Sign In
Create Account
Popup-uri care apar
Last Updated: Jul 03 2008 17:34, Started by
narcisx
, May 04 2008 21:31
·
0
0
#1
Posted 04 May 2008 - 21:31
|
buna ma deschis acest topic deoarece am o mre problema cu niste popup-uri, aproape d fiecare data cand deschid ie imi apar (aproape) hompage am google deci nu mi se pare normal. primul popup ducea catre un site 8888 (paraca) nu mai stiu cum, iar dupa aceea spre diferite site-uri. Problema a inceput (cred) dupa ce am instalat windows live messenger + un plugin care se numeste Plus. Am scanat onlie cu bit defender dar nu a gasit nimic poate fi de live mess sau de la acel plugin plus ???
P.S. stiu ca mai sunt topicuri de acest gen dar sunt cam vechi si oricum nu am gasit rapunsul in ele  Later edit: eczact acum can am terminat topicu acesta si voiam sa inchid ie am primit un poppu care ma intreba daca vreau sa-mi iau un screensaver "KOI"  )
Edited by narcisx, 04 May 2008 - 21:33. |
Back to top
#2
Posted 04 May 2008 - 21:40
|
Posteaza aici un log HiJackThis.
Daca nu primesti raspuns avizat in timp util scaneaza PC-ul cu Super AntiSpyware. |
#3
Posted 04 May 2008 - 22:48
|
pykko, on May 4 2008, 22:40, said: Posteaza aici un log HiJackThis. Daca nu primesti raspuns avizat in timp util scaneaza PC-ul cu Super AntiSpyware. Scan saved at 11:46:35 PM, on 5/4/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [BigDog305] C:\Windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\RunOnce: [ypagerps] cmd.exe /C del "C:\Program Files\Yahoo!\Messenger\ypagerps.dll" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O13 - Gopher Prefix: O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AB257756-50D1-4D16-B33D-346A31931320}: NameServer = 81.18.85.7 62.231.76.49 O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 3048 bytes |
#4
Posted 05 May 2008 - 13:51
|
log-ul tau este curat.
Totusi hai sa facem niste investigatii mai amanuntite. Descarca Deckard's System Scanner (DSS) pe Desktop. Ruleaza apoi dss.exe si urmeaza instructiunile. La sfarsit vor fi generate doua fisiere main.txt si extra.txt Posteaza continutul ambelor aici. Insa poti face inainte si o scanare cu Super AntiSpyware si apoi posteaza log-ul. 
|
#5
Posted 05 May 2008 - 17:40
|
si eu am aceeasi problema. prostia mea era ca nu am updatat antivirusul de cateva luni si mi s-au bagat ceva virusi. la inceput imi tot apareau popupuri cu nu stiu ce "scanare" gratuita. paginile web au inceput sa nu mai mearga, doar cateva, google dupa ce dadeam search nu mai mergea. bitdefender mi-a gasit trojan.vundo.efk , dar nu l-a putut scoate. cu greu am reusit sa caut pe alt motor de cautare despre acest virus si am gasit ceva program care il curata. a reusit sa-l scoata dupa vreo 2 restartari. acuma vad ca iar imi merg greu paginile si mi se deschide si mie cu 888 , poker, si alte "scanari".
si eu am aceeasi problema. prostia mea era ca nu am updatat antivirusul de cateva luni si mi s-au bagat ceva virusi. la inceput imi tot apareau popupuri cu nu stiu ce "scanare" gratuita. paginile web au inceput sa nu mai mearga, doar cateva, google dupa ce dadeam search nu mai mergea. bitdefender mi-a gasit trojan.vundo.efk , dar nu l-a putut scoate. cu greu am reusit sa caut pe alt motor de cautare despre acest virus si am gasit ceva program care il curata. a reusit sa-l scoata dupa vreo 2 restartari. acuma vad ca iar imi merg greu paginile si mi se deschide si mie cu 888 , poker, si alte "scanari". |
#7
Posted 05 May 2008 - 17:52
|
si cu mozilla face. uitate la imaginea uploadata. unde mi-e postul, mi-a schimbat si avatarul. am pus mouseul pe imagine si vezi pe ce link vrea sa ma trimita...
