Премини към съдържанието

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

luckyboy

Инфектиран userinit.exe

Препоръчан отговор


Eто че след много време на подпомагане и стартиране на какво ли не от съседната тема успях да прихвана нещо!

Симптомите са виско натоварване на explorer.exe и невъзможност за инсталиране на антивирус.Направих една сканиране с Combofix и се оказа, че съм заразен.Оставям се във вашите ръце.

 

DDS (Ver_2011-09-30.01) - NTFS_AMD64 
Internet Explorer: 9.10.9200.16660  BrowserJavaVersion: 10.25.2
Run by luckyboy at 0:01:15 on 2013-08-20
Microsoft Windows 7 Ultimate   6.1.7601.1.1251.359.1033.18.3767.1936 [GMT 3:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32nvvsvc.exe
C:Windowssystem32svchost.exe -k RPCSS
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k GPSvcGroup
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32svchost.exe -k NetworkService
C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe
C:Windowssystem32nvvsvc.exe
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Windowssystem32taskhost.exe
C:ProgramDataHiSuiteOucHiSuiteOuc64.exe
C:ProgramDataHandSetServiceHuaweiHiSuiteService64.exe
C:Windowssystem32Dwm.exe
C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe
C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32svchost.exe -k regsvc
C:WindowsSysWOW64vmnat.exe
C:Program Files (x86)Qualcomm Atheros Fast ReconnectAth_WlanAgent.exe
C:Program Files (x86)GoogleUpdate1.3.21.153GoogleCrashHandler.exe
C:Program Files (x86)GoogleUpdate1.3.21.153GoogleCrashHandler64.exe
C:WindowsSysWOW64vmnetdhcp.exe
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Program FilesRealtekAudioHDARAVCpl64.exe
C:Windowssystem32taskeng.exe
C:WindowsSystem32hkcmd.exe
C:WindowsSystem32igfxpers.exe
C:Program Files (x86)Internet Download Manageridman.exe
C:Windowssystem32wbemwmiprvse.exe
C:Program Files (x86)Internet Download ManagerIEMonitor.exe
C:Windowssystem32SearchIndexer.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation
C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe
C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe
C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe
C:Windowssystem32sppsvc.exe
C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe
C:Program Files (x86)GoogleChromeApplicationchrome.exe
C:Program Files (x86)GoogleChromeApplicationchrome.exe
C:Windowssystem32notepad.exe
C:Program Files (x86)GoogleChromeApplicationchrome.exe
C:Program Files (x86)GoogleChromeApplicationchrome.exe
C:Program Files (x86)GoogleChromeApplicationchrome.exe
C:Windowsexplorer.exe
C:Program Files (x86)GoogleChromeApplicationchrome.exe
C:WindowsservicingTrustedInstaller.exe
C:Program Files (x86)GoogleChromeApplicationchrome.exe
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:Windowssystem32conhost.exe
C:Windowssystem32wbemwmiprvse.exe
C:WindowsSystem32cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:Program Files (x86)Internet Download ManagerIDMIECC.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dll
uRun: [iDMan] C:Program Files (x86)Internet Download ManagerIDMan.exe /onboot
dRun: [sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-WindowsSystem: UseOEMBackground = dword:1
IE: E&xport to Microsoft Excel - C:PROGRA~1MICROS~3Office15EXCEL.EXE/3000
IE: Se&nd to OneNote - C:PROGRA~1MICROS~3Office15ONBttnIE.dll/105
IE: Свали всички линкове с IDM - C:Program Files (x86)Internet Download ManagerIEGetAll.htm
IE: Свали с IDM - C:Program Files (x86)Internet Download ManagerIEExt.htm
IE: {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:Program Files (x86)PokerStars.EUPokerStarsUpdate.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces{EAE7926D-99A3-4D2B-A510-BB0191136D27} : DHCPNameServer = 192.168.0.1
TCP: Interfaces{EAE7926D-99A3-4D2B-A510-BB0191136D27}3C0EBEFF : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:Program Files (x86)GoogleChromeApplication28.0.1500.95Installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:Program Files (x86)Internet Download ManagerIDMIECC64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorer x64skypeieplugin.dll
x64-Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe -s
x64-Run: [igfxTray] C:WindowsSystem32igfxtray.exe
x64-Run: [HotKeysCmds] C:WindowsSystem32hkcmd.exe
x64-Run: [Persistence] C:WindowsSystem32igfxpers.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorer x64skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorer x64skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:WindowsSystem32driversnvpciflt.sys [2013-8-4 30496]
R0 vsock;vSockets Driver;C:WindowsSystem32driversvsock.sys [2013-7-23 70296]
R1 Bfilter;Baidu Antivirus Minifilter Driver;C:WindowsSystem32driversBfilter.sys [2013-3-29 50496]
R1 Bfmon;Baidu FS Monitor Driver;C:WindowsSystem32driversBfmon.sys [2013-3-29 29848]
R1 Bprotect;Baidu Protect;C:WindowsSystem32driversBprotect.sys [2013-3-29 102016]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:WindowsSystem32driversdtsoftbus01.sys [2013-3-28 283200]
R1 vwififlt;Virtual WiFi Filter Driver;C:WindowsSystem32driversvwififlt.sys [2009-7-14 59904]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2012-7-9 104912]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2012-7-9 123856]
R2 HiSuiteOuc64.exe;HiSuiteOuc64.exe;C:ProgramDataHiSuiteOucHiSuiteOuc64.exe [2013-7-15 137024]
R2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;C:ProgramDataHandSetServiceHuaweiHiSuiteService64.exe [2013-7-15 197632]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [2013-3-20 13336]
R2 IDMWFP;IDMWFP;C:WindowsSystem32driversidmwfp.sys [2013-6-28 172920]
R2 MBAMScheduler;MBAMScheduler;C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [2013-8-19 418376]
R2 UNS;Intel® Management & Security Application User Notification Service;C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2013-3-20 2320920]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:Program Files (x86)Qualcomm Atheros Fast ReconnectAth_WlanAgent.exe [2013-3-20 57344]
R3 HECIx64;Intel® Management Engine Interface;C:WindowsSystem32driversHECIx64.sys [2012-12-11 56344]
R3 Impcd;Impcd;C:WindowsSystem32driversImpcd.sys [2012-12-11 158976]
R3 IntcDAud;Intel® Display Audio;C:WindowsSystem32driversIntcDAud.sys [2012-12-3 287232]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:WindowsSystem32driversk57nd60a.sys [2010-5-15 384040]
R3 MBAMProtector;MBAMProtector;C:WindowsSystem32driversmbam.sys [2013-8-19 25928]
S1 klpd;klpd;C:WindowsSystem32driversklpd.sys [2013-4-12 15456]
S2 gupdate;Услуга на Google Актуализация (gupdate);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2013-3-20 116648]
S2 MBAMService;MBAMService;C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2013-8-19 701512]
S3 AdobeARMservice;Adobe Acrobat Update Service;C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [2013-5-11 65640]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2013-3-27 256904]
S3 dmvsc;dmvsc;C:WindowsSystem32driversdmvsc.sys [2011-4-12 71168]
S3 gupdatem;Услуга на Google Актуализация (gupdatem);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2013-3-20 116648]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:WindowsSystem32driversrdpvideominiport.sys [2013-2-16 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:WindowsSystem32driversRt64win7.sys [2013-2-16 769168]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:WindowsSystem32driversSynth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:WindowsSystem32driversterminpt.sys [2013-2-16 29696]
S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2013-2-16 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:WindowsSystem32driversTsUsbGD.sys [2013-2-16 30208]
S3 tsusbhub;Remote Deskotop USB Hub;C:WindowsSystem32driverstsusbhub.sys [2011-4-12 117248]
S3 UsbFltr;WayTech USB Filter Driver;C:WindowsSystem32driversUsbFltr.sys [2007-4-9 12288]
S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2013-3-20 1255736]
S4 nvUpdatusService;NVIDIA Update Service Daemon;C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe [2013-8-4 1826592]
S4 Skype C2C Service;Skype C2C Service;C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe [2013-7-12 3289472]
S4 SkypeUpdate;Skype Updater;C:Program Files (x86)SkypeUpdaterUpdater.exe [2013-6-21 162408]
S4 TeamViewer8;TeamViewer 8;C:Program Files (x86)TeamViewerVersion8TeamViewer_Service.exe [2013-7-18 4153184]
S4 VMUSBArbService;VMware USB Arbitration Service;C:Program Files (x86)Common FilesVMwareUSBvmware-usbarbitrator64.exe [2012-10-11 918680]
S4 VMwareHostd;VMware Workstation Server;C:Program Files (x86)VMwareVMware Workstationvmware-hostd.exe [2013-2-26 13242960]
S4 WiseBootAssistant;Wise Boot Assistant;C:Program Files (x86)WiseWise Care 365BootTime.exe [2013-8-4 580232]
.
=============== Created Last 30 ================
.
2013-08-19 20:40:03 -------- d-----w- C:TDSSKiller_Quarantine
2013-08-19 20:35:02 -------- d-----w- C:ProgramDataMalwarebytes
2013-08-19 20:35:01 25928 ----a-w- C:WindowsSystem32driversmbam.sys
2013-08-19 20:35:01 -------- d-----w- C:Program Files (x86)Malwarebytes' Anti-Malware
2013-08-19 20:12:50 98816 ----a-w- C:Windowssed.exe
2013-08-19 20:12:50 256000 ----a-w- C:WindowsPEV.exe
2013-08-19 20:12:50 208896 ----a-w- C:WindowsMBR.exe
2013-08-18 14:00:43 -------- d-----w- C:WindowsSystem32driversNISx641404000.028
2013-08-18 14:00:43 -------- d-----w- C:WindowsSystem32driversNISx64
2013-08-16 13:51:31 -------- d-----w- C:WindowsSysWow64wbemLogs
2013-08-16 13:17:59 2241024 ----a-w- C:WindowsSystem32wininet.dll
2013-08-16 13:13:18 -------- d-----w- C:WindowsSystem32MRT
2013-08-16 10:30:00 1472512 ----a-w- C:WindowsSystem32crypt32.dll
2013-08-13 17:51:29 -------- d-----w- C:Program FilesCPUID
2013-08-12 17:13:29 -------- d-----w- C:UsersluckyboyAppDataLocalXpom
2013-08-12 17:12:26 -------- d-----w- C:UsersluckyboyAppDataLocalMail.Ru
2013-08-11 22:14:34 -------- d-----w- C:UsersluckyboyAppDataLocalDownloaded Installations
2013-08-11 11:47:10 -------- d-----w- C:UsersluckyboyAppDataLocalMozilla
2013-08-10 17:35:53 234544 ----a-w- C:WindowsRegBootClean64.exe
2013-08-07 18:07:09 76232 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition Updates{4385D987-0DEE-446A-AE88-2FAA3C23ADEF}offreg.dll
2013-08-07 06:58:55 -------- d-----w- C:ProgramDataWNR
2013-08-07 06:58:22 -------- d-----w- C:UsersluckyboyAppDataRoamingWNR
2013-08-06 21:34:00 -------- d-----w- C:UsersluckyboyAppDataRoamingFastStone
2013-08-06 21:34:00 -------- d-----w- C:UsersluckyboyAppDataLocalFastStone
2013-08-06 21:33:28 -------- d-----w- C:Program Files (x86)FastStone Capture
2013-08-06 20:59:42 -------- d-----w- C:Program Files (x86)NCH Software
2013-08-06 20:59:39 -------- d-----w- C:UsersluckyboyAppDataRoamingNCH Software
2013-08-04 13:36:47 -------- d-----w- C:UsersluckyboyAppDataRoamingNVIDIA
2013-08-04 11:32:15 -------- d-----w- C:WindowsSysWow64NV
2013-08-04 11:32:15 -------- d-----w- C:WindowsSystem32NV
2013-08-04 09:31:26 884512 ----a-w- C:WindowsSystem32nvvsvc.exe
2013-08-04 09:31:26 67072 ----a-w- C:WindowsSystem32nv3dappshextr.dll
2013-08-04 09:31:26 6496544 ----a-w- C:WindowsSystem32nvcpl.dll
2013-08-04 09:31:26 63776 ----a-w- C:WindowsSystem32nvshext.dll
2013-08-04 09:31:26 3514656 ----a-w- C:WindowsSystem32nvsvc64.dll
2013-08-04 09:31:26 3253909 ----a-w- C:WindowsSystem32nvcoproc.bin
2013-08-04 09:31:26 2555680 ----a-w- C:WindowsSystem32nvsvcr.dll
2013-08-04 09:31:26 237856 ----a-w- C:WindowsSystem32nvmctray.dll
2013-08-04 09:31:26 1025312 ----a-w- C:WindowsSystem32nv3dappshext.dll
2013-08-04 09:29:02 61216 ----a-w- C:WindowsSystem32OpenCL.dll
2013-08-04 09:29:02 53024 ----a-w- C:WindowsSysWow64OpenCL.dll
2013-08-04 09:28:47 -------- d-----w- C:ProgramDataNVIDIA Corporation
2013-08-04 08:32:55 -------- d-----w- C:UsersluckyboyAppDataRoamingDream Aquarium
2013-08-04 08:32:24 141312 ----a-w- C:WindowsDreamAquarium.scr
2013-08-04 08:32:22 -------- d-----w- C:Program Files (x86)Dream Aquarium
2013-08-04 07:52:20 -------- d-----w- C:UsersluckyboyAppDataRoamingWise Care 365
2013-08-04 07:52:01 -------- d-----w- C:Program Files (x86)Wise
2013-08-03 15:24:09 -------- d-----w- C:Usersluckyboycache
2013-08-03 12:34:27 -------- d-----w- C:UsersluckyboyAppDataRoaming360Login
2013-08-03 12:34:05 -------- d-----w- C:UsersluckyboyAppDataRoaming360se6
2013-08-02 06:16:12 1643520 ----a-w- C:WindowsSystem32DWrite.dll
2013-08-02 06:16:12 1247744 ----a-w- C:WindowsSysWow64DWrite.dll
2013-08-02 06:16:10 9216 ----a-w- C:Program Files (x86)Windows DefenderMpAsDesc.dll
2013-08-02 06:16:10 571904 ----a-w- C:Program FilesWindows DefenderMpClient.dll
2013-08-02 06:16:10 54784 ----a-w- C:Program Files (x86)Windows DefenderMpOAV.dll
2013-08-02 06:16:10 4608 ----a-w- C:Program Files (x86)Windows DefenderMsMpLics.dll
2013-08-02 06:16:10 392704 ----a-w- C:Program Files (x86)Windows DefenderMpClient.dll
2013-08-02 06:16:10 314880 ----a-w- C:Program FilesWindows DefenderMpCommu.dll
2013-08-02 06:16:10 1011712 ----a-w- C:Program FilesWindows DefenderMpSvc.dll
2013-08-02 06:15:53 936448 ----a-w- C:Program Files (x86)Common FilesMicrosoft Sharedinkjournal.dll
2013-08-02 06:15:53 1732608 ----a-w- C:Program FilesWindows JournalNBDoc.DLL
2013-08-02 06:15:53 1402880 ----a-w- C:Program FilesWindows JournalJNWDRV.dll
2013-08-02 06:15:53 1393152 ----a-w- C:Program FilesWindows JournalJNTFiltr.dll
2013-08-02 06:15:53 1367040 ----a-w- C:Program FilesCommon FilesMicrosoft Sharedinkjournal.dll
2013-08-02 06:15:52 3153920 ----a-w- C:WindowsSystem32win32k.sys
2013-08-02 06:15:51 624128 ----a-w- C:WindowsSystem32qedit.dll
2013-08-02 06:15:51 509440 ----a-w- C:WindowsSysWow64qedit.dll
2013-08-01 17:29:22 -------- d-----w- C:ProgramDataHitmanPro
2013-07-31 19:54:03 -------- d-----w- C:UsersluckyboyAppDataLocalEMU
2013-07-31 15:06:47 -------- d-----w- C:ProgramDataAuslogics
2013-07-30 16:14:22 -------- d-----w- C:UsersluckyboyAppDataLocalBabylon
2013-07-30 16:14:20 -------- d-----w- C:Program FilesUnlocker
2013-07-29 18:17:35 574120 ----a-w- C:WindowsSysWow64msvcp50.dll
2013-07-29 12:17:40 -------- d-----w- C:True Poker
2013-07-28 08:12:19 -------- d-----w- C:UsersluckyboyAppDataRoamingpostgresql
2013-07-28 08:09:52 -------- d-----w- C:UsersluckyboyAppDataLocalPokerTracker 4
2013-07-27 21:31:54 -------- d-----w- C:UsersluckyboyAppDataLocalKesemoholdings_Limited
2013-07-27 21:30:21 -------- d-----w- C:UsersluckyboyAppDataLocalMagicHoldem
2013-07-27 17:30:24 -------- d-----w- C:Games
2013-07-25 18:18:31 -------- d-----w- C:Poker
2013-07-25 15:46:39 -------- d-----w- C:Program Files (x86)Poker Heaven
2013-07-23 22:06:54 -------- d-----w- C:UsersluckyboyAppDataRoamingWireshark
2013-07-23 20:04:29 70296 ----a-w- C:WindowsSystem32driversvsock.sys
2013-07-23 20:04:29 67224 ----a-w- C:WindowsSystem32vsocklib.dll
2013-07-23 20:04:29 63128 ----a-w- C:WindowsSysWow64vsocklib.dll
2013-07-23 20:04:18 67664 ----a-w- C:WindowsSystem32driversvmx86.sys
2013-07-23 20:03:07 357456 ----a-w- C:WindowsSysWow64vmnetdhcp.exe
2013-07-23 20:03:06 436304 ----a-w- C:WindowsSysWow64vmnat.exe
2013-07-23 20:03:04 30800 ----a-w- C:WindowsSystem32driversvmnetuserif.sys
2013-07-23 20:02:48 933968 ----a-w- C:WindowsSystem32vnetlib64.dll
2013-07-23 20:02:37 52376 ----a-w- C:WindowsSystem32drivershcmon.sys
2013-07-23 20:01:56 -------- d-----w- C:Program FilesCommon FilesVMware
2013-07-23 20:01:21 -------- d-----w- C:Program Files (x86)Common FilesVMware
2013-07-23 14:14:44 57344 ----a-w- C:WindowsWinRaR password findeR v4.0.exe
2013-07-22 07:37:56 -------- d-----w- C:UsersluckyboyAppDataRoamingURSoft
2013-07-22 07:37:36 -------- d-----w- C:Program Files (x86)Your Uninstaller! 7
2013-07-22 07:19:05 -------- d-----w- C:Program Files (x86)Redbet Poker
2013-07-21 09:02:09 -------- d-----w- C:UsersluckyboyAppDataLocalcache
2013-07-21 09:01:51 -------- d-----w- C:UsersluckyboyAppDataLocalFullTiltPoker
.
==================== Find3M  ====================
.
2013-08-13 18:00:36 6656 ----a-w- C:WindowsSystem32lpcio.dll
2013-07-26 05:12:08 3958784 ----a-w- C:WindowsSystem32jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:WindowsSystem32iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:WindowsSystem32iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:WindowsSystem32mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:WindowsSysWow64wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:WindowsSysWow64jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:WindowsSysWow64iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:WindowsSysWow64iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:WindowsSysWow64mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:WindowsSystem32RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:WindowsSysWow64RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:WindowsSystem32WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:WindowsSysWow64WMVDECOD.DLL
2013-07-24 15:27:36 12872 ----a-w- C:WindowsSystem32bootdelete.exe
2013-07-23 19:07:14 102016 ----a-w- C:WindowsSystem32driversBprotect.sys
2013-07-22 19:04:52 29848 ----a-w- C:WindowsSystem32driversBfmon.sys
2013-07-19 01:58:42 2048 ----a-w- C:WindowsSystem32tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:WindowsSysWow64tzres.dll
2013-07-18 06:54:28 50496 ----a-w- C:WindowsSystem32driversBfilter.sys
2013-07-09 06:03:30 5550528 ----a-w- C:WindowsSystem32ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:WindowsSystem32ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:WindowsSystem32wow64.dll
2013-07-09 05:52:52 224256 ----a-w- C:WindowsSystem32wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:WindowsSystem32rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:WindowsSystem32cryptsvc.dll
2013-07-09 05:46:20 139776 ----a-w- C:WindowsSystem32cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:WindowsSysWow64ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:WindowsSysWow64ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:WindowsSysWow64ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:WindowsSysWow64rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:WindowsSysWow64wow32.dll
2013-07-09 04:52:10 175104 ----a-w- C:WindowsSysWow64wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:WindowsSysWow64cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:WindowsSysWow64crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:WindowsSysWow64cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:Windowsapppatchacwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:WindowsSysWow64setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:WindowsSysWow64instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:WindowsSysWow64ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:WindowsSysWow64user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:WindowsSystem32driverstcpip.sys
2013-06-27 19:58:18 56272 ----a-w- C:WindowsSystem32snacnp.dll
2013-06-27 09:57:42 172920 ------w- C:WindowsSystem32driversidmwfp.sys
2013-06-15 04:32:16 39936 ----a-w- C:WindowsSystem32driverstssecsrv.sys
2013-06-12 21:18:08 71048 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl
2013-06-12 21:18:08 692104 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe
2013-06-12 18:48:23 867240 ----a-w- C:WindowsSysWow64npDeployJava1.dll
2013-06-12 18:48:17 789416 ----a-w- C:WindowsSysWow64deployJava1.dll
2013-06-12 18:47:57 96168 ----a-w- C:WindowsSysWow64WindowsAccessBridge-32.dll
2013-05-31 18:00:00 112640 ----a-w- C:WindowsSysWow64ff_vfw.dll
.
============= FINISH:  0:01:26,58 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-09-30.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: DeviceHarddiskVolume1
Install Date: 20.3.2013 г. 18:11:03
System Uptime: 19.8.2013 г. 23:54:45 (1 hours ago)
.
Motherboard: Acer |  | Aspire 5742G
Processor: Intel® Core i5 CPU       M 480  @ 2.67GHz | CPU | 2106/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 47,834 GiB free.
D: is FIXED (NTFS) - 499 GiB total, 176,486 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: klpd
Device ID: ROOTLEGACY_KLPD0000
Manufacturer: 
Name: klpd
PNP Device ID: ROOTLEGACY_KLPD0000
Service: klpd
.
==== System Restore Points ===================
.
RP181: 19.8.2013 г. 14:29:03 - Before uninstalling Norton Internet Security
RP182: 19.8.2013 г. 16:13:46 - Before uninstalling TrustPort Internet Security (remove only)
RP183: 19.8.2013 г. 20:04:48 - Restore Operation
RP184: 19.8.2013 г. 20:12:27 - Before uninstalling Norton Internet Security
RP185: 19.8.2013 г. 21:25:56 - Before uninstalling Microsoft Office Professional Plus 2013
RP186: 19.8.2013 г. 21:26:13 - Removed Microsoft Office Professional Plus 2013
RP187: 19.8.2013 г. 21:26:27 - PROPLUSR
RP188: 19.8.2013 г. 22:45:38 - Before uninstalling Comodo Dragon
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 12.0
Ashampoo Burning Studio 12 v.12.0.5
Avira System Speedup
Broadcom Gigabit NetLink Controller
Counter Strike Source + Autoupdate patch 2.0
CS-Source.v80
DAEMON Tools Lite
Dream Aquarium 1.2592
FastStone Capture 7.2
Google Chrome
Google Update Helper
HiSuite
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Internet Download Manager
Java 7 Update 25
JDownloader 0.9
K-Lite Mega Codec Pack 9.9.5
Malwarebytes Anti-Malware, версия 1.75.0.1300
Maxthon 3
Microsoft .NET Framework 4.5
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MP3 To Ringtone Gold 8.7
MX vs. ATV.Reflex
NVIDIA Control Panel 320.49
NVIDIA Install Application
NVIDIA Optimus 4.11.9
NVIDIA PhysX
NVIDIA Update Components
OpenAL
Poker Heaven
PokerStars.eu
PotPlayer 1.5.32922 BG
Pure
Qualcomm Atheros Fast Reconnect
Redbet Poker
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Skype Click to Call
Skype™ 6.6
Streamripper (Remove only)
swMSM
TeamViewer 8
tools-windows
Unlocker 1.9.2
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
VLC media player 2.0.7
VMware Workstation
Winamp
Winamp Detector Plug-in
Windows Live ID Sign-in Assistant
WinRAR 4.20 (64-bit)
Wise Care 365 version 2.71
Your Uninstaller! 7
.
==== Event Viewer Messages From Past Week ========
.
6774654drv klpd
6774654drv klpd
6774654drv klpd
6774654drv klpd
6774654drv klpd
6774654drv is not a valid Win32 application.
6774654drv
6774654drv
19.8.2013 г. 23:55:13, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
19.8.2013 г. 23:54:19, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
19.8.2013 г. 23:51:39, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
19.8.2013 г. 23:41:09, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
19.8.2013 г. 23:20:42, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load: 
19.8.2013 г. 23:19:45, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
19.8.2013 г. 23:19:09, Error: Application Popup [1060]  - ??C:ComboFixcatchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
19.8.2013 г. 23:17:07, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
19.8.2013 г. 22:57:23, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load: 
19.8.2013 г. 22:57:00, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xfffff880033b0ff8, 0x0000000000000000, 0xfffff8000326f816, 0x0000000000000000). A dump was saved in: C:WindowsMEMORY.DMP. Report Id: 081913-22401-01.
19.8.2013 г. 22:48:38, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
19.8.2013 г. 22:24:02, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
19.8.2013 г. 22:22:06, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:22:06, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:22:06, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
19.8.2013 г. 22:22:04, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:22:04, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:22:04, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:22:04, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:22:04, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:22:04, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:22:04, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
19.8.2013 г. 22:22:03, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
19.8.2013 г. 22:22:03, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
19.8.2013 г. 22:21:53, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
19.8.2013 г. 22:21:45, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
19.8.2013 г. 22:21:37, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache klpd NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
19.8.2013 г. 22:21:37, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:21:37, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
19.8.2013 г. 22:21:37, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
19.8.2013 г. 22:21:37, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:21:37, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:21:37, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
19.8.2013 г. 22:21:37, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:21:37, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:21:37, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
19.8.2013 г. 22:21:37, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
19.8.2013 г. 22:09:27, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
19.8.2013 г. 22:08:04, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
19.8.2013 г. 22:06:48, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:06:48, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:06:48, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:06:48, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:06:48, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:06:48, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:06:47, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
19.8.2013 г. 22:06:47, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
19.8.2013 г. 22:06:38, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:06:36, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:06:36, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
19.8.2013 г. 22:06:36, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
19.8.2013 г. 22:06:35, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
19.8.2013 г. 22:06:28, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
19.8.2013 г. 22:06:18, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache klpd NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
19.8.2013 г. 22:06:18, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:06:18, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
19.8.2013 г. 22:06:18, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
19.8.2013 г. 22:06:18, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:06:18, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:06:18, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
19.8.2013 г. 22:06:18, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:06:18, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:06:18, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
19.8.2013 г. 22:06:18, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
19.8.2013 г. 22:04:11, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
19.8.2013 г. 22:03:46, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
19.8.2013 г. 22:02:08, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:02:08, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:02:08, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:02:08, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:02:08, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:02:08, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:02:08, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:02:08, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:02:08, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
19.8.2013 г. 22:02:08, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
19.8.2013 г. 22:01:55, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
19.8.2013 г. 22:01:55, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
19.8.2013 г. 22:01:52, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
19.8.2013 г. 22:01:46, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
19.8.2013 г. 22:01:37, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache klpd NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
19.8.2013 г. 22:01:37, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:01:37, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
19.8.2013 г. 22:01:37, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
19.8.2013 г. 22:01:37, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:01:37, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:01:37, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
19.8.2013 г. 22:01:37, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:01:37, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 22:01:37, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
19.8.2013 г. 22:01:37, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
19.8.2013 г. 21:38:03, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
19.8.2013 г. 21:19:59, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
19.8.2013 г. 21:14:53, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
19.8.2013 г. 21:02:36, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:36, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:34, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:34, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:34, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:34, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:34, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:34, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:33, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:33, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:33, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:33, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:33, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:33, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:23, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
19.8.2013 г. 21:02:23, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
19.8.2013 г. 21:02:20, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
19.8.2013 г. 21:02:13, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
19.8.2013 г. 21:02:09, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:09, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:09, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:07, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache klpd spldr Wanarpv6
19.8.2013 г. 21:02:07, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:07, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:07, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:07, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:07, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:07, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:07, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:07, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 21:02:07, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:39:57, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
19.8.2013 г. 20:35:12, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
19.8.2013 г. 20:33:45, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:45, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:45, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:43, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:43, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:43, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:42, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:42, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
19.8.2013 г. 20:33:42, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
19.8.2013 г. 20:33:41, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:41, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:41, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:41, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:41, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:41, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:40, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
19.8.2013 г. 20:33:34, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
19.8.2013 г. 20:33:31, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:31, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:31, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:29, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:29, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:29, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:27, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache klpd spldr Wanarpv6
19.8.2013 г. 20:33:27, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:27, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:27, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:27, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:27, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:33:27, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19.8.2013 г. 20:20:20, Error: Service Control Manager [7031]  - The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
19.8.2013 г. 20:16:40, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
19.8.2013 г. 20:14:19, Error: Service Control Manager [7031]  - The Norton Internet Security service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
19.8.2013 г. 20:11:57, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
19.8.2013 г. 20:11:57, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
19.8.2013 г. 20:11:46, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
19.8.2013 г. 20:11:40, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BHDrvx64 ccSet_NIS klpd SymIRON
19.8.2013 г. 20:11:29, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with service-specific error Access is denied..
19.8.2013 г. 20:10:00, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
19.8.2013 г. 20:10:00, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
19.8.2013 г. 20:09:51, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
19.8.2013 г. 20:09:36, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BHDrvx64 ccSet_NIS klpd SymIRON
19.8.2013 г. 20:09:19, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with service-specific error Access is denied..
19.8.2013 г. 17:33:10, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load: 
19.8.2013 г. 17:14:01, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load: 
19.8.2013 г. 17:00:24, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load: 
19.8.2013 г. 16:52:39, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load: 
19.8.2013 г. 16:51:49, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xfffff88003bb7ff8, 0x0000000000000000, 0xfffff800032c7816, 0x0000000000000000). A dump was saved in: C:WindowsMEMORY.DMP. Report Id: 081913-23462-01.
19.8.2013 г. 16:50:29, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
19.8.2013 г. 16:46:58, Error: Service Control Manager [7000]  - The 6774654drv service failed to start due to the following error: 
19.8.2013 г. 16:41:38, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load: 
19.8.2013 г. 16:40:52, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xfffff880033ccff8, 0x0000000000000000, 0xfffff80003286816, 0x0000000000000000). A dump was saved in: C:WindowsMEMORY.DMP. Report Id: 081913-29234-01.
19.8.2013 г. 16:18:58, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
19.8.2013 г. 15:04:32, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
19.8.2013 г. 14:34:31, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
18.8.2013 г. 23:11:53, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
18.8.2013 г. 21:22:43, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
18.8.2013 г. 17:37:26, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
18.8.2013 г. 14:36:08, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
18.8.2013 г. 10:31:25, Error: Schannel [36887]  - The following fatal alert was received: 47.
18.8.2013 г. 10:31:13, Error: Schannel [36887]  - The following fatal alert was received: 47.
17.8.2013 г. 01:10:10, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
16.8.2013 г. 18:35:04, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
16.8.2013 г. 18:03:23, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
16.8.2013 г. 16:51:54, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
16.8.2013 г. 16:32:37, Error: Schannel [36887]  - The following fatal alert was received: 47.
16.8.2013 г. 16:31:44, Error: Schannel [36887]  - The following fatal alert was received: 47.
16.8.2013 г. 16:24:03, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
14.8.2013 г. 15:20:55, Error: Schannel [36887]  - The following fatal alert was received: 47.
14.8.2013 г. 15:20:45, Error: Schannel [36887]  - The following fatal alert was received: 47.
14.8.2013 г. 10:33:10, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
14.8.2013 г. 08:21:33, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
13.8.2013 г. 20:47:42, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
13.8.2013 г. 10:36:38, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  klpd
.
==== End Of File ===========================
 

