jan82

Много благодаря!

Благодаря за помоща май ще преинсталирам Корела иначе нещата са ок !

готово ето логовете: log_avira.txt gmer_log.txt

ок мерси, ето логовете: info.txt log.txt

Мерси за отговора сега започвам да ги изпълнявам нещата но в Add or Remove program няма Ask Toolbar да продължа ли натам ? а за Corel като стартирам програмата вместо да се зареди тя започва да се инсталира отначало и пише The feature you are trying to use is on a CD-rom or other removable disk that is not aviable . Insert CorelDraw suite12 disk and click ok..... .след това излиза The path Coreldraw suite 12 cannot be found. Verify that you have access to this location and try again or try to find the installation package Corel Draw suite 12.msi' in a coreldraw suite 12

Пак някакви вируси ми се лепят, изчистих с ATF и после сканирах с Antimalware i Hijack ето логовете: Проблемите са че компа не позволява System Restore и Корела ми се бъгна и все още незнам какво друго Антивирусната ми програма е Авира фрии но май не хваща много Мерси предварително! hijackthis_190809.txt mbam_log_2009_08_19__11_40_07_.txt

Здравейте бихте ли погледнали този лог защото май има някякви проблеми не ми работи авирата а май има някякви вируси които не хваща мерси предварително! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:06:13, on 12.8.2009 г. Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\asic\Desktop\hijack\post.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- End of file - 3494 bytes

БЛАГОДАРЯ!!!!!!!!!! :ya :yanim: nim: nim: nim: СТРАХОТНИ ПРОФЕСИОНАЛИСТИ ИМА В ТОЗИ САЙТ! ВСИЧКО РАБОТИ КАКТО ТРЯБВА СЕГА!!!!

здравейте стигнах до Start -> Run -> cleanmgr -> More Options -> System Restore -> Clean up но след като напиша: cleanmgr ме пита директно кой диск избирам C или D и започва Disc Cleanup ...няма More Options -> System Restore -> Clean up ето линка : http://4storing.com/sfc6bj/d52efba53612e85...ca86d61f21.html

Ето го и лог файла: log.txt

Всичко стана както казахте: излезна ми нещо неразбираемо на екрана след като свърши да сканира и се рестартира ето снимка без да искам 2 пъти съм копирал файла ....а и компа 10 пъти по бърз в момента!! ComboFix.txt ComboFix.txt

прикачих единствения тхт файл койте днес е изезнал на С/: ако не е това преименувам и започвам пак мерси за търпението! Bug.txt

Изтеглих го с Internet Explorer и започна да сканира но после изчезна и не се рестартира компа изчаках малко нищо не стана няма и txt файл сигурно пак нещо съм объркал сори!

При стартиране на Combofix излиза съобщение combofix is not a valid win32 applicattion Пробвах да преименувам но пак същото стана ....има ли още варианти,мерси предварително! -Вмомента съм дал отметка на System restore OFF както пишеше така ли да остане?

Здравейте пак този път изпълних всичко надявам..... се поствам резултатите от Hijack i Malwarebytes' Anti-Malware: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:43:28, on 05.7.2009 г. Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\hpnra.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Documents and Settings\Strahil Gaidarsky\Desktop\Hijack\post.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\system32\hpnra.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- End of file - 3457 bytes Malwarebytes' Anti-Malware 1.38 Database version: 2375 Windows 5.1.2600 Service Pack 3 05.7.2009 г. 18:38:21 mbam-log-2009-07-05 (18-38-21).txt Scan type: Quick Scan Objects scanned: 82654 Time elapsed: 9 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 24 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\111111s1ro1s1a (Rootkit.Bagle) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\111111s1ro1s1a (Rootkit.Bagle) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\german.exe (Rootkit.Bagle) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Rootkit.Bagle) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Rootkit.Bagle) -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\documents and settings\Strahil Gaidarsky\Application Data\m (Trojan.Agent) -> Delete on reboot. c:\documents and settings\Strahil Gaidarsky\Application Data\drivers\downld (Worm.Bagle) -> Quarantined and deleted successfully. Files Infected: c:\documents and settings\strahil gaidarsky\application data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\strahil gaidarsky\application data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\strahil gaidarsky\application data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\strahil gaidarsky\application data\drivers\downld\113433.exe (Worm.Bagle) -> Quarantined and deleted successfully. c:\documents and settings\strahil gaidarsky\application data\drivers\downld\210833.exe (Worm.Bagle) -> Quarantined and deleted successfully. c:\documents and settings\strahil gaidarsky\application data\drivers\downld\214238.exe (Worm.Bagle) -> Quarantined and deleted successfully. c:\documents and settings\strahil gaidarsky\application data\drivers\downld\317486.exe (Worm.Bagle) -> Quarantined and deleted successfully. c:\documents and settings\strahil gaidarsky\application data\drivers\downld\320430.exe (Worm.Bagle) -> Quarantined and deleted successfully. c:\documents and settings\strahil gaidarsky\application data\drivers\downld\320470.exe (Worm.Bagle) -> Quarantined and deleted successfully. c:\documents and settings\strahil gaidarsky\application data\drivers\downld\344164.exe (Worm.Bagle) -> Quarantined and deleted successfully. c:\documents and settings\strahil gaidarsky\application data\drivers\downld\349442.exe (Worm.Bagle) -> Quarantined and deleted successfully. c:\documents and settings\strahil gaidarsky\application data\drivers\downld\350143.exe (Worm.Bagle) -> Quarantined and deleted successfully. c:\documents and settings\strahil gaidarsky\application data\drivers\downld\359827.exe (Worm.Bagle) -> Quarantined and deleted successfully. c:\documents and settings\strahil gaidarsky\application data\drivers\downld\380907.exe (Worm.Bagle) -> Quarantined and deleted successfully. c:\documents and settings\strahil gaidarsky\application data\drivers\downld\425421.exe (Worm.Bagle) -> Quarantined and deleted successfully. c:\documents and settings\strahil gaidarsky\application data\drivers\downld\434995.exe (Worm.Bagle) -> Quarantined and deleted successfully. c:\documents and settings\strahil gaidarsky\application data\drivers\downld\439742.exe (Worm.Bagle) -> Quarantined and deleted successfully. c:\documents and settings\strahil gaidarsky\application data\drivers\downld\439892.exe (Worm.Bagle) -> Quarantined and deleted successfully. c:\documents and settings\Strahil Gaidarsky\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot. c:\documents and settings\Strahil Gaidarsky\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot. c:\documents and settings\Strahil Gaidarsky\Application Data\drivers\11s11ro1s1a2.sys (Rootkit.Bagle.KillAV) -> Quarantined and deleted successfully. c:\documents and settings\Strahil Gaidarsky\Application Data\drivers\111wfs1intwq.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.