main.txt Deckard's System Scanner v20071014.68 Run by Fane on 2008-05-05 18:40:35 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 2 Restore Point(s) -- 2: 2008-05-05 15:40:54 UTC - RP2 - Deckard's System Scanner Restore Point 1: 2008-05-04 15:01:24 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HiJackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-05-05 18:43:03 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\soundman.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\svrhost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Documents and Settings\Fane\Desktop\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm F0 - system.ini: Shell=explorer.exe C:\WINDOWS\system32/regsvr.exe F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32/regsvr.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {29BA3570-FF39-40DE-9048-46A8326B0F7F} - C:\WINDOWS\system32\nnnoLFya.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - (no file) O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [BMbf311c12] Rundll32.exe "C:\WINDOWS\system32\sfueuioi.dll",s O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - AppInit_DLLs: sockspy.dll O20 - Winlogon Notify: wvUmmnmL - C:\WINDOWS\system32\wvUmmnmL.dll (file missing) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: DHCP Server (DHCPServer) - Unknown owner - C:\MY DOWNLOADS\dhcpsrv1.5(2)\dhcpsrv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Microsoft security update service (msupdate) - Unknown owner - C:\WINDOWS\system32\mssrv32.exe O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\svrhost.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 8561 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product> R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi> R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation.; Bluelet Audio Driver> S3 btaudio (Bluetooth Audio Device) - c:\windows\system32\drivers\btaudio.sys (file missing) S3 BTDriver (Bluetooth Virtual Communications Driver) - c:\windows\system32\drivers\btport.sys (file missing) S3 ggsemc (Sony Ericsson USB Flash Driver) - c:\windows\system32\drivers\ggsemc.sys <Not Verified; Sony Ericsson Mobile Communications; Gordon's Gate> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 BlueSoleilCS - c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe <Not Verified;; BlueSoleilCS Module> R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe R2 r_server (Remote Administrator Service) - "c:\windows\system32\svrhost.exe" /service R3 BsHelpCS - c:\program files\ivt corporation\bluesoleil\bshelpcs.exe <Not Verified;; BsHelpCS Module> S2 DHCPServer (DHCP Server) - c:\my downloads\dhcpsrv1.5(2)\dhcpsrv.exe (file missing) S2 msupdate (Microsoft security update service) - c:\windows\system32\mssrv32.exe -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Network Controller Device ID: PCI\VEN_13D0&DEV_2103&SUBSYS_210313D0&REV_01\3&61AAA01&0&58 Manufacturer: Name: Network Controller PNP Device ID: PCI\VEN_13D0&DEV_2103&SUBSYS_210313D0&REV_01\3&61AAA01&0&58 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Multimedia Video Controller Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_6607107D&REV_11\3&61AAA01&0&60 Manufacturer: Name: Multimedia Video Controller PNP Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_6607107D&REV_11\3&61AAA01&0&60 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Multimedia Controller Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_6607107D&REV_11\3&61AAA01&0&61 Manufacturer: Name: Multimedia Controller PNP Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_6607107D&REV_11\3&61AAA01&0&61 Service: -- Scheduled Tasks ------------------------------------------------------------- 2008-05-04 14:08:17 388 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job -- Files created between 2008-04-05 and 2008-05-05 ----------------------------- 2008-05-05 18:16:12 0 dr-h----- C:\Documents and