Премини към съдържанието

shamara96

Потребител
  • Публикации

    8
  • Регистрация

  • Последно онлайн

Харесвания

1 Неутрална репутация

Всичко за shamara96

  • Титла
    Новобранец
  1. Безкрайни благодарности! Компютъра работи перфектно, инсталирах си НОД32 сканирах и не откри нищо. Още веднъж благодаряяяяя!
  2. Ето линка за сваляне : http://file.bg/c124397Takpd Ето и лог файла от програмата: ComboFix 11-10-09.01 - Dennis 10.2011 г. 19:42:19.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.503.292 [GMT 3:00] Running from: c:\documents and settings\Dennis\Desktop\ComboFix.exe . . ((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 ))))))))))))))))))))))))))))))) . . 2011-10-09 13:29 . 2011-10-09 13:29 -------- d-----w- C:\_OTL 2011-10-08 13:35 . 2011-10-09 09:07 -------- d-----w- C:\Downloads . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\windows\Datecs\FType2K.exe [2011-10-7 95232] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "EnableVirtualization"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/9/2011 4:40 PM 366152] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/9/2011 4:39 PM 22216] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] . Contents of the 'Scheduled Tasks' folder . 2011-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1606980848-1177238915-1003Core.job - c:\documents and settings\Dennis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-08 22:03] . 2011-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1606980848-1177238915-1003UA.job - c:\documents and settings\Dennis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-08 22:03] . . ------- Supplementary Scan ------- . TCP: DhcpNameServer = 1.1.0.1 88.80.159.1 TCP: Interfaces\{81F2CAE8-6243-459F-A417-36C3B8D1CD7E}: NameServer = 1.1.0.1 88.80.159.1 FF - ProfilePath - c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\o74cdtsl.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-09 19:46 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2011-10-09 19:49:14 ComboFix-quarantined-files.txt 2011-10-09 16:49 . Pre-Run: 12 246 609 920 bytes free Post-Run: 12 215 443 456 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - AED1503DE1003F25862497F75E4E14D9
  3. Ето и лог файла от Malwarebytes' Anti-Malware : Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7908 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 09.10.2011 г. 17:13:55 mbam-log-2011-10-09 (17-13-55).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 188321 Time elapsed: 27 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 33 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\_OTL\movedfiles\10092011_162951\C_\dquenxjpy.bat (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\C_\nemanbrboxsvn.bat (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\C_\rgmyjvjrcjc.bat (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\c_documents and settings\Dennis\local settings\Temp\kixsmhevpfhrqfepimkz.exe (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\c_documents and settings\Dennis\local settings\Temp\wqbsizsfvhflgrmt.exe (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\c_documents and settings\Dennis\local settings\Temp\xikszhr.exe (Trojan.Vilsel.G) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\c_documents and settings\Dennis\local settings\Temp\xuicvplbujktrfdnfif.exe (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\c_documents and settings\Dennis\local settings\Temp\zyokfbzrmdgrrhhtnsrhd.exe (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\c_windows\dykctlftkxwdzlhpf.exe (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\c_windows\kixsmhevpfhrqfepimkz.exe (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\c_windows\mivogzujbppxuheneg.exe (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\c_windows\qqheaxwpldhtulmzuaarok.exe (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\c_windows\wqbsizsfvhflgrmt.exe (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\c_windows\xuicvplbujktrfdnfif.exe (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\c_windows\zyokfbzrmdgrrhhtnsrhd.exe (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\c_windows\system32\dykctlftkxwdzlhpf.exe (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\c_windows\system32\kixsmhevpfhrqfepimkz.exe (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\c_windows\system32\mivogzujbppxuheneg.exe (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\c_windows\system32\qqheaxwpldhtulmzuaarok.exe (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\c_windows\system32\wqbsizsfvhflgrmt.exe (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\c_windows\system32\xuicvplbujktrfdnfif.exe (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\c_windows\system32\zyokfbzrmdgrrhhtnsrhd.exe (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\D_\dquenxjpy.bat (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\D_\jbkyoeqxpykwr.bat (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\D_\ndkwkyindku.bat (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\D_\nemanbrboxsvn.bat (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\D_\nhsiasgpjuiwtvy.bat (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\D_\nxlfkanfrysvn.bat (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\D_\rdtpwodxluqvpek.bat (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\D_\rgmyjvjrcjc.bat (Trojan.Chydo) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\10092011_162951\D_\rzldgufvfkc.bat (Trojan.Chydo) -> Quarantined and deleted successfully. d:\VERONIKA\phots of sony ericsson\picture\photos veronika\photos veronika.exe (Trojan.Dropper) -> Quarantined and deleted successfully. d:\VERONIKA\phots of sony ericsson\picture\photos veronika\interior\interior.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
  4. Ето лог файла с име: 10092011_162951.лог All processes killed ========== OTL ========== No active process named wqbsizsfvhflgrmt.exe was found! No active process named xikszhr.exe was found! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kuvcip deleted successfully. C:\WINDOWS\system32\mivogzujbppxuheneg.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\oelykxmvhpjl deleted successfully. C:\Documents and Settings\Dennis\Local Settings\Temp\kixsmhevpfhrqfepimkz.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-789336058-1606980848-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run\\dquenxjpy deleted successfully. C:\WINDOWS\system32\wqbsizsfvhflgrmt.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-789336058-1606980848-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run\\kuvcip deleted successfully. C:\Documents and Settings\Dennis\Local Settings\Temp\xuicvplbujktrfdnfif.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\rgmyjvjrcjc deleted successfully. C:\Documents and Settings\Dennis\Local Settings\Temp\zyokfbzrmdgrrhhtnsrhd.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\xikszhr deleted successfully. C:\WINDOWS\system32\kixsmhevpfhrqfepimkz.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-789336058-1606980848-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\wkpakvipzf deleted successfully. C:\WINDOWS\system32\xuicvplbujktrfdnfif.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-789336058-1606980848-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\xikszhr deleted successfully. C:\Documents and Settings\Dennis\Local Settings\Temp\wqbsizsfvhflgrmt.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\mybksbmr deleted successfully. C:\WINDOWS\System32\zyokfbzrmdgrrhhtnsrhd.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\ziiot deleted successfully. File C:\DOCUME~1\Dennis\LOCALS~1\Temp\kixsmhevpfhrqfepimkz.exe not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully. Registry value HKEY_USERS\S-1-5-21-789336058-1606980848-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully. C:\autorun.inf moved successfully. D:\autorun.inf moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3848d8c5-f0a2-11e0-82b8-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3848d8c5-f0a2-11e0-82b8-806d6172696f}\ not found. D:\dquenxjpy.