: Name: MpKsl99ee3865 PNP Device ID: ROOT\LEGACY_MPKSL99EE3865\0000 Service: MpKsl99ee3865 . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKsl74402b42 Device ID: ROOT\LEGACY_MPKSL74402B42\0000 Manufacturer: Name: MpKsl74402b42 PNP Device ID: ROOT\LEGACY_MPKSL74402B42\0000 Service: MpKsl74402b42 . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKsl5efa2e24 Device ID: ROOT\LEGACY_MPKSL5EFA2E24\0000 Manufacturer: Name: MpKsl5efa2e24 PNP Device ID: ROOT\LEGACY_MPKSL5EFA2E24\0000 Service: MpKsl5efa2e24 . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKslb138b88a Device ID: ROOT\LEGACY_MPKSLB138B88A\0000 Manufacturer: Name: MpKslb138b88a PNP Device ID: ROOT\LEGACY_MPKSLB138B88A\0000 Service: MpKslb138b88a . ==== System Restore Points =================== . RP342: 11.6.2011 г. 21:55:49 - Scheduled Checkpoint . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent 2007 Microsoft Office Suite Service Pack 2 (SP2) ACDSee Photo Manager 12 Adobe Flash Player 10 Plugin Adobe Photoshop CS Adobe Shockwave Player 11.5 Ashampoo Burning Studio 6 FREE AutoCAD 2009 - English AutoCAD 2010 Language Pack - English Autodesk Design Review 2011 Autodesk Material Library 2011 Autodesk Material Library 2011 Base Image library Autodesk Material Library 2011 Medium Image library Autodesk Revit Architecture 2011 Avanquest update AVG LinkScanner® 8.5 Bing Bar Bing Bar Platform CCleaner Child Defender 3.0.0 CorelDRAW Graphics Suite 12 D3DX10 ESET Online Scanner v3 EVEREST Ultimate Edition v4.60 GOM Player Google Земя Google Chrome Google SketchUp Pro 8 Google Update Helper HiJackThis Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) IZArc 4.1.2 Junk Mail filter update Malwarebytes' Anti-Malware Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft Antimalware Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft Visual Studio Tools for Applications 2.0 Runtime Mozilla Firefox 4.0.1 (x86 en-US) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) PC-Bibliothek PMB Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2466156) Security Update for 2007 Microsoft Office System (KB2509488) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2464583) Security Update for Microsoft Office Groove 2007 (KB2494047) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2535818) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) SereneScreen Aquarium Skype™ 5.3 Sony Ericsson PC Suite 6.011.00 SopCast 3.2.9 Spybot - Search & Destroy SumatraPDF SUPERAntiSpyware Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2509470) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (KB2536413) VBA (2627.01) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 Winamp Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Xara Web Designer 6 Xara Web Designer 6 Content . ==== Event Viewer Messages From Past Week ======== . 9.6.2011 г. 23:12:37, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 9.6.2011 г. 23:07:40, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 9.6.2011 г. 20:04:33, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 8.6.2011 г. 20:04:23, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 8.6.2011 г. 17:07:17, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 7.6.2011 г. 09:54:26, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 13.6.2011 г. 16:50:35, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 13.6.2011 г. 16:48:33, Error: Service Control Manager [7034] - The Panda Cloud Antivirus Service service terminated unexpectedly. It has done this 1 time(s). 13.6.2011 г. 16:48:26, Error: Service Control Manager [7030] - The Panda Security Generic Uninstaller service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 13.6.2011 г. 16:45:22, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 13.6.2011 г. 16:20:25, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 13.6.2011 г. 15:01:57, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 12.6.2011 г. 19:34:58, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 12.6.2011 г. 17:49:03, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 11.6.2011 г. 19:50:36, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 11.6.2011 г. 19:47:08, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 11.6.2011 г. 19:26:39, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 11.6.2011 г. 14:23:01, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 11.6.2011 г. 14:03:09, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 11.6.2011 г. 13:29:53, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 11.6.2011 г. 11:09:04, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 11.6.2011 г. 00:11:56, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 10.6.2011 г. 20:10:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10.6.2011 г. 20:10:05, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10.6.2011 г. 20:10:02, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 10.6.2011 г. 20:08:00, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 10.6.2011 г. 18:48:04, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 10.6.2011 г. 16:31:00, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 10.6.2011 г. 15:42:27, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004 10.6.2011 г. 14:12:18, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 10.6.2011 г. 08:00:16, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004 10.6.2011 г. 07:11:36, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. . ==== End Of File ===========================