Settings\Fane\Recent 2008-05-05 17:39:24 96832 --a------ C:\WINDOWS\system32\pysgovfp.dll 2008-05-05 17:37:33 104000 --a------ C:\WINDOWS\system32\sfueuioi.dll 2008-05-04 19:52:19 0 d-------- C:\New Folder 2008-05-04 18:12:53 0 d-------- C:\VundoFix Backups 2008-05-04 14:06:55 0 d-------- C:\Documents and Settings\Fane\Application Data\TuneUp Software 2008-05-04 14:06:54 0 d-------- C:\Program Files\TuneUp Utilities 2007 2008-05-04 14:04:39 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-05-04 14:04:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-04 12:20:42 95296 --a------ C:\WINDOWS\system32\oclhxsvx.dll 2008-05-03 09:07:15 185653 --ahs---- C:\WINDOWS\system32\ayFLonnn.ini2 2008-05-03 09:07:07 280576 --a------ C:\WINDOWS\system32\nnnoLFya.dll 2008-05-02 18:11:34 335872 --a------ C:\WINDOWS\system32\m4atag.dll 2008-05-02 18:11:30 0 d-------- C:\Program Files\mp3Tag 5 2008-05-02 15:33:07 0 d-------- C:\Documents and Settings\Fane\Application Data\Opera 2008-05-02 14:12:01 0 d-------- C:\WINDOWS\system32\Quicktime 2008-05-02 14:11:54 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc 2008-05-02 14:11:53 0 d-------- C:\Program Files\SmartSound Software 2008-05-02 11:14:38 155721 -----n--- C:\WINDOWS\system32\RALMain.dll <Not Verified; Pinnacle Systems GmbH; Register Abstraction Layer> 2008-05-02 11:14:38 294912 -----n--- C:\WINDOWS\system32\pvmjpg21.dll <Not Verified; Pegasus Imaging Corporation; PICVideo> 2008-05-02 11:14:38 204881 -----n--- C:\WINDOWS\system32\DiskIO.dll <Not Verified; Pinnacle Systems GmbH; Media File Sequencer> 2008-05-02 11:14:37 81920 -----n--- C:\WINDOWS\system32\vdrmux.dll <Not Verified; Pinnacle Systems; Pinnacle Systems vdrmux> 2008-05-02 11:14:37 46592 -----n--- C:\WINDOWS\system32\vdrcodec.dll <Not Verified; Pinnacle Systems; Studio 600> 2008-05-02 11:14:37 44544 -----n--- C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1> 2008-05-02 11:14:37 73728 -----n--- C:\WINDOWS\system32\MMAviAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO MFP> 2008-05-02 11:14:37 32768 -----n--- C:\WINDOWS\system32\MLPagAx.dll <Not Verified; Pinnacle Systems GmbH; MLPag DLL> 2008-05-02 11:14:37 40960 -----n--- C:\WINDOWS\system32\langserv.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO LangServ> 2008-05-02 11:14:37 18432 --a------ C:\WINDOWS\system32\Cachex.dll <Not Verified; Pinnacle Systems GmbH; Cache DLL> 2008-05-02 11:14:37 114759 -----n--- C:\WINDOWS\system32\Aviprax.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO AFP> 2008-05-02 11:10:36 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE> 2008-05-02 11:04:06 11264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys <Not Verified; Pinnacle Systems GmbH; asapi> 2008-05-02 11:04:05 406016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe 2008-05-02 11:04:04 19456 --a------ C:\WINDOWS\system32\asapi.dll <Not Verified; VoB Computersysteme GmbH; > 2008-05-02 11:03:04 61440 --a------ C:\WINDOWS\system32\pclepim1.dll <Not Verified; Pinnacle Systems; Microsoft Windows> 2008-05-02 11:03:01 49152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll <Not Verified; Pinnacle Systems; Guid_dll> 2008-05-02 11:00:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle 2008-05-02 11:00:22 0 d-------- C:\Program Files\Pinnacle 2008-05-02 11:00:12 14165 -----n--- C:\WINDOWS\system32\drivers\Pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI> 2008-04-20 14:57:29 0 d-------- C:\Program Files\Audacity 2008-04-20 14:43:17 0 d-------- C:\Documents and Settings\Fane\Application Data\Ahead 2008-04-14 18:56:00 598 --a------ C:\WINDOWS\system\mssdrvr.sys 2008-04-14 18:56:00 598 --a------ C:\WINDOWS\mswdrvr.sys 2008-04-14 18:56:00 598 --a------ C:\msrdrvr.sys 2008-04-14 18:53:58 24990 --a------ C:\WINDOWS\system32\VFP6RUN.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual FoxPro®> 2008-04-14 18:53:58 875520 --a------ C:\WINDOWS\system32\VFP6RENU.