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3848d8c5-f0a2-11e0-82b8-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3848d8c5-f0a2-11e0-82b8-806d6172696f}\ not found. D:\nemanbrboxsvn.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3848d8c5-f0a2-11e0-82b8-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3848d8c5-f0a2-11e0-82b8-806d6172696f}\ not found. D:\rgmyjvjrcjc.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3848d8c7-f0a2-11e0-82b8-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3848d8c7-f0a2-11e0-82b8-806d6172696f}\ not found. C:\dquenxjpy.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3848d8c7-f0a2-11e0-82b8-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3848d8c7-f0a2-11e0-82b8-806d6172696f}\ not found. C:\nemanbrboxsvn.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3848d8c7-f0a2-11e0-82b8-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3848d8c7-f0a2-11e0-82b8-806d6172696f}\ not found. C:\rgmyjvjrcjc.bat moved successfully. C:\WINDOWS\qyxcglstxxjdmlupsgonswbijn.ztc moved successfully. C:\Program Files\qyxcglstxxjdmlupsgonswbijn.ztc moved successfully. C:\Documents and Settings\Dennis\Local Settings\Application Data\qyxcglstxxjdmlupsgonswbijn.ztc moved successfully. C:\WINDOWS\system32\qyxcglstxxjdmlupsgonswbijn.ztc moved successfully. C:\WINDOWS\qqheaxwpldhtulmzuaarok.exe moved successfully. C:\WINDOWS\zyokfbzrmdgrrhhtnsrhd.exe moved successfully. C:\WINDOWS\kixsmhevpfhrqfepimkz.exe moved successfully. C:\WINDOWS\xuicvplbujktrfdnfif.exe moved successfully. C:\WINDOWS\mivogzujbppxuheneg.exe moved successfully. C:\WINDOWS\dykctlftkxwdzlhpf.exe moved successfully. C:\WINDOWS\wqbsizsfvhflgrmt.exe moved successfully. C:\WINDOWS\system32\qqheaxwpldhtulmzuaarok.exe moved successfully. File C:\WINDOWS\System32\zyokfbzrmdgrrhhtnsrhd.exe not found. File C:\WINDOWS\System32\kixsmhevpfhrqfepimkz.exe not found. File C:\WINDOWS\System32\xuicvplbujktrfdnfif.exe not found. File C:\WINDOWS\System32\mivogzujbppxuheneg.exe not found. File C:\WINDOWS\System32\wqbsizsfvhflgrmt.exe not found. C:\WINDOWS\system32\dykctlftkxwdzlhpf.exe moved successfully. C:\WINDOWS\system32\rkukzphtitqvpztznmfpfukcodolqkuouihak.pfx moved successfully. C:\WINDOWS\rkukzphtitqvpztznmfpfukcodolqkuouihak.pfx moved successfully. C:\Program Files\rkukzphtitqvpztznmfpfukcodolqkuouihak.pfx moved successfully. C:\Documents and Settings\Dennis\Local Settings\Application Data\rkukzphtitqvpztznmfpfukcodolqkuouihak.pfx moved successfully. ========== FILES ========== File\Folder C:\Documents and Settings\Dennis\Local Settings\Temp\wqbsizsfvhflgrmt.exe not found. C:\Documents and Settings\Dennis\Local Settings\Temp\xikszhr.exe moved successfully. D:\jbkyoeqxpykwr.bat moved successfully. D:\ndkwkyindku.bat moved successfully. D:\nhsiasgpjuiwtvy.bat moved successfully. D:\nxlfkanfrysvn.bat moved successfully. D:\rdtpwodxluqvpek.bat moved successfully. D:\rzldgufvfkc.bat moved successfully. C:\RECYCLER\S-1-5-21-789336058-1606980848-1177238915-1003 folder moved successfully. C:\RECYCLER folder moved successfully. D:\RECYCLER\S-1-5-21-789336058-1606980848-1177238915-1003 folder moved successfully. D:\RECYCLER\S-1-5-21-515967899-706699826-1177238915-500 folder moved successfully. D:\RECYCLER\S-1-5-21-1085031214-1229272821-1177238915-1003 folder moved successfully. D:\RECYCLER folder moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User User: Dennis ->Flash cache emptied: 3756 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Dennis ->Temp folder emptied: 251610067 bytes ->Temporary Internet Files folder emptied: 7993146 bytes ->FireFox cache emptied: 43313566 bytes ->Google Chrome cache emptied: 170850487 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2402044 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 454,00 mb OTL by OldTimer - Version 3.2.29.1 log created on 10092011_162951 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  5. Не можах да копирам и да поставя текста тук, защото е много дълъг и за това качих ТХТ документите, нали може така ? OTL.Txt Extras.Txt
