Премини към съдържанието
Kreuzritter265

Инфектирана система... или не? [решен]

    Препоръчан отговор


    Забелязах, че от няколко дни нета се забави (много малко, но го усещам), winamp ми крашва постоянно и като цяло не съм много сигурен, че компютъра ми е чист от зловредни неща. Съмненията ми подсили RemoveIT v7, мисля, че беше, изкарва ми съобщение за 23, да 23 инфектирани файла, давам Fix, но естествено... т'ва били Trail! Scan-а с RemoveIT v7 беше извършен след скан с последна версия на Spybot-S&D. SSD ми намери само бисквитки- нищо необичайно, пуснах Avast!- НИЩО не намери... Като цяло съм в изходно положение, така че ви моля най- искрено за вашата компетентна помощ! Предлагайте какво да тегля/ деинсталирам като антивирусен софт. Благодаря ви сърдечно за помощта и отделеното време!!!

    Редактирано от nologo (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Привет!

    Моля, прочетете внимателно тази тема. Обърнете внимание на една програма - DDS. В темата, която посочих има съвсем ясна инструкция за това какво трябва да направите. Очаквам от вас логове: DDS.txt и Attach.txt.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Добър ден, благодаря за бързия отговор! Ето ги и резултатите от посочената от Вас програма! : DDS: DDS (Ver_2011-07-14.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 Run by Ivan at 10:49:14 on 2011-07-18 Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1033.18.4079.2579 [GMT 3:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\SysWOW64\srvany.exe C:\Windows\KMService.exe C:\Windows\system32\conhost.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\system32\WUDFHost.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Winamp\winamp.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Users\Ivan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ivan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ivan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ivan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ivan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Ivan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.bg/ mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [RemoveIT Pro v7Ultra] C:\Program Files (x86)\InCode Solutions\RemoveIT Pro v7 Ultra\removeit.exe mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{70F825D4-39E5-45DE-A0EC-619E5B125AF6} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{B7B7D262-DBF4-47CE-B3B7-C0CB1F15AB3A} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-6-24 600920] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-6-24 288088] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-5-25 204288] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-6-24 22360] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-6-24 64856] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-7-11 42184] R2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-7 1153368] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-24 2655768] R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-5-25 9359872] R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-5-25 309760] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-3-30 114704] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-5-25 52608] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-5-25 76160] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-6-24 56344] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-24 413800] R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992] R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\System32\drivers\vcsvad.sys [2011-7-11 21504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208] S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960] S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-24 1255736] . =============== Created Last 30 ================ . 2011-07-17 21:44:45 2560 ----a-w- C:\Windows\_MSRSTRT.EXE 2011-07-17 21:29:53 -------- d-----w- C:\Program Files (x86)\InCode Solutions 2011-07-16 12:08:34 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-07-16 12:08:23 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-07-16 12:08:19 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-07-16 09:58:22 -------- d-----w- C:\Windows\WindowsMobile 2011-07-15 10:22:45 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2011-07-14 08:52:48 -------- d-----w- C:\Users\Ivan\AppData\Local\ElevatedDiagnostics 2011-07-11 20:32:54 -------- d-----w- C:\Users\Ivan\AppData\Roaming\Screaming Bee 2011-07-11 20:22:47 -------- d-----w- C:\Users\Ivan\AppData\Roaming\Avnex 2011-07-11 20:22:33 21504 ----a-w- C:\Windows\System32\drivers\vcsvad.sys 2011-07-11 19:22:44 -------- d-----w- C:\Program Files (x86)\QS QualitySoft GmbH 2011-07-10 10:52:40 -------- d-----w- C:\Users\Ivan\AppData\Roaming\ts3overlay 2011-07-10 10:50:11 -------- d-----w- C:\Users\Ivan\AppData\Roaming\TS3Client 2011-07-09 10:10:35 -------- d-----w- C:\Users\Ivan\AppData\Roaming\TeamViewer 2011-07-09 07:50:34 -------- d-----w- C:\Program Files (x86)\Lavalys 2011-07-08 10:46:56 -------- d-----w- C:\Program Files (x86)\Garena 2011-07-07 17:45:18 -------- d-----w- C:\Users\Ivan\AppData\Roaming\TuneUp Software 2011-07-07 17:44:53 -------- d-----w- C:\ProgramData\TuneUp Software 2011-07-07 17:44:48 -------- d-sh--w- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} 2011-07-07 16:39:35 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2011-07-07 16:39:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2011-07-04 08:36:34 129784 ------w- C:\Windows\SysWow64\pxafs.dll 2011-06-30 19:57:41 834544 ----a-w- C:\Windows\System32\drivers\sptd.sys 2011-06-30 19:57:20 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite 2011-06-30 19:57:05 -------- d-----w- C:\Users\Ivan\AppData\Roaming\DAEMON Tools Lite 2011-06-30 19:57:02 -------- d-----w- C:\ProgramData\DAEMON Tools Lite 2011-06-30 18:05:37 -------- d-----w- C:\Program Files (x86)\VirtualDJ 2011-06-30 09:04:32 -------- d-----r- C:\Program Files (x86)\Skype 2011-06-29 14:01:04 -------- d-----w- C:\Program Files (x86)\The KMPlayer 2011-06-29 12:47:18 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2011-06-29 12:47:13 -------- d-----w- C:\Users\Ivan\AppData\Local\PunkBuster 2011-06-29 12:29:51 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2011-06-29 12:29:51 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2011-06-29 12:29:48 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2011-06-29 12:29:48 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe 2011-06-29 12:20:54 -------- d-----w- C:\Users\Ivan\AppData\Local\Google 2011-06-29 12:20:07 -------- d-----w- C:\Users\Ivan\AppData\Local\Deployment 2011-06-29 12:20:07 -------- d-----w- C:\Users\Ivan\AppData\Local\Apps 2011-06-27 10:14:45 -------- d-----w- C:\Users\Ivan\AppData\Local\ATI 2011-06-27 10:14:08 0 ----a-w- C:\Windows\ativpsrm.bin 2011-06-27 10:13:17 -------- d-----w- C:\Program Files (x86)\AMD APP 2011-06-27 10:13:15 -------- d-----w- C:\Program Files\Common Files\ATI Technologies 2011-06-27 10:13:15 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies 2011-06-27 10:12:44 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2011-06-27 10:12:39 -------- d-----w- C:\Program Files\ATI 2011-06-27 10:12:21 -------- d-----w- C:\Program Files\ATI Technologies 2011-06-27 10:11:56 -------- d-----w- C:\ATI 2011-06-27 07:11:29 -------- d-----w- C:\ProgramData\Electronic Arts 2011-06-27 07:11:29 -------- d-----w- C:\ProgramData\EA Core 2011-06-27 07:05:59 5425496 ----a-w- C:\Windows\System32\D3DX9_41.dll 2011-06-27 06:35:26 159080 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin 2011-06-27 06:30:32 -------- d-----w- C:\Program Files (x86)\uTorrent 2011-06-27 06:30:00 -------- d-----w- C:\Users\Ivan\AppData\Roaming\uTorrent 2011-06-27 06:30:00 -------- d-----w- C:\Users\Ivan\AppData\Local\uTorrent 2011-06-24 20:59:36 -------- d-----w- C:\Windows\Panther 2011-06-24 14:18:26 -------- d-----w- C:\Users\Ivan\AppData\Local\Adobe 2011-06-24 14:09:23 8192 ----a-w- C:\Windows\SysWow64\srvany.exe 2011-06-24 14:09:23 77824 ----a-w- C:\Windows\KMService.exe 2011-06-24 14:06:39 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2011-06-24 14:06:30 -------- d-----w- C:\Windows\PCHEALTH 2011-06-24 14:06:30 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2011-06-24 14:05:30 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8 2011-06-24 14:04:49 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2011-06-24 14:04:37 -------- d-----w- C:\Users\Ivan\AppData\Local\Microsoft Help 2011-06-24 14:03:20 802816 ----a-w- C:\Windows\SysWow64\imagXRA7.dll 2011-06-24 14:03:20 497296 ----a-w- C:\Windows\SysWow64\imagXpr7.dll 2011-06-24 14:03:20 368640 ----a-w- C:\Windows\SysWow64\TwnLib4.dll 2011-06-24 14:03:20 258048 ----a-w- C:\Windows\SysWow64\imagXR7.dll 2011-06-24 14:03:20 1757184 ----a-w- C:\Windows\SysWow64\imagX7.dll 2011-06-24 14:03:20 -------- d-----w- C:\ProgramData\Nero 2011-06-24 14:03:20 -------- d-----w- C:\Program Files (x86)\Nero 2011-06-24 13:57:00 -------- d-----w- C:\Windows\SysWow64\Wat 2011-06-24 13:57:00 -------- d-----w- C:\Windows\System32\Wat 2011-06-24 13:49:49 -------- d-----w- C:\Users\Ivan\AppData\Roaming\Win7codecs 2011-06-24 13:49:45 -------- d-----w- C:\Program Files (x86)\Win7codecs 2011-06-24 13:49:24 -------- d-----w- C:\ProgramData\Win7codecs 2011-06-24 13:48:08 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-06-24 13:44:48 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-06-24 