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Преди да продължим следва малка процедура:

    • Стартирайте Spybot Search & Destroy.
    • В менюто Mode натиснете "Advanced mode", ако все още не е избран.
    • Потвърдете с ''Yes''
    • Отворете меню '' Tools''
    • Кликнете на ''Resident''
    • Махнете отметката на "Resident "TeaTimer" (Protection of overall system settings) active."
    • Ако TeaTimer ви дава предупреждение, че са направени промени, кликнете върху "Allow Change"
    • В менюто Файл щракнете върху "Exit" за да излезете от Spybot Search & Destroy.
    След това:

    • Стартирайте SUPERAntiSpyware
    • Кликнете върху Preferences
    • Кликнете на таб Real-Time Protection
    • Махнете отметката от Real-Time protection
    • Кликнете върху таб Hi-Jack Protection
    • Под Home Page Protection,махнете отметката на "Protect Home Page from being changed. Changes can only be made here."
    • Клик върху Close
    • Затвряте програмата

    И след това :

    Изтеглете ComboFix от тук или тук и го запазете на десктопа си.

    • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

    Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

    • Стартирайте Combo-Fix.com и следвайте инструкциите.

    Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

    • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

    • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

    ** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

    Публикувано изображение

    След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

    Публикувано изображение

    Изберете Yes, за да продължи сканирането за зловреден софтуер.

    Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

    Бележка:

    • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
    • ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
    • ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
    • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
    • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

    Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

    Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

    AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}

    SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    Нали ми казахте че сте деинсталирали Panda...?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Хмм...Пандата я деинсталирах от линка, който ми дадохте и изписа че е премахната успешно. Не я намирам в списъка с програмите, в Program Files също я няма. Проблем ли ще бъде за работата на КомбоФикс? http://www.kaldata.com/forums/public/style_emoticons/<#EMO_DIR#>/sad.gif

    PS: Освен Секюрити Центъра, проблема с прехвърлянето в разни СПАМ сайтове е същия като от темата на този потребител http://www.kaldata.com/forums/index.php?showtopic=177498

    Редактирано от changel (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Няма проблем...ясно ми е всичко..чакам лога от Комбофикс..!:P

