HiJackThis/Log :Оптимизация/Анализ/Ревю

22 юли 200916 г.

Fixer, много ти благодаря за помоща
Добре че има хора като теб да помагат.

Радвам се, че проблема е решен. И все пак заслугата не е само моя, а и на B-Boy[styLe]

23 юли 200916 г.

Scan saved at 21:56:09, on 23.7.2009 г.

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Datecs\FlexType 2K\FType2K.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\WINDOWS\system32\msiexec.exe

E:\Downloads\cureit.exe

C:\DOCUME~1\Rado\LOCALS~1\Temp\RarSFX0\h9c9pd.exe

C:\Program Files\Trend Micro\HijackThis\post.exe.exe

C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Cl

23 юли 200916 г.

Alvarez, логът Ви не е пълен. За по-лесно прикачете целия лог файл в 4storing.com и поставете линк за изтеглянето му в следващия си пост.

24 юли 200916 г.

Alvarez, логът Ви не е пълен. За по-лесно прикачете целия лог файл в 4storing.com и поставете линк за изтеглянето му в следващия си пост.

Извинявам се за което.

http://4storing.com/free/9aggeo/0302a4410a...62596e5361.html

24 юли 200916 г.

Извинявам се за което.

http://4storing.com/free/9aggeo/0302a4410a...62596e5361.html

Моля, отворете HijackThis, и изберете Do a system scan only.

Сложете отметкa на следнит ред : R3 - URLSearchHook: (no name) - - (no file)

След това, затворете всички отворени прозорци, освен този на HiJackThis, и изберете Fix checked

Редактирано 24 юли 200916 г. от Dogydog7 (преглед на промените)

26 юли 200916 г.

А тук има ли нещо нередно !

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:35:25, on 24.7.2009 г.

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20583)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\FlashGet\FlashGet.exe

C:\WINDOWS\vsnpstd3.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\calling.com

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\calling.com

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Datecs\FlexType 2K\FType2K.exe

C:\WINDOWS\system32\XP-882FA7EF.EXE

C:\PROGRA~1\Webshots\webshots.scr

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Skype\Phone\Skype.exe

D:\igri\Counter-Strike 1.6 Sector Edition\Flex Anticheat.ex

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

D:\post\post.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min

O4 - HKLM\..\Run: [XP-882FA7EF] C:\WINDOWS\system32\XP-882FA7EF.EXE

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinReg] C:\WINDOWS\system32\calling.com

O4 - HKLM\..\Run: [msennger] C:\WINDOWS\system32\calling.com

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [hohohhaha] C:\WINDOWS\system32\calling.com

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Startup: ЎЎЎЎЎЎ.lnk = C:\WINDOWS\system32\XP-882FA7EF.EXE

O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe

O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{3227B240-AD69-42A1-9230-3B156E05E9B1}: NameServer = 85.255.114.2,85.255.112.117

O17 - HKLM\System\CCS\Services\Tcpip\..\{43EC7AE6-0F25-4A1C-BAB5-8E4B7809C02D}: NameServer = 85.255.114.2,85.255.112.117

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

O17 - HKLM\System\CS1\Services\Tcpip\..\{3227B240-AD69-42A1-9230-3B156E05E9B1}: NameServer = 85.255.114.2,85.255.112.117

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

O17 - HKLM\System\CS2\Services\Tcpip\..\{3227B240-AD69-42A1-9230-3B156E05E9B1}: NameServer = 85.255.114.2,85.255.112.117

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: Услуга Google Update (gupdate1ca0b5fa015cd64) (gupdate1ca0b5fa015cd64) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 9535 bytes

26 юли 200916 г.

EmKo0, нередното е почти всичко. Вие използвате неактуална версия на ESET NOD32 Antivirus, а освен това и не разполагате с последните актуализации на Windows XP. Искам да Ви кажа, че системата Ви е инфектирана. Затова направете следното:

Сега, изтеглете ATF Cleaner

Запазете го на вашия десктоп.

Кликнете два пъти върху ATF-Cleaner.exe , за да стартирате програмата.
Кликнете на Select All, който се намира в най-долната част на списъка.
Кликнете на бутона Empty Selected.

Ако използвате браузъра Mozilla Firefox, направете следното:

Кликнете върху Firefox, който се намира в началото и изберете Select All от списъка.
Кликнете на бутона Empty Selected.
Бележка: Ако искате да съхраните запазените пароли, моля кликнете на No от новопоявилия се прозорец.

Ако използвате браузъра Opera, направете следното:

Кликнете върху Opera който се намира в началото и изберете Select All от списъка.
Кликнете на бутона Empty Selected.
Бележка: Ако искате да съхраните запазените пароли, моля кликнете на No от новопоявилия се прозорец.

Кликнете на бутона Exit, който се намира в главното меню, за да затворите програмата.

Изтеглете Malwarebytes' Anti-Malware от тук

Кликнете два пъти върху mbam-setup.exe за да инсталирате програмата.