13:44:48 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-06-24 13:44:47 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-06-24 13:44:39 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-06-24 13:44:39 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-06-24 13:44:38 3135488 ----a-w- C:\Windows\System32\win32k.sys 2011-06-24 13:44:09 467456 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-06-24 13:44:09 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-06-24 13:44:09 197120 ----a-w- C:\Windows\System32\d3d10_1.dll 2011-06-24 13:44:09 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-06-24 13:44:09 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2011-06-24 13:43:40 642944 ----a-w- C:\Windows\System32\winload.efi 2011-06-24 13:43:40 605552 ----a-w- C:\Windows\System32\winload.exe 2011-06-24 13:43:40 566208 ----a-w- C:\Windows\System32\winresume.efi 2011-06-24 13:43:40 518672 ----a-w- C:\Windows\System32\winresume.exe 2011-06-24 13:43:40 20352 ----a-w- C:\Windows\System32\kdusb.dll 2011-06-24 13:43:40 19328 ----a-w- C:\Windows\System32\kd1394.dll 2011-06-24 13:43:40 17792 ----a-w- C:\Windows\System32\kdcom.dll 2011-06-24 13:43:30 861696 ----a-w- C:\Windows\System32\oleaut32.dll 2011-06-24 13:43:30 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-06-24 13:43:28 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys 2011-06-24 13:43:27 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe 2011-06-24 13:43:27 31232 ----a-w- C:\Windows\System32\prevhost.exe 2011-06-24 13:42:39 8192 ----a-w- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll 2011-06-24 13:42:39 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll 2011-06-24 13:42:35 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent 2011-06-24 13:42:20 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys 2011-06-24 13:39:36 -------- d-----w- C:\Program Files (x86)\Etron Technology 2011-06-24 13:37:43 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll 2011-06-24 13:37:38 -------- d-----w- C:\Intel 2011-06-24 13:35:44 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll 2011-06-24 13:35:44 413800 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys 2011-06-24 13:35:44 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll 2011-06-24 13:35:41 -------- d-----w- C:\Program Files (x86)\Realtek 2011-06-24 13:35:08 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2011-06-24 13:35:07 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2011-06-24 13:34:40 -------- d-sh--w- C:\Windows\Installer 2011-06-24 13:34:36 40112 ----a-w- C:\Windows\avastSS.scr 2011-06-24 13:34:32 -------- d-----w- C:\ProgramData\AVAST Software 2011-06-24 13:34:32 -------- d-----w- C:\Program Files\AVAST Software 2011-06-24 13:33:58 1395712 ----a-w- C:\Windows\System32\mfc42.dll 2011-06-24 13:33:58 1359872 ----a-w- C:\Windows\System32\mfc42u.dll 2011-06-24 13:33:58 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll 2011-06-24 13:33:58 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll 2011-06-24 13:33:42 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe 2011-06-24 13:33:41 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-06-24 13:33:41 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-06-24 13:31:39 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-06-24 10:04:01 -------- d-----w- C:\Users\Ivan\AppData\Local\VirtualStore 2011-06-20 04:10:44 3888128 ----a-w- C:\Windows\SysWow64\x264vfw.dll . ==================== Find3M ==================== . 2011-06-17 06:34:42 73728 ----a-w- C:\Windows\SysWow64\xvid.ax 2011-06-17 06:26:10 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll 2011-06-17 06:17:28 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll 2011-06-14 21:08:56 1264128 ----a-w- C:\Windows\SysWow64\VSFilter.dll 2011-05-25 11:19:00 76160 ----a-w- C:\Windows\System32\drivers\EtronXHCI.sys 2011-05-25 11:19:00 52608 ----a-w- C:\Windows\System32\drivers\EtronHub3.sys 2011-05-25 04:26:56 9359872 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2011-05-25 03:53:28 23336960 ----a-w- C:\Windows\System32\atio6axx.dll 2011-05-25 03:31:38 17940992 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2011-05-25 03:07:58 151552 ----a-w- C:\Windows\System32\atiapfxx.exe 2011-05-25 03:07:48 688128 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2011-05-25 03:06:38 811008 ----a-w- C:\Windows\System32\aticfx64.dll 2011-05-25 03:04:16 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2011-05-25 03:04:10 485376 ----a-w- C:\Windows\System32\atieclxx.exe 2011-05-25 03:03:38 204288 ----a-w- C:\Windows\System32\atiesrxx.exe 2011-05-25 03:02:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2011-05-25 03:02:16 423424 ----a-w- C:\Windows\System32\atipdl64.dll 2011-05-25 03:02:10 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll 2011-05-25 03:02:00 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll 2011-05-25 03:01:54 16384 ----a-w- C:\Windows\System32\atimuixx.dll 2011-05-25 03:01:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2011-05-25 03:01:46 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2011-05-25 03:00:00 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll 2011-05-25 02:59:38 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll 2011-05-25 02:59:26 3810816 ----a-w- C:\Windows\System32\atiumd6a.dll 2011-05-25 02:58:52 4219904 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2011-05-25 02:50:38 4017152 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2011-05-25 02:49:44 5008384 ----a-w- C:\Windows\System32\atidxx64.dll 2011-05-25 02:47:40 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2011-05-25 02:47:38 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2011-05-25 02:47:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2011-05-25 02:47:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2011-05-25 02:47:18 8489472 ----a-w- C:\Windows\System32\aticaldd64.dll 2011-05-25 02:43:52 6847488 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2011-05-25 02:39:16 4330496 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2011-05-25 02:38:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll 2011-05-25 02:38:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll 2011-05-25 02:38:14 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2011-05-25 02:38:14 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2011-05-25 02:33:04 5486592 ----a-w- C:\Windows\System32\atiumd64.dll 2011-05-25 02:26:18 366592 ----a-w- C:\Windows\System32\atiadlxx.dll 2011-05-25 02:26:12 262144 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2011-05-25 02:26:04 14848 ----a-w- C:\Windows\System32\atig6pxx.dll 2011-05-25 02:26:00 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2011-05-25 02:26:00 12800 ----a-w- C:\Windows\System32\atiglpxx.dll 2011-05-25 02:25:58 39936 ----a-w- C:\Windows\System32\atig6txx.dll 2011-05-25 02:25:48 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2011-05-25 02:25:42 309760 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2011-05-25 02:24:58 40960 ----a-w- C:\Windows\System32\atiuxp64.dll 2011-05-25 02:24:50 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2011-05-25 02:24:44 38912 ----a-w- C:\Windows\System32\atiu9p64.dll 2011-05-25 02:24:36 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2011-05-25 02:24:08 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2011-05-25 02:19:00 58880 ----a-w- C:\Windows\System32\coinst.dll 2011-05-24 20:44:30 61952 ----a-w- C:\Windows\System32\OVDecode64.dll 2011-05-24 20:44:26 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2011-05-24 20:44:14 53760 ----a-w- C:\Windows\System32\OpenCL.dll 2011-05-24 20:44:10 51712 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2011-05-24 20:44:04 16672768 ----a-w- C:\Windows\System32\amdocl64.dll 2011-05-24 20:43:50 12798976 ----a-w- C:\Windows\SysWow64\amdocl.dll 2011-05-24 16:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll 2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll 2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll 2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe 2011-05-12 09:53:30 147456 ----a-w- C:\Windows\SysWow64\lagarith.dll 2011-05-10 10:24:26 2861288 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys 2011-05-10 09:17:50 88168 ----a-w- C:\Windows\System32\RCoInst64.dll 2011-05-09 09:10:44 2397288 ----a-w- C:\Windows\System32\RtPgEx64.dll 2011-05-09 08:45:32 3137128 ----a-w- C:\Windows\System32\RtkAPO64.dll 2011-05-05 07:24:02 2085440 ----a-w- C:\Windows\System32\FMAPO64.dll 2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll 2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll 2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll 2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll 2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll 2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll 2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe 2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe 2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe 2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll 2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll 2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll 2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll 2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll 2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll 2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe 2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe 2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe 2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys 2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys . ============= FINISH: 10:50:36,12 =============== ATTACH: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-07-14.