 

ComboFix.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравей...Има в системата ви един драйвер klpd ..ако не се лъжа той е на Kaspersky Lab. Но в системата не виждам техен продукт.....явно е остатък от некоректно деинсталиране...Мисля че този драйвер е в конфликт със другия ви защитен софтуер и това е една от причините за проблемите ви..!Използвайте кavremover  за да премахните остатъците..!Същото се отнася и за другите остатъци от антивирусни продукти.....виждам Avira System Speedup,драйвер на Emsisoft , HitmanPro...!!!Поразчистете малко системата си.
 и направете така:
 
 
Деинсталирайте ComboFix така:

  • [*]Натиснете Start ==> Run ==> въведете командата Combofix /Uninstall ==> OK

  • [*]Публикувано изображение

  • [*]Моля, следвайте инструкциите, за да деинсталирате ComboFix. Ще получите съобщение, в което се казва ComboFix е деинсталиран успешно.

Публикувано изображение Изтеглете Публикувано изображениеOTCleanIt или от тук,стартирайте и натиснете Публикувано изображение
 
Публикувано изображение Изтеглете Delfix.exe и го стартирайте. Сложете отметка пред Remove disinfection tools => натиснете бутона Run Инструмента ще се самоизтрие след като приключи своята задача!
 
Подгответе свеж лог с програмата DDS и публикувайте дневниците в следващия си пост..!
 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здрасти,

 

Инструмента им за почистване го използвах многократно (дори през сейфмод).Вероятно точно този драйвър прави проблеми, но не знам как да го премахна.Относно останалите продукти никога не съм имал пролеми с несвъместимост с Касперски!

