Премини към съдържанието
frozener

Съмнение за вирус [приключена]

    Препоръчан отговор


    Моля помогнете ми локалният диск С постоянно се пълни, а не качвам нищо(филми, музика, програми). Като изтрия нещо също не се освобождава памет и преинсталирането даже не помага. Аваст-а нищо не засича. Изпълних стъпките от подтемата. Ето информацията от лог файловете: Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-05-19.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 17.7.2011 г. 13:34:34 System Uptime: 20.7.2011 г. 14:51:31 (4 hours ago) . Motherboard: ASUSTeK Computer INC. | | P7P55-M Processor: Intel® Core i5 CPU 750 @ 2.67GHz | LGA1156 | 2668/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 98 GiB total, 72,586 GiB free. D: is FIXED (NTFS) - 391 GiB total, 390,525 GiB free. E: is FIXED (NTFS) - 443 GiB total, 438,585 GiB free. F: is CDROM () H: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Kaspersky Anti-Virus NDIS 6 Filter Device ID: ROOT\LEGACY_KLIM6\0000 Manufacturer: Name: Kaspersky Anti-Virus NDIS 6 Filter PNP Device ID: ROOT\LEGACY_KLIM6\0000 Service: KLIM6 . ==== System Restore Points =================== . RP3: 17.7.2011 г. 13:40:08 - Device Driver Package Install: ATI Technologies Inc. Display adapters RP4: 17.7.2011 г. 13:45:27 - Installed Platform RP5: 17.7.2011 г. 13:47:01 - Installed EPU-4 Engine RP7: 17.7.2011 г. 17:01:23 - SPTD setup V1.62 RP8: 17.7.2011 г. 17:13:17 - Installed Adobe Reader X. RP9: 17.7.2011 г. 17:24:20 - Installed Microsoft Office Professional Plus 2010 RP10: 17.7.2011 г. 17:47:36 - Installed Microsoft Office Visio Professional 2007 RP11: 19.7.2011 г. 09:36:08 - Windows Update RP12: 19.7.2011 г. 10:30:39 - Windows Update RP14: 19.7.2011 г. 21:07:36 - Windows Update RP16: 20.7.2011 г. 09:38:28 - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent Adobe AIR Adobe Community Help Adobe Flash Player 10 Plugin Adobe Photoshop CS5.1 Adobe Reader X (10.0.1) AMD DnD V1.0.19 Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center HydraVision Full Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Dev-C++ 5 beta 9 release (4.9.9.2) EPU-4 Engine Google Chrome HydraVision Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Mozilla Firefox 6.0 (x86 en-US) Notepad++ PDF Settings CS5 Platform Realtek Ethernet Controller Driver For Windows Vista and Later Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Skype Toolbars Skype™ 5.3 TeamViewer 6 The KMPlayer (remove only) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Visio 2007 Help (KB963666) VIA п»ї Windows 7 Codec Pack 3.1.0 . ==== Event Viewer Messages From Past Week ======== . 20.7.2011 г. 14:52:05, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KLIM6 20.7.2011 г. 10:38:10, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KLIM6 20.7.2011 г. 10:37:02, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KLIM6 20.7.2011 г. 09:39:11, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243). 20.7.2011 г. 09:38:59, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: The 2007 Microsoft Office Suite Service Pack 2 (SP2). 19.7.2011 г. 21:14:10, Error: Service Control Manager [7023] - 19.7.2011 г. 21:10:27, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243). 19.7.2011 г. 21:08:21, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: The 2007 Microsoft Office Suite Service Pack 2 (SP2). 19.7.2011 г. 21:07:46, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2532531). 18.7.2011 г. 22:46:02, Error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error Incorrect function.. 18.7.2011 г. 12:46:10, Error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error Incorrect function.. 