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 24.6.2011 г. 13:03:52 System Uptime: 18.7.2011 г. 10:34:27 (0 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | Z68MA-D2H-B3 Processor: Intel® Core i5-2500K CPU @ 3.30GHz | Socket 1155 | 3601/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 293 GiB total, 258,292 GiB free. D: is FIXED (NTFS) - 638 GiB total, 538,599 GiB free. E: is CDROM () F: is CDROM () G: is FIXED (NTFS) - 466 GiB total, 363,643 GiB free. I: is Removable J: is Removable K: is Removable L: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP28: 11.7.2011 г. 22:21:08 - Installed bcTester 4.8 (en) RP29: 11.7.2011 г. 22:22:37 - Installed bcTester 4.8 (en) RP30: 11.7.2011 г. 23:23:20 - Device Driver Package Install: AVNEX Ltd. Sound, video and game controllers RP31: 11.7.2011 г. 23:32:15 - Installed MorphVOX Junior RP32: 16.7.2011 г. 12:58:47 - Installed Windows Mobile Device Center . ==== Installed Programs ====================== . Актуализация за Microsoft Outlook Social Connector (KB2441641) µTorrent 7-Zip 9.20 (x64 edition) Adobe AIR Adobe Community Help Adobe Flash Player 10 ActiveX Adobe Media Player Adobe Photoshop CS5 Adobe Reader X (10.1.0) AMD APP SDK Runtime AMD Drag and Drop Transcoding AMD Media Foundation Decoders ATI Catalyst Install Manager AV Voice Changer Software DIAMOND 7.0 avast! Free Antivirus Battlefield: Bad Company™ 2 bcTester 4.8 (en) Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy ccc-utility64 CCC Help English Definition update for Microsoft Office 2010 (KB982726) Etron USB3.0 Host Controller EVEREST Ultimate Edition v5.50 Garena 2010 Google Chrome Intel® Management Engine Components Left 4 Dead 2 Standalone Patch™ Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office Access MUI (Bulgarian) 2010 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (Bulgarian) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (Bulgarian) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (Bulgarian) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Language Pack 2010 - Bulgarian/български Microsoft Office O MUI (Bulgarian) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (Bulgarian) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (Bulgarian) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (Bulgarian) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (Bulgarian) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Russian) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (Bulgarian) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (Bulgarian) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (Bulgarian) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (Bulgarian) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (Bulgarian) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Office X MUI (Bulgarian) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft_VC80_ATL_x86 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 MorphVOX Junior Nero 8 Lite 8.3.2.1 PDF Settings CS5 PunkBuster Services Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft Excel 2010 (KB2523021) Security Update for Microsoft InfoPath 2010 (KB2510065) Security Update for Microsoft Office 2010 (KB2289078) Security Update for Microsoft Office 2010 (KB2289161) Security Update for Microsoft PowerPoint 2010 (KB2519975) Security Update for Microsoft Publisher 2010 (KB2409055) Security Update for Microsoft Word 2010 (KB2345000) Skype Toolbars Skype™ 5.3 Spybot - Search & Destroy The KMPlayer (remove only) Update for Microsoft Office 2010 (KB2202188) Update for Microsoft Office 2010 (KB2413186) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2523113) Update for Microsoft OneNote 2010 (KB2493983) Update for Microsoft Outlook Social Connector (KB2441641) Win7codecs Winamp Windows Mobile Device Center . ==== Event Viewer Messages From Past Week ======== . 16.7.2011 г. 13:41:25, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004 15.7.2011 г. 23:00:12, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0. 15.7.2011 г. 22:26:44, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004 15.7.2011 г. 22:26:08, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004 15.7.2011 г. 22:05:16, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004 15.7.2011 г. 20:46:31, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004 . ==== End Of File ===========================