Eто и лога:

 

DDS (Ver_2011-09-30.01) - NTFS_AMD64 Internet Explorer: 9.10.9200.16660  BrowserJavaVersion: 10.25.2 Run by luckyboy at 16:16:05 on 2013-08-20 Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1033.18.3767.2684 [GMT 3:00] . SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Windowssystem32nvvsvc.exe C:Windowssystem32svchost.exe -k RPCSS C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k GPSvcGroup C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32svchost.exe -k NetworkService C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe C:Windowssystem32nvvsvc.exe C:Windowssystem32Dwm.exe C:WindowsSystem32spoolsv.exe C:Windowssystem32taskhost.exe C:Windowssystem32svchost.exe -k LocalServiceNoNetwork C:WindowsExplorer.EXE C:ProgramDataHiSuiteOucHiSuiteOuc64.exe C:ProgramDataHandSetServiceHuaweiHiSuiteService64.exe C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe C:Windowssystem32svchost.exe -k regsvc C:WindowsSysWOW64vmnat.exe C:Program Files (x86)Qualcomm Atheros Fast ReconnectAth_WlanAgent.exe C:Windowssystem32taskeng.exe C:WindowsSysWOW64vmnetdhcp.exe C:Program FilesRealtekAudioHDARAVCpl64.exe C:WindowsSystem32hkcmd.exe C:WindowsSystem32igfxpers.exe C:Program Files (x86)Internet Download Manageridman.exe C:Program Files (x86)GoogleUpdate1.3.21.153GoogleCrashHandler.exe C:Program Files (x86)GoogleUpdate1.3.21.153GoogleCrashHandler64.exe C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted C:Program Files (x86)Internet Download ManagerIEMonitor.exe C:Program FilesNVIDIA CorporationDisplaynvtray.exe C:Windowssystem32SearchIndexer.exe C:Windowssystem32taskeng.exe C:Program FilesWindows Media Playerwmpnetwk.exe C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation C:Windowssystem32wbemwmiprvse.exe C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe C:Windowssystem32sppsvc.exe C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe C:Windowssystem32wbemwmiprvse.exe C:Windowssystem32conhost.exe C:WindowsSystem32cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:Program Files (x86)Internet Download ManagerIDMIECC.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dll uRun: [iDMan] C:Program Files (x86)Internet Download ManagerIDMan.exe /onboot dRun: [sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun uPolicies-Explorer: NoDriveTypeAutoRun = dword:255 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-WindowsSystem: UseOEMBackground = dword:1 IE: E&xport to Microsoft Excel - C:PROGRA~1MICROS~3Office15EXCEL.EXE/3000 IE: Se&nd to OneNote - C:PROGRA~1MICROS~3Office15ONBttnIE.dll/105 IE: Свали всички линкове с IDM - C:Program Files (x86)Internet Download ManagerIEGetAll.htm IE: Свали с IDM - C:Program Files (x86)Internet Download ManagerIEExt.htm IE: {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:Program Files (x86)PokerStars.EUPokerStarsUpdate.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll TCP: NameServer = 192.168.0.1 TCP: Interfaces{EAE7926D-99A3-4D2B-A510-BB0191136D27} : DHCPNameServer = 192.168.0.1 TCP: Interfaces{EAE7926D-99A3-4D2B-A510-BB0191136D27}3C0EBEFF : DHCPNameServer = 192.168.0.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll SSODL: WebCheck - <orphaned> LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:Program Files (x86)GoogleChromeApplication28.0.1500.95Installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mStart Page = about:blank x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:Program Files (x86)Internet Download ManagerIDMIECC64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorer x64skypeieplugin.dll x64-Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe -s x64-Run: [igfxTray] C:WindowsSystem32igfxtray.exe x64-Run: [HotKeysCmds] C:WindowsSystem32hkcmd.exe x64-Run: [Persistence] C:WindowsSystem32igfxpers.exe x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorer x64skypeieplugin.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorer x64skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:UsersluckyboyAppDataRoamingMozillaFirefoxProfiles5o1ndzrs.default FF - plugin: C:Program Files (x86)AdobeReader 11.0ReaderAIRnppdf32.dll FF - plugin: C:Program Files (x86)GoogleUpdate1.3.21.153npGoogleUpdate3.dll FF - plugin: C:Program Files (x86)Javajre7binplugin2npjp2.dll FF - plugin: C:Program Files (x86)Microsoft Silverlight5.1.20513.0npctrlui.dll FF - plugin: C:WindowsSysWOW64AdobeDirectornp32dsw_1202122.dll FF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32_11_7_700_224.dll FF - plugin: C:WindowsSysWOW64npDeployJava1.dll FF - plugin: C:WindowsSysWOW64npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 nvpciflt;nvpciflt;C:WindowsSystem32driversnvpciflt.sys [2013-8-4 30496] R0 vsock;vSockets Driver;C:WindowsSystem32driversvsock.sys [2013-7-23 70296] R1 Bfilter;Baidu Antivirus Minifilter Driver;C:WindowsSystem32driversBfilter.sys [2013-3-29 50496] R1 Bfmon;Baidu FS Monitor Driver;C:WindowsSystem32driversBfmon.sys [2013-3-29 29848] R1 Bprotect;Baidu Protect;C:WindowsSystem32driversBprotect.sys [2013-3-29 102016] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:WindowsSystem32driversdtsoftbus01.sys [2013-3-28 283200] R1 vwififlt;Virtual WiFi Filter Driver;C:WindowsSystem32driversvwififlt.sys [2009-7-14 59904] R2 HiSuiteOuc64.exe;HiSuiteOuc64.exe;C:ProgramDataHiSuiteOucHiSuiteOuc64.exe [2013-7-15 137024] R2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;C:ProgramDataHandSetServiceHuaweiHiSuiteService64.exe [2013-7-15 197632] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [2013-3-20 13336] R2 IDMWFP;IDMWFP;C:WindowsSystem32driversidmwfp.sys [2013-6-28 172920] R2 UNS;Intel® Management & Security Application User Notification Service;C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2013-3-20 2320920] R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:Program Files (x86)Qualcomm Atheros Fast ReconnectAth_WlanAgent.exe [2013-3-20 57344] R3 HECIx64;Intel® Management Engine Interface;C:WindowsSystem32driversHECIx64.sys [2012-12-11 56344] R3 Impcd;Impcd;C:WindowsSystem32driversImpcd.sys [2012-12-11 158976] R3 IntcDAud;Intel® Display Audio;C:WindowsSystem32driversIntcDAud.sys [2012-12-3 287232] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:WindowsSystem32driversk57nd60a.sys [2010-5-15 384040] S1 klpd;klpd;C:WindowsSystem32driversklpd.sys [2013-4-12 15456] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2012-7-9 104912] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2012-7-9 123856] S2 gupdate;Услуга на Google Актуализация (gupdate);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2013-3-20 116648] S3 AdobeARMservice;Adobe Acrobat Update Service;C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [2013-5-11 65640] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2013-3-27 256904] S3 dmvsc;dmvsc;C:WindowsSystem32driversdmvsc.sys [2011-4-12 71168] S3 gupdatem;Услуга на Google Актуализация (gupdatem);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2013-3-20 116648] S3 MBAMProtector;MBAMProtector;C:WindowsSystem32driversmbam.sys [2013-8-19 25928] S3 MozillaMaintenance;Mozilla Maintenance Service;C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe [2013-8-20 117656] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:WindowsSystem32driversrdpvideominiport.sys [2013-2-16 19456] S3 RTL8167;Realtek 8167 NT Driver;C:WindowsSystem32driversRt64win7.sys [2013-2-16 769168] S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:WindowsSystem32driversSynth3dVsc.sys [2011-4-12 88960] S3 terminpt;Microsoft Remote Desktop Input Driver;C:WindowsSystem32driversterminpt.sys [2013-2-16 29696] S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2013-2-16 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:WindowsSystem32driversTsUsbGD.sys [2013-2-16 30208] S3 tsusbhub;Remote Deskotop USB Hub;C:WindowsSystem32driverstsusbhub.sys [2011-4-12 117248] S3 UsbFltr;WayTech USB Filter Driver;C:WindowsSystem32driversUsbFltr.sys [2007-4-9 12288] S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2013-3-20 1255736] S4 MBAMScheduler;MBAMScheduler;C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [2013-8-19 418376] S4 MBAMService;MBAMService;C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2013-8-19 701512] S4 nvUpdatusService;NVIDIA Update Service Daemon;C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe [2013-8-4 1826592] S4 Skype C2C Service;Skype C2C Service;C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe [2013-7-12 3289472] S4 SkypeUpdate;Skype Updater;C:Program Files (x86)SkypeUpdaterUpdater.exe [2013-6-21 162408] S4 TeamViewer8;TeamViewer 8;C:Program Files (x86)TeamViewerVersion8TeamViewer_Service.exe [2013-7-18 4153184] S4 VMUSBArbService;VMware USB Arbitration Service;C:Program Files (x86)Common FilesVMwareUSBvmware-usbarbitrator64.exe [2012-10-11 918680] S4 VMwareHostd;VMware Workstation Server;C:Program Files (x86)VMwareVMware Workstationvmware-hostd.exe [2013-2-26 13242960] S4 WiseBootAssistant;Wise Boot Assistant;C:Program Files (x86)WiseWise Care 365BootTime.exe [2013-8-4 580232] . =============== Created Last 30 ================ . 2013-08-20 12:13:57  --------  d-----w-  C:UsersluckyboyDoctor Web 2013-08-20 10:07:04  --------  d-----w-  C:Program Files (x86)MSECACHE 2013-08-19 22:49:13  --------  d-----w-  C:ProgramDataKaspersky Lab Setup Files 2013-08-19 21:59:34  --------  d-----w-  C:UsersluckyboyAppDataLocalMacromedia 2013-08-19 21:15:39  --------  d-----w-  C:UsersluckyboyAppDataLocalNPE 2013-08-19 21:15:39  --------  d-----w-  C:ProgramDataNorton 2013-08-19 20:35:02  --------  d-----w-  C:ProgramDataMalwarebytes 2013-08-19 20:35:01  25928  ----a-w-  C:WindowsSystem32driversmbam.sys 2013-08-19 20:35:01  --------  d-----w-  C:Program Files (x86)Malwarebytes' Anti-Malware 2013-08-18 14:00:43  --------  d-----w-  C:WindowsSystem32driversNISx641404000.028 2013-08-18 14:00:43  --------  d-----w-  C:WindowsSystem32driversNISx64 2013-08-16 13:51:31  --------  d-----w-  C:WindowsSysWow64wbemLogs 2013-08-16 13:17:59  2241024  ----a-w-  C:WindowsSystem32wininet.dll 2013-08-16 13:13:18  --------  d-----w-  C:WindowsSystem32MRT 2013-08-16 10:30:00  1472512  ----a-w-  C:WindowsSystem32crypt32.dll 2013-08-13 17:51:29  --------  d-----w-  C:Program FilesCPUID 2013-08-12 17:13:29  --------  d-----w-  C:UsersluckyboyAppDataLocalXpom 2013-08-12 17:12:26  --------  d-----w-  C:UsersluckyboyAppDataLocalMail.Ru 2013-08-11 22:14:34  --------  d-----w-  C:UsersluckyboyAppDataLocalDownloaded Installations 2013-08-11 11:47:10  --------  d-----w-  C:UsersluckyboyAppDataLocalMozilla 2013-08-10 17:35:53  234544  ----a-w-  C:WindowsRegBootClean64.exe 2013-08-07 18:07:09  76232  ----a-w-  C:ProgramDataMicrosoftWindows DefenderDefinition Updates{4385D987-0DEE-446A-AE88-2FAA3C23ADEF}offreg.dll 2013-08-07 06:58:55  --------  d-----w-  C:ProgramDataWNR 2013-08-07 06:58:22  --------  d-----w-  C:UsersluckyboyAppDataRoamingWNR 2013-08-06 21:34:00  --------  d-----w-  C:UsersluckyboyAppDataRoamingFastStone 2013-08-06 21:34:00  --------  d-----w-  C:UsersluckyboyAppDataLocalFastStone 2013-08-06 21:33:28  --------  d-----w-  C:Program Files (x86)FastStone Capture 2013-08-06 20:59:42  --------  d-----w-  C:Program Files (x86)NCH Software 2013-08-06 20:59:39  --------  d-----w-  C:UsersluckyboyAppDataRoamingNCH Software 2013-08-04 13:36:47  --------  d-----w-  C:UsersluckyboyAppDataRoamingNVIDIA 2013-08-04 11:32:15  --------  d-----w-  C:WindowsSysWow64NV 2013-08-04 11:32:15  --------  d-----w-  C:WindowsSystem32NV 2013-08-04 09:31:26  884512  ----a-w-  C:WindowsSystem32nvvsvc.exe 2013-08-04 09:31:26  67072  ----a-w-  C:WindowsSystem32nv3dappshextr.dll 2013-08-04 09:31:26  6496544  ----a-w-  C:WindowsSystem32nvcpl.dll 2013-08-04 09:31:26  63776  ----a-w-  C:WindowsSystem32nvshext.dll 2013-08-04 09:31:26  3514656  ----a-w-  C:WindowsSystem32nvsvc64.dll 2013-08-04 09:31:26  3253909  ----a-w-  C:WindowsSystem32nvcoproc.bin 2013-08-04 09:31:26  2555680  ----a-w-  C:WindowsSystem32nvsvcr.dll 2013-08-04 09:31:26  237856  ----a-w-  C:WindowsSystem32nvmctray.dll 2013-08-04 09:31:26  1025312  ----a-w-  C:WindowsSystem32nv3dappshext.dll 2013-08-04 09:29:02  61216  ----a-w-  C:WindowsSystem32OpenCL.dll 2013-08-04 09:29:02  53024  ----a-w-  C:WindowsSysWow64OpenCL.dll 2013-08-04 09:28:47  --------  d-----w-  C:ProgramDataNVIDIA Corporation 2013-08-04 08:32:55  --------  d-----w-  C:UsersluckyboyAppDataRoamingDream Aquarium 2013-08-04 08:32:24  141312  ----a-w-  C:WindowsDreamAquarium.scr 2013-08-04 08:32:22  --------  d-----w-  C:Program Files (x86)Dream Aquarium 2013-08-04 07:52:20  --------  d-----w-  C:UsersluckyboyAppDataRoamingWise Care 365 2013-08-04 07:52:01  --------  d-----w-  C:Program Files (x86)Wise 2013-08-03 15:24:09  --------  d-----w-  C:Usersluckyboycache 2013-08-02 06:16:12  1643520  ----a-w-  C:WindowsSystem32DWrite.dll 2013-08-02 06:16:12  1247744  ----a-w-  C:WindowsSysWow64DWrite.dll 2013-08-02 06:16:10  9216  ----a-w-  C:Program Files (x86)Windows DefenderMpAsDesc.dll 2013-08-02 06:16:10  571904  ----a-w-  C:Program FilesWindows DefenderMpClient.dll 2013-08-02 06:16:10  54784  ----a-w-  C:Program Files (x86)Windows DefenderMpOAV.dll 2013-08-02 06:16:10  4608  ----a-w-  C:Program Files (x86)Windows DefenderMsMpLics.dll 2013-08-02 06:16:10  392704  ----a-w-  C:Program Files (x86)Windows DefenderMpClient.dll 2013-08-02 06:16:10  314880  ----a-w-  C:Program FilesWindows DefenderMpCommu.dll 2013-08-02 06:16:10  1011712  ----a-w-  C:Program FilesWindows DefenderMpSvc.dll 2013-08-02 06:15:53  936448  ----a-w-  C:Program Files (x86)Common FilesMicrosoft Sharedinkjournal.dll 2013-08-02 06:15:53  1732608  ----a-w-  C:Program FilesWindows JournalNBDoc.DLL 2013-08-02 06:15:53  1402880  ----a-w-  C:Program FilesWindows JournalJNWDRV.dll 2013-08-02 06:15:53  1393152  ----a-w-  C:Program FilesWindows JournalJNTFiltr.dll 2013-08-02 06:15:53  1367040  ----a-w-  C:Program FilesCommon FilesMicrosoft Sharedinkjournal.dll 2013-08-02 06:15:52  3153920  ----a-w-  C:WindowsSystem32win32k.sys 2013-08-02 06:15:51  624128  ----a-w-  C:WindowsSystem32qedit.dll 2013-08-02 06:15:51  509440  ----a-w-  C:WindowsSysWow64qedit.dll 2013-08-01 17:29:22  --------  d-----w-  C:ProgramDataHitmanPro 2013-07-31 19:54:03  --------  d-----w-  C:UsersluckyboyAppDataLocalEMU 2013-07-31 15:06:47  --------  d-----w-  C:ProgramDataAuslogics 2013-07-30 16:14:20  --------  d-----w-  C:Program FilesUnlocker 2013-07-29 18:17:35  574120  ----a-w-  C:WindowsSysWow64msvcp50.dll 2013-07-29 12:17:40  --------  d-----w-  C:True Poker 2013-07-28 08:12:19  --------  d-----w-  C:UsersluckyboyAppDataRoamingpostgresql 2013-07-28 08:09:52  --------  d-----w-  C:UsersluckyboyAppDataLocalPokerTracker 4 2013-07-27 21:31:54  --------  d-----w-  C:UsersluckyboyAppDataLocalKesemoholdings_Limited 2013-07-27 17:30:24  --------  d-----w-  C:Games 2013-07-25 18:18:31  --------  d-----w-  C:Poker 2013-07-25 15:46:39  --------  d-----w-  C:Program Files (x86)Poker Heaven 2013-07-23 22:06:54  --------  d-----w-  C:UsersluckyboyAppDataRoamingWireshark 2013-07-23 20:04:29  70296  ----a-w-  C:WindowsSystem32driversvsock.sys 2013-07-23 20:04:29  67224  ----a-w-  C:WindowsSystem32vsocklib.dll 2013-07-23 20:04:29  63128  ----a-w-  C:WindowsSysWow64vsocklib.dll 2013-07-23 20:04:18  67664  ----a-w-  C:WindowsSystem32driversvmx86.sys 2013-07-23 20:03:07  357456  ----a-w-  C:WindowsSysWow64vmnetdhcp.exe 2013-07-23 20:03:06  436304  ----a-w-  C:WindowsSysWow64vmnat.exe 2013-07-23 20:03:04  30800  ----a-w-  C:WindowsSystem32driversvmnetuserif.sys 2013-07-23 20:02:48  933968  ----a-w-  C:WindowsSystem32vnetlib64.dll 2013-07-23 20:02:37  52376  ----a-w-  C:WindowsSystem32drivershcmon.sys 2013-07-23 20:01:56  --------  d-----w-  C:Program FilesCommon FilesVMware 2013-07-23 20:01:21  --------  d-----w-  C:Program Files (x86)Common FilesVMware 2013-07-23 14:14:44  57344  ----a-w-  C:WindowsWinRaR password findeR v4.0.exe 2013-07-22 07:37:56  --------  d-----w-  C:UsersluckyboyAppDataRoamingURSoft 2013-07-22 07:37:36  --------  d-----w-  C:Program Files (x86)Your Uninstaller! 7 2013-07-22 07:19:05  --------  d-----w-  C:Program Files (x86)Redbet Poker . ==================== Find3M  ==================== . 2013-08-13 18:00:36  6656  ----a-w-  C:WindowsSystem32lpcio.dll 2013-07-26 05:12:08  3958784  ----a-w-  C:WindowsSystem32jscript9.dll 2013-07-26 05:12:04  136704  ----a-w-  C:WindowsSystem32iesysprep.dll 2013-07-26 05:12:03  67072  ----a-w-  C:WindowsSystem32iesetup.dll 2013-07-26 03:35:08  2706432  ----a-w-  C:WindowsSystem32mshtml.tlb 2013-07-26 03:13:24  1767936  ----a-w-  C:WindowsSysWow64wininet.dll 2013-07-26 03:12:04  2877440  ----a-w-  C:WindowsSysWow64jscript9.dll 2013-07-26 03:12:00  61440  ----a-w-  C:WindowsSysWow64iesetup.dll 2013-07-26 03:12:00  109056  ----a-w-  C:WindowsSysWow64iesysprep.dll 2013-07-26 02:49:14  2706432  ----a-w-  C:WindowsSysWow64mshtml.tlb 2013-07-26 02:39:38  89600  ----a-w-  C:WindowsSystem32RegisterIEPKEYs.exe 2013-07-26 01:59:38  71680  ----a-w-  C:WindowsSysWow64RegisterIEPKEYs.exe 2013-07-25 09:25:54  1888768  ----a-w-  C:WindowsSystem32WMVDECOD.DLL 2013-07-25 08:57:27  1620992  ----a-w-  C:WindowsSysWow64WMVDECOD.DLL 2013-07-24 15:27:36  12872  ----a-w-  C:WindowsSystem32bootdelete.exe 2013-07-23 19:07:14  102016  ----a-w-  C:WindowsSystem32driversBprotect.sys 2013-07-22 19:04:52  29848  ----a-w-  C:WindowsSystem32driversBfmon.sys 2013-07-19 01:58:42  2048  ----a-w-  C:WindowsSystem32tzres.dll 2013-07-19 01:41:01  2048  ----a-w-  C:WindowsSysWow64tzres.dll 2013-07-18 06:54:28  50496  ----a-w-  C:WindowsSystem32driversBfilter.sys 2013-07-09 06:03:30  5550528  ----a-w-  C:WindowsSystem32ntoskrnl.exe 2013-07-09 05:54:22  1732032  ----a-w-  C:WindowsSystem32ntdll.dll 2013-07-09 05:53:12  243712  ----a-w-  C:WindowsSystem32wow64.dll 2013-07-09 05:52:52  224256  ----a-w-  C:WindowsSystem32wintrust.dll 2013-07-09 05:51:16  1217024  ----a-w-  C:WindowsSystem32rpcrt4.dll 2013-07-09 05:46:20  184320  ----a-w-  C:WindowsSystem32cryptsvc.dll 2013-07-09 05:46:20  139776  ----a-w-  C:WindowsSystem32cryptnet.dll 2013-07-09 05:03:34  3968960  ----a-w-  C:WindowsSysWow64ntkrnlpa.exe 2013-07-09 05:03:34  3913664  ----a-w-  C:WindowsSysWow64ntoskrnl.exe 2013-07-09 04:53:47  1292192  ----a-w-  C:WindowsSysWow64ntdll.dll 2013-07-09 04:52:33  663552  ----a-w-  C:WindowsSysWow64rpcrt4.dll 2013-07-09 04:52:33  5120  ----a-w-  C:WindowsSysWow64wow32.dll 2013-07-09 04:52:10  175104  ----a-w-  C:WindowsSysWow64wintrust.dll 2013-07-09 04:46:31  140288  ----a-w-  C:WindowsSysWow64cryptsvc.dll 2013-07-09 04:46:31  1166848  ----a-w-  C:WindowsSysWow64crypt32.dll 2013-07-09 04:46:31  103936  ----a-w-  C:WindowsSysWow64cryptnet.dll 2013-07-09 04:45:07  44032  ----a-w-  C:Windowsapppatchacwow64.dll 2013-07-09 02:49:42  25600  ----a-w-  C:WindowsSysWow64setup16.exe 2013-07-09 02:49:41  7680  ----a-w-  C:WindowsSysWow64instnm.exe 2013-07-09 02:49:39  14336  ----a-w-  C:WindowsSysWow64ntvdm64.dll 2013-07-09 02:49:38  2048  ----a-w-  C:WindowsSysWow64user.exe 2013-07-06 06:03:53  1910208  ----a-w-  C:WindowsSystem32driverstcpip.sys 2013-06-27 19:58:18  56272  ----a-w-  C:WindowsSystem32snacnp.dll 2013-06-27 09:57:42  172920  ------w-  C:WindowsSystem32driversidmwfp.sys 2013-06-15 04:32:16  39936  ----a-w-  C:WindowsSystem32driverstssecsrv.sys 2013-06-12 21:18:08  71048  ----a-w-  C:WindowsSysWow64FlashPlayerCPLApp.cpl 2013-06-12 21:18:08  692104  ----a-w-  C:WindowsSysWow64FlashPlayerApp.exe 2013-06-12 18:48:23  867240  ----a-w-  C:WindowsSysWow64npDeployJava1.dll 2013-06-12 18:48:17  789416  ----a-w-  C:WindowsSysWow64deployJava1.dll 2013-06-12 18:47:57  96168  ----a-w-  C:WindowsSysWow64WindowsAccessBridge-32.dll 2013-05-31 18:00:00  112640  ----a-w-  C:WindowsSysWow64ff_vfw.dll . ============= FINISH: 16:17:17,70 ===============  

