Popup-uri care apar
Last Updated: Jul 03 2008 17:34, Started by
narcisx
, May 04 2008 21:31
·
0
#1
Posted 04 May 2008 - 21:31
buna ma deschis acest topic deoarece am o mre problema cu niste popup-uri, aproape d fiecare data cand deschid ie imi apar (aproape) hompage am google deci nu mi se pare normal. primul popup ducea catre un site 8888 (paraca) nu mai stiu cum, iar dupa aceea spre diferite site-uri. Problema a inceput (cred) dupa ce am instalat windows live messenger + un plugin care se numeste Plus. Am scanat onlie cu bit defender dar nu a gasit nimic poate fi de live mess sau de la acel plugin plus ???
P.S. stiu ca mai sunt topicuri de acest gen dar sunt cam vechi si oricum nu am gasit rapunsul in ele Later edit: eczact acum can am terminat topicu acesta si voiam sa inchid ie am primit un poppu care ma intreba daca vreau sa-mi iau un screensaver "KOI" ) Edited by narcisx, 04 May 2008 - 21:33. |
#2
Posted 04 May 2008 - 21:40
Posteaza aici un log HiJackThis.
Daca nu primesti raspuns avizat in timp util scaneaza PC-ul cu Super AntiSpyware. |
#3
Posted 04 May 2008 - 22:48
pykko, on May 4 2008, 22:40, said: Posteaza aici un log HiJackThis. Daca nu primesti raspuns avizat in timp util scaneaza PC-ul cu Super AntiSpyware. Scan saved at 11:46:35 PM, on 5/4/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [BigDog305] C:\Windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\RunOnce: [ypagerps] cmd.exe /C del "C:\Program Files\Yahoo!\Messenger\ypagerps.dll" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O13 - Gopher Prefix: O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AB257756-50D1-4D16-B33D-346A31931320}: NameServer = 81.18.85.7 62.231.76.49 O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 3048 bytes |
#4
Posted 05 May 2008 - 13:51
log-ul tau este curat.
Totusi hai sa facem niste investigatii mai amanuntite. Descarca Deckard's System Scanner (DSS) pe Desktop. Ruleaza apoi dss.exe si urmeaza instructiunile. La sfarsit vor fi generate doua fisiere main.txt si extra.txt Posteaza continutul ambelor aici. Insa poti face inainte si o scanare cu Super AntiSpyware si apoi posteaza log-ul. |
#5
Posted 05 May 2008 - 17:40
si eu am aceeasi problema. prostia mea era ca nu am updatat antivirusul de cateva luni si mi s-au bagat ceva virusi. la inceput imi tot apareau popupuri cu nu stiu ce "scanare" gratuita. paginile web au inceput sa nu mai mearga, doar cateva, google dupa ce dadeam search nu mai mergea. bitdefender mi-a gasit trojan.vundo.efk , dar nu l-a putut scoate. cu greu am reusit sa caut pe alt motor de cautare despre acest virus si am gasit ceva program care il curata. a reusit sa-l scoata dupa vreo 2 restartari. acuma vad ca iar imi merg greu paginile si mi se deschide si mie cu 888 , poker, si alte "scanari".
si eu am aceeasi problema. prostia mea era ca nu am updatat antivirusul de cateva luni si mi s-au bagat ceva virusi. la inceput imi tot apareau popupuri cu nu stiu ce "scanare" gratuita. paginile web au inceput sa nu mai mearga, doar cateva, google dupa ce dadeam search nu mai mergea. bitdefender mi-a gasit trojan.vundo.efk , dar nu l-a putut scoate. cu greu am reusit sa caut pe alt motor de cautare despre acest virus si am gasit ceva program care il curata. a reusit sa-l scoata dupa vreo 2 restartari. acuma vad ca iar imi merg greu paginile si mi se deschide si mie cu 888 , poker, si alte "scanari". |
#7
Posted 05 May 2008 - 17:52
si cu mozilla face. uitate la imaginea uploadata. unde mi-e postul, mi-a schimbat si avatarul. am pus mouseul pe imagine si vezi pe ce link vrea sa ma trimita...