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Привет отново. Сега деинсталирайте Spybot - Search & Destroy и RemoveIT Pro Ultra. RemoveIT е нещо като rogue (менте) програма за сигурност, която не препоръчвам да използвате. Spybot - Search & Destroy също няма смисъл да се използва. Обаче ако харесвате Spybot - Search & Destroy, може да я инсталирате отново, след като приключим.

    След като деинсталирате програмите, които посочих, следвайте инструкцията за работа със Security Check:

    • Изтеглете Security Check (автор: screen317) от тук или от тук и го запишете на десктопа.
    • Стартирайте файла с име SecurityCheck.exe и следвайте инструкциите.
    • Когато програмата завърши работата си, ще се отвори един текстов документ: checkup.txt.
    • Копирайте съдържанието с Копирай (Copy) на checkup.txt и с Постави (Paste) го поставете в следващия си коментар.
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте отново, ето ги и резултатите от SC:

    Results of screen317's Security Check version 0.99.17

    Windows 7 (UAC is disabled!)

    Internet Explorer 8

    ``````````````````````````````

    Antivirus/Firewall Check:

    Windows Firewall Enabled!

    avast! Free Antivirus

    WMI entry may not exist for antivirus; attempting automatic update.

    ```````````````````````````````

    Anti-malware/Other Utilities Check:

    MVPS Hosts File

    Adobe Flash Player

    Adobe Reader X (10.1.0)

    ````````````````````````````````

    Process Check:

    objlist.exe by Laurent

    AVAST Software Avast AvastSvc.exe

    AVAST Software Avast AvastUI.exe

    ``````````End of Log````````````


    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Много добре. Сега следва:

    1. Виждам, че имате MVPS Hosts File, който може да е инсталиран скоро. За всеки случай изтеглете последната версия (June-15-2011) на MVPS Hosts File от тук и го инсталирайте. Ето инструкция за инсталация: тук.

    2. След като обновите MVPS Hosts File, следвайте инструкцията за работа с OTL:

    • Изтеглете OTL.exe и го запазете на десктопа.
    • Стартирайте файла Публикувано изображение (ако е необходимо, потвърдете през UAC).
    • Направете следните настройки:
    Публикувано изображение

    • Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):
    netsvcs
    msconfig
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    /md5start
    atapi.sys
    iaStor.sys
    explorer.exe
    svchost.exe
    userinit.exe
    hlp.dat
    winlogon.exe
    wininit.exe
    volsnap.sys
    acedrv09.sys
    /md5stop
    
    • Натиснете маркираният в синьо бутон: Публикувано изображение.
    • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията "прикачени файлове", когато публикувате мнение).
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Стартирайте отново OTL, копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта.