17.7.2011 г. 22:32:01, Error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error Incorrect function.. 17.7.2011 г. 20:58:50, Error: Service Control Manager [7030] - The FileZilla Server FTP server service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 17.7.2011 г. 18:53:19, Error: Service Control Manager [7030] - The FileZilla Server FTP server service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 17.7.2011 г. 17:45:36, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 17.7.2011 г. 17:45:35, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 17.7.2011 г. 17:45:34, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 17.7.2011 г. 16:54:50, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. . ==== End Of File =========================== DDS: . DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 Run by Kaloian at 18:30:09 on 2011-07-20 Microsoft Windows 7 Professional 6.1.7601.1.1251.359.1033.18.4087.2207 [GMT 3:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe E:\Adobe Photoshop CS5\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Kaloian\Downloads\dds.scr C:\Windows\SysWOW64\WSCRIPT.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: &Експортиране към Microsoft Excel - E:\MICROS~1\Office14\EXCEL.EXE/3000 IE: &Изпрати към OneNote - E:\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - E:\MICROS~2\Office12\REFIEBAR.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - mRun-x64: [bCSSync] "E:\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\MICROS~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Kaloian\AppData\Roaming\Mozilla\Firefox\Profiles\96s80avh.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.com/ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-17 2228008] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 ip100Avista;ASUS NX1001 Network Adapter NT Driver;C:\Windows\system32\DRIVERS\ipfnd51.sys --> C:\Windows\system32\DRIVERS\ipfnd51.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;E:\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-07-20 07:57:36 -------- d-----w- C:\Users\Kaloian\AppData\Roaming\Blender Foundation 2011-07-20 07:41:49 -------- d-----w- C:\Users\Kaloian\.thumbnails 2011-07-20 07:41:40 -------- d-----w- C:\Program Files (x86)\Blender Foundation 2011-07-20 06:55:58 -------- d-----w- C:\ProgramData\Kaspersky Lab 2011-07-20 06:55:58 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab 2011-07-19 18:12:26 -------- d-----w- C:\Windows\SysWow64\Wat 2011-07-19 18:12:26 -------- d-----w- C:\Windows\System32\Wat 2011-07-19 06:37:08 715776 ----a-w- C:\Windows\System32\kerberos.dll 2011-07-19 06:36:59 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2011-07-18 18:32:54 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2011-07-18 09:26:09 -------- d-----w- C:\Program Files (x86)\The KMPlayer 2011-07-17 21:29:09 -------- d-----w- C:\Windows\Panther 2011-07-17 21:28:56 -------- d-sh--w- C:\Boot 2011-07-17 16:27:14 -------- d-----w- C:\Users\Kaloian\AppData\Local\Adobe 2011-07-17 15:15:50 -------- d-----w- C:\Windows\SysWow64\custom matrices 2011-07-17 15:15:48 -------- d-----w- C:\Windows\SysWow64\QuickTime 2011-07-17 15:15:48 -------- d-----w- C:\Windows\SysWow64\C2MP 2011-07-17 15:06:49 -------- d-----w- C:\Program Files (x86)\VideoLAN 2011-07-17 14:54:45 -------- d-----w- C:\Users\Kaloian\AppData\Roaming\Dev-Cpp 2011-07-17 14:54:39 -------- d-----w- C:\Dev-Cpp 2011-07-17 14:37:15 -------- d-----r- C:\Program Files (x86)\Skype 2011-07-17 14:30:46 647168 ----a-w- C:\Windows\AutoKMS.exe 2011-07-17 14:30:17 78848 ----a-w- C:\Windows\KMSEmulator.exe 2011-07-17 14:27:39 -------- d-----w- C:\Program Files\Microsoft Synchronization Services 2011-07-17 14:27:29 -------- d-----w- C:\Windows\PCHEALTH 2011-07-17 