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual FoxPro®> 2008-04-14 18:53:57 3370768 --a------ C:\WINDOWS\system32\VFP6R.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual FoxPro®> 2008-04-14 18:53:47 0 d-------- C:\TRAD 2008-04-09 18:49:26 0 d-------- C:\WINDOWS\vbSkinner 2008-04-07 20:54:02 0 d-------- C:\Interfata Office 2003 Romanian Pack 2008-04-06 13:54:55 0 dr-h----- C:\MSOCache -- Find3M Report --------------------------------------------------------------- 2008-05-05 18:18:38 81984 --a------ C:\WINDOWS\system32\bdod.bin 2008-05-04 14:04:31 0 d-------- C:\Program Files\Common Files 2008-05-02 15:21:54 0 d-------- C:\Documents and Settings\Fane\Application Data\Adobe 2008-05-02 14:12:12 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-02 00:09:02 0 d-------- C:\Program Files\Easy CD-DA Extractor 9 2008-04-25 17:59:31 0 d-------- C:\Program Files\Counter Strike 1.6 2008-04-15 20:53:52 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-04-15 20:53:48 56 -r-hs---- C:\WINDOWS\system32\77741D5FE2.sys 2008-04-13 19:27:21 0 d-------- C:\Documents and Settings\Fane\Application Data\M3 2008-04-03 22:36:57 0 d-------- C:\Program Files\PowerQuest 2008-03-28 19:33:58 0 d-------- C:\Program Files\Common Files\Adobe 2008-03-28 19:31:07 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-03-28 19:15:56 0 dr------- C:\Program Files\TypingMaster 2008-03-28 19:14:06 0 d-------- C:\Program Files\WinHex 2008-03-28 19:11:34 0 d-------- C:\Program Files\Frets on Fire 2008-03-28 19:11:06 0 d-------- C:\Program Files\FontLab 2008-03-24 19:34:44 0 d-------- C:\Documents and Settings\Fane\Application Data\Corel Photo Album 2008-03-24 19:31:24 0 d-------- C:\Program Files\Corel 2008-03-24 19:31:24 0 d-------- C:\Program Files\Common Files\Corel 2008-03-24 19:17:02 0 d-------- C:\Program Files\Common Files\InstallShield 2008-03-22 16:36:14 103 --a------ C:\New Text document.vbs 2008-03-20 20:49:37 0 d-------- C:\Program Files\ReGetDx -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29BA3570-FF39-40DE-9048-46A8326B0F7F}] 05/03/2008 09:07 AM 280576 --a------ C:\WINDOWS\system32\nnnoLFya.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [10/29/2005 12:05 AM] "SoundMan"="SOUNDMAN.EXE" [09/11/2002 05:57 AM C:\WINDOWS\soundman.exe] "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [08/04/2006 07:22 PM] "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [06/20/2006 05:35 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM] "BtTray"="C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [12/17/2007 07:37 PM] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [01/13/2006 04:42 AM] "BMbf311c12"="C:\WINDOWS\system32\sfueuioi.dll" [05/05/2008 05:37 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 06:43 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" "tscuninstall"=%systemroot%\system32\tscupgrd.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "msnsc"=C:\WINDOWS\system32\msnsc.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "Professional Boot"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoRemoteRecursiveEvents"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInternetIcon"=0 (0x0) "ClearRecentDocsOnExit"=1 (0x1) "NoLowDiskSpaceChecks"=1 (0x1) "NoSaveSettings"=0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoInternetIcon"=0 (0x0) "ClearRecentDocsOnExit"=1 (0x1) "NoLowDiskSpaceChecks"=1 (0x1) "NoSaveSettings"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Shell"="explorer.exe C:\WINDOWS\system32/regsvr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUmmnmL] wvUmmnmL.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=sockspy.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnoLFya [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fane^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\Fane\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ ] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bc022f8e] rundll32.exe "C:\WINDOWS\system32\pysgovfp.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMbf311c12] Rundll32.exe "C:\WINDOWS\system32\sfueuioi.dll",s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LUVS Agent] C:\WINDOWS\system32\28463\LUVS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "BMbf311c12"=Rundll32.exe "C:\WINDOWS\system32\sfueuioi.dll",s [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp -- End of Deckard's System Scanner: finished at 2008-05-05 18:44:21 ------------ extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) XP 2000+