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

C:UsersluckyboyDoctor Web

C:ProgramDataKaspersky Lab Setup Files

C:ProgramDataNorton

 

 

Аз ще се опитам да ги преборя..Да уточним..по последния дневник ,нямаш в момента действаща в реално време антивирусна..?

 

Публикувано изображение Изтеглете Security Check (автор: screen317) от тук или от тук и го запишете на десктопа.

[*]Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.

[*]Когато програмата завърши работата си, ще се отвори един текстов документ: checkup.txt.

[*]Копирайте съдържанието на checkup.txt с Копирай (Copy) и с Постави (Paste) го поставете в следващия си коментар.

 

 

Публикувано изображение Изтеглете ComboFix Публикувано изображение от тук и го запазете на десктопа си

Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

Стартирайте Combo-Fix.com Публикувано изображение и следвайте инструкциите.

Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repai режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

[*]Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console.В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

 

Публикувано изображение

 

След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

 

Публикувано изображение

Изберете Yes, за да продължи сканирането за зловреден софтуер.

Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:ComboFix.txt в следващия Ви коментар в тази тема.

Бележка:

[*]Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.

[*]ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.

[*]ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразява чрез autorun. Ако това е проблем за вас - моля, уведомете ме.

[*]ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.

[*]В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:BUG.txt в следващия Ви коментар в тази тема.

Публикувано изображение Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
Аз ще се опитам да ги преборя..Да уточним..по последния дневник ,нямаш в момента действаща в реално време антивирусна..?

Да, няма.Програмите в карето са остатъци от инструменти за почистване/диагностика.

 

 Results of screen317's Security Check version 0.99.72  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled!  

 Windows Firewall Disabled!  

 WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

 Java 7 Update 25  

 Adobe Flash Player 11.7.700.224  

 Adobe Reader XI  

 Mozilla Firefox (23.0.1)

 Google Chrome 28.0.1500.72  

 Google Chrome 28.0.1500.95  

````````Process Check: objlist.exe by Laurent````````  

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C: 5%

````````````````````End of Log``````````````````````

 

 

ComboFix 13-08-19.02 - luckyboy 08.2013 г.  17:45:57.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1033.18.3767.2295 [GMT 3:00]

Running from: c:usersluckyboyDesktopComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2013-07-20 to 2013-08-20  )))))))))))))))))))))))))))))))

.

.

2013-08-20 12:13 . 2013-08-20 12:13  --------  d-----w-  c:usersluckyboyDoctor Web

2013-08-20 10:07 . 2013-08-20 10:08  --------  d-----w-  c:program files (x86)MSECACHE

2013-08-19 22:49 . 2013-08-19 22:49  --------  d-----w-  c:programdataKaspersky Lab Setup Files

2013-08-19 21:59 . 2013-08-19 21:59  --------  d-----w-  c:usersluckyboyAppDataLocalMacromedia

2013-08-19 21:15 . 2013-08-19 21:23  --------  d-----w-  c:usersluckyboyAppDataLocalNPE

2013-08-19 21:15 . 2013-08-19 21:15  --------  d-----w-  c:programdataNorton

2013-08-19 20:35 . 2013-08-19 20:35  --------  d-----w-  c:programdataMalwarebytes

2013-08-19 20:35 . 2013-08-19 20:35  --------  d-----w-  c:program files (x86)Malwarebytes' Anti-Malware

2013-08-19 20:35 . 2013-04-04 11:50  25928  ----a-w-  c:windowssystem32driversmbam.sys

2013-08-19 18:43 . 2013-08-19 18:43  --------  d-----w-  c:userstest

2013-08-18 14:00 . 2013-08-19 17:08  --------  d-----w-  c:windowssystem32driversNISx64

2013-08-16 13:51 . 2013-08-16 13:51  --------  d-----w-  c:windowsSysWow64wbemLogs

2013-08-16 13:17 . 2013-07-26 05:13  2241024  ----a-w-  c:windowssystem32wininet.dll

2013-08-16 13:17 . 2013-07-26 05:12  15405056  ----a-w-  c:windowssystem32ieframe.dll

2013-08-16 13:17 . 2013-07-26 05:12  19239424  ----a-w-  c:windowssystem32mshtml.dll

2013-08-16 13:13 . 2013-08-16 13:15  --------  d-----w-  c:windowssystem32MRT

2013-08-16 13:12 . 2013-08-16 13:12  --------  d-----w-  c:usersDefaultAppDataLocalMicrosoft Help

2013-08-16 10:30 . 2013-07-09 05:46  1472512  ----a-w-  c:windowssystem32crypt32.dll

2013-08-13 17:51 . 2013-08-13 17:57  --------  d-----w-  c:program filesCPUID

2013-08-12 17:13 . 2013-08-12 17:15  --------  d-----w-  c:usersluckyboyAppDataLocalXpom

2013-08-12 17:12 . 2013-08-12 17:15  --------  d-----w-  c:usersluckyboyAppDataLocalMail.Ru

2013-08-11 22:14 . 2013-08-11 22:14  --------  d-----w-  c:usersluckyboyAppDataLocalDownloaded Installations

2013-08-11 11:47 . 2013-08-11 11:47  --------  d-----w-  c:usersluckyboyAppDataLocalMozilla

2013-08-10 17:35 . 2013-08-10 19:35  234544  ----a-w-  c:windowsRegBootClean64.exe

2013-08-07 18:07 . 2013-08-07 18:07  76232  ----a-w-  c:programdataMicrosoftWindows DefenderDefinition Updates{4385D987-0DEE-446A-AE88-2FAA3C23ADEF}offreg.dll

2013-08-07 06:58 . 2013-08-07 06:58  --------  d-----w-  c:programdataWNR

2013-08-07 06:58 . 2013-08-07 06:58  --------  d-----w-  c:usersluckyboyAppDataRoamingWNR

2013-08-06 21:34 . 2013-08-06 21:34  --------  d-----w-  c:usersluckyboyAppDataRoamingFastStone

2013-08-06 21:34 . 2013-08-06 21:34  --------  d-----w-  c:usersluckyboyAppDataLocalFastStone

2013-08-06 21:33 . 2013-08-06 21:33  --------  d-----w-  c:program files (x86)FastStone Capture

2013-08-06 20:59 . 2013-08-06 20:59  --------  d-----w-  c:programdataNCH Software

2013-08-06 20:59 . 2013-08-06 21:00  --------  d-----w-  c:program files (x86)NCH Software

2013-08-06 20:59 . 2013-08-06 21:31  --------  d-----w-  c:usersluckyboyAppDataRoamingNCH Software

2013-08-04 13:36 . 2013-08-09 13:10  --------  d-----w-  c:usersluckyboyAppDataRoamingNVIDIA

2013-08-04 11:32 . 2013-08-04 11:32  --------  d-----w-  c:windowsSysWow64NV

2013-08-04 11:32 . 2013-08-04 11:32  --------  d-----w-  c:windowssystem32NV

2013-08-04 09:58 . 2013-08-19 17:16  --------  d-----w-  c:usersUpdatusUser.luckyboy-PC

2013-08-04 09:31 . 2013-06-21 10:23  6496544  ----a-w-  c:windowssystem32nvcpl.dll

2013-08-04 09:31 . 2013-06-21 10:23  3514656  ----a-w-  c:windowssystem32nvsvc64.dll

2013-08-04 09:31 . 2013-06-21 10:23  884512  ----a-w-  c:windowssystem32nvvsvc.exe

2013-08-04 09:31 . 2013-06-21 10:23  67072  ----a-w-  c:windowssystem32nv3dappshextr.dll

2013-08-04 09:31 . 2013-06-21 10:23  63776  ----a-w-  c:windowssystem32nvshext.dll

2013-08-04 09:31 . 2013-06-21 10:23  2555680  ----a-w-  c:windowssystem32nvsvcr.dll

2013-08-04 09:31 . 2013-06-21 10:23  237856  ----a-w-  c:windowssystem32nvmctray.dll

2013-08-04 09:31 . 2013-06-21 10:23  1025312  ----a-w-  c:windowssystem32nv3dappshext.dll

2013-08-04 09:31 . 2013-06-20 04:17  3253909  ----a-w-  c:windowssystem32nvcoproc.bin

2013-08-04 09:29 . 2013-06-21 12:06  61216  ----a-w-  c:windowssystem32OpenCL.dll

2013-08-04 09:29 . 2013-06-21 12:06  53024  ----a-w-  c:windowsSysWow64OpenCL.dll

2013-08-04 09:28 . 2013-08-04 09:28  --------  d-----w-  c:programdataNVIDIA Corporation

2013-08-04 08:32 . 2013-08-05 06:35  --------  d-----w-  c:usersluckyboyAppDataRoamingDream Aquarium

2013-08-04 08:32 . 2012-04-19 09:03  141312  ----a-w-  c:windowsDreamAquarium.scr

2013-08-04 08:32 . 2013-08-04 08:32  --------  d-----w-  c:program files (x86)Dream Aquarium

2013-08-04 07:52 . 2013-08-19 17:08  --------  d-----w-  c:usersluckyboyAppDataRoamingWise Care 365

2013-08-04 07:52 . 2013-08-04 07:52  --------  d-----w-  c:program files (x86)Wise

2013-08-03 15:24 . 2013-08-09 19:46  --------  d-----w-  c:usersluckyboycache

2013-08-02 06:16 . 2013-04-09 23:34  1247744  ----a-w-  c:windowsSysWow64DWrite.dll

2013-08-02 06:16 . 2013-04-02 22:51  1643520  ----a-w-  c:windowssystem32DWrite.dll

2013-08-02 06:16 . 2013-05-27 05:50  1011712  ----a-w-  c:program filesWindows DefenderMpSvc.dll

2013-08-02 06:16 . 2013-05-27 05:50  571904  ----a-w-  c:program filesWindows DefenderMpClient.dll

2013-08-02 06:16 . 2013-05-27 05:50  314880  ----a-w-  c:program filesWindows DefenderMpCommu.dll

2013-08-02 06:16 . 2013-05-27 04:57  4608  ----a-w-  c:program files (x86)Windows DefenderMsMpLics.dll

2013-08-02 06:16 . 2013-05-27 04:57  54784  ----a-w-  c:program files (x86)Windows DefenderMpOAV.dll

2013-08-02 06:16 . 2013-05-27 04:57  392704  ----a-w-  c:program files (x86)Windows DefenderMpClient.dll

2013-08-02 06:16 . 2013-05-27 03:15  9216  ----a-w-  c:program files (x86)Windows DefenderMpAsDesc.dll

2013-08-02 06:15 . 2013-04-10 05:48  1732608  ----a-w-  c:program filesWindows JournalNBDoc.DLL

2013-08-02 06:15 . 2013-04-10 05:46  1402880  ----a-w-  c:program filesWindows JournalJNWDRV.dll

2013-08-02 06:15 . 2013-04-10 05:46  1393152  ----a-w-  c:program filesWindows JournalJNTFiltr.dll

2013-08-02 06:15 . 2013-04-10 05:46  1367040  ----a-w-  c:program filesCommon FilesMicrosoft Sharedinkjournal.dll

2013-08-02 06:15 . 2013-04-10 05:03  936448  ----a-w-  c:program files (x86)Common FilesMicrosoft Sharedinkjournal.dll

2013-08-02 06:15 . 2013-06-05 03:34  3153920  ----a-w-  c:windowssystem32win32k.sys

2013-08-02 06:15 . 2013-06-04 06:00  624128  ----a-w-  c:windowssystem32qedit.dll

2013-08-02 06:15 . 2013-06-04 04:53  509440  ----a-w-  c:windowsSysWow64qedit.dll

2013-08-01 17:29 . 2013-08-03 16:53  --------  d-----w-  c:programdataHitmanPro

2013-07-31 19:54 . 2013-07-31 19:54  --------  d-----w-  c:usersluckyboyAppDataLocalEMU

2013-07-31 15:06 . 2013-07-31 15:06  --------  d-----w-  c:programdataAuslogics

2013-07-30 16:14 . 2013-08-20 13:41  --------  d-----w-  c:program filesUnlocker

2013-07-29 18:17 . 2013-02-04 16:24  574120  ----a-w-  c:windowsSysWow64msvcp50.dll

2013-07-29 12:17 . 2013-07-29 13:52  --------  d-----w-  C:True Poker

2013-07-28 08:12 . 2013-07-28 08:12  --------  d-----w-  c:usersluckyboyAppDataRoamingpostgresql

2013-07-28 08:09 . 2013-07-28 08:17  --------  d-----w-  c:usersluckyboyAppDataLocalPokerTracker 4

2013-07-27 21:31 . 2013-07-27 21:32  --------  d-----w-  c:usersluckyboyAppDataLocalKesemoholdings_Limited

2013-07-27 17:30 . 2013-07-27 17:30  --------  d-----w-  C:Games

2013-07-25 18:18 . 2013-08-20 11:55  --------  d-----w-  C:Poker

2013-07-25 15:46 . 2013-07-25 15:47  --------  d-----w-  c:program files (x86)Poker Heaven

2013-07-23 22:06 . 2013-07-24 07:02  --------  d-----w-  c:usersluckyboyAppDataRoamingWireshark

2013-07-23 20:04 . 2012-10-24 11:17  67224  ----a-w-  c:windowssystem32vsocklib.dll

2013-07-23 20:04 . 2012-10-24 11:17  70296  ----a-w-  c:windowssystem32driversvsock.sys

2013-07-23 20:04 . 2012-10-24 11:17  63128  ----a-w-  c:windowsSysWow64vsocklib.dll

2013-07-23 20:04 . 2013-02-25 23:28  67664  ----a-w-  c:windowssystem32driversvmx86.sys

2013-07-23 20:03 . 2013-02-25 23:28  357456  ----a-w-  c:windowsSysWow64vmnetdhcp.exe

2013-07-23 20:03 . 2013-02-25 23:28  436304  ----a-w-  c:windowsSysWow64vmnat.exe

2013-07-23 20:03 . 2013-02-25 23:28  30800  ----a-w-  c:windowssystem32driversvmnetuserif.sys

2013-07-23 20:02 . 2013-02-25 23:29  933968  ----a-w-  c:windowssystem32vnetlib64.dll

2013-07-23 20:02 . 2012-10-11 13:15  52376  ----a-w-  c:windowssystem32drivershcmon.sys