  6. Ето Текста от dds.txt . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 Run by Dennis at 17:17:08 on 2011-10-08 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.503.316 [GMT 3:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\WINDOWS\Datecs\FType2K.exe C:\DOCUME~1\Dennis\LOCALS~1\Temp\xikszhr.exe C:\DOCUME~1\Dennis\LOCALS~1\Temp\xikszhr.exe C:\WINDOWS\system32\msiexec.exe C:\DOCUME~1\Dennis\LOCALS~1\Temp\wqbsizsfvhflgrmt.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll BHO: KMPlayer Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: KMPlayer Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll uRun: [dquenxjpy] wqbsizsfvhflgrmt.exe uRun: [kuvcip] c:\docume~1\dennis\locals~1\temp\xuicvplbujktrfdnfif.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRunOnce: [wkpakvipzf] xuicvplbujktrfdnfif.exe . uRunOnce: [xikszhr] c:\docume~1\dennis\locals~1\temp\kixsmhevpfhrqfepimkz.exe . mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [kuvcip] wqbsizsfvhflgrmt.exe mRun: [oelykxmvhpjl] c:\docume~1\dennis\locals~1\temp\xuicvplbujktrfdnfif.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [WinampAgent] c:\program files\winamp\winampa.exe mRun: [<NO NAME>] mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRunOnce: [xikszhr] wqbsizsfvhflgrmt.exe . mRunOnce: [rgmyjvjrcjc] c:\docume~1\dennis\locals~1\temp\xuicvplbujktrfdnfif.exe . mExplorerRun: [mybksbmr] mivogzujbppxuheneg.exe mExplorerRun: [ziiot] c:\docume~1\dennis\locals~1\temp\kixsmhevpfhrqfepimkz.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flexty~1.lnk - c:\windows\datecs\FType2K.exe uPolicies-system: DisableRegistryTools = 1 (0x1) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: DisableRegistryTools = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0) mPolicies-system: EnableInstallerDetection = 0 (0x0) mPolicies-system: EnableSecureUIAPaths = 0 (0x0) mPolicies-system: EnableVirtualization = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe TCP: Interfaces\{81F2CAE8-6243-459F-A417-36C3B8D1CD7E} : NameServer = 1.1.0.1 88.80.159.1 TCP: Interfaces\{D411BD12-AD25-4301-B27B-FF315C6D7307} : DhcpNameServer = 1.1.0.1 88.80.159.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxsrvc.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\dennis\application data\mozilla\firefox\profiles\o74cdtsl.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: KMPlayer Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2011-10-08 13:35:59 2560 ----a-w- c:\windows\system32\bitcometres.dll 2011-10-08 13:35:58 -------- d-----w- C:\Downloads 2011-10-08 13:19:08 -------- d-----w- c:\windows\system32\appmgmt 2011-10-08 13:00:31 -------- d-----w- c:\documents and settings\dennis\application data\BitComet 2011-10-08 12:15:14 -------- d-----w- c:\program files\BitComet 2011-10-08 12:15:05 -------- d-----w- c:\program files\Ask.com 2011-10-08 12:15:02 -------- d-----w- c:\documents and settings\dennis\local settings\application data\AskToolbar 2011-10-08 12:13:45 -------- d-----w- c:\program files\The KMPlayer 2011-10-08 11:33:36 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2011-10-07 17:53:50 -------- d-----w- c:\program files\7-ZipPortable 2011-10-07 17:49:08 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2011-10-07 17:49:08 21504 ----a-w- c:\windows\system32\hidserv.dll 2011-10-07 17:49:01 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2011-10-07 17:49:01 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2011-10-07 17:48:52 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2011-10-07 17:48:52 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2011-10-07 17:48:48 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2011-10-07 17:48:48 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-10-07 17:29:38 5120 ----a-w- c:\windows\system32\vga856.fon 