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 511.48 MiB / 168.24 MiB
Pagefile Memory (total/avail): 1003.95 MiB / 639.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1903.88 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 76.33 GiB total, 32.53 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
G: is CDROM (CDFS)
\\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 76.33 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.33 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
FW: BitDefender Antivirus Plus v10 v7.2 (Softwin)
AV: BitDefender Antivirus Plus v10 v7.2 (Softwin)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\ApexDC++\\ApexDC.exe"="C:\\Program Files\\ApexDC++\\ApexDC.exe:*:Enabled:ApexDC++"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Counter Strike 1.6\\hl.exe"="C:\\Program Files\\Counter Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\\Program Files\\ReGetDx\\regetdx.exe"="C:\\Program Files\\ReGetDx\\regetdx.exe:*:Enabled:ReGet 4.0"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Fane\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BAC127710C15421
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA18
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Fane
LOGONSERVER=\\BAC127710C15421
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\REALTEK Semiconductor Corp.\RTLSetup;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\VoiceAge\Common;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0800
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Fane\LOCALS~1\Temp
TMP=C:\DOCUME~1\Fane\LOCALS~1\Temp
USERDOMAIN=BAC127710C15421
USERNAME=Fane
USERPROFILE=C:\Documents and Settings\Fane
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Fane [I](admin)[/I]
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
ApexDC++ 0.4.0 --> C:\Program Files\ApexDC++\uninst.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.4 --> "C:\Program Files\Audacity\unins000.exe"
Avance AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
BitComet 0.98 --> C:\Program Files\BitComet\uninst.exe
BitDefender Antivirus Plus v10 --> MsiExec.exe /I{F9FFD19E-B9BA-4C0C-B088-A385F9E9A15B}
Bluesoleil 5.0.5.178 --> MsiExec.exe /X{1E726A53-78E9-47DE-B3D9-4165CBC9ABBF}
Cheating-Death 4.23.4 --> C:\Program Files\Cheating-Death\UninstCD.exe
ConvertPatch --> "C:\Program Files\ConvertPatch\unins000.exe"
ConvertXtoDVD 2.2.3.258 --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Counter Strike 1.6 --> "C:\Program Files\Counter Strike 1.6\SETUP\setup.exe" /u
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy CD-DA Extractor 9.0 --> "C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 9\irunin.xml"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GTK+ Runtime 2.12.1 rev b (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
HFX PRO for Studio --> C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\HFX PRO for Studio\uninstal.log
J2SE Development Kit 5.0 Update 14 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150140}
J2SE Runtime Environment 5.0 Update 14 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150140}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
M3 Movies Music Mobile --> "C:\Program Files\M3\Uninstall.exe"
Microsoft Office 2003 German User Interface Pack --> MsiExec.exe /I{901E0407-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2003 Romanian User Interface Pack --> MsiExec.exe /I{901E0418-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mp3Tag 5.9 --> "C:\Program Files\mp3Tag 5\unins000.exe"