14:27:29 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2011-07-17 14:25:05 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8 2011-07-17 14:24:44 -------- d-----w- C:\Program Files\Microsoft Analysis Services 2011-07-17 14:24:44 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2011-07-17 14:24:36 -------- d-----w- C:\Users\Kaloian\AppData\Local\Microsoft Help 2011-07-17 14:21:15 -------- d-----w- C:\Program Files (x86)\uTorrent 2011-07-17 14:20:44 -------- d-----w- C:\Users\Kaloian\AppData\Roaming\uTorrent 2011-07-17 14:20:44 -------- d-----w- C:\Users\Kaloian\AppData\Local\uTorrent 2011-07-17 14:15:09 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-17 14:07:00 65024 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\PPhp1020.DLL 2011-07-17 14:06:57 501760 ----a-w- C:\Windows\System32\ZSHP1020.EXE 2011-07-17 14:06:57 192512 ----a-w- C:\Windows\System32\ZLhp1020.DLL 2011-07-17 14:06:56 -------- d-----w- C:\Program Files\HP 2011-07-17 14:06:53 245248 ----a-w- C:\Windows\System32\zshp1020s.dll 2011-07-17 14:01:31 834544 ----a-w- C:\Windows\System32\drivers\sptd.sys 2011-07-17 14:01:22 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite 2011-07-17 14:01:16 -------- d-----w- C:\Users\Kaloian\AppData\Roaming\DAEMON Tools Lite 2011-07-17 14:01:14 -------- d-----w- C:\ProgramData\DAEMON Tools Lite 2011-07-17 13:58:01 -------- d-----w- C:\Program Files (x86)\TeamViewer 2011-07-17 13:55:25 -------- d-----w- C:\Users\Kaloian\AppData\Local\Google 2011-07-17 13:09:05 36864 ----a-w- C:\Windows\System32\drivers\ipfnd51.sys 2011-07-17 10:47:08 24576 ----a-r- C:\Windows\SysWow64\AsIO.dll 2011-07-17 10:47:08 13368 ----a-r- C:\Windows\SysWow64\drivers\AsIO.sys 2011-07-17 10:47:06 11832 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys 2011-07-17 10:47:06 10216 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys 2011-07-17 10:47:06 -------- d-----w- C:\Program Files (x86)\ASUS 2011-07-17 10:46:55 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2011-07-17 10:46:55 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2011-07-17 10:46:55 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll 2011-07-17 10:46:55 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2011-07-17 10:46:37 97792 ----a-w- C:\Windows\System32\RTNUninst64.dll 2011-07-17 10:46:37 67584 ----a-w- C:\Windows\System32\RtNicProp64.dll 2011-07-17 10:46:27 239616 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys 2011-07-17 10:46:27 -------- d-----w- C:\Program Files (x86)\Realtek 2011-07-17 10:45:49 86016 ----a-w- C:\Windows\System32\nQPropPageExt.dll 2011-07-17 10:45:49 84992 ----a-w- C:\Windows\System32\Dts2PropPageExt.dll 2011-07-17 10:45:49 82432 ----a-w- C:\Windows\System32\nQAPO.dll 2011-07-17 10:45:49 76288 ----a-w- C:\Windows\System32\ViaMicArrayPropPageExt.dll 2011-07-17 10:45:49 529920 ----a-w- C:\Windows\System32\VIASysFx.dll 2011-07-17 10:45:49 242176 ----a-w- C:\Windows\System32\Dts2APO.dll 2011-07-17 10:45:49 193024 ----a-w- C:\Windows\System32\ViaMicArrayAPO.dll 2011-07-17 10:45:49 1235968 ----a-w- C:\Windows\System32\drivers\viahduaa.sys 2011-07-17 10:45:49 1011712 ----a-w- C:\Windows\System32\VIAPropPageExt.dll 2011-07-17 10:45:36 414632 ------w- C:\Windows\difxapi.dll 2011-07-17 10:45:35 -------- d-----w- C:\Program Files (x86)\VIA 2011-07-17 10:44:56 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll 2011-07-17 10:44:48 -------- d-----w- C:\Intel 2011-07-17 10:43:46 -------- d-----w- C:\Users\Kaloian\AppData\Local\ATI 2011-07-17 10:43:30 0 ----a-w- C:\Windows\ativpsrm.bin 2011-07-17 10:41:27 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies 2011-07-17 10:40:29 -------- d-----w- C:\Program Files\Common Files\ATI Technologies 2011-07-17 10:40:24 123408 ----a-w- C:\Windows\System32\drivers\AtiHdmi.sys 2011-07-17 10:39:21 55296 ----a-w- C:\Windows\System32\coinst.dll 2011-07-17 10:39:21 446464 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2011-07-17 10:39:05 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2011-07-17 10:38:50 -------- d-sh--w- C:\Windows\Installer 2011-07-17 10:38:22 -------- d-----w- C:\Program Files\ATI Technologies 2011-07-17 10:38:21 -------- d-----w- C:\Program Files\ATI . ==================== Find3M ==================== . 