main.txt Deckard's System Scanner v20071014.68 Run by Fane on 2008-05-05 18:40:35 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 2 Restore Point(s) -- 2: 2008-05-05 15:40:54 UTC - RP2 - Deckard's System Scanner Restore Point 1: 2008-05-04 15:01:24 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HiJackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-05-05 18:43:03 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\soundman.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\svrhost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Documents and Settings\Fane\Desktop\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm F0 - system.ini: Shell=explorer.exe C:\WINDOWS\system32/regsvr.exe F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32/regsvr.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {29BA3570-FF39-40DE-9048-46A8326B0F7F} - C:\WINDOWS\system32\nnnoLFya.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - (no file) O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [BMbf311c12] Rundll32.exe "C:\WINDOWS\system32\sfueuioi.dll",s O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - AppInit_DLLs: sockspy.dll O20 - Winlogon Notify: wvUmmnmL - C:\WINDOWS\system32\wvUmmnmL.dll (file missing) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: DHCP Server (DHCPServer) - Unknown owner - C:\MY DOWNLOADS\dhcpsrv1.5(2)\dhcpsrv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Microsoft security update service (msupdate) - Unknown owner - C:\WINDOWS\system32\mssrv32.exe O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\svrhost.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 8561 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product> R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi> R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation.; Bluelet Audio Driver> S3 btaudio (Bluetooth Audio Device) - c:\windows\system32\drivers\btaudio.sys (file missing) S3 BTDriver (Bluetooth Virtual Communications Driver) - c:\windows\system32\drivers\btport.sys (file missing) S3 ggsemc (Sony Ericsson USB Flash Driver) - c:\windows\system32\drivers\ggsemc.sys <Not Verified; Sony Ericsson Mobile Communications; Gordon's Gate> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 BlueSoleilCS - c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe <Not Verified;; BlueSoleilCS Module> R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe R2 r_server (Remote Administrator Service) - "c:\windows\system32\svrhost.exe" /service R3 BsHelpCS - c:\program files\ivt corporation\bluesoleil\bshelpcs.exe <Not Verified;; BsHelpCS Module> S2 DHCPServer (DHCP Server) - c:\my downloads\dhcpsrv1.5(2)\dhcpsrv.exe (file missing) S2 msupdate (Microsoft security update service) - c:\windows\system32\mssrv32.exe -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Network Controller Device ID: PCI\VEN_13D0&DEV_2103&SUBSYS_210313D0&REV_01\3&61AAA01&0&58 Manufacturer: Name: Network Controller PNP Device ID: PCI\VEN_13D0&DEV_2103&SUBSYS_210313D0&REV_01\3&61AAA01&0&58 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Multimedia Video Controller Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_6607107D&REV_11\3&61AAA01&0&60 Manufacturer: Name: Multimedia Video Controller PNP Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_6607107D&REV_11\3&61AAA01&0&60 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Multimedia Controller Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_6607107D&REV_11\3&61AAA01&0&61 Manufacturer: Name: Multimedia Controller PNP Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_6607107D&REV_11\3&61AAA01&0&61 Service: -- Scheduled Tasks ------------------------------------------------------------- 2008-05-04 14:08:17 388 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job -- Files created between 2008-04-05 and 2008-05-05 ----------------------------- 2008-05-05 18:16:12 0 dr-h----- C:\Documents and Settings\Fane\Recent 2008-05-05 17:39:24 96832 --a------ C:\WINDOWS\system32\pysgovfp.dll 2008-05-05 17:37:33 104000 --a------ C:\WINDOWS\system32\sfueuioi.dll 2008-05-04 19:52:19 0 d-------- C:\New Folder 2008-05-04 18:12:53 0 