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ComboFix 11-06-13.03 - User 06.2011 г. 8:19.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1251.359.1033.18.2558.1676 [GMT 3:00] Running from: c:\users\User\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\hpe6E06.dll c:\users\User\AppData\Roaming\360SE c:\users\User\AppData\Roaming\360SE\360SE.ini c:\users\User\AppData\Roaming\360SE\data\360sefav.db c:\users\User\AppData\Roaming\360SE\data\history.dat c:\users\User\AppData\Roaming\360SE\data\ico\avc.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\cn.bing.com.ico c:\users\User\AppData\Roaming\360SE\data\ico\cz.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\ddt.wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\dgcs.wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\dh.wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\farm.wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\hao.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\hero.wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\mcsd.wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\me.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\plsm.wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\poker.wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\se.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\search8.taobao.com.ico c:\users\User\AppData\Roaming\360SE\data\ico\wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\www.baidu.com.ico c:\users\User\AppData\Roaming\360SE\data\ico\www.bing.com.ico c:\users\User\AppData\Roaming\360SE\data\ico\www.google.com.hk.ico c:\users\User\AppData\Roaming\360SE\data\ico\www.qihoo.com.ico c:\users\User\AppData\Roaming\360SE\data\ico\www.sogou.com.ico c:\users\User\AppData\Roaming\360SE\data\ico\www.youdao.com.ico c:\users\User\AppData\Roaming\360SE\data\ico\wxfy.wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\yahoo.cn.ico c:\users\User\AppData\Roaming\360SE\data\ico\zqjl.wan.360.cn.ico c:\users\User\AppData\Roaming\360SE\extensions\SafeCentral\esimple.ini c:\users\User\AppData\Roaming\360SE\extensions\SafeCentral\SafeCentral.ini c:\users\User\AppData\Roaming\360SE\extensions\SafeCentral\SafeProtect.dat c:\users\User\AppData\Roaming\360SE\extensions\SafeCentral\urllib.dat c:\windows\security\Database\tmp.edb c:\windows\unin0407.exe . . ((((((((((((((((((((((((( Files Created from 2011-05-14 to 2011-06-14 ))))))))))))))))))))))))))))))) . . 2011-06-14 05:40 . 2011-06-14 05:40 -------- d-----w- c:\users\User\AppData\Local\temp 2011-06-14 05:40 . 2011-06-14 05:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-14 05:40 . 2011-06-14 05:40 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-06-14 04:59 . 2011-06-14 04:59 -------- d-----w- c:\program files\VS Revo Group 2011-06-14 04:50 . 2011-06-14 05:03 -------- d-----w- c:\users\User\AppData\Roaming\AVG10 2011-06-14 04:48 . 2011-06-14 04:48 -------- d--h--w- c:\programdata\Common Files 2011-06-14 04:45 . 2011-06-14 04:46 -------- d-----w- c:\windows\system32\drivers\AVG 2011-06-14 04:41 . 2011-06-14 04:50 -------- d-----w- c:\programdata\MFAData 2011-06-11 17:55 . 2011-06-11 17:57 -------- d-----w- C:\HiJackthis 2011-06-11 17:33 . 2011-06-11 17:33 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-11 15:56 . 2011-06-11 15:56 -------- d-----w- c:\windows\system32\SPReview 2011-06-11 15:55 . 2011-06-11 15:55 -------- d-----w- c:\windows\system32\EventProviders 2011-06-11 15:48 . 2011-06-11 15:48 -------- d-----w- c:\windows\en 2011-06-11 15:44 . 2010-09-22 21:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2011-06-11 15:44 . 2011-06-11 15:44 -------- dc----w- c:\windows\system32\DRVSTORE 2011-06-11 15:40 . 2011-06-11 15:40 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2011-06-11 15:33 . 2011-06-11 15:50 -------- d-----w- c:\program files\Windows Live 2011-06-11 15:32 . 2011-06-11 15:32 -------- d-----w- c:\program files\Microsoft 2011-06-11 15:32 . 2011-06-11 15:32 -------- d-----w- c:\program files\MSN Toolbar 2011-06-11 15:32 . 2011-06-11 15:33 -------- d-----w- c:\program files\Bing Bar Installer 2011-06-11 15:32 . 2009-09-04 14:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2011-06-11 15:32 . 2009-09-04 14:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2011-06-11 15:32 . 2009-09-04 14:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2011-06-11 15:30 . 2011-06-11 15:30 -------- d-----w- c:\users\User\AppData\Local\Windows Live 2011-06-11 15:30 . 2011-06-11 15:30 -------- d-----w- c:\program files\Common Files\Windows Live 2011-06-11 15:22 . 2010-11-20 12:30 240000 ----a-w- c:\windows\system32\drivers\netio.sys 2011-06-11 15:21 . 2010-11-20 12:21 11264 ----a-w- c:\windows\system32\wshirda.dll 2011-06-11 15:20 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll 2011-06-11 15:20 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll 2011-06-11 15:16 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2011-06-11 15:16 . 2010-11-20 12:18 219136 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-06-11 13:21 . 2011-06-11 13:21 -------- d-----w- c:\users\User\AppData\Roaming\SUPERAntiSpyware.com 2011-06-11 13:21 . 2011-06-11 13:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-06-11 13:20 . 2011-06-11 13:21 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-06-11 08:20 . 2011-06-11 10:00 -------- d-----w- c:\users\User\DoctorWeb 2011-06-10 19:19 . 2011-06-10 19:19 -------- d-----w- c:\programdata\Kaspersky Lab 2011-06-10 14:45 . 2011-06-13 18:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-06-10 14:45 . 2011-06-10 14:45 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-06-10 13:31 . 2011-06-10 13:31 -------- d-----w- c:\users\User\AppData\Roaming\Child Defender 2011-06-10 13:29 . 2009-10-30 07:29 105984 ----a-w- c:\windows\system32\ChDefLsp.dll 2011-06-10 13:29 . 2011-06-10 13:29 -------- d--h--w- c:\program files\Child Defender 2011-06-08 18:48 . 2011-06-08 18:48 114176 --sha-r- c:\windows\system32\g711codca.dll 2011-06-08 18:00 . 2011-06-08 18:00 -------- d-----w- c:\programdata\MAGIX 2011-06-08 17:57 . 2011-06-08 18:00 -------- d-----w- c:\users\User\AppData\Roaming\MAGIX 2011-06-08 17:57 . 2011-06-08 17:57 -------- d-----w- c:\users\User\AppData\Local\Xara 2011-06-08 17:55 . 2011-06-08 17:55 -------- d-----w- c:\programdata\Xara 2011-06-08 17:55 . 2011-06-08 17:55 -------- d-----w- c:\program files\Xara 2011-06-08 17:47 . 2011-06-08 17:47 -------- d-----w- c:\users\User\AppData\Local\Xenocode 2011-06-07 17:37 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0AF42273-6C3C-41FB-B53C-EB446B856FA6}\mpengine.dll 2011-06-04 16:55 . 2011-06-04 16:55 -------- d-----w- c:\windows\system32\Adobe 2011-05-25 09:55 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-05-24 09:47 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-05-20 07:02 . 2011-01-27 17:27 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC05C98C-C085-4473-B473-6528F2494291}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-11 16:34 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-06-11 15:34 . 2010-06-24 08:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-09 20:46 . 2010-07-31 06:58 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-04-14 18:28 . 2011-04-14 18:28 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys 2011-04-09 06:02 . 2011-05-11 18:10 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:02 . 2011-05-11 18:10 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-04 21:59 . 2011-04-04 21:59 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2011-03-25 02:58 . 2011-05-11 18:10 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys 2011-03-25 02:58 . 2011-05-11 18:10 284672 ----a-w- c:\windows\system32\drivers\usbport.sys 2011-03-25 02:58 . 2011-05-11 18:10 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-03-25 02:57 . 2011-05-11 18:10 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys 2011-03-25 02:57 . 2011-05-11 18:10 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys 2011-03-25 02:57 . 2011-05-11 18:10 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2011-03-25 02:57 . 2011-05-11 18:10 5888 ----a-w- c:\windows\system32\drivers\usbd.sys 2011-03-16 13:03 . 2011-03-16 13:03 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2011-05-06 19:28 . 