    :otl
    O4 - HKU\S-1-5-21-3461537239-1742337366-1373281344-1000..\Run: [RemoveIT Pro v7Ultra] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O33 - MountPoints2\{633883fe-a353-11e0-b9ea-50e54936040b}\Shell - "" = AutoRun
    O33 - MountPoints2\{633883fe-a353-11e0-b9ea-50e54936040b}\Shell\AutoRun\command - "" = F:\Installer.exe
    :files
    C:\WINDOWS\ativpsrm.bin
    C:\ProgramData\Spybot - Search & Destroy
    C:\Program Files (x86)\Spybot - Search & Destroy
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RemoveIT Pro v7 (Trial)v
    recycler /alldrives
    ipconfig /flushdns /c
    :commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
    
    След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

    Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ето го резултата:

    All processes killed

    ========== OTL ==========

    Registry value HKEY_USERS\S-1-5-21-3461537239-1742337366-1373281344-1000\Software\Microsoft\Windows\CurrentVersion\Run\\RemoveIT Pro v7Ultra deleted successfully.

    Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

    Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

    C:\Windows\Downloaded Program Files\gp.inf not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.

    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.

    File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.

    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.

    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ not found.

    File {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found not found.

    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{633883fe-a353-11e0-b9ea-50e54936040b}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{633883fe-a353-11e0-b9ea-50e54936040b}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{633883fe-a353-11e0-b9ea-50e54936040b}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{633883fe-a353-11e0-b9ea-50e54936040b}\ not found.

    File F:\Installer.exe not found.

    ========== FILES ==========

    C:\WINDOWS\ativpsrm.bin moved successfully.

    C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.

    C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.

    C:\ProgramData\Spybot - Search & Destroy folder moved successfully.

    C:\Program Files (x86)\Spybot - Search & Destroy folder moved successfully.

    File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RemoveIT Pro v7 (Trial)v not found.

    recycler not found in C:\

    recycler not found in D:\

    recycler not found in G:\

    < ipconfig /flushdns /c >

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    C:\Users\Ivan\Desktop\cmd.bat deleted successfully.

    C:\Users\Ivan\Desktop\cmd.txt deleted successfully.

    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

    ->Flash cache emptied: 56468 bytes

    User: Default User

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

    ->Flash cache emptied: 0 bytes

    User: Ivan

    ->Temp folder emptied: 8979589 bytes

    ->Temporary Internet Files folder emptied: 181568933 bytes

    ->Google Chrome cache emptied: 387450876 bytes

    ->Flash cache emptied: 22310 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes

    %systemroot% .tmp files removed: 0 bytes

    %systemroot%\System32 .tmp files removed: 0 bytes

    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes

    %systemroot%\System32\drivers .tmp files removed: 0 bytes

    Windows Temp folder emptied: 2528 bytes

    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes

    RecycleBin emptied: 7261882009 bytes

    Total Files Cleaned = 7 477,00 mb

    [EMPTYFLASH]

    User: All Users

    User: Default

    ->Flash cache emptied: 0 bytes

    User: Default User

    ->Flash cache emptied: 0 bytes

    User: Ivan

    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0,00 mb

    OTL by OldTimer - Version 3.2.26.1 log created on 07182011_145516

    Files\Folders moved on Reboot...

    C:\Users\Ivan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Сега ще проверим за разни зарази с две програми, ето как:

    Стъпка 1

    • Изтеглете Malwarebytes' Anti-Malware от тук, като изберете Malwarebytes Anti-Malware Free.
    • Стартирайте mbam-setup.exe, за да инсталирате програмата. При инсталацията изберете английски език (English). В края на инсталацията на Malwarebytes' Anti-Malware не инсталирайте пробната версия, а само безплатната (Free).
    • Уверете се, че има отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware, след това кликнете на Finish. Ако има намерени по-нови обновления, тя ще ги изтегли и инсталира.
    • Стартирайте програмата и изберете Perform Quick Scan, след това кликнете на Scan.
    • Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
    • Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
    • Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
    • Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.
    Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

    Стъпка 2

    Следвайте инструкцията за проверка с Microsoft Safety Scanner:

    • Изтеглете следния файл: msert.exe и го запишете на десктопа. Програмата не се инсталира, а е самостоятелен скенер.
    • Стартирайте msert.exe, приемете условията за използване (маркирайте Accept all terms...), след това щракнете на Next. После на следващата страница пак Next.
    • След това изберете Quick Scan и Next.
    • След като програмата приключи сканирането, натиснете Finish. Забележка: Ако бъдат намерени подозрителни файлове, ще ви се предостави опция за премахване. Премахнете ги.
    • Отидете с Windows Explorer ето тук: C:\Windows\Debug\msert.log