d-------- C:\VundoFix Backups 2008-05-04 14:06:55 0 d-------- C:\Documents and Settings\Fane\Application Data\TuneUp Software 2008-05-04 14:06:54 0 d-------- C:\Program Files\TuneUp Utilities 2007 2008-05-04 14:04:39 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-05-04 14:04:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-04 12:20:42 95296 --a------ C:\WINDOWS\system32\oclhxsvx.dll 2008-05-03 09:07:15 185653 --ahs---- C:\WINDOWS\system32\ayFLonnn.ini2 2008-05-03 09:07:07 280576 --a------ C:\WINDOWS\system32\nnnoLFya.dll 2008-05-02 18:11:34 335872 --a------ C:\WINDOWS\system32\m4atag.dll 2008-05-02 18:11:30 0 d-------- C:\Program Files\mp3Tag 5 2008-05-02 15:33:07 0 d-------- C:\Documents and Settings\Fane\Application Data\Opera 2008-05-02 14:12:01 0 d-------- C:\WINDOWS\system32\Quicktime 2008-05-02 14:11:54 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc 2008-05-02 14:11:53 0 d-------- C:\Program Files\SmartSound Software 2008-05-02 11:14:38 155721 -----n--- C:\WINDOWS\system32\RALMain.dll <Not Verified; Pinnacle Systems GmbH; Register Abstraction Layer> 2008-05-02 11:14:38 294912 -----n--- C:\WINDOWS\system32\pvmjpg21.dll <Not Verified; Pegasus Imaging Corporation; PICVideo> 2008-05-02 11:14:38 204881 -----n--- C:\WINDOWS\system32\DiskIO.dll <Not Verified; Pinnacle Systems GmbH; Media File Sequencer> 2008-05-02 11:14:37 81920 -----n--- C:\WINDOWS\system32\vdrmux.dll <Not Verified; Pinnacle Systems; Pinnacle Systems vdrmux> 2008-05-02 11:14:37 46592 -----n--- C:\WINDOWS\system32\vdrcodec.dll <Not Verified; Pinnacle Systems; Studio 600> 2008-05-02 11:14:37 44544 -----n--- C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1> 2008-05-02 11:14:37 73728 -----n--- C:\WINDOWS\system32\MMAviAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO MFP> 2008-05-02 11:14:37 32768 -----n--- C:\WINDOWS\system32\MLPagAx.dll <Not Verified; Pinnacle Systems GmbH; MLPag DLL> 2008-05-02 11:14:37 40960 -----n--- C:\WINDOWS\system32\langserv.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO LangServ> 2008-05-02 11:14:37 18432 --a------ C:\WINDOWS\system32\Cachex.dll <Not Verified; Pinnacle Systems GmbH; Cache DLL> 2008-05-02 11:14:37 114759 -----n--- C:\WINDOWS\system32\Aviprax.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO AFP> 2008-05-02 11:10:36 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE> 2008-05-02 11:04:06 11264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys <Not Verified; Pinnacle Systems GmbH; asapi> 2008-05-02 11:04:05 406016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe 2008-05-02 11:04:04 19456 --a------ C:\WINDOWS\system32\asapi.dll <Not Verified; VoB Computersysteme GmbH; > 2008-05-02 11:03:04 61440 --a------ C:\WINDOWS\system32\pclepim1.dll <Not Verified; Pinnacle Systems; Microsoft Windows> 2008-05-02 11:03:01 49152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll <Not Verified; Pinnacle Systems; Guid_dll> 2008-05-02 11:00:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle 2008-05-02 11:00:22 0 d-------- C:\Program Files\Pinnacle 2008-05-02 11:00:12 14165 -----n--- C:\WINDOWS\system32\drivers\Pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI> 2008-04-20 14:57:29 0 d-------- C:\Program Files\Audacity 2008-04-20 14:43:17 0 d-------- C:\Documents and Settings\Fane\Application Data\Ahead 2008-04-14 18:56:00 598 --a------ C:\WINDOWS\system\mssdrvr.sys 2008-04-14 18:56:00 598 --a------ C:\WINDOWS\mswdrvr.sys 2008-04-14 18:56:00 598 --a------ C:\msrdrvr.sys 2008-04-14 18:53:58 24990 --a------ C:\WINDOWS\system32\VFP6RUN.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual FoxPro®> 2008-04-14 18:53:58 875520 --a------ C:\WINDOWS\system32\VFP6RENU.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual FoxPro®> 2008-04-14 18:53:57 3370768 --a------ C:\WINDOWS\system32\VFP6R.