* Уверете се, че има отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware, след това кликнете на Finish.
* Ако има намерени по-нови обновления, тя ще ги изтегли и инсталира.
* Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.
* Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
* Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
* Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
* Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.

Бележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

26 юли 200916 г.

Имам проблеми с машината, затова пускам лога ... ето го:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:15:50, on 26.7.2009 г.

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

D:\My Programs\Malwarebytes' Anti-Malware\mbamservice.exe

D:\My Programs\Pandion\Pandion.exe

D:\My Programs\PerfectDisk10\PDAgent.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

D:\My Programs\Internet Download Manager\IDMan.exe

D:\My Programs\Internet Download Manager\IEMonitor.exe

D:\My Programs\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\My Programs\Internet Download Manager\IDMIECC.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Свали видео съдържанието на FLV с IDM - D:\My Programs\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Свали всички линкове с IDM - D:\My Programs\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Свали с IDM - D:\My Programs\Internet Download Manager\IEExt.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1248184941203

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1248337326593

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - D:\My Programs\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDAgent - Raxco Software, Inc. - D:\My Programs\PerfectDisk10\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - D:\My Programs\PerfectDisk10\PDEngine.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--

End of file - 7029 bytes

Пуснах и Combofix-a, рестартира и ми изтри автоматично следните гадини:

ComboFix 09-07-25.06 - Boris 07.2009 г. 19:34.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2046.1685 [GMT 3:00]

Running from: c:\documents and settings\Boris\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\vsfoceptqoyxed.sys

c:\windows\system32\vsfoceardrnhsb.dll

c:\windows\system32\vsfocedbrusawt.dat

c:\windows\system32\vsfocekcducsee.dat

c:\windows\system32\vsfoceqirmwmpk.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_vsfoceaodoyktp

Дефрегемтнирането ми работи наромално мерси.

Редактирано 26 юли 200916 г. от bo4man (преглед на промените)

26 юли 200916 г.

Този ComboFix го обърнахте на MBAM и SAS. Конкретно за теб, споменавам за последен път, че ComboFix не е играчка и се използва само при препоръка и то от някого, който го познава малко, или много. Отказвам да поемам каквито и да е последствия при бъдещи проблеми. Ако си съгласен:

Стъпка 1:

За да деинсталирате ComboFix и всички резервни копия на файлове, които той премахва:

* Кликнете върху бутона Start и изберете Run
* Въведете ComboFix /u в полето и изберете OK

Бележка: Забележете, че има разстояние между ComboFix и /u, което задължително трябва да има.

Стъпка 2:

Сега, изтеглете ATF Cleaner

Запазете го на вашия десктоп.

Кликнете два пъти върху ATF-Cleaner.exe , за да стартирате програмата.
Кликнете на Select All, който се намира в най-долната част на списъка.
Кликнете на бутона Empty Selected.

Ако използвате браузъра Mozilla Firefox, направете следното:

Кликнете върху Firefox, който се намира в началото и изберете Select All от списъка.
Кликнете на бутона Empty Selected.
Бележка: Ако искате да съхраните запазените пароли, моля кликнете на No от новопоявилия се прозорец.

Ако използвате браузъра Opera, направете следното:

Кликнете върху Opera който се намира в началото и изберете Select All от списъка.
Кликнете на бутона Empty Selected.
Бележка: Ако искате да съхраните запазените пароли, моля кликнете на No от новопоявилия се прозорец.

Кликнете на бутона Exit, който се намира в главното меню, за да затворите програмата.

Стъпка 3:

Изтеглете DDS от тук или тук. Запазете го на вашия десктоп.

Изключете Real-Time защитата на вашия антивирусен софтуер и всякакви скриптови блокери. Накрая, стартирайте инструмента.

Когато DDS приключи успешно анализа на системата Ви ще отвори два лог файла.

DDS.txt
Attach.txt

Запазете ги на вашия десктоп и след това ги прикачете към следващия си пост.

Стъпка 4:

Изтеглете GMER Rootkit Scanner. Разархивирайте го на вашия десктоп.

Преди да сканирате се уверете, че всички останали работещи програми в момента са изключени и вашия антивирусен софтуер няма да предприема никакви действия по време на сканирането на Gmer. Не използвайте компютъра си, докато трае сканирането.

Кликнете два пъти пъти върху gmer.exe , за да стартирате програмата.

Внимание: Сканирането може да доведе до грешки, затова не предприемайте никакви действия върху редовете маркирани с "<--- ROOKIT" без да съм Ви посочил да го направите.

Ако е открита активност на rootkit ще бъдете попитани дали желаете да бъде направено пълно сканиране на системата.

Изберете NO.
В десния панел ще видите какво е било проверено, нека всичко си остане така. Необходимо е само да се уверите, че пред "Show All" няма отметка.
Сега кликнете върху бутона Scan .