2013-07-23 20:01 . 2013-07-23 20:01  --------  d-----w-  c:program filesCommon FilesVMware

2013-07-23 20:01 . 2013-07-23 20:01  --------  d-----w-  c:program files (x86)Common FilesVMware

2013-07-23 14:14 . 2011-03-11 00:41  57344  ----a-w-  c:windowsWinRaR password findeR v4.0.exe

2013-07-22 07:37 . 2013-07-22 07:37  --------  d-----w-  c:usersluckyboyAppDataRoamingURSoft

2013-07-22 07:37 . 2013-07-22 07:40  --------  d-----w-  c:program files (x86)Your Uninstaller! 7

2013-07-22 07:19 . 2013-07-22 07:47  --------  d-----w-  c:program files (x86)Redbet Poker

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-13 18:00 . 2013-02-16 04:35  6656  ----a-w-  c:windowssystem32lpcio.dll

2013-08-05 13:14 . 2013-02-16 04:20  78161360  ----a-w-  c:windowssystem32MRT.exe

2013-08-01 06:24 . 2013-08-01 06:22  22  ----a-w-  C:fp.zip

2013-07-24 15:27 . 2013-07-17 08:17  12872  ----a-w-  c:windowssystem32bootdelete.exe

2013-07-23 19:07 . 2013-03-29 10:57  102016  ----a-w-  c:windowssystem32driversBprotect.sys

2013-07-22 19:04 . 2013-03-29 10:57  29848  ----a-w-  c:windowssystem32driversBfmon.sys

2013-07-18 06:54 . 2013-03-29 10:57  50496  ----a-w-  c:windowssystem32driversBfilter.sys

2013-07-09 04:45 . 2013-08-16 10:29  44032  ----a-w-  c:windowsapppatchacwow64.dll

2013-06-27 19:58 . 2013-06-27 19:58  56272  ----a-w-  c:windowssystem32snacnp.dll

2013-06-27 09:57 . 2013-06-28 04:31  172920  ------w-  c:windowssystem32driversidmwfp.sys

2013-06-21 12:06 . 2013-04-22 14:47  214448  ----a-w-  c:windowsSysWow64nvinit.dll

2013-06-12 21:18 . 2013-03-27 17:37  71048  ----a-w-  c:windowsSysWow64FlashPlayerCPLApp.cpl

2013-06-12 21:18 . 2013-03-27 17:37  692104  ----a-w-  c:windowsSysWow64FlashPlayerApp.exe

2013-06-12 18:48 . 2013-03-30 17:07  867240  ----a-w-  c:windowsSysWow64npDeployJava1.dll

2013-06-12 18:48 . 2013-03-30 17:07  789416  ----a-w-  c:windowsSysWow64deployJava1.dll

2013-06-12 18:47 . 2013-06-20 21:20  96168  ----a-w-  c:windowsSysWow64WindowsAccessBridge-32.dll

2013-05-31 18:00 . 2013-06-18 15:50  112640  ----a-w-  c:windowsSysWow64ff_vfw.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"IDMan"="c:program files (x86)Internet Download ManagerIDMan.exe" [2013-08-18 3612240]

.

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]

"Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:windowsSysWOW64nvinit.dll c:windowsSysWOW64nvinit.dll c:windowsSysWOW64nvinit.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalhitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalhitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]

"AutoUpdateDisableNotify"=dword:00000001

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R1 A2DDA;A2 Direct Disk Access Support Driver;c:usersLUCKYBOYDESKTOPEMSISOFTRUNa2ddax64.sys;c:usersLUCKYBOYDESKTOPEMSISOFTRUNa2ddax64.sys [x]

R1 klpd;klpd;c:windowssystem32DRIVERSklpd.sys;c:windowsSYSNATIVEDRIVERSklpd.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [x]

R3 cleanhlp;cleanhlp;c:usersluckyboyDesktopEmsisoftRuncleanhlp64.sys;c:usersluckyboyDesktopEmsisoftRuncleanhlp64.sys [x]

R3 dmvsc;dmvsc;c:windowssystem32driversdmvsc.sys;c:windowsSYSNATIVEdriversdmvsc.sys [x]

R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys;c:windowsSYSNATIVEdriversmbam.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys;c:windowsSYSNATIVEdriversrdpvideominiport.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys;c:windowsSYSNATIVEDRIVERSRt64win7.sys [x]

R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:windowssystem32driversSynth3dVsc.sys;c:windowsSYSNATIVEdriversSynth3dVsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:windowssystem32driversterminpt.sys;c:windowsSYSNATIVEdriversterminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys;c:windowsSYSNATIVEdriverstsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:windowssystem32driversTsUsbGD.sys;c:windowsSYSNATIVEdriversTsUsbGD.sys [x]

R3 tsusbhub;Remote Deskotop USB Hub;c:windowssystem32driverstsusbhub.sys;c:windowsSYSNATIVEdriverstsusbhub.sys [x]

R3 UsbFltr;WayTech USB Filter Driver;c:windowsSystem32DriversUsbFltr.sys;c:windowsSYSNATIVEDriversUsbFltr.sys [x]

R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys;c:windowsSYSNATIVEdriversrdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe;c:windowsSYSNATIVEWatWatAdminSvc.exe [x]

R4 MBAMScheduler;MBAMScheduler;c:program files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe;c:program files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [x]

R4 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [x]

R4 Skype C2C Service;Skype C2C Service;c:programdataSkypeToolbarsSkype C2C Servicec2c_service.exe;c:programdataSkypeToolbarsSkype C2C Servicec2c_service.exe [x]

R4 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe;c:program files (x86)SkypeUpdaterUpdater.exe [x]

R4 TeamViewer8;TeamViewer 8;c:program files (x86)TeamViewerVersion8TeamViewer_Service.exe;c:program files (x86)TeamViewerVersion8TeamViewer_Service.exe [x]

R4 VMUSBArbService;VMware USB Arbitration Service;c:program files (x86)Common FilesVMwareUSBvmware-usbarbitrator64.exe;c:program files (x86)Common FilesVMwareUSBvmware-usbarbitrator64.exe [x]

R4 VMwareHostd;VMware Workstation Server;c:program files (x86)VMwareVMware Workstationvmware-hostd.exe;c:program files (x86)VMwareVMware Workstationvmware-hostd.exe [x]

R4 WiseBootAssistant;Wise Boot Assistant;c:program files (x86)WiseWise Care 365BootTime.exe;c:program files (x86)WiseWise Care 365BootTime.exe [x]

S0 nvpciflt;nvpciflt;c:windowssystem32DRIVERSnvpciflt.sys;c:windowsSYSNATIVEDRIVERSnvpciflt.sys [x]

S0 vmci;VMware VMCI Bus Driver;c:windowssystem32DRIVERSvmci.sys;c:windowsSYSNATIVEDRIVERSvmci.sys [x]

S0 vsock;vSockets Driver;c:windowssystem32driversvsock.sys;c:windowsSYSNATIVEdriversvsock.sys [x]

S1 Bfilter;Baidu Antivirus Minifilter Driver;c:windowsSystem32driversBfilter.sys;c:windowsSYSNATIVEdriversBfilter.sys [x]

S1 Bfmon;Baidu FS Monitor Driver;c:windowsSystem32driversBfmon.sys;c:windowsSYSNATIVEdriversBfmon.sys [x]

S1 Bprotect;Baidu Protect;c:windowsSystem32driversBprotect.sys;c:windowsSYSNATIVEdriversBprotect.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32DRIVERSdtsoftbus01.sys;c:windowsSYSNATIVEDRIVERSdtsoftbus01.sys [x]

S2 HiSuiteOuc64.exe;HiSuiteOuc64.exe;c:programdataHiSuiteOucHiSuiteOuc64.exe;c:programdataHiSuiteOucHiSuiteOuc64.exe [x]

S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:programdataHandSetServiceHuaweiHiSuiteService64.exe;c:programdataHandSetServiceHuaweiHiSuiteService64.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:program files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe;c:program files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [x]

S2 IDMWFP;IDMWFP;c:windowssystem32DRIVERSidmwfp.sys;c:windowsSYSNATIVEDRIVERSidmwfp.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:program files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe;c:program files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [x]

S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64driversvstor2-mntapi10-shared.sys;SysWOW64driversvstor2-mntapi10-shared.sys [x]

S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:program files (x86)Qualcomm Atheros Fast ReconnectAth_WlanAgent.exe;c:program files (x86)Qualcomm Atheros Fast ReconnectAth_WlanAgent.exe [x]

S3 HECIx64;Intel® Management Engine Interface;c:windowssystem32DRIVERSHECIx64.sys;c:windowsSYSNATIVEDRIVERSHECIx64.sys [x]

S3 Impcd;Impcd;c:windowssystem32DRIVERSImpcd.sys;c:windowsSYSNATIVEDRIVERSImpcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:windowssystem32DRIVERSIntcDAud.sys;c:windowsSYSNATIVEDRIVERSIntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:windowssystem32DRIVERSk57nd60a.sys;c:windowsSYSNATIVEDRIVERSk57nd60a.sys [x]

.

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-07-31 13:24  1173456  ----a-w-  c:program files (x86)GoogleChromeApplication28.0.1500.95Installerchrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-08-20 c:windowsTasksAdobe Flash Player Updater.job

- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2013-03-27 21:18]

.

2013-08-20 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2013-03-20 07:47]

.

2013-08-20 c:windowsTasksGoogleUpdateTaskMachineCore1ce7f91ce384cf5.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2013-03-20 07:47]

.

2013-08-20 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2013-03-20 07:47]

.

2013-08-20 c:windowsTasksGoogleUpdateTaskMachineUA1ce7f91d1c74d6c.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2013-03-20 07:47]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersIDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOTCLSID{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-11-15 23:07  23496  ----a-w-  c:program files (x86)Internet Download ManagerIDMShellExt64.dll

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"RtHDVCpl"="c:program filesRealtekAudioHDARAVCpl64.exe" [2010-06-22 10920552]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2012-01-10 167704]

"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2012-01-10 392984]

"Persistence"="c:windowssystem32igfxpers.exe" [2012-01-10 417560]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]

"AppInit_DLLs"=c:windowsSystem32nvinitx.dll c:windowsSystem32nvinitx.dll c:windowsSystem32nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:windowssystem32blank.htm

uStart Page = about:blank

mStart Page = about:blank

mLocal Page = c:windowsSysWOW64blank.htm

IE: E&xport to Microsoft Excel - c:progra~1MICROS~3Office15EXCEL.EXE/3000

IE: Se&nd to OneNote - c:progra~1MICROS~3Office15ONBttnIE.dll/105

IE: Свали всички линкове с IDM - c:program files (x86)Internet Download ManagerIEGetAll.htm

IE: Свали с IDM - c:program files (x86)Internet Download ManagerIEExt.htm

IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:program files (x86)PokerStars.EUPokerStarsUpdate.exe

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:usersluckyboyAppDataRoamingMozillaFirefoxProfiles5o1ndzrs.default

FF - ExtSQL: 2013-07-09 12:54; mozilla_cc@internetdownloadmanager.com; c:usersluckyboyAppDataRoamingIDMidmmzcc5

FF - ExtSQL: 2013-08-20 01:00; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:usersluckyboyAppDataRoamingMozillaFirefoxProfiles5o1ndzrs.defaultextensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-08-20 13:45; {89f8dde0-010a-11da-8cd6-0800200c9a66}; c:usersluckyboyAppDataRoamingMozillaFirefoxProfiles5o1ndzrs.defaultextensions{89f8dde0-010a-11da-8cd6-0800200c9a66}.xpi

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERSS-1-5-21-1364269079-2832088709-1461968048-1000SoftwareMicrosoftWindowsCurrentVersionExplorerMountPoints2]

@Denied: (Full) (Everyone)

@Allowed: (A B C D E 1 2 3 4 5 6 0x0001c0) (Administrators)

.

[HKEY_USERSS-1-5-21-1364269079-2832088709-1461968048-1000SoftwareMicrosoftWindowsCurrentVersionExplorerMountPoints2{f6469ef6-9773-11e2-8330-005056c00008}shell]

@="None"

.

[HKEY_USERSS-1-5-21-1364269079-2832088709-1461968048-1000_ClassesWow6432NodeCLSID{377c9299-18ca-4bd6-88d2-5ece15d1492f}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000086

"Therad"=dword:00000001

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,

.

[HKEY_USERSS-1-5-21-1364269079-2832088709-1461968048-1000_ClassesWow6432NodeCLSID{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):3c,5a,9d,32,5a,2f,c4,f0,f6,b6,c6,5e,71,f0,6b,84,e6,dd,48,86,73,

bd,a0,f5,ae,6a,35,21,0d,7c,fe,ac,86,3b,fb,95,5f,b2,03,b7,00,00,00,00,00,00,

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}LocalServer32]

@="c:WindowsSysWow64MacromedFlashFlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWow64MacromedFlashFlash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWow64MacromedFlashFlash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWow64MacromedFlashFlash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWow64MacromedFlashFlash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyRNG*]

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

Completion time: 2013-08-20  17:54:01

ComboFix-quarantined-files.txt  2013-08-20 14:54

.

Pre-Run: 55 800 967 168 bytes free

Post-Run: 55 716 024 320 bytes free

.

- - End Of File - - 8704D1A360E99E9CC6E622F96FF740FE

 


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Значи пиша скрипт и махам всичко...!?! :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Чакам с нетърпение.Да разбирам ли, че Combofix се е справил с userinit.exe?

 

Infected copy of c:windowsSysWow64userinit.exe was found and disinfected Restored copy from - c:windowserdntcache86userinit.exe

Цитат от първият лог!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Да ..на сто процента....! :)

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:
 

KILLALL::ClearJavaCache::File::c:usersLUCKYBOYDESKTOPEMSISOFTRUNa2ddax64.sysc:windowsSYSNATIVEDRIVERSklpd.sysc:usersluckyboyDesktopEmsisoftRuncleanhlp64.sysDriver::A2DDAklpdcleanhlpFolder::c:usersluckyboyDoctor Webc:programdataKaspersky Lab Setup Filesc:programdataNortonc:windowssystem32driversNISx64c:programdataHitmanPro