MV2Player (remove only) --> C:\Program Files\Mv2Player\uninst.exe
MyPhoneExplorer --> C:\Program Files\MyPhoneExplorer\uninstall.exe
Nero 8 --> MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}
Pan-European Language Support --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\paneur.inf, Uninstall.NT
Pinnacle Hollywood FX 5 --> C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX 5\uninstal.log
PowerDVD --> "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
QuickTime Alternative 1.67 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
ReGet Deluxe 4.0 --> C:\Program Files\ReGetDx\regetdx.exe -uninstall
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sony Ericsson Device Data --> MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers --> MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite --> C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
Sony Ericsson PC Suite --> MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E}
Sony Ericsson Themes Creator 3.19 --> C:\Program Files\Sony Ericsson\Themes Creator\Uninstall.exe
Studio 9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9 UNINSTALL
Studio 9.4 Patch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E217EA-C3E0-402D-8D4F-6189DB74497A}\setup.exe" -l0x9 UNINSTALL
Subtitle Workshop 2.51 --> "C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
Translator Englez-Român --> C:\TRAD\setup\setup.exe
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type3000 / Error
Event Submitted/Written: 05/04/2008 02:07:51 PM
Event ID/Source: 11500 / MsiInstaller
Event Description:
Product: TuneUp Utilities 2007 -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.
Event Record #/Type2999 / Error
Event Submitted/Written: 05/04/2008 02:07:50 PM
Event ID/Source: 11500 / MsiInstaller
Event Description:
Product: TuneUp Utilities 2007 -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.
Event Record #/Type2998 / Error
Event Submitted/Written: 05/04/2008 02:07:49 PM
Event ID/Source: 11500 / MsiInstaller
Event Description:
Product: TuneUp Utilities 2007 -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.
Event Record #/Type2977 / Error
Event Submitted/Written: 05/03/2008 06:23:26 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application yahoom~1.exe, version 8.1.0.421, faulting module unknown, version 0.0.0.0, fault address 0x04690000.
Processing media-specific event for [yahoom~1.exe!ws!]
Event Record #/Type2940 / Error
Event Submitted/Written: 05/02/2008 10:17:41 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application studio.exe, version 9.4.3.70, faulting module pclecapturedv.dll, version 2.0.0.46, fault address 0x0001a817.
Processing media-specific event for [studio.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type8953 / Error
Event Submitted/Written: 05/05/2008 06:43:32 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.
Event Record #/Type8952 / Error
Event Submitted/Written: 05/05/2008 06:28:10 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
Event Record #/Type8931 / Error
Event Submitted/Written: 05/05/2008 06:20:29 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Microsoft security update service service to connect.
Event Record #/Type8930 / Error
Event Submitted/Written: 05/05/2008 06:20:29 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The DHCP Server service failed to start due to the following error:
%%2
Event Record #/Type8925 / Error
Event Submitted/Written: 05/05/2008 06:01:53 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
-- End of Deckard's System Scanner: finished at 2008-05-05 18:44:21 ------------
am voie sa postez si eu daca ma confrunt cu aceeasi problema? multumesc Attached Files
|
#8
Posted 05 May 2008 - 18:34
|
danimihalca, fa o scanare full cu Super Antispyware. Ai niste infectii de tip Vundo.