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual FoxPro®> 2008-04-14 18:53:47 0 d-------- C:\TRAD 2008-04-09 18:49:26 0 d-------- C:\WINDOWS\vbSkinner 2008-04-07 20:54:02 0 d-------- C:\Interfata Office 2003 Romanian Pack 2008-04-06 13:54:55 0 dr-h----- C:\MSOCache -- Find3M Report --------------------------------------------------------------- 2008-05-05 18:18:38 81984 --a------ C:\WINDOWS\system32\bdod.bin 2008-05-04 14:04:31 0 d-------- C:\Program Files\Common Files 2008-05-02 15:21:54 0 d-------- C:\Documents and Settings\Fane\Application Data\Adobe 2008-05-02 14:12:12 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-02 00:09:02 0 d-------- C:\Program Files\Easy CD-DA Extractor 9 2008-04-25 17:59:31 0 d-------- C:\Program Files\Counter Strike 1.6 2008-04-15 20:53:52 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-04-15 20:53:48 56 -r-hs---- C:\WINDOWS\system32\77741D5FE2.sys 2008-04-13 19:27:21 0 d-------- C:\Documents and Settings\Fane\Application Data\M3 2008-04-03 22:36:57 0 d-------- C:\Program Files\PowerQuest 2008-03-28 19:33:58 0 d-------- C:\Program Files\Common Files\Adobe 2008-03-28 19:31:07 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-03-28 19:15:56 0 dr------- C:\Program Files\TypingMaster 2008-03-28 19:14:06 0 d-------- C:\Program Files\WinHex 2008-03-28 19:11:34 0 d-------- C:\Program Files\Frets on Fire 2008-03-28 19:11:06 0 d-------- C:\Program Files\FontLab 2008-03-24 19:34:44 0 d-------- C:\Documents and Settings\Fane\Application Data\Corel Photo Album 2008-03-24 19:31:24 0 d-------- C:\Program Files\Corel 2008-03-24 19:31:24 0 d-------- C:\Program Files\Common Files\Corel 2008-03-24 19:17:02 0 d-------- C:\Program Files\Common Files\InstallShield 2008-03-22 16:36:14 103 --a------ C:\New Text document.vbs 2008-03-20 20:49:37 0 d-------- C:\Program Files\ReGetDx -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29BA3570-FF39-40DE-9048-46A8326B0F7F}] 05/03/2008 09:07 AM 280576 --a------ C:\WINDOWS\system32\nnnoLFya.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [10/29/2005 12:05 AM] "SoundMan"="SOUNDMAN.EXE" [09/11/2002 05:57 AM C:\WINDOWS\soundman.exe] "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [08/04/2006 07:22 PM] "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [06/20/2006 05:35 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM] "BtTray"="C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [12/17/2007 07:37 PM] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [01/13/2006 04:42 AM] "BMbf311c12"="C:\WINDOWS\system32\sfueuioi.dll" [05/05/2008 05:37 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 06:43 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" "tscuninstall"=%systemroot%\system32\tscupgrd.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "msnsc"=C:\WINDOWS\system32\msnsc.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "Professional Boot"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoRemoteRecursiveEvents"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInternetIcon"=0 (0x0) "ClearRecentDocsOnExit"=1 (0x1) "NoLowDiskSpaceChecks"=1 (0x1) "NoSaveSettings"=0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoInternetIcon"=0 (0x0) "ClearRecentDocsOnExit"=1 (0x1) "NoLowDiskSpaceChecks"=1 (0x1) "NoSaveSettings"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Shell"="explorer.exe C:\WINDOWS\system32/regsvr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUmmnmL] wvUmmnmL.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=sockspy.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnoLFya [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fane^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\Fane\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ ] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bc022f8e] rundll32.exe "C:\WINDOWS\system32\pysgovfp.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMbf311c12] Rundll32.exe "C:\WINDOWS\system32\sfueuioi.dll",s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LUVS Agent] C:\WINDOWS\system32\28463\LUVS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "BMbf311c12"=Rundll32.exe "C:\WINDOWS\system32\sfueuioi.dll",s [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp -- End of Deckard's System Scanner: finished at 2008-05-05 18:44:21 ------------ extra.txt Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon(tm) XP 2000+ Percentage of Memory in Use: 67% Physical Memory (total/avail): 511.48 MiB / 168.24 MiB Pagefile Memory (total/avail): 1003.95 