2011-05-06 19:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176] "JFSW2Launch"="c:\users\User\AppData\Roaming\Transcend\JFSW2\JFSW2Launch.exe" [2010-03-25 176128] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2424192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Child Defender"="c:\program files\Child Defender\chdefmon32.exe" [2009-11-10 660480] . c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 08:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . R1 MpKsl5efa2e24;MpKsl5efa2e24;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA6D2F06-2216-43AD-BFE4-997D87EBCB3F}\MpKsl5efa2e24.sys [x] R1 MpKsl74402b42;MpKsl74402b42;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{154820CB-DBB1-4CA5-A8FF-B52805AB7B3C}\MpKsl74402b42.sys [x] R1 MpKsl8e0157ad;MpKsl8e0157ad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{154820CB-DBB1-4CA5-A8FF-B52805AB7B3C}\MpKsl8e0157ad.sys [x] R1 MpKsl99ee3865;MpKsl99ee3865;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B6A0124-25AC-4872-B697-9617B53F9557}\MpKsl99ee3865.sys [x] R1 MpKslb138b88a;MpKslb138b88a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2B85AE5-A115-41B9-BEA5-93393E640624}\MpKslb138b88a.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-13 136176] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968] R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-09-04 23152] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-13 136176] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360] R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824] R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016] R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600] R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328] R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024] R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616] R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-30 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-01 691696] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] . . Contents of the 'Scheduled Tasks' folder . 2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-13 07:14] . 2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-13 07:14] . 2011-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2022205001-573302471-1828573530-1000Core.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10 12:30] . 2011-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2022205001-573302471-1828573530-1000UA.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10 12:30] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\ChDefLsp.dll TCP: Interfaces\{0026D49A-341D-4777-8A4F-3F1B22173CD0}: NameServer = 89.190.211.1,89.190.192.166 FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9871sirn.default\ FF - prefs.js: browser.startup.homepage - about blank FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= . . ------- File Associations ------- . .scr=AutoCADScriptFile . - - - - ORPHANS REMOVED - - - - . AddRemove-PC-Bibliothek - c:\windows\unin0407.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver] "ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.032" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.abr" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ani" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.apd" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.arw" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bay" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bmp" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bw" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cr2" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.crw" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cs1" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cur" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dcr" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dcx" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dib" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.djv" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.djvu" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dng" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.emf" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.eps" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.erf" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.fff" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.fpx" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.gif" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.hdr" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.icl" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.icn" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (S-1-5-21-2022205001-573302471-1828573530-1000) @Denied: (2) (LocalSystem) "Progid"="Winamp.File.iff" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ilbm" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.int" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.inta" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.iw4" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.j2c" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.j2k" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jbr" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jfif" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jif" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jp2" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpc" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpe" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpeg" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpg" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpk" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpx" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.kdc" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.lbm" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mef" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mos" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mrw" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.nef" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.nrw" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.orf" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pbm" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pbr" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pcd" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pct" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pcx" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pef" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pgm" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pic" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pict" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pix" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.png" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ppm" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.psd" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.psp" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pspbrush" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pspimage" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.raf" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ras" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (S-1-5-21-2022205001-573302471-1828573530-1000) @Denied: (2) (LocalSystem) "Progid"="Winamp.File.raw" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rgb" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rgba" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rle" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rsb" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rw2" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rwl" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sgi" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sr2" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.srf" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tga" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.thm" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tif" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tiff" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ttc" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ttf" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30po" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30pp" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30ppf" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wbm" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wbmp" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wmf" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xbm" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xif" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xmp" . [HKEY_USERS\S-1-5-21-2022205001-573302471-1828573530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xpm" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-06-14 08:46:47 ComboFix-quarantined-files.txt 2011-06-14 05:46 . Pre-Run: 65 199 779 840 bytes free Post-Run: 64 865 251 328 bytes free . - - End Of File - - 1249715207642DC2C582521385A6C22A