След съхранението преместете  CFScript.txt на иконата на ComboFix.exe

Публикувано изображение

Генерирания рапорт копирайте  и го поставете в следващия си коментар...!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
ComboFix 13-08-19.02 - luckyboy 08.2013 г.  18:48:15.2.4 - x64Microsoft Windows 7 Ultimate   6.1.7601.1.1251.359.1033.18.3767.2090 [GMT 3:00]Running from: c:usersluckyboyDesktopComboFix.exeCommand switches used :: c:usersluckyboyDesktopCFScript.txtSP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:usersLUCKYBOYDESKTOPEMSISOFTRUNa2ddax64.sys""c:usersluckyboyDesktopEmsisoftRuncleanhlp64.sys""c:windowssystem32DRIVERSklpd.sys"..(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))..c:programdataHitmanProc:programdataHitmanProBanner.binc:programdataHitmanProLogsHitmanPro_20130803_1953.logc:programdataHitmanProLogsHitmanPro_20130805_1530.logc:programdataHitmanProLogsHitmanPro_20130813_2118.logc:programdataHitmanProLogsHitmanPro_20130820_1317.logc:programdataHitmanProRemnants.binc:programdataKaspersky Lab Setup Filesc:programdataNortonc:programdataNorton{086A63F0-6B13-4F29-9695-134E7A01E963}LC.INIc:programdataNortonNPENPEsettings.datc:usersluckyboyDoctor Webc:usersluckyboyDoctor Webcureit.log..(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))..-------Legacy_A2DDA-------Legacy_CLEANHLP-------Legacy_KLPD-------Service_A2DDA-------Service_cleanhlp-------Service_klpd..(((((((((((((((((((((((((   Files Created from 2013-07-20 to 2013-08-20  )))))))))))))))))))))))))))))))..2013-08-20 15:53 . 2013-08-20 15:53	--------	d-----w-	c:usersUpdatusUserAppDataLocaltemp2013-08-20 15:53 . 2013-08-20 15:53	--------	d-----w-	c:usersPublicAppDataLocaltemp2013-08-20 15:53 . 2013-08-20 15:53	--------	d-----w-	c:userspostgresAppDataLocaltemp2013-08-20 15:53 . 2013-08-20 15:53	--------	d-----w-	c:usersDefaultAppDataLocaltemp2013-08-20 15:53 . 2013-08-20 15:53	--------	d-----w-	c:usersAdministratorAppDataLocaltemp2013-08-20 10:07 . 2013-08-20 10:08	--------	d-----w-	c:program files (x86)MSECACHE2013-08-19 21:59 . 2013-08-19 21:59	--------	d-----w-	c:usersluckyboyAppDataLocalMacromedia2013-08-19 21:15 . 2013-08-19 21:23	--------	d-----w-	c:usersluckyboyAppDataLocalNPE2013-08-19 20:35 . 2013-08-19 20:35	--------	d-----w-	c:programdataMalwarebytes2013-08-19 20:35 . 2013-08-19 20:35	--------	d-----w-	c:program files (x86)Malwarebytes' Anti-Malware2013-08-19 20:35 . 2013-04-04 11:50	25928	----a-w-	c:windowssystem32driversmbam.sys2013-08-19 18:43 . 2013-08-19 18:43	--------	d-----w-	c:userstest2013-08-18 14:00 . 2013-08-19 17:08	--------	d-----w-	c:windowssystem32driversNISx642013-08-16 13:51 . 2013-08-16 13:51	--------	d-----w-	c:windowsSysWow64wbemLogs2013-08-16 13:17 . 2013-07-26 05:13	2241024	----a-w-	c:windowssystem32wininet.dll2013-08-16 13:17 . 2013-07-26 05:12	15405056	----a-w-	c:windowssystem32ieframe.dll2013-08-16 13:17 . 2013-07-26 05:12	19239424	----a-w-	c:windowssystem32mshtml.dll2013-08-16 13:13 . 2013-08-16 13:15	--------	d-----w-	c:windowssystem32MRT2013-08-16 13:12 . 2013-08-16 13:12	--------	d-----w-	c:usersDefaultAppDataLocalMicrosoft Help2013-08-16 10:30 . 2013-07-09 05:46	1472512	----a-w-	c:windowssystem32crypt32.dll2013-08-13 17:51 . 2013-08-13 17:57	--------	d-----w-	c:program filesCPUID2013-08-12 17:13 . 2013-08-12 17:15	--------	d-----w-	c:usersluckyboyAppDataLocalXpom2013-08-12 17:12 . 2013-08-12 17:15	--------	d-----w-	c:usersluckyboyAppDataLocalMail.Ru2013-08-11 22:14 . 2013-08-11 22:14	--------	d-----w-	c:usersluckyboyAppDataLocalDownloaded Installations2013-08-11 11:47 . 2013-08-11 11:47	--------	d-----w-	c:usersluckyboyAppDataLocalMozilla2013-08-10 17:35 . 2013-08-10 19:35	234544	----a-w-	c:windowsRegBootClean64.exe2013-08-07 18:07 . 2013-08-07 18:07	76232	----a-w-	c:programdataMicrosoftWindows DefenderDefinition Updates{4385D987-0DEE-446A-AE88-2FAA3C23ADEF}offreg.dll2013-08-07 06:58 . 2013-08-07 06:58	--------	d-----w-	c:programdataWNR2013-08-07 06:58 . 2013-08-07 06:58	--------	d-----w-	c:usersluckyboyAppDataRoamingWNR2013-08-06 21:34 . 2013-08-06 21:34	--------	d-----w-	c:usersluckyboyAppDataRoamingFastStone2013-08-06 21:34 . 2013-08-06 21:34	--------	d-----w-	c:usersluckyboyAppDataLocalFastStone2013-08-06 21:33 . 2013-08-06 21:33	--------	d-----w-	c:program files (x86)FastStone Capture2013-08-06 20:59 . 2013-08-06 20:59	--------	d-----w-	c:programdataNCH Software2013-08-06 20:59 . 2013-08-06 21:00	--------	d-----w-	c:program files (x86)NCH Software2013-08-06 20:59 . 2013-08-06 21:31	--------	d-----w-	c:usersluckyboyAppDataRoamingNCH Software2013-08-04 13:36 . 2013-08-09 13:10	--------	d-----w-	c:usersluckyboyAppDataRoamingNVIDIA2013-08-04 11:32 . 2013-08-04 11:32	--------	d-----w-	c:windowsSysWow64NV2013-08-04 11:32 . 2013-08-04 11:32	--------	d-----w-	c:windowssystem32NV2013-08-04 09:58 . 2013-08-19 17:16	--------	d-----w-	c:usersUpdatusUser.luckyboy-PC2013-08-04 09:31 . 2013-06-21 10:23	6496544	----a-w-	c:windowssystem32nvcpl.dll2013-08-04 09:31 . 2013-06-21 10:23	3514656	----a-w-	c:windowssystem32nvsvc64.dll2013-08-04 09:31 . 2013-06-21 10:23	884512	----a-w-	c:windowssystem32nvvsvc.exe2013-08-04 09:31 . 2013-06-21 10:23	67072	----a-w-	c:windowssystem32nv3dappshextr.dll2013-08-04 09:31 . 2013-06-21 10:23	63776	----a-w-	c:windowssystem32nvshext.dll2013-08-04 09:31 . 2013-06-21 10:23	2555680	----a-w-	c:windowssystem32nvsvcr.dll2013-08-04 09:31 . 2013-06-21 10:23	237856	----a-w-	c:windowssystem32nvmctray.dll2013-08-04 09:31 . 2013-06-21 10:23	1025312	----a-w-	c:windowssystem32nv3dappshext.dll2013-08-04 09:31 . 2013-06-20 04:17	3253909	----a-w-	c:windowssystem32nvcoproc.bin2013-08-04 09:29 . 2013-06-21 12:06	61216	----a-w-	c:windowssystem32OpenCL.dll2013-08-04 09:29 . 2013-06-21 12:06	53024	----a-w-	c:windowsSysWow64OpenCL.dll2013-08-04 09:28 . 2013-08-04 09:28	--------	d-----w-	c:programdataNVIDIA Corporation2013-08-04 08:32 . 2013-08-05 06:35	--------	d-----w-	c:usersluckyboyAppDataRoamingDream Aquarium2013-08-04 08:32 . 2012-04-19 09:03	141312	----a-w-	c:windowsDreamAquarium.scr2013-08-04 08:32 . 2013-08-04 08:32	--------	d-----w-	c:program files (x86)Dream Aquarium2013-08-04 07:52 . 2013-08-19 17:08	--------	d-----w-	c:usersluckyboyAppDataRoamingWise Care 3652013-08-04 07:52 . 2013-08-04 07:52	--------	d-----w-	c:program files (x86)Wise2013-08-03 15:24 . 2013-08-09 19:46	--------	d-----w-	c:usersluckyboycache2013-08-02 06:16 . 2013-04-09 23:34	1247744	----a-w-	c:windowsSysWow64DWrite.dll2013-08-02 06:16 . 2013-04-02 22:51	1643520	----a-w-	c:windowssystem32DWrite.dll2013-08-02 06:16 . 2013-05-27 05:50	1011712	----a-w-	c:program filesWindows DefenderMpSvc.dll2013-08-02 06:16 . 2013-05-27 05:50	571904	----a-w-	c:program filesWindows DefenderMpClient.dll2013-08-02 06:16 . 2013-05-27 05:50	314880	----a-w-	c:program filesWindows DefenderMpCommu.dll2013-08-02 06:16 . 2013-05-27 04:57	4608	----a-w-	c:program files (x86)Windows DefenderMsMpLics.dll2013-08-02 06:16 . 2013-05-27 04:57	54784	----a-w-	c:program files (x86)Windows DefenderMpOAV.dll2013-08-02 06:16 . 2013-05-27 04:57	392704	----a-w-	c:program files (x86)Windows DefenderMpClient.dll2013-08-02 06:16 . 2013-05-27 03:15	9216	----a-w-	c:program files (x86)Windows DefenderMpAsDesc.dll2013-08-02 06:15 . 2013-04-10 05:48	1732608	----a-w-	c:program filesWindows JournalNBDoc.DLL2013-08-02 06:15 . 2013-04-10 05:46	1402880	----a-w-	c:program filesWindows JournalJNWDRV.dll2013-08-02 06:15 . 2013-04-10 05:46	1393152	----a-w-	c:program filesWindows JournalJNTFiltr.dll2013-08-02 06:15 . 2013-04-10 05:46	1367040	----a-w-	c:program filesCommon FilesMicrosoft Sharedinkjournal.dll2013-08-02 06:15 . 2013-04-10 05:03	936448	----a-w-	c:program files (x86)Common FilesMicrosoft Sharedinkjournal.dll2013-08-02 06:15 . 2013-06-05 03:34	3153920	----a-w-	c:windowssystem32win32k.sys2013-08-02 06:15 . 2013-06-04 06:00	624128	----a-w-	c:windowssystem32qedit.dll2013-08-02 06:15 . 2013-06-04 04:53	509440	----a-w-	c:windowsSysWow64qedit.dll2013-07-31 19:54 . 2013-07-31 19:54	--------	d-----w-	c:usersluckyboyAppDataLocalEMU2013-07-31 15:06 . 2013-07-31 15:06	--------	d-----w-	c:programdataAuslogics2013-07-30 16:14 . 2013-08-20 13:41	--------	d-----w-	c:program filesUnlocker2013-07-29 18:17 . 2013-02-04 16:24	574120	----a-w-	c:windowsSysWow64msvcp50.dll2013-07-29 12:17 . 2013-07-29 13:52	--------	d-----w-	C:True Poker2013-07-28 08:12 . 2013-07-28 08:12	--------	d-----w-	c:usersluckyboyAppDataRoamingpostgresql2013-07-28 08:09 . 2013-07-28 08:17	--------	d-----w-	c:usersluckyboyAppDataLocalPokerTracker 42013-07-27 21:31 . 2013-07-27 21:32	--------	d-----w-	c:usersluckyboyAppDataLocalKesemoholdings_Limited2013-07-27 17:30 . 2013-07-27 17:30	--------	d-----w-	C:Games2013-07-25 18:18 . 2013-08-20 11:55	--------	d-----w-	C:Poker2013-07-25 15:46 . 2013-07-25 15:47	--------	d-----w-	c:program files (x86)Poker Heaven2013-07-23 22:06 . 2013-07-24 07:02	--------	d-----w-	c:usersluckyboyAppDataRoamingWireshark2013-07-23 20:04 . 2012-10-24 11:17	67224	----a-w-	c:windowssystem32vsocklib.dll2013-07-23 20:04 . 2012-10-24 11:17	70296	----a-w-	c:windowssystem32driversvsock.sys2013-07-23 20:04 . 2012-10-24 11:17	63128	----a-w-	c:windowsSysWow64vsocklib.dll2013-07-23 20:04 . 2013-02-25 23:28	67664	----a-w-	c:windowssystem32driversvmx86.sys2013-07-23 20:03 . 2013-02-25 23:28	357456	----a-w-	c:windowsSysWow64vmnetdhcp.exe2013-07-23 20:03 . 2013-02-25 23:28	436304	----a-w-	c:windowsSysWow64vmnat.exe2013-07-23 20:03 . 2013-02-25 23:28	30800	----a-w-	c:windowssystem32driversvmnetuserif.sys2013-07-23 20:02 . 2013-02-25 23:29	933968	----a-w-	c:windowssystem32vnetlib64.dll2013-07-23 20:02 . 2012-10-11 13:15	52376	----a-w-	c:windowssystem32drivershcmon.sys2013-07-23 20:01 . 2013-07-23 20:01	--------	d-----w-	c:program filesCommon FilesVMware2013-07-23 20:01 . 2013-07-23 20:01	--------	d-----w-	c:program files (x86)Common FilesVMware2013-07-23 14:14 . 2011-03-11 00:41	57344	----a-w-	c:windowsWinRaR password findeR v4.0.exe2013-07-22 07:37 . 2013-07-22 07:37	--------	d-----w-	c:usersluckyboyAppDataRoamingURSoft2013-07-22 07:37 . 2013-07-22 07:40	--------	d-----w-	c:program files (x86)Your Uninstaller! 72013-07-22 07:19 . 2013-07-22 07:47	--------	d-----w-	c:program files (x86)Redbet Poker...((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-08-13 18:00 . 2013-02-16 04:35	6656	----a-w-	c:windowssystem32lpcio.dll2013-08-05 13:14 . 2013-02-16 04:20	78161360	----a-w-	c:windowssystem32MRT.exe2013-08-01 06:24 . 2013-08-01 06:22	22	----a-w-	C:fp.zip2013-07-24 15:27 . 2013-07-17 08:17	12872	----a-w-	c:windowssystem32bootdelete.exe2013-07-23 19:07 . 2013-03-29 10:57	102016	----a-w-	c:windowssystem32driversBprotect.sys2013-07-22 19:04 . 2013-03-29 10:57	29848	----a-w-	c:windowssystem32driversBfmon.sys2013-07-18 06:54 . 2013-03-29 10:57	50496	----a-w-	c:windowssystem32driversBfilter.sys2013-07-09 04:45 . 2013-08-16 10:29	44032	----a-w-	c:windowsapppatchacwow64.dll2013-06-27 19:58 . 2013-06-27 19:58	56272	----a-w-	c:windowssystem32snacnp.dll2013-06-27 09:57 . 2013-06-28 04:31	172920	------w-	c:windowssystem32driversidmwfp.sys2013-06-21 12:06 . 2013-04-22 14:47	214448	----a-w-	c:windowsSysWow64nvinit.dll2013-06-12 21:18 . 2013-03-27 17:37	71048	----a-w-	c:windowsSysWow64FlashPlayerCPLApp.cpl2013-06-12 21:18 . 2013-03-27 17:37	692104	----a-w-	c:windowsSysWow64FlashPlayerApp.exe2013-06-12 18:48 . 2013-03-30 17:07	867240	----a-w-	c:windowsSysWow64npDeployJava1.dll2013-06-12 18:48 . 2013-03-30 17:07	789416	----a-w-	c:windowsSysWow64deployJava1.dll2013-06-12 18:47 . 2013-06-20 21:20	96168	----a-w-	c:windowsSysWow64WindowsAccessBridge-32.dll2013-05-31 18:00 . 2013-06-18 15:50	112640	----a-w-	c:windowsSysWow64ff_vfw.dll..(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"IDMan"="c:program files (x86)Internet Download ManagerIDMan.exe" [2013-08-18 3612240].[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]"Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2010-11-21 1475584].[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]"ConsentPromptBehaviorAdmin"= 0 (0x0)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:windowsSysWOW64nvinit.dll c:windowsSysWOW64nvinit.dll c:windowsSysWOW64nvinit.dll.[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalhitmanpro37]@="".[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalhitmanpro37.sys]@="".[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHitmanPro37CrusaderBoot]@="".[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]"AutoUpdateDisableNotify"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]"DisableMonitoring"=dword:00000001.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [x]R3 dmvsc;dmvsc;c:windowssystem32driversdmvsc.sys;c:windowsSYSNATIVEdriversdmvsc.sys [x]R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys;c:windowsSYSNATIVEdriversmbam.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys;c:windowsSYSNATIVEdriversrdpvideominiport.sys [x]R3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys;c:windowsSYSNATIVEDRIVERSRt64win7.sys [x]R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:windowssystem32driversSynth3dVsc.sys;c:windowsSYSNATIVEdriversSynth3dVsc.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:windowssystem32driversterminpt.sys;c:windowsSYSNATIVEdriversterminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys;c:windowsSYSNATIVEdriverstsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:windowssystem32driversTsUsbGD.sys;c:windowsSYSNATIVEdriversTsUsbGD.sys [x]R3 tsusbhub;Remote Deskotop USB Hub;c:windowssystem32driverstsusbhub.sys;c:windowsSYSNATIVEdriverstsusbhub.sys [x]R3 UsbFltr;WayTech USB Filter Driver;c:windowsSystem32DriversUsbFltr.sys;c:windowsSYSNATIVEDriversUsbFltr.sys [x]R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys;c:windowsSYSNATIVEdriversrdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe;c:windowsSYSNATIVEWatWatAdminSvc.exe [x]R4 MBAMScheduler;MBAMScheduler;c:program files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe;c:program files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [x]R4 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [x]R4 Skype C2C Service;Skype C2C Service;c:programdataSkypeToolbarsSkype C2C Servicec2c_service.exe;c:programdataSkypeToolbarsSkype C2C Servicec2c_service.exe [x]R4 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe;c:program files (x86)SkypeUpdaterUpdater.exe [x]R4 TeamViewer8;TeamViewer 8;c:program files (x86)TeamViewerVersion8TeamViewer_Service.exe;c:program files (x86)TeamViewerVersion8TeamViewer_Service.exe [x]R4 VMUSBArbService;VMware USB Arbitration Service;c:program files (x86)Common FilesVMwareUSBvmware-usbarbitrator64.exe;c:program files (x86)Common FilesVMwareUSBvmware-usbarbitrator64.exe [x]R4 VMwareHostd;VMware Workstation Server;c:program files (x86)VMwareVMware Workstationvmware-hostd.exe;c:program files (x86)VMwareVMware Workstationvmware-hostd.exe [x]R4 WiseBootAssistant;Wise Boot Assistant;c:program files (x86)WiseWise Care 365BootTime.exe;c:program files (x86)WiseWise Care 365BootTime.exe [x]S0 nvpciflt;nvpciflt;c:windowssystem32DRIVERSnvpciflt.sys;c:windowsSYSNATIVEDRIVERSnvpciflt.sys [x]S0 vmci;VMware VMCI Bus Driver;c:windowssystem32DRIVERSvmci.sys;c:windowsSYSNATIVEDRIVERSvmci.sys [x]S0 vsock;vSockets Driver;c:windowssystem32driversvsock.sys;c:windowsSYSNATIVEdriversvsock.sys [x]S1 Bfilter;Baidu Antivirus Minifilter Driver;c:windowsSystem32driversBfilter.sys;c:windowsSYSNATIVEdriversBfilter.sys [x]S1 Bfmon;Baidu FS Monitor Driver;c:windowsSystem32driversBfmon.sys;c:windowsSYSNATIVEdriversBfmon.sys [x]S1 Bprotect;Baidu Protect;c:windowsSystem32driversBprotect.sys;c:windowsSYSNATIVEdriversBprotect.sys [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32DRIVERSdtsoftbus01.sys;c:windowsSYSNATIVEDRIVERSdtsoftbus01.sys [x]S2 HiSuiteOuc64.exe;HiSuiteOuc64.exe;c:programdataHiSuiteOucHiSuiteOuc64.exe;c:programdataHiSuiteOucHiSuiteOuc64.exe [x]S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:programdataHandSetServiceHuaweiHiSuiteService64.exe;c:programdataHandSetServiceHuaweiHiSuiteService64.exe [x]S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:program files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe;c:program files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [x]S2 IDMWFP;IDMWFP;c:windowssystem32DRIVERSidmwfp.sys;c:windowsSYSNATIVEDRIVERSidmwfp.sys [x]S2 UNS;Intel(R) Management & Security Application User Notification Service;c:program files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe;c:program files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [x]S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64driversvstor2-mntapi10-shared.sys;SysWOW64driversvstor2-mntapi10-shared.sys [x]S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:program files (x86)Qualcomm Atheros Fast ReconnectAth_WlanAgent.exe;c:program files (x86)Qualcomm Atheros Fast ReconnectAth_WlanAgent.exe [x]S3 HECIx64;Intel(R) Management Engine Interface;c:windowssystem32DRIVERSHECIx64.sys;c:windowsSYSNATIVEDRIVERSHECIx64.sys [x]S3 Impcd;Impcd;c:windowssystem32DRIVERSImpcd.sys;c:windowsSYSNATIVEDRIVERSImpcd.sys [x]S3 IntcDAud;Intel(R) Display Audio;c:windowssystem32DRIVERSIntcDAud.sys;c:windowsSYSNATIVEDRIVERSIntcDAud.sys [x]S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:windowssystem32DRIVERSk57nd60a.sys;c:windowsSYSNATIVEDRIVERSk57nd60a.sys [x]..[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-07-31 13:24	1173456	----a-w-	c:program files (x86)GoogleChromeApplication28.0.1500.95Installerchrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-08-20 c:windowsTasksAdobe Flash Player Updater.job- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2013-03-27 21:18].2013-08-20 c:windowsTasksGoogleUpdateTaskMachineCore.job- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2013-03-20 07:47].2013-08-20 c:windowsTasksGoogleUpdateTaskMachineCore1ce7f91ce384cf5.job- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2013-03-20 07:47].2013-08-20 c:windowsTasksGoogleUpdateTaskMachineUA.job- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2013-03-20 07:47].2013-08-20 c:windowsTasksGoogleUpdateTaskMachineUA1ce7f91d1c74d6c.job- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2013-03-20 07:47]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersIDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOTCLSID{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-11-15 23:07	23496	----a-w-	c:program files (x86)Internet Download ManagerIDMShellExt64.dll.[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"RtHDVCpl"="c:program filesRealtekAudioHDARAVCpl64.exe" [2010-06-22 10920552]"IgfxTray"="c:windowssystem32igfxtray.exe" [2012-01-10 167704]"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2012-01-10 392984]"Persistence"="c:windowssystem32igfxpers.exe" [2012-01-10 417560].[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]"AppInit_DLLs"=c:windowsSystem32nvinitx.dll c:windowsSystem32nvinitx.dll c:windowsSystem32nvinitx.dll.------- Supplementary Scan -------.uLocal Page = c:windowssystem32blank.htmuStart Page = about:blankmStart Page = about:blankmLocal Page = c:windowsSysWOW64blank.htmIE: E&xport to Microsoft Excel - c:progra~1MICROS~3Office15EXCEL.EXE/3000IE: Se&nd to OneNote - c:progra~1MICROS~3Office15ONBttnIE.dll/105IE: Свали всички линкове с IDM - c:program files (x86)Internet Download ManagerIEGetAll.htmIE: Свали с IDM - c:program files (x86)Internet Download ManagerIEExt.htmIE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:program files (x86)PokerStars.EUPokerStarsUpdate.exeTCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:usersluckyboyAppDataRoamingMozillaFirefoxProfiles5o1ndzrs.defaultFF - ExtSQL: 2013-07-09 12:54; mozilla_cc@internetdownloadmanager.com; c:usersluckyboyAppDataRoamingIDMidmmzcc5FF - ExtSQL: 2013-08-20 01:00; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:usersluckyboyAppDataRoamingMozillaFirefoxProfiles5o1ndzrs.defaultextensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpiFF - ExtSQL: 2013-08-20 13:45; {89f8dde0-010a-11da-8cd6-0800200c9a66}; c:usersluckyboyAppDataRoamingMozillaFirefoxProfiles5o1ndzrs.defaultextensions{89f8dde0-010a-11da-8cd6-0800200c9a66}.xpi.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERSS-1-5-21-1364269079-2832088709-1461968048-1000SoftwareMicrosoftWindowsCurrentVersionExplorerMountPoints2]@Denied: (Full) (Everyone)@Allowed: (A B C D E 1 2 3 4 5 6 0x0001c0) (Administrators).[HKEY_USERSS-1-5-21-1364269079-2832088709-1461968048-1000SoftwareMicrosoftWindowsCurrentVersionExplorerMountPoints2{f6469ef6-9773-11e2-8330-005056c00008}shell]@="None".[HKEY_USERSS-1-5-21-1364269079-2832088709-1461968048-1000_ClassesWow6432NodeCLSID{377c9299-18ca-4bd6-88d2-5ece15d1492f}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"Model"=dword:00000086"Therad"=dword:00000001"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,.[HKEY_USERSS-1-5-21-1364269079-2832088709-1461968048-1000_ClassesWow6432NodeCLSID{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"scansk"=hex(0):3c,5a,9d,32,5a,2f,c4,f0,f6,b6,c6,5e,71,f0,6b,84,e6,dd,48,86,73,   bd,a0,f5,ae,6a,35,21,0d,7c,fe,ac,86,3b,fb,95,5f,b2,03,b7,00,00,00,00,00,00,.[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil10e.exe,-101".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}LocalServer32]@="c:WindowsSysWow64MacromedFlashFlashUtil10e.exe".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWow64MacromedFlashFlash10e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]@="0".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWow64MacromedFlashFlash10e.ocx, 1".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWow64MacromedFlashFlash10e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWow64MacromedFlashFlash10e.ocx, 1".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]@Denied: (A 2) (Everyone)@="IFlashBroker3".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyRNG*]"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,.[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:program files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exec:windowsSysWOW64vmnat.exec:windowsSysWOW64vmnetdhcp.exec:program files (x86)GoogleUpdate1.3.21.153GoogleCrashHandler.exec:program files (x86)Maxthon3BinMxUp.exe.**************************************************************************.Completion time: 2013-08-20  18:58:31 - machine was rebootedComboFix-quarantined-files.txt  2013-08-20 15:58ComboFix2.txt  2013-08-20 14:54.Pre-Run: 55 785 193 472 bytes freePost-Run: 55 519 367 168 bytes free.- - End Of File - - 0EF685D93933DA225363449F088D60A1