      Отворете msert.log с Notepad, копирайте (Copy) и поставете (Paste) съдържанието му в следващия си коментар. Не го прикачвайте, защото форумната система не поддържа LOG разширения за файлове.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    С първата програма всичко си беше наред, но втората ми каза, че не е съвместима с моя WIndows(7; SP1; 64 bit), сега тегля 64 битова версия от сайта на microsoft. Ето го лога от първата: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7189 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 18.7.2011 г. 15:40:45 mbam-log-2011-07-18 (15-40-45).txt Scan type: Quick scan Objects scanned: 164380 Time elapsed: 1 minute(s), 14 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> 1400 -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. до 5 мин. ще постна и другия. EDIT: След като първата си свърши работата, втората не откри нищо, но ето все пак лога: --------------------------------------------------------------------------------------- Microsoft Safety Scanner v1.0, (build 1.107.2008.0) Started On Mon Jul 18 15:54:54 2011 Microsoft Safety Scanner Finished On Mon Jul 18 15:54:57 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Safety Scanner v1.0, (build 1.107.2008.0) Started On Mon Jul 18 15:55:09 2011 ->Scan ERROR: resource process://pid:3064 (code 0x00000490 (1168)) ->Scan ERROR: resource process://pid:4044 (code 0x00000005 (5)) ->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32)) ->Scan ERROR: resource file://C:\hiberfil.sys (code 0x0000054F (1359)) ->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32)) ->Scan ERROR: resource file://C:\pagefile.sys (code 0x0000054F (1359)) Results Summary: ---------------- No infection found.

    Редактирано от Kreuzritter265 (преглед на промените)
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Уффф, не обърнах внимание, че съм дал линк за 32 битовата версия на Microsoft Safety Scanner. Както и да е сега има ли някакви други проблеми с Windows?

    В лога на DDS има нещо, което не ми харесва:

    15.7.2011 г. 23:00:12, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

    Дъното е Gigabyte Z68MA-D2H-B3. Според мен има хардуерен проблем с това дъно. Няма да е лошо да се направи някаква проверка за състоянието му. Засега не бързайте и не предприемайте нищо, докато не приключим темата.
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Благодаря много за съдействието при решаването на проблема ми. Само искам да добавя, че конфигурацията е на по- малко от 2 седмици. НО дори и на толкова да е, аз съм наясно, че няма застраховани... скапвал съм видео карта и за ден!

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Добре, сега ще може ли един лог от Everst? Доколкото си спомням, трябва да се стартира програмата, после -> Summary и от подменюто -> Report -> Quick Report Summary. Запишете (Save As) файла като TXT и го прикачете в следващия си коментар. P.S. Още не сме приключили, имайте търпение.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    О.К. Оставете Everest, не виждам смисъл да се мъчим повече. Има по-нова и актуална програма, която замества спряната от поддръжка Everest. Програмата се нарича Aida64, справка. Ако желаете, може да я изпробвате в бъдеще.

    Сега стартирайте OTL още веднъж и натиснете бутона CleanUp.

    Публикувано изображение

    При дeинсталацията на OTL ще бъдат почистени инструменти и файлове, които използвахме в темата. Ще последва рестарт на Windows. Може да изтриете останалите програми и логове, които използвахме в темата. Препоръчвам да запазите Malwarebytes' Anti-Malware Free за сканиране от време на време.

    P.S. Искам да разгледам отново логовете. Ще пиша утре. Трябва да направя справка за някои дреболии, затова следете темата. Приятна вечер.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Според мен няма повече проблеми със зарази по Windows. Ако има някакъв син екран или съобщение за хардуерна грешка в бъдеще, пишете в хардуерния раздел на този форум. Да се надяваме да няма в бъдеще.

    Маркирам проблема като решен. От мен приятна вечер и успех!

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.