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    След сканирането с Комбо фикса, проблема се оправи :clap: Есеншълс вече е включена и ъпдейтната! Проблема в гугъл от няколкото търсения която направих също мисля че и изчезнал. Има ли нужда от още действия?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Разбира се...Бързате но има още какво да правим...!:down:

    Ще ви помоля отново да опитате деинсталиране на AVG като използвате AVG Remover(64bit) 2011 (avg_remover_stf_x64_2011_1322.exe) за (64bit) или AVG Remover(32bit) 2011 (avg_remover_stf_x86_2011_1322.exe) за (32bit)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Мисля че сега стана с AVG, а Пандата какво да я правя? Няма я в инсталираните програми, в програмните файлове...

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Споко ...ще я махнем със скрипт......сега оглеждам лога и ще ти пиша..!:down:

    Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

    KILLALL::
    
    SecCenter:: 
    AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
    SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
    
    Folder::
    c:\users\User\DoctorWeb
    c:\programdata\Kaspersky Lab
    
    DDS::
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
    
    Reboot::
    
    
    

    След съхранението преместете CFScript.txt на иконата на ComboFix.exe

    Публикувано изображение

    Генерирания рапорт прикачете в следващия си пост..!

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

    KILLALL::
    
    Folder::
    c:\users\User\AppData\Roaming\AVG10
    
    Registry::
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    
    Reboot::
    
    

    След съхранението преместете CFScript.txt на иконата на ComboFix.exe

    Публикувано изображение

    Генерирания рапорт прикачете в следващия си пост..!

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Хубаво..!Сега да поговорим малко за Spybot Search & Destroy , SUPERAntiSpyware ,Malwarebytes' Anti-Malware,ESET Online Scanner....!!!:)

    • Стартирайте Spybot Search & Destroy.
    • В менюто Mode натиснете "Advanced mode", ако все още не е избран.
    • Потвърдете с ''Yes''
    • Отворете меню '' Tools''
    • Кликнете на ''Resident''
    • Махнете отметката на "Resident "TeaTimer" (Protection of overall system settings) active."
    • Ако TeaTimer ви дава предупреждение, че са направени промени, кликнете върху "Allow Change"
    • В менюто Файл щракнете върху "Exit" за да излезете от Spybot Search & Destroy.

    Предполагам си спомняте че изключихме "Resident "TeaTimer" на програмата...Сега е времето по обратния път да включите защитата...!

    Това обаче не се отнася за другата програма SUPERAntiSpyware ..Няма смисъл да охранява в реално време..Използвайте я периодически,като обновявате дефинициите и сканирате ..!

    Това същото се отнася и за Malwarebytes' Anti-Malware..Препоръчвам ти поне веднъж в седмицата да правите контролни сканирания с двете програми.

    ESET Online Scanner..просто изтрийте по стандартния метод..!

    Но преди да започнете с горните препоръки..деинсталирайте Комбофикс така:

    1.Натиснете Start ==> Run ==> въведете командата Combofix /Uninstall ==> OK

    Публикувано изображение

    2.Изтеглете OTCleanIt или от тук,стартирайте и натиснете Clean up

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Всичко е готово! Много ви благодаря за помощта, да се надяваме че повече няма да имам проблеми с вирусчета :)

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    И аз ви благодаря за добрата работа...!Хубаво е да направите по едно сканиране с МБАМ и SUPERAntiSpyware, когато имате повече време..!Последното което ви препоръчвам е да обновите Flash Player с последна версия 10.3.181.22

    Пожелавам ви лек ден и безопасен Интернет...!:)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.