2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys 2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll 2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe 2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-05-24 16:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll 2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll 2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll 2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe 2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll 2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll 2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll 2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll 2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll 2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll 2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe 2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe 2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe 2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll 2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll 2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll 2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll 2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll 2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll 2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe 2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe 2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe 2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-05-02 23:35:04 4399080 ----a-w- C:\Windows\System32\ffmpeg.dll 2011-05-02 23:17:08 1454705 ----a-w- C:\Windows\System32\ffmpegmt.dll 2011-05-02 23:11:42 4785664 ----a-w- C:\Windows\System32\ffdshow.ax 2011-05-02 23:05:10 3661824 ----a-w- C:\Windows\SysWow64\ffdshow.ax 2011-05-02 22:30:50 1144147 ----a-w- C:\Windows\SysWow64\ffmpegmt.dll 2011-05-02 22:27:54 3935545 ----a-w- C:\Windows\SysWow64\ffmpeg.dll 2011-05-02 20:23:46 324096 ----a-w- C:\Windows\SysWow64\TomsMoComp_ff.dll 2011-05-02 20:19:34 100352 ----a-w- C:\Windows\SysWow64\ff_wmv9.dll 2011-05-02 20:19:20 80896 ----a-w- C:\Windows\SysWow64\ff_vfw.dll 2011-05-02 19:54:32 116224 ----a-w- C:\Windows\System32\ff_wmv9.dll 2011-05-02 19:54:22 155136 ----a-w- C:\Windows\System32\ff_libmad.dll 2011-05-02 19:54:14 105472 ----a-w- C:\Windows\System32\ff_liba52.dll 2011-05-02 19:54:10 1533440 ----a-w- C:\Windows\System32\ff_samplerate.dll 2011-05-02 19:54:04 222720 ----a-w- C:\Windows\System32\ff_libdts.dll 2011-05-02 19:53:58 168448 ----a-w- C:\Windows\System32\ff_unrar.dll 2011-05-02 19:52:58 347136 ----a-w- C:\Windows\System32\ff_libfaad2.dll 2011-05-02 19:52:20 190464 ----a-w- C:\Windows\System32\libmpeg2_ff.dll 2011-05-02 19:52:02 477184 ----a-w- C:\Windows\System32\ff_kernelDeint.dll 2011-05-02 19:34:56 621568 ----a-w- C:\Windows\System32\TomsMoComp_ff.dll 2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys 2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2011-04-22 22:08:29 1188864 ----a-w- C:\Windows\System32\wininet.dll 2011-04-22 19:10:01 981504 ----a-w- C:\Windows\SysWow64\wininet.dll . ============= FINISH: 18:30:33,42 ===============