MiB / 639.96 MiB Virtual Memory (total/avail): 2047.88 MiB / 1903.88 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 76.33 GiB total, 32.53 GiB free. D: is CDROM (No Media) E: is CDROM (No Media) G: is CDROM (CDFS) \\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 76.33 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 76.33 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is enabled. FirstRunDisabled is set. FW: BitDefender Antivirus Plus v10 v7.2 (Softwin) AV: BitDefender Antivirus Plus v10 v7.2 (Softwin) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" "C:\\Program Files\\ApexDC++\\ApexDC.exe"="C:\\Program Files\\ApexDC++\\ApexDC.exe:*:Enabled:ApexDC++" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Program Files\\Counter Strike 1.6\\hl.exe"="C:\\Program Files\\Counter Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD" "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil" "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS" "C:\\Program Files\\ReGetDx\\regetdx.exe"="C:\\Program Files\\ReGetDx\\regetdx.exe:*:Enabled:ReGet 4.0" "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Fane\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=BAC127710C15421 ComSpec=C:\WINDOWS\system32\cmd.exe DEFAULT_CA_NR=CA18 FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Fane LOGONSERVER=\\BAC127710C15421 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Program Files\REALTEK Semiconductor Corp.\RTLSetup;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\VoiceAge\Common;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Nero\Lib\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 0, AuthenticAMD PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0800 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Fane\LOCALS~1\Temp TMP=C:\DOCUME~1\Fane\LOCALS~1\Temp USERDOMAIN=BAC127710C15421 USERNAME=Fane USERPROFILE=C:\Documents and Settings\Fane windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Fane [I](admin)[/I] -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002} Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} ApexDC++ 0.4.0 --> C:\Program Files\ApexDC++\uninst.exe ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Audacity 1.2.4 --> "C:\Program Files\Audacity\unins000.exe" Avance AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE BitComet 0.98 --> C:\Program Files\BitComet\uninst.exe BitDefender Antivirus Plus v10 --> MsiExec.exe /I{F9FFD19E-B9BA-4C0C-B088-A385F9E9A15B} Bluesoleil 5.0.5.178 --> MsiExec.exe /X{1E726A53-78E9-47DE-B3D9-4165CBC9ABBF} Cheating-Death 4.23.4 --> C:\Program Files\Cheating-Death\UninstCD.exe ConvertPatch --> "C:\Program Files\ConvertPatch\unins000.exe" ConvertXtoDVD 2.2.3.258 --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe" Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354} Counter Strike 1.6 --> "C:\Program Files\Counter Strike 1.6\SETUP\setup.exe" /u DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Easy CD-DA Extractor 9.0 --> "C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 9\irunin.xml" Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} GTK+ Runtime 2.12.1 rev b (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5\unins000.exe" HFX PRO for Studio --> C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\HFX PRO for Studio\uninstal.log J2SE Development Kit 5.0 Update 14 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150140} J2SE Runtime Environment 5.0 Update 14 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150140} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} M3 Movies Music Mobile --> "C:\Program Files\M3\Uninstall.exe" Microsoft Office 2003 German User Interface Pack --> MsiExec.exe /I{901E0407-6000-11D3-8CFE-0150048383C9} Microsoft Office 2003 Romanian User Interface Pack --> MsiExec.exe /I{901E0418-6000-11D3-8CFE-0150048383C9} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe mp3Tag 5.9 --> "C:\Program Files\mp3Tag 5\unins000.exe" MV2Player (remove only) --> C:\Program Files\Mv2Player\uninst.exe MyPhoneExplorer --> C:\Program Files\MyPhoneExplorer\uninstall.exe Nero 8 --> MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033} Pan-European