2011-10-07 17:29:34 45056 ----a-w- c:\windows\system32\newdll.dll 2011-10-07 17:29:33 8992 ----a-w- c:\windows\system32\kbdbphz.dLL 2011-10-07 17:29:33 8992 ----a-w- c:\windows\system32\KBDBPH.dLL 2011-10-07 17:29:33 7440 ----a-w- c:\windows\system32\KBDDLL.DLL 2011-10-07 17:29:33 6928 ----a-w- c:\windows\system32\kbdhebx.Dll 2011-10-07 17:29:33 6416 ----a-w- c:\windows\system32\kbdinori.Dll 2011-10-07 17:29:33 6416 ----a-w- c:\windows\system32\kbdinasa.Dll 2011-10-07 17:29:33 6416 ----a-w- c:\windows\system32\kbdbp.Dll 2011-10-07 17:29:33 6416 ----a-w- c:\windows\system32\kbdbds.Dll 2011-10-07 17:29:33 -------- d-----w- c:\windows\Datecs 2011-10-07 16:32:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-07 16:28:00 -------- d-----w- c:\program files\Skype 2011-10-07 15:19:05 -------- d-----w- c:\documents and settings\dennis\local settings\application data\Adobe . ==================== Find3M ==================== . 2011-10-08 14:15:37 757760 --sh--r- c:\windows\zyokfbzrmdgrrhhtnsrhd.exe 2011-10-08 14:15:37 757760 --sh--r- c:\windows\xuicvplbujktrfdnfif.exe 2011-10-08 14:15:37 757760 --sh--r- c:\windows\wqbsizsfvhflgrmt.exe 2011-10-08 14:15:37 757760 --sh--r- c:\windows\qqheaxwpldhtulmzuaarok.exe 2011-10-08 14:15:37 757760 --sh--r- c:\windows\mivogzujbppxuheneg.exe 2011-10-08 14:15:37 757760 --sh--r- c:\windows\kixsmhevpfhrqfepimkz.exe 2011-10-08 14:15:37 757760 --sh--r- c:\windows\dykctlftkxwdzlhpf.exe 2011-10-08 13:47:36 757760 --sh--r- C:\dquenxjpy.bat 2011-10-08 13:46:30 757760 --sh--r- c:\windows\system32\qqheaxwpldhtulmzuaarok.exe 2011-10-08 13:46:29 757760 --sh--r- c:\windows\system32\zyokfbzrmdgrrhhtnsrhd.exe 2011-10-08 13:46:29 757760 --sh--r- c:\windows\system32\kixsmhevpfhrqfepimkz.exe 2011-10-08 13:46:28 757760 --sh--r- c:\windows\system32\xuicvplbujktrfdnfif.exe 2011-10-08 13:46:28 757760 --sh--r- c:\windows\system32\mivogzujbppxuheneg.exe 2011-10-08 13:46:27 757760 --sh--r- c:\windows\system32\wqbsizsfvhflgrmt.exe 2011-10-08 13:43:41 757760 --sh--r- c:\windows\system32\dykctlftkxwdzlhpf.exe . ============= FINISH: 17:17:56,12 =============== Ето и от attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 10/7/2011 5:46:10 AM System Uptime: 10/8/2011 4:45:56 PM (1 hours ago) . Motherboard: Lite-On Computer Inc. | | Spirit Processor: Intel® Celeron® CPU 2.80GHz | mPGA-478 | 2800/100mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 18 GiB total, 12.048 GiB free. D: is FIXED (NTFS) - 20 GiB total, 1.357 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Marvell Libertas 802.11b/g Wireless (8335) Device ID: PCI\VEN_11AB&DEV_1FAA&SUBSYS_1FAA11AB&REV_03\4&1A671D0C&0&58F0 Manufacturer: Marvell Name: Marvell Libertas 802.11b/g Wireless (8335) PNP Device ID: PCI\VEN_11AB&DEV_1FAA&SUBSYS_1FAA11AB&REV_03\4&1A671D0C&0&58F0 Service: W8335XP . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe Flash Player 11 Plugin Adobe Reader 8.1.1 Ask Toolbar BitComet 1.02 FlexType 2K Intel® Extreme Graphics Driver Mozilla Firefox (3.6.3) Skype™ 3.8 The KMPlayer (remove only) WebFldrs XP Winamp (remove only) WinRAR archiver . ==== Event Viewer Messages From Past Week ======== . 10/8/2011 4:42:23 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). 10/8/2011 11:40:55 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The class is configured to run as a security id different from the caller 10/8/2011 11:40:37 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000034' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 10/7/2011 6:13:54 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 10/7/2011 6:02:57 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) . ==== End Of File ===========================
  7. Системата ми е заразена и немога да инсталирам антивирусна... Пускам да се инсталирва но ми се затваря инстала и папката, където е антивирусната... Като стане въпрос някъде да напиша антивирусна и веднага ми се затваря прозореца.. Моля помагайте!
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.