    Редактирано от nologo
    Темата се затваря, заради неспазване на инструкции (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Привет, frozener!

    Има остатъци от някаква програма на Kaspersky. Надявам се, е била по-нова версия от 6.0/7.0. Затова изтеглете и стартирайте деинсталатора: kavremover.exe. Ето инструкция: Removal tool for Kaspersky Lab products.

    След това следвайте инструкцията за работа със Security Check:

    • Изтеглете Security Check (автор: screen317) от тук или от тук и го запишете на десктопа.
    • Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.
    • Когато програмата завърши работата си, ще се отвори един текстов документ: checkup.txt.
    • Копирайте съдържанието с Копирай (Copy) на checkup.txt и с Постави (Paste) го поставете в следващия си коментар.
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Results of screen317's Security Check version 0.99.17

    Windows 7 (UAC is disabled!)

    Internet Explorer 8

    ``````````````````````````````

    Antivirus/Firewall Check:

    Windows Firewall Enabled!

    WMI entry may not exist for antivirus; attempting automatic update.

    ```````````````````````````````

    Anti-malware/Other Utilities Check:

    Adobe Flash Player 10.3.181.34

    Adobe Reader X (10.0.1) Adobe Reader Out of Date!

    Mozilla Firefox (x86 en-US..)

    ````````````````````````````````

    Process Check:

    objlist.exe by Laurent

    ``````````End of Log````````````

    След като изтрих касперскито като рестартнах ми даде черен екран, а сега ми се бъгна и туулбара и не ми показва езиците, макар че мога да ги сменям.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ...........

    Аваст-а нищо не засича.

    Прощавайте, но по нищо не личи, че имате инсталиран avast. Моля, когато пускате коментари, да внимавате какво пишете.

    Сега следва:

    Стъпка 1

    Изтеглете aswMBR и го запазете на вашия десктоп.

    • Стартирайте aswMBR.exe.
    • Изберете Scan, за да започне проверката.
    • Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му с Copy/ Paste в следващия си коментар.

    Стъпка 2

    • Изтеглете OTL.exe и го запазете на десктопа.
    • Стартирайте файла Публикувано изображение (ако е необходимо, потвърдете през UAC).
    • Направете следните настройки:
    Публикувано изображение

    • Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):
    netsvcs
    msconfig
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    /md5start
    atapi.sys
    iaStor.sys
    explorer.exe
    svchost.exe
    userinit.exe
    hlp.dat
    winlogon.exe
    wininit.exe
    volsnap.sys
    /md5stop
    
    • Натиснете маркираният в синьо бутон: Публикувано изображение.
    • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията "прикачени файлове", когато публикувате мнение).

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Изпълних стъпките.Вмъкнах само това:

    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    
    Ето резултатите: Редактирано от frozener (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Съжалявам, но приключвам участието си в тази тема. Правите каквото си поискате, не спазвате инструкциите и т.н. Дадох инструкция за OTL, вие променяте скрипта. Дадох инструкция за aswMBR, вие не я изпълнявате.

    Сега следва:

    1. Стартирайте OTL още веднъж и натиснете бутона CleanUp.

    Публикувано изображение

    При дeинсталацията на OTL ще бъдат почистени инструменти и файлове, които използвахме в темата. Ще последва рестарт на Windows. Може да изтриете останалите програми и логове, които използвахме в темата.

    2. Инсталирайте някоя антивирусна програма, може да е отново Касперски.

    3. Използвате нелицензирано копие на MS Office и имате заразени файлове, които са от пиратския активатор:

    C:\Windows\tasks\AutoKMS.job

    C:\Windows\AutoKMS.exe

    C:\Windows\tasks\AutoKMSDaily.job

    C:\Windows\AutoKMS.ini

    Ако желаете, изтрийте ги или си ги пазете за красота.

    4. Почиствайте редовно дисковото пространство, може точките за възстановяване и скритите копия. Информация за това: google

    За съжаление темата се затваря. Приятен ден и успех!

    • Харесва ми 5

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Гост
    Тази тема е заключена за нови отговори.

    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.