Language Support --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\paneur.inf, Uninstall.NT Pinnacle Hollywood FX 5 --> C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX 5\uninstal.log PowerDVD --> "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} QuickTime Alternative 1.67 --> "C:\Program Files\QuickTime Alternative\unins000.exe" ReGet Deluxe 4.0 --> C:\Program Files\ReGetDx\regetdx.exe -uninstall SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} Sony Ericsson Device Data --> MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4} Sony Ericsson Drivers --> MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5} Sony Ericsson PC Suite --> C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall Sony Ericsson PC Suite --> MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E} Sony Ericsson Themes Creator 3.19 --> C:\Program Files\Sony Ericsson\Themes Creator\Uninstall.exe Studio 9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9 UNINSTALL Studio 9.4 Patch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E217EA-C3E0-402D-8D4F-6189DB74497A}\setup.exe" -l0x9 UNINSTALL Subtitle Workshop 2.51 --> "C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe" Translator Englez-Român --> C:\TRAD\setup\setup.exe TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B} Winamp --> "C:\Program Files\Winamp\UninstWA.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG -- Application Event Log ------------------------------------------------------- Event Record #/Type3000 / Error Event Submitted/Written: 05/04/2008 02:07:51 PM Event ID/Source: 11500 / MsiInstaller Event Description: Product: TuneUp Utilities 2007 -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one. Event Record #/Type2999 / Error Event Submitted/Written: 05/04/2008 02:07:50 PM Event ID/Source: 11500 / MsiInstaller Event Description: Product: TuneUp Utilities 2007 -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one. Event Record #/Type2998 / Error Event Submitted/Written: 05/04/2008 02:07:49 PM Event ID/Source: 11500 / MsiInstaller Event Description: Product: TuneUp Utilities 2007 -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one. Event Record #/Type2977 / Error Event Submitted/Written: 05/03/2008 06:23:26 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application yahoom~1.exe, version 8.1.0.421, faulting module unknown, version 0.0.0.0, fault address 0x04690000. Processing media-specific event for [yahoom~1.exe!ws!] Event Record #/Type2940 / Error Event Submitted/Written: 05/02/2008 10:17:41 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application studio.exe, version 9.4.3.70, faulting module pclecapturedv.dll, version 2.0.0.46, fault address 0x0001a817. Processing media-specific event for [studio.exe!ws!] -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type8953 / Error Event Submitted/Written: 05/05/2008 06:43:32 PM Event ID/Source: 7016 / Service Control Manager Event Description: The BrSplService service has reported an invalid current state 0. Event Record #/Type8952 / Error Event Submitted/Written: 05/05/2008 06:28:10 PM Event ID/Source: 7034 / Service Control Manager Event Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s). Event Record #/Type8931 / Error Event Submitted/Written: 05/05/2008 06:20:29 PM Event ID/Source: 7009 / Service Control Manager Event Description: Timeout (30000 milliseconds) waiting for the Microsoft security update service service to connect. Event Record #/Type8930 / Error Event Submitted/Written: 05/05/2008 06:20:29 PM Event ID/Source: 7000 / Service Control Manager Event Description: The DHCP Server service failed to start due to the following error: %%2 Event Record #/Type8925 / Error Event Submitted/Written: 05/05/2008 06:01:53 PM Event ID/Source: 7034 / Service Control Manager Event Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). -- End of Deckard's System Scanner: finished at 2008-05-05 18:44:21 ------------ am voie sa postez si eu daca ma confrunt cu aceeasi problema? multumesc Attached Files |
#8
Posted 05 May 2008 - 18:34
danimihalca, fa o scanare full cu Super Antispyware. Ai niste infectii de tip Vundo.