Posteaza apoi un nou log HiJackThis si in plus un screenshot cu detectiile Super AntiSpyware. |
#9
Posted 05 May 2008 - 20:47
|
SUPERAntiSpyware log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/05/2008 at 09:43 PM
Application Version : 3.9.1008
Core Rules Database Version : 3452
Trace Rules Database Version: 1444
Scan type : Complete Scan
Total Scan Time : 01:37:02
Memory items scanned : 469
Memory threats detected : 1
Registry items scanned : 6766
Registry threats detected : 27
File items scanned : 36356
File threats detected : 54
Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\NNNOLFYA.DLL
C:\WINDOWS\SYSTEM32\NNNOLFYA.DLL
Adware.Vundo-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29BA3570-FF39-40DE-9048-46A8326B0F7F}
HKCR\CLSID\{29BA3570-FF39-40DE-9048-46A8326B0F7F}
HKCR\CLSID\{29BA3570-FF39-40DE-9048-46A8326B0F7F}\InprocServer32
HKCR\CLSID\{29BA3570-FF39-40DE-9048-46A8326B0F7F}\InprocServer32#ThreadingModel
Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9}
Adware.Tracking Cookie
C:\Documents and Settings\Fane\Cookies\fane@a[1].txt
C:\Documents and Settings\Fane\Cookies\[email protected][11].txt
C:\Documents and Settings\Fane\Cookies\fane@tribalfusion[1].txt
C:\Documents and Settings\Fane\Cookies\[email protected][1].txt
C:\Documents and Settings\Fane\Cookies\[email protected][1].txt
C:\Documents and Settings\Fane\Cookies\fane@atdmt[1].txt
C:\Documents and Settings\Fane\Cookies\fane@mediaplex[1].txt
C:\Documents and Settings\Fane\Cookies\fane@adinterax[2].txt
C:\Documents and Settings\Fane\Cookies\fane@questionmarket[2].txt
C:\Documents and Settings\Fane\Cookies\fane@888[1].txt
C:\Documents and Settings\Fane\Cookies\fane@adnetserver[1].txt
C:\Documents and Settings\Fane\Cookies\fane@doubleclick[1].txt
C:\Documents and Settings\Fane\Cookies\fane@specificclick[2].txt
C:\Documents and Settings\Fane\Cookies\fane@xiti[1].txt
C:\Documents and Settings\Fane\Cookies\fane@cassava[1].txt
C:\Documents and Settings\Fane\Cookies\fane@antispywaremaster[1].txt
C:\Documents and Settings\Fane\Cookies\[email protected][1].txt
C:\Documents and Settings\Fane\Cookies\[email protected][2].txt
C:\Documents and Settings\Fane\Cookies\[email protected][3].txt
C:\Documents and Settings\Fane\Cookies\[email protected][4].txt
C:\Documents and Settings\Fane\Cookies\[email protected][5].txt
C:\Documents and Settings\Fane\Cookies\[email protected][6].txt
C:\Documents and Settings\Fane\Cookies\[email protected][7].txt
C:\Documents and Settings\Fane\Cookies\[email protected][8].txt
C:\Documents and Settings\Fane\Cookies\[email protected][9].txt
Trojan.Unknown Origin
HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate
HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Services\msupdate
HKLM\SYSTEM\CurrentControlSet\Services\msupdate#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\msupdate#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\msupdate#Description
HKLM\SYSTEM\CurrentControlSet\Services\msupdate#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\msupdate#Start
HKLM\SYSTEM\CurrentControlSet\Services\msupdate#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\msupdate#Type
HKLM\SYSTEM\CurrentControlSet\Services\msupdate\Enum
HKLM\SYSTEM\CurrentControlSet\Services\msupdate\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\msupdate\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\msupdate\Enum#NextInstance
Trojan.Unclassified-Packed/Suspicious
C:\PROGRAM FILES\MP3TAG 5\TAG_MENU.DLL
Trojan.Vundo-Variant/F
C:\WINDOWS\SYSTEM32\OCLHXSVX.DLL
C:\WINDOWS\SYSTEM32\PYSGOVFP.DLL
Trace.Known Threat Sources
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\8UDKQ8KH\index[1].htm
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\8UDKQ8KH\managers[1].htm
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\buttonbg[1].gif
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\crypt[1].htm
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\DHU6RF55\pbmarker[2].gif
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\CAPG6D1N.htm
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\8UDKQ8KH\alert[1].gif
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\lupa[1].gif
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\Activex[1].gif
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\spyware[1].gif
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\closebutton[1].gif
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\DHU6RF55\pbbg[1].gif
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\8UDKQ8KH\styles[2].css
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\8UDKQ8KH\common[2].js
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\DHU6RF55\kluch[1].gif
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\ajax[1].htm
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\ax[1].gif
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\ballon[1].gif
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\closebutton[2].gif
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\logo2[1].gif
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\5_swp[1].htm
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\8UDKQ8KH\window[1].js
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\8UDKQ8KH\stats[1].jpg
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\DHU6RF55\progressbar[2].js
C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\8UDKQ8KH\CAUFANIL.htm
Attached Files
|
#10
Posted 05 May 2008 - 21:49
|
Perfect. Acum mai ai problemele ? A sters infectiile banuiesc, nu ?