За съжаление все още не може да бъде инсталиране Кис :brick wall: .

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Има ли промяна в състоянието на системата ....наблюдаваш ли първоначалните проблеми..?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Има ли промяна в състоянието на системата ....наблюдаваш ли първоначалните проблеми..?

Не, еxplorer.exe вече не прави проблеми!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Колкото до КИС..ми се струва че трябва да деинсталираш Malwarebytes' Anti-Malware...и след това слагаш антивируса...!:)

Публикувано изображение Моля,подгответе пълен отчет с инструмента GetSystemInfo по инструкцията.

След като програмата завърши работата си,на вашия десктоп ще се създаде архив с име:

  • [*]
GetSystemInfo_име на компютъра_2011_09_04_21_09_25

Този архив прикачете в следващия си пост или качете на сървър по ваше желание и публикувайте линк.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Колкото до КИС..ми се струва че трябва да деинсталираш Malwarebytes' Anti-Malware...и след това слагаш антивируса...! :)

Публикувано изображение Моля,подгответе пълен отчет с инструмента GetSystemInfo по инструкцията.

След като програмата завърши работата си,на вашия десктоп ще се създаде архив с име:

[*]GetSystemInfo_име на компютъра_2011_09_04_21_09_25

Този архив прикачете в следващия си пост или качете на сървър по ваше желание и публикувайте линк.

Ще го направя пък да видим.По-рано я бях инсталирал, въпреки многобройните й бъгове, нямах проблеми при самата инсталация!Вероятно има нещо дълбоко останало въпреки многократното почистване с инструмента им!Нека се помъчим още малко да отстраним и този проблем!?

GetSystemInfo_LUCKYBOY-PC_luckyboy_2013_08_20_19_19_18.zip

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Е ама ти си деинсталирал вече MBAM...Логът от GetSystemInfo е направен след това....Наред е дневника ..не се виждат проблеми..!:)

Но пък Авирата е все още във системата ти..!

 

Публикувано изображение

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Авирата беше програма за оптимизация и при опит да инсталирам Касперски не я засече, като несъвместима!

Въпреки това премахнах и нея, изчистих регистрите, всички temp файлове,java cache... не става и не става!

Уж нищо не е останало в системата, но програмата упорито отказва да се инсталира:

 

Публикувано изображение

Публикувано изображение

 

Свалих и направих опит да сканирам с KVRT,както ме подканва, но ми вади bsod и рестартира уиндоуса! :mad:

Ако се сетиш още нещо - насреща съм!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Пропуснал съм остатъците от Baidu Antivirus...ах,ах,ах..омазана система...Карате ме да правя неща които не трябва да правя....! От къде тргнахме..къде стигнахме...! :(

 

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:
 

KILLALL::File::c:windowsSystem32driversBfilter.sysc:windowsSystem32driversBfmon.sysc:windowsSystem32driversBprotect.sysDriver::BfilterBfmonBprotectFolder::c:windowssystem32driversNISx64

След съхранението преместете CFScript.txt на иконата на ComboFix.exe

Публикувано изображение

Генерирания рапорт копирайте и го поставете в следващия си коментар...!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Съжалявам, ако нещо съм объркал.След малко давам лог-а :)