Posteaza apoi un nou log HiJackThis si in plus un screenshot cu detectiile Super AntiSpyware. |
#9
Posted 05 May 2008 - 20:47
SUPERAntiSpyware log
SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/05/2008 at 09:43 PM Application Version : 3.9.1008 Core Rules Database Version : 3452 Trace Rules Database Version: 1444 Scan type : Complete Scan Total Scan Time : 01:37:02 Memory items scanned : 469 Memory threats detected : 1 Registry items scanned : 6766 Registry threats detected : 27 File items scanned : 36356 File threats detected : 54 Adware.Vundo Variant/Resident C:\WINDOWS\SYSTEM32\NNNOLFYA.DLL C:\WINDOWS\SYSTEM32\NNNOLFYA.DLL Adware.Vundo-Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29BA3570-FF39-40DE-9048-46A8326B0F7F} HKCR\CLSID\{29BA3570-FF39-40DE-9048-46A8326B0F7F} HKCR\CLSID\{29BA3570-FF39-40DE-9048-46A8326B0F7F}\InprocServer32 HKCR\CLSID\{29BA3570-FF39-40DE-9048-46A8326B0F7F}\InprocServer32#ThreadingModel Adware.Vundo Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} Adware.Tracking Cookie C:\Documents and Settings\Fane\Cookies\fane@a[1].txt C:\Documents and Settings\Fane\Cookies\[email protected][11].txt C:\Documents and Settings\Fane\Cookies\fane@tribalfusion[1].txt C:\Documents and Settings\Fane\Cookies\[email protected][1].txt C:\Documents and Settings\Fane\Cookies\[email protected][1].txt C:\Documents and Settings\Fane\Cookies\fane@atdmt[1].txt C:\Documents and Settings\Fane\Cookies\fane@mediaplex[1].txt C:\Documents and Settings\Fane\Cookies\fane@adinterax[2].txt C:\Documents and Settings\Fane\Cookies\fane@questionmarket[2].txt C:\Documents and Settings\Fane\Cookies\fane@888[1].txt C:\Documents and Settings\Fane\Cookies\fane@adnetserver[1].txt C:\Documents and Settings\Fane\Cookies\fane@doubleclick[1].txt C:\Documents and Settings\Fane\Cookies\fane@specificclick[2].txt C:\Documents and Settings\Fane\Cookies\fane@xiti[1].txt C:\Documents and Settings\Fane\Cookies\fane@cassava[1].txt C:\Documents and Settings\Fane\Cookies\fane@antispywaremaster[1].txt C:\Documents and Settings\Fane\Cookies\[email protected][1].txt C:\Documents and Settings\Fane\Cookies\[email protected][2].txt C:\Documents and Settings\Fane\Cookies\[email protected][3].txt C:\Documents and Settings\Fane\Cookies\[email protected][4].txt C:\Documents and Settings\Fane\Cookies\[email protected][5].txt C:\Documents and Settings\Fane\Cookies\[email protected][6].txt C:\Documents and Settings\Fane\Cookies\[email protected][7].txt C:\Documents and Settings\Fane\Cookies\[email protected][8].txt C:\Documents and Settings\Fane\Cookies\[email protected][9].txt Trojan.Unknown Origin HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Services\msupdate HKLM\SYSTEM\CurrentControlSet\Services\msupdate#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\msupdate#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\msupdate#Description HKLM\SYSTEM\CurrentControlSet\Services\msupdate#ObjectName HKLM\SYSTEM\CurrentControlSet\Services\msupdate#Start HKLM\SYSTEM\CurrentControlSet\Services\msupdate#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\msupdate#Type HKLM\SYSTEM\CurrentControlSet\Services\msupdate\Enum HKLM\SYSTEM\CurrentControlSet\Services\msupdate\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\msupdate\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\msupdate\Enum#NextInstance Trojan.Unclassified-Packed/Suspicious C:\PROGRAM FILES\MP3TAG 5\TAG_MENU.DLL Trojan.Vundo-Variant/F C:\WINDOWS\SYSTEM32\OCLHXSVX.DLL C:\WINDOWS\SYSTEM32\PYSGOVFP.DLL Trace.Known Threat Sources C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\8UDKQ8KH\index[1].htm C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\8UDKQ8KH\managers[1].htm C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\buttonbg[1].gif C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\crypt[1].htm