|
|
#11
Posted 05 May 2008 - 21:52
|
multumesc mult. nu mai am. da, le-a sters. inainte, chiar dupa ce le-a sters si am restartat, se conecta tot greu pe siteuri. am dat un clear private data la mozilla si acuma merge mai bine. mersi inca o data.
|
#13
Posted 09 May 2008 - 20:03
#14
Posted 10 May 2008 - 19:56
|
@narcisx
la cineva i-o mai dat aceasta eroare, parca ii lipsea un .dll (iti spune el parca care) . eu am incercat sa caut acel .dll si l-am pus in system32 (sau windows, nu mai stiut) si a mers 
Edited by MembruAnonim, 10 May 2008 - 20:01. |
#16
Posted 10 May 2008 - 20:55
|
pro_windows, on May 10 2008, 20:00, said: Ce eroare(codul)? pai asta este eroarea roblem signature: Problem Event Name: APPCRASH Application Name: Explorer.EXE Application Version: 6.0.6001.18000 Application Timestamp: 47918e5d Fault Module Name: StackHash_6943 Fault Module Version: 6.0.6001.18000 Fault Module Timestamp: 4791a7a6 Exception Code: c0000374 Exception Offset: 000b015d OS Version: 6.0.6001.2.1.0.256.1 Locale ID: 1033 Additional Information 1: 6943 Additional Information 2: 4d87ca74c27cf7cfe7880d9dc451f547 Additional Information 3: df71 Additional Information 4: 4a145658a29bc038c1f0fa146ec2f4b8 Read our privacy statement: http://go.microsoft....mp;clcid=0x0409 |
#17
Posted 12 May 2008 - 08:27
|
Am formtat problema sa rezolvat dar a aparut o noua problema, acum wmp nu mai functionaeza, cand vreau sa vad un film se vede verde pe alocuri roz (decat se aude), am instalat vista codeck pack nu a mers am incrcat k lite tot nu vrea, nu stiu ce sa mai fac, eu vedeam filmle in wmp era perfect, ianite, am incercat si un film facut in movie maker si degeaba tot asa.
Edited by narcisx, 12 May 2008 - 08:29. |
#18
Posted 13 May 2008 - 13:29
|
Mozila Firefox trebuie folosit impreuna cu No Script si *****.
Si eu am avut aceeasi problema dupa 3 ani fara AV si am rezolvat-o cu PC Tools Spyware Doctor. La mine imi tot recomanda sa instalez un AV al lor, chipurile eu fiind infectat (era un flash la plesneala). Era Rogue SpyWareMASTER. Cu SUPERAntiSpyware nu mi-a mers. |
Anunturi
Bun venit pe Forumul Softpedia!
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
-
- Change Theme
- English
- Mark Community Read
- Termene & conditii
- Confidentialitate
- Consimtamant
- Cookies
- Help
© 2001-2024 Softpedia. All rights reserved. Softpedia® and the Softpedia logo are registered trademarks of SoftNews Net SRL.
Ora implicita a Forumului Softpedia este ora standard a Romaniei (GMT+2). Mai multe informatii →
⚠ Postarile afisate pe Forumul Softpedia reprezinta o opinie subiectiva a membrilor care le-au publicat si nu a SoftNews Net SRL.