ComboFix 13-08-19.02 - luckyboy 08.2013 г.  23:13:45.3.4 - x64Microsoft Windows 7 Ultimate   6.1.7601.1.1251.359.1033.18.3767.1425 [GMT 3:00]Running from: c:usersluckyboyDesktopComboFix.exeCommand switches used :: c:usersluckyboyDesktopCFScript.txtSP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:windowsSystem32driversBfilter.sys""c:windowsSystem32driversBfmon.sys""c:windowsSystem32driversBprotect.sys"..(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))..c:programdatantuser.datc:windowsSystem32driversBfilter.sysc:windowsSystem32driversBfmon.sysc:windowsSystem32driversBprotect.sys..(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))..-------Legacy_BFILTER-------Legacy_BFMON-------Legacy_BPROTECT-------Service_Bfilter-------Service_Bfmon-------Service_Bprotect..(((((((((((((((((((((((((   Files Created from 2013-07-20 to 2013-08-20  )))))))))))))))))))))))))))))))..2013-08-20 20:19 . 2013-08-20 20:19	--------	d-----w-	c:usersUpdatusUserAppDataLocaltemp2013-08-20 20:19 . 2013-08-20 20:19	--------	d-----w-	c:userspostgresAppDataLocaltemp2013-08-20 20:19 . 2013-08-20 20:19	--------	d-----w-	c:usersDefaultAppDataLocaltemp2013-08-20 20:19 . 2013-08-20 20:19	--------	d-----w-	c:usersAdministratorAppDataLocaltemp2013-08-20 19:33 . 2013-08-20 19:33	--------	d-----w-	c:program filesCCleaner2013-08-20 17:41 . 2013-08-20 17:41	17737608	----a-w-	c:windowsSysWow64FlashPlayerInstaller.exe2013-08-19 21:59 . 2013-08-19 21:59	--------	d-----w-	c:usersluckyboyAppDataLocalMacromedia2013-08-19 21:15 . 2013-08-19 21:23	--------	d-----w-	c:usersluckyboyAppDataLocalNPE2013-08-19 20:35 . 2013-08-19 20:35	--------	d-----w-	c:programdataMalwarebytes2013-08-19 18:43 . 2013-08-19 18:43	--------	d-----w-	c:userstest2013-08-18 14:00 . 2013-08-19 17:08	--------	d-----w-	c:windowssystem32driversNISx642013-08-16 13:51 . 2013-08-16 13:51	--------	d-----w-	c:windowsSysWow64wbemLogs2013-08-16 13:17 . 2013-07-26 05:13	2241024	----a-w-	c:windowssystem32wininet.dll2013-08-16 13:17 . 2013-07-26 05:12	15405056	----a-w-	c:windowssystem32ieframe.dll2013-08-16 13:17 . 2013-07-26 05:12	19239424	----a-w-	c:windowssystem32mshtml.dll2013-08-16 13:13 . 2013-08-16 13:15	--------	d-----w-	c:windowssystem32MRT2013-08-16 13:12 . 2013-08-16 13:12	--------	d-----w-	c:usersDefaultAppDataLocalMicrosoft Help2013-08-16 10:30 . 2013-07-09 05:46	1472512	----a-w-	c:windowssystem32crypt32.dll2013-08-13 17:51 . 2013-08-13 17:57	--------	d-----w-	c:program filesCPUID2013-08-12 17:13 . 2013-08-12 17:15	--------	d-----w-	c:usersluckyboyAppDataLocalXpom2013-08-12 17:12 . 2013-08-12 17:15	--------	d-----w-	c:usersluckyboyAppDataLocalMail.Ru2013-08-11 22:14 . 2013-08-11 22:14	--------	d-----w-	c:usersluckyboyAppDataLocalDownloaded Installations2013-08-11 11:47 . 2013-08-11 11:47	--------	d-----w-	c:usersluckyboyAppDataLocalMozilla2013-08-10 17:35 . 2013-08-10 19:35	234544	----a-w-	c:windowsRegBootClean64.exe2013-08-07 18:07 . 2013-08-07 18:07	76232	----a-w-	c:programdataMicrosoftWindows DefenderDefinition Updates{4385D987-0DEE-446A-AE88-2FAA3C23ADEF}offreg.dll2013-08-07 06:58 . 2013-08-07 06:58	--------	d-----w-	c:programdataWNR2013-08-07 06:58 . 2013-08-07 06:58	--------	d-----w-	c:usersluckyboyAppDataRoamingWNR2013-08-06 21:34 . 2013-08-06 21:34	--------	d-----w-	c:usersluckyboyAppDataRoamingFastStone2013-08-06 21:34 . 2013-08-06 21:34	--------	d-----w-	c:usersluckyboyAppDataLocalFastStone2013-08-06 21:33 . 2013-08-06 21:33	--------	d-----w-	c:program files (x86)FastStone Capture2013-08-06 20:59 . 2013-08-06 20:59	--------	d-----w-	c:programdataNCH Software2013-08-06 20:59 . 2013-08-06 21:00	--------	d-----w-	c:program files (x86)NCH Software2013-08-06 20:59 . 2013-08-06 21:31	--------	d-----w-	c:usersluckyboyAppDataRoamingNCH Software2013-08-04 13:36 . 2013-08-09 13:10	--------	d-----w-	c:usersluckyboyAppDataRoamingNVIDIA2013-08-04 11:32 . 2013-08-04 11:32	--------	d-----w-	c:windowsSysWow64NV2013-08-04 11:32 . 2013-08-04 11:32	--------	d-----w-	c:windowssystem32NV2013-08-04 09:58 . 2013-08-19 17:16	--------	d-----w-	c:usersUpdatusUser.luckyboy-PC2013-08-04 09:31 . 2013-06-21 10:23	6496544	----a-w-	c:windowssystem32nvcpl.dll2013-08-04 09:31 . 2013-06-21 10:23	3514656	----a-w-	c:windowssystem32nvsvc64.dll2013-08-04 09:31 . 2013-06-21 10:23	884512	----a-w-	c:windowssystem32nvvsvc.exe2013-08-04 09:31 . 2013-06-21 10:23	67072	----a-w-	c:windowssystem32nv3dappshextr.dll2013-08-04 09:31 . 2013-06-21 10:23	63776	----a-w-	c:windowssystem32nvshext.dll2013-08-04 09:31 . 2013-06-21 10:23	2555680	----a-w-	c:windowssystem32nvsvcr.dll2013-08-04 09:31 . 2013-06-21 10:23	237856	----a-w-	c:windowssystem32nvmctray.dll2013-08-04 09:31 . 2013-06-21 10:23	1025312	----a-w-	c:windowssystem32nv3dappshext.dll2013-08-04 09:31 . 2013-06-20 04:17	3253909	----a-w-	c:windowssystem32nvcoproc.bin2013-08-04 09:29 . 2013-06-21 12:06	61216	----a-w-	c:windowssystem32OpenCL.dll2013-08-04 09:29 . 2013-06-21 12:06	53024	----a-w-	c:windowsSysWow64OpenCL.dll2013-08-04 09:28 . 2013-08-04 09:28	--------	d-----w-	c:programdataNVIDIA Corporation2013-08-04 08:32 . 2013-08-05 06:35	--------	d-----w-	c:usersluckyboyAppDataRoamingDream Aquarium2013-08-04 08:32 . 2012-04-19 09:03	141312	----a-w-	c:windowsDreamAquarium.scr2013-08-04 08:32 . 2013-08-04 08:32	--------	d-----w-	c:program files (x86)Dream Aquarium2013-08-04 07:52 . 2013-08-19 17:08	--------	d-----w-	c:usersluckyboyAppDataRoamingWise Care 3652013-08-04 07:52 . 2013-08-04 07:52	--------	d-----w-	c:program files (x86)Wise2013-08-03 15:24 . 2013-08-09 19:46	--------	d-----w-	c:usersluckyboycache2013-08-02 06:16 . 2013-04-09 23:34	1247744	----a-w-	c:windowsSysWow64DWrite.dll2013-08-02 06:16 . 2013-04-02 22:51	1643520	----a-w-	c:windowssystem32DWrite.dll2013-08-02 06:16 . 2013-05-27 05:50	1011712	----a-w-	c:program filesWindows DefenderMpSvc.dll2013-08-02 06:16 . 2013-05-27 05:50	571904	----a-w-	c:program filesWindows DefenderMpClient.dll2013-08-02 06:16 . 2013-05-27 05:50	314880	----a-w-	c:program filesWindows DefenderMpCommu.dll2013-08-02 06:16 . 2013-05-27 04:57	4608	----a-w-	c:program files (x86)Windows DefenderMsMpLics.dll2013-08-02 06:16 . 2013-05-27 04:57	54784	----a-w-	c:program files (x86)Windows DefenderMpOAV.dll2013-08-02 06:16 . 2013-05-27 04:57	392704	----a-w-	c:program files (x86)Windows DefenderMpClient.dll2013-08-02 06:16 . 2013-05-27 03:15	9216	----a-w-	c:program files (x86)Windows DefenderMpAsDesc.dll2013-08-02 06:15 . 2013-04-10 05:48	1732608	----a-w-	c:program filesWindows JournalNBDoc.DLL2013-08-02 06:15 . 2013-04-10 05:46	1402880	----a-w-	c:program filesWindows JournalJNWDRV.dll2013-08-02 06:15 . 2013-04-10 05:46	1393152	----a-w-	c:program filesWindows JournalJNTFiltr.dll2013-08-02 06:15 . 2013-04-10 05:46	1367040	----a-w-	c:program filesCommon FilesMicrosoft Sharedinkjournal.dll2013-08-02 06:15 . 2013-04-10 05:03	936448	----a-w-	c:program files (x86)Common FilesMicrosoft Sharedinkjournal.dll2013-08-02 06:15 . 2013-06-05 03:34	3153920	----a-w-	c:windowssystem32win32k.sys2013-08-02 06:15 . 2013-06-04 06:00	624128	----a-w-	c:windowssystem32qedit.dll2013-08-02 06:15 . 2013-06-04 04:53	509440	----a-w-	c:windowsSysWow64qedit.dll2013-07-31 19:54 . 2013-07-31 19:54	--------	d-----w-	c:usersluckyboyAppDataLocalEMU2013-07-31 15:06 . 2013-07-31 15:06	--------	d-----w-	c:programdataAuslogics2013-07-30 16:14 . 2013-08-20 19:19	--------	d-----w-	c:program filesUnlocker2013-07-29 18:17 . 2013-02-04 16:24	574120	----a-w-	c:windowsSysWow64msvcp50.dll2013-07-29 12:17 . 2013-07-29 13:52	--------	d-----w-	C:True Poker2013-07-28 08:12 . 2013-07-28 08:12	--------	d-----w-	c:usersluckyboyAppDataRoamingpostgresql2013-07-28 08:09 . 2013-07-28 08:17	--------	d-----w-	c:usersluckyboyAppDataLocalPokerTracker 42013-07-27 21:31 . 2013-07-27 21:32	--------	d-----w-	c:usersluckyboyAppDataLocalKesemoholdings_Limited2013-07-27 17:30 . 2013-07-27 17:30	--------	d-----w-	C:Games2013-07-25 18:18 . 2013-08-20 11:55	--------	d-----w-	C:Poker2013-07-25 15:46 . 2013-07-25 15:47	--------	d-----w-	c:program files (x86)Poker Heaven2013-07-23 22:06 . 2013-07-24 07:02	--------	d-----w-	c:usersluckyboyAppDataRoamingWireshark2013-07-23 20:04 . 2012-10-24 11:17	67224	----a-w-	c:windowssystem32vsocklib.dll2013-07-23 20:04 . 2012-10-24 11:17	70296	----a-w-	c:windowssystem32driversvsock.sys2013-07-23 20:04 . 2012-10-24 11:17	63128	----a-w-	c:windowsSysWow64vsocklib.dll2013-07-23 20:04 . 2013-02-25 23:28	67664	----a-w-	c:windowssystem32driversvmx86.sys2013-07-23 20:03 . 2013-02-25 23:28	357456	----a-w-	c:windowsSysWow64vmnetdhcp.exe2013-07-23 20:03 . 2013-02-25 23:28	436304	----a-w-	c:windowsSysWow64vmnat.exe2013-07-23 20:03 . 2013-02-25 23:28	30800	----a-w-	c:windowssystem32driversvmnetuserif.sys2013-07-23 20:02 . 2013-02-25 23:29	933968	----a-w-	c:windowssystem32vnetlib64.dll2013-07-23 20:02 . 2012-10-11 13:15	52376	----a-w-	c:windowssystem32drivershcmon.sys2013-07-23 20:01 . 2013-07-23 20:01	--------	d-----w-	c:program filesCommon FilesVMware2013-07-23 20:01 . 2013-07-23 20:01	--------	d-----w-	c:program files (x86)Common FilesVMware2013-07-23 14:14 . 2011-03-11 00:41	57344	----a-w-	c:windowsWinRaR password findeR v4.0.exe2013-07-22 07:37 . 2013-07-22 07:37	--------	d-----w-	c:usersluckyboyAppDataRoamingURSoft2013-07-22 07:37 . 2013-08-20 19:42	--------	d-----w-	c:program files (x86)Your Uninstaller! 72013-07-22 07:19 . 2013-07-22 07:47	--------	d-----w-	c:program files (x86)Redbet Poker...((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-08-20 17:41 . 2013-03-27 17:37	71048	----a-w-	c:windowsSysWow64FlashPlayerCPLApp.cpl2013-08-20 17:41 . 2013-03-27 17:37	692104	----a-w-	c:windowsSysWow64FlashPlayerApp.exe2013-08-13 18:00 . 2013-02-16 04:35	6656	----a-w-	c:windowssystem32lpcio.dll2013-08-05 13:14 . 2013-02-16 04:20	78161360	----a-w-	c:windowssystem32MRT.exe2013-08-01 06:24 . 2013-08-01 06:22	22	----a-w-	C:fp.zip2013-07-24 15:27 . 2013-07-17 08:17	12872	----a-w-	c:windowssystem32bootdelete.exe2013-07-09 04:45 . 2013-08-16 10:29	44032	----a-w-	c:windowsapppatchacwow64.dll2013-06-27 19:58 . 2013-06-27 19:58	56272	----a-w-	c:windowssystem32snacnp.dll2013-06-27 09:57 . 2013-06-28 04:31	172920	------w-	c:windowssystem32driversidmwfp.sys2013-06-21 12:06 . 2013-04-22 14:47	214448	----a-w-	c:windowsSysWow64nvinit.dll2013-06-12 18:48 . 2013-03-30 17:07	867240	----a-w-	c:windowsSysWow64npDeployJava1.dll2013-06-12 18:48 . 2013-03-30 17:07	789416	----a-w-	c:windowsSysWow64deployJava1.dll2013-06-12 18:47 . 2013-06-20 21:20	96168	----a-w-	c:windowsSysWow64WindowsAccessBridge-32.dll2013-05-31 18:00 . 2013-06-18 15:50	112640	----a-w-	c:windowsSysWow64ff_vfw.dll..(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"IDMan"="c:program files (x86)Internet Download ManagerIDMan.exe" [2013-08-18 3612240].[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]"Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2010-11-21 1475584].[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]"ConsentPromptBehaviorAdmin"= 0 (0x0)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:windowsSysWOW64nvinit.dll c:windowsSysWOW64nvinit.dll c:windowsSysWOW64nvinit.dll.[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalhitmanpro37]@="".[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalhitmanpro37.sys]@="".[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHitmanPro37CrusaderBoot]@="".[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]"AutoUpdateDisableNotify"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]"DisableMonitoring"=dword:00000001.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [x]R3 dmvsc;dmvsc;c:windowssystem32driversdmvsc.sys;c:windowsSYSNATIVEdriversdmvsc.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys;c:windowsSYSNATIVEdriversrdpvideominiport.sys [x]R3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys;c:windowsSYSNATIVEDRIVERSRt64win7.sys [x]R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:windowssystem32driversSynth3dVsc.sys;c:windowsSYSNATIVEdriversSynth3dVsc.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:windowssystem32driversterminpt.sys;c:windowsSYSNATIVEdriversterminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys;c:windowsSYSNATIVEdriverstsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:windowssystem32driversTsUsbGD.sys;c:windowsSYSNATIVEdriversTsUsbGD.sys [x]R3 tsusbhub;Remote Deskotop USB Hub;c:windowssystem32driverstsusbhub.sys;c:windowsSYSNATIVEdriverstsusbhub.sys [x]R3 UsbFltr;WayTech USB Filter Driver;c:windowsSystem32DriversUsbFltr.sys;c:windowsSYSNATIVEDriversUsbFltr.sys [x]R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys;c:windowsSYSNATIVEdriversrdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe;c:windowsSYSNATIVEWatWatAdminSvc.exe [x]R4 Skype C2C Service;Skype C2C Service;c:programdataSkypeToolbarsSkype C2C Servicec2c_service.exe;c:programdataSkypeToolbarsSkype C2C Servicec2c_service.exe [x]R4 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe;c:program files (x86)SkypeUpdaterUpdater.exe [x]R4 TeamViewer8;TeamViewer 8;c:program files (x86)TeamViewerVersion8TeamViewer_Service.exe;c:program files (x86)TeamViewerVersion8TeamViewer_Service.exe [x]R4 VMUSBArbService;VMware USB Arbitration Service;c:program files (x86)Common FilesVMwareUSBvmware-usbarbitrator64.exe;c:program files (x86)Common FilesVMwareUSBvmware-usbarbitrator64.exe [x]R4 VMwareHostd;VMware Workstation Server;c:program files (x86)VMwareVMware Workstationvmware-hostd.exe;c:program files (x86)VMwareVMware Workstationvmware-hostd.exe [x]R4 WiseBootAssistant;Wise Boot Assistant;c:program files (x86)WiseWise Care 365BootTime.exe;c:program files (x86)WiseWise Care 365BootTime.exe [x]S0 nvpciflt;nvpciflt;c:windowssystem32DRIVERSnvpciflt.sys;c:windowsSYSNATIVEDRIVERSnvpciflt.sys [x]S0 vmci;VMware VMCI Bus Driver;c:windowssystem32DRIVERSvmci.sys;c:windowsSYSNATIVEDRIVERSvmci.sys [x]S0 vsock;vSockets Driver;c:windowssystem32driversvsock.sys;c:windowsSYSNATIVEdriversvsock.sys [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32DRIVERSdtsoftbus01.sys;c:windowsSYSNATIVEDRIVERSdtsoftbus01.sys [x]S2 HiSuiteOuc64.exe;HiSuiteOuc64.exe;c:programdataHiSuiteOucHiSuiteOuc64.exe;c:programdataHiSuiteOucHiSuiteOuc64.exe [x]S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:programdataHandSetServiceHuaweiHiSuiteService64.exe;c:programdataHandSetServiceHuaweiHiSuiteService64.exe [x]S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:program files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe;c:program files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [x]S2 IDMWFP;IDMWFP;c:windowssystem32DRIVERSidmwfp.sys;c:windowsSYSNATIVEDRIVERSidmwfp.sys [x]S2 UNS;Intel(R) Management & Security Application User Notification Service;c:program files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe;c:program files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [x]S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64driversvstor2-mntapi10-shared.sys;SysWOW64driversvstor2-mntapi10-shared.sys [x]S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:program files (x86)Qualcomm Atheros Fast ReconnectAth_WlanAgent.exe;c:program files (x86)Qualcomm Atheros Fast ReconnectAth_WlanAgent.exe [x]S3 HECIx64;Intel(R) Management Engine Interface;c:windowssystem32DRIVERSHECIx64.sys;c:windowsSYSNATIVEDRIVERSHECIx64.sys [x]S3 Impcd;Impcd;c:windowssystem32DRIVERSImpcd.sys;c:windowsSYSNATIVEDRIVERSImpcd.sys [x]S3 IntcDAud;Intel(R) Display Audio;c:windowssystem32DRIVERSIntcDAud.sys;c:windowsSYSNATIVEDRIVERSIntcDAud.sys [x]S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:windowssystem32DRIVERSk57nd60a.sys;c:windowsSYSNATIVEDRIVERSk57nd60a.sys [x]..[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-07-31 13:24	1173456	----a-w-	c:program files (x86)GoogleChromeApplication28.0.1500.95Installerchrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-08-20 c:windowsTasksAdobe Flash Player Updater.job- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2013-03-27 17:41].2013-08-20 c:windowsTasksGoogleUpdateTaskMachineCore.job- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2013-03-20 07:47].2013-08-20 c:windowsTasksGoogleUpdateTaskMachineCore1ce7f91ce384cf5.job- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2013-03-20 07:47].2013-08-20 c:windowsTasksGoogleUpdateTaskMachineUA.job- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2013-03-20 07:47].2013-08-20 c:windowsTasksGoogleUpdateTaskMachineUA1ce7f91d1c74d6c.job- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2013-03-20 07:47]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersIDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOTCLSID{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-11-15 23:07	23496	----a-w-	c:program files (x86)Internet Download ManagerIDMShellExt64.dll.[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"RtHDVCpl"="c:program filesRealtekAudioHDARAVCpl64.exe" [2010-06-22 10920552]"IgfxTray"="c:windowssystem32igfxtray.exe" [2012-01-10 167704]"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2012-01-10 392984]"Persistence"="c:windowssystem32igfxpers.exe" [2012-01-10 417560].[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]"AppInit_DLLs"=c:windowsSystem32nvinitx.dll c:windowsSystem32nvinitx.dll c:windowsSystem32nvinitx.dll.------- Supplementary Scan -------.uLocal Page = c:windowssystem32blank.htmuStart Page = about:blankmStart Page = about:blankmLocal Page = c:windowsSysWOW64blank.htmIE: E&xport to Microsoft Excel - c:progra~1MICROS~3Office15EXCEL.EXE/3000IE: Se&nd to OneNote - c:progra~1MICROS~3Office15ONBttnIE.dll/105IE: Свали всички линкове с IDM - c:program files (x86)Internet Download ManagerIEGetAll.htmIE: Свали с IDM - c:program files (x86)Internet Download ManagerIEExt.htmIE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:program files (x86)PokerStars.EUPokerStarsUpdate.exeTCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:usersluckyboyAppDataRoamingMozillaFirefoxProfiles5o1ndzrs.defaultFF - ExtSQL: 2013-07-09 12:54; mozilla_cc@internetdownloadmanager.com; c:usersluckyboyAppDataRoamingIDMidmmzcc5FF - ExtSQL: 2013-08-20 01:00; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:usersluckyboyAppDataRoamingMozillaFirefoxProfiles5o1ndzrs.defaultextensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpiFF - ExtSQL: 2013-08-20 13:45; {89f8dde0-010a-11da-8cd6-0800200c9a66}; c:usersluckyboyAppDataRoamingMozillaFirefoxProfiles5o1ndzrs.defaultextensions{89f8dde0-010a-11da-8cd6-0800200c9a66}.xpi.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERSS-1-5-21-1364269079-2832088709-1461968048-1000SoftwareMicrosoftWindowsCurrentVersionExplorerMountPoints2]@Denied: (Full) (Everyone)@Allowed: (A B C D E 1 2 3 4 5 6 0x0001c0) (Administrators).[HKEY_USERSS-1-5-21-1364269079-2832088709-1461968048-1000SoftwareMicrosoftWindowsCurrentVersionExplorerMountPoints2{f6469ef6-9773-11e2-8330-005056c00008}shell]@="None".[HKEY_USERSS-1-5-21-1364269079-2832088709-1461968048-1000_ClassesWow6432NodeCLSID{377c9299-18ca-4bd6-88d2-5ece15d1492f}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"Model"=dword:00000086"Therad"=dword:00000001"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,.[HKEY_USERSS-1-5-21-1364269079-2832088709-1461968048-1000_ClassesWow6432NodeCLSID{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"scansk"=hex(0):3c,5a,9d,32,5a,2f,c4,f0,f6,b6,c6,5e,71,f0,6b,84,e6,dd,48,86,73,   bd,a0,f5,ae,6a,35,21,0d,7c,fe,ac,86,3b,fb,95,5f,b2,03,b7,00,00,00,00,00,00,.[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{645FF040-5081-101B-9F08-00AA002F954E}shellB20@O=5 *=0 *C*C*l*e*a*n*e*r*& command]@="c:Program FilesCCleanerccleaner.exe".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil10e.exe,-101".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}LocalServer32]@="c:WindowsSysWow64MacromedFlashFlashUtil10e.exe".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWow64MacromedFlashFlash10e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]@="0".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWow64MacromedFlashFlash10e.ocx, 1".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWow64MacromedFlashFlash10e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWow64MacromedFlashFlash10e.ocx, 1".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]@Denied: (A 2) (Everyone)@="IFlashBroker3".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyRNG*]"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,.[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:program files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exec:windowsSysWOW64vmnat.exec:windowsSysWOW64vmnetdhcp.exec:program files (x86)Internet Download ManagerIEMonitor.exec:program files (x86)GoogleUpdate1.3.21.153GoogleCrashHandler.exe.**************************************************************************.Completion time: 2013-08-20  23:24:46 - machine was rebootedComboFix-quarantined-files.txt  2013-08-20 20:24ComboFix2.txt  2013-08-20 15:58.Pre-Run: 56 585 150 464 bytes freePost-Run: 56 816 926 720 bytes free.- - End Of File - - 24E29B6E732635780897D2F6539E7723

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Съжалявам, ако нещо съм объркал.След малко давам лог-а :)

Не  бе човек...Просто до тук трия само легални файлове ..а това е в разрез със световните правила на работа на хелперите..!Поне да има резултат...!!! Знаеш че антивирус се премахва със собствения си инструмент за деинсталация...!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не  бе човек...Просто до тук трия само легални файлове ..а това е в разрез със световните правила на работа на хелперите..!Поне да има резултат...!!! Знаеш че антивирус се премахва със собствения си инструмент за деинсталация...!

Продължаваме ли работата или приключихме?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

А как е положението след последната процедура......до тук премахнахме остатъци от шест антивирусни.....

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

А как е положението след последната процедура......до тук премахнахме остатъци от шест антивирусни.....

Държи се добре машината, но проклетия руснак отказва да се инсталира.Явно нещо пропускаме...! :(

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Най- вероятно  е така...Нали се сещаш че не мога да знам всички антивирусни какви файлове създават във системата...! :)
Ще огледам още веднъж подробно всичко....! :)
 
Опитай с тази програма,да видим какво ще покаже тя:
 
 Изтеглете Публикувано изображениеAppRemover и го запазете на вашия десктоп.
Стартирате програмата:

Публикувано изображение

Публикувано изображение Next >> Уверете се ще е маркиран "Remove Security Application"

Публикувано изображение

Публикувано изображение Next >> AppRemover ще сканира всички приложения, свързани със сигурността на вашия компютър.

Публикувано изображение

Публикувано изображение Маркирайте всички приложения които са излишни и си оставете само действащите...и кликате Next>> два пъти.

Публикувано изображение

Публикувано изображение Следвайте допълнителните инструкциите на екрана. Ако поиска рестарт, моля направете го.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Най- вероятно  е така...Нали се сещаш че не мога да знам всички антивирусни какви файлове създават във системата...! :)

Ще огледам още веднъж подробно всичко....! :)

 

Опитай с тази програма,да видим какво ще покаже тя:

 

 Изтеглете Публикувано изображениеAppRemover и го запазете на вашия десктоп.

Стартирате програмата:

Публикувано изображение

Публикувано изображение Next >> Уверете се ще е маркиран "Remove Security Application"

Публикувано изображение

Публикувано изображение Next >> AppRemover ще сканира всички приложения, свързани със сигурността на вашия компютър.

Публикувано изображение

Публикувано изображение Маркирайте всички приложения които са излишни и си оставете само действащите...и кликате Next>> два пъти.

Публикувано изображение

Публикувано изображение Следвайте допълнителните инструкциите на екрана. Ако поиска рестарт, моля направете го.

Пробвах с нея, не намери нищо.Ако не ти се занимава повече, кажи.Ще тормозя съпорта на Касперски Лаб.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

c:windowssystem32driversNISx64

  Този драйвер се опитвам три пъти да изтрия и не успявам...!Мисля че е на Symantec...Опитайте с Norton Removal Tool

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

  Този драйвер се опитвам три пъти да изтрия и не успявам...!Мисля че е на Symantec...Опитайте с Norton Removal Tool

Инструмната го изпозвах когато го премахнах.Да опитам ръчно?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.