C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\DHU6RF55\pbmarker[2].gif C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\CAPG6D1N.htm C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\8UDKQ8KH\alert[1].gif C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\lupa[1].gif C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\Activex[1].gif C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\spyware[1].gif C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\closebutton[1].gif C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\DHU6RF55\pbbg[1].gif C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\8UDKQ8KH\styles[2].css C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\8UDKQ8KH\common[2].js C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\DHU6RF55\kluch[1].gif C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\ajax[1].htm C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\ax[1].gif C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\ballon[1].gif C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\closebutton[2].gif C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\logo2[1].gif C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\OP8ISTUV\5_swp[1].htm C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\8UDKQ8KH\window[1].js C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\8UDKQ8KH\stats[1].jpg C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\DHU6RF55\progressbar[2].js C:\Documents and Settings\Fane\Local Settings\Temporary Internet Files\Content.IE5\8UDKQ8KH\CAUFANIL.htm Attached Files |
#10
Posted 05 May 2008 - 21:49
Perfect. Acum mai ai problemele ? A sters infectiile banuiesc, nu ?
|
|
#11
Posted 05 May 2008 - 21:52
multumesc mult. nu mai am. da, le-a sters. inainte, chiar dupa ce le-a sters si am restartat, se conecta tot greu pe siteuri. am dat un clear private data la mozilla si acuma merge mai bine. mersi inca o data.
|
#13
Posted 09 May 2008 - 20:03
#14
Posted 10 May 2008 - 19:56
@narcisx
la cineva i-o mai dat aceasta eroare, parca ii lipsea un .dll (iti spune el parca care) . eu am incercat sa caut acel .dll si l-am pus in system32 (sau windows, nu mai stiut) si a mers Edited by MembruAnonim, 10 May 2008 - 20:01. |
#16
Posted 10 May 2008 - 20:55
pro_windows, on May 10 2008, 20:00, said: Ce eroare(codul)? pai asta este eroarea roblem signature: Problem Event Name: APPCRASH Application Name: Explorer.EXE Application Version: 6.0.6001.18000 Application Timestamp: 47918e5d Fault Module Name: StackHash_6943 Fault Module Version: 6.0.6001.18000 Fault Module Timestamp: 4791a7a6 Exception Code: c0000374 Exception Offset: 000b015d OS Version: 6.0.6001.2.1.0.256.1 Locale ID: 1033 Additional Information 1: 6943 Additional Information 2: 4d87ca74c27cf7cfe7880d9dc451f547 Additional Information 3: df71 Additional Information 4: 4a145658a29bc038c1f0fa146ec2f4b8 Read our privacy statement: http://go.microsoft....mp;clcid=0x0409 |
#17
Posted 12 May 2008 - 08:27
Am formtat problema sa rezolvat dar a aparut o noua problema, acum wmp nu mai functionaeza, cand vreau sa vad un film se vede verde pe alocuri roz (decat se aude), am instalat vista codeck pack nu a mers am incrcat k lite tot nu vrea, nu stiu ce sa mai fac, eu vedeam filmle in wmp era perfect, ianite, am incercat si un film facut in movie maker si degeaba tot asa.
Edited by narcisx, 12 May 2008 - 08:29. |
#18
Posted 13 May 2008 - 13:29
Mozila Firefox trebuie folosit impreuna cu No Script si *****.
Si eu am avut aceeasi problema dupa 3 ani fara AV si am rezolvat-o cu PC Tools Spyware Doctor. La mine imi tot recomanda sa instalez un AV al lor, chipurile eu fiind infectat (era un flash la plesneala). Era Rogue SpyWareMASTER. Cu SUPERAntiSpyware nu mi-a mers. |
Anunturi
Bun venit pe Forumul Softpedia!
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users