След като сканирането приключи е възможно да получите информация за друга rootkit активност.

Изберете OK .
Gmer ще Ви отвори лог файла. Кликнете на бутона Save... и в полето за име на файла, напишете Gmer.txt .
Запишете лог файла на вашия десктоп.

26 юли 200916 г.

Благдаря за помощта ти, не искам да се правя на специалист или какъвто и да е било, понякога прибързвам и греша, когато работя с програми на своя воля, които не разбирам или в стремежа си да помогна на приятел в беда :rolleyes: . Няма да се повтаря - наистина, ще си заема поука.

Дълбоко оценявам, както твоята помощ така и на другите във форума - предполагам и не само аз.

Attach.txt

DDS.txt

Gmer.txt

п.п. вече е прикрепен и целия лог от Gmer.

Редактирано 26 юли 200916 г. от bo4man (преглед на промените)

26 юли 200916 г.

1) Изтеглете ComboFix от: тук

2) Запазете го на работния си плот (десктоп).

3) Преименувайте ComboFix.exe на Kaldata.exe (например)

4) Изключете Real-Time защитата на вашата Avira AntiVir

5) Кликнете два пъти върху Kaldata.exe

6) ComboFix ще започне да сканира вашата система, докато трае сканирането не барайте нищо. Накрая ще се рестартира компютъра Ви.

7) След рестарта изчакайте да завърши сканирането на ComboFix и да генерира лог файл. Когато сканирането завърши ще Ви изскочи Notepad, копирайте съдържанието му и го публикувайте в следващия си пост тук. Ако не Ви изскочи, влезте в C:\ и намерете файл с името combofix.txt . Отворете го, копирайте съдържанието му и го публикувайте тук. В случай на проблем, ComboFix създава и файл с име BUG.txt, ако съществува, моля копирайте и поставете и неговото съдържание.

26 юли 200916 г.

ComboFix 09-07-25.08 - Boris 07.2009 г. 20:48.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2046.1557 [GMT 3:00]

Running from: c:\documents and settings\Boris\Desktop\Kaldata.exe.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))

.

2009-07-26 16:01 . 2009-07-25 14:00 95232 ----a-w- c:\windows\system32\MyDefragScreenSaver.scr

2009-07-26 16:01 . 2009-07-25 14:00 854528 ----a-w- c:\windows\system32\MyDefragScreenSaver.exe

2009-07-26 13:28 . 2009-07-26 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco

2009-07-26 10:47 . 2009-07-26 10:47 -------- d-----w- c:\documents and settings\Boris\Application Data\Foxit

2009-07-25 11:43 . 2001-08-17 10:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys

2009-07-25 11:43 . 2001-08-17 10:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS

2009-07-25 11:43 . 2008-04-13 21:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2009-07-23 11:50 . 2008-10-16 11:06 268648 ----a-w- c:\windows\system32\mucltui.dll

2009-07-23 11:32 . 2008-04-13 14:26 36396 ----a-w- c:\documents and settings\Boris\Application Data\BSplayer PRO\AC3 Filter\uninstall.exe

2009-07-23 11:32 . 2007-08-18 06:54 20480 ----a-w- c:\documents and settings\Boris\Application Data\BSplayer PRO\AC3 Filter\ac3config.exe

2009-07-23 11:32 . 2007-08-18 06:53 16384 ----a-w- c:\documents and settings\Boris\Application Data\BSplayer PRO\AC3 Filter\dialog_patch.exe

2009-07-23 11:32 . 2007-07-05 00:33 892928 ----a-w- c:\documents and settings\Boris\Application Data\BSplayer PRO\AC3 Filter\iconv.dll

2009-07-23 08:39 . 2009-07-23 08:40 -------- d-----w- c:\documents and settings\Boris\Local Settings\Application Data\ApplicationHistory

2009-07-23 08:37 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-07-22 20:50 . 2009-07-22 20:50 -------- d-----w- c:\documents and settings\Boris\Local Settings\Application Data\Google

2009-07-22 20:50 . 2009-03-24 11:43 43008 ----a-w- c:\documents and settings\Boris\Application Data\Mozilla\Firefox\Profiles\quv4qu7y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll

2009-07-22 20:50 . 2009-03-24 11:43 43008 ----a-w- c:\documents and settings\Boris\Application Data\Mozilla\Firefox\Profiles\quv4qu7y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2009-07-22 20:50 . 2009-03-24 11:43 235520 ----a-w- c:\documents and settings\Boris\Application Data\Mozilla\Firefox\Profiles\quv4qu7y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll

2009-07-22 20:50 . 2009-03-24 11:43 338432 ----a-w- c:\documents and settings\Boris\Application Data\Mozilla\Firefox\Profiles\quv4qu7y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2009-07-22 20:50 . 2009-03-24 11:42 235008 ----a-w- c:\documents and settings\Boris\Application Data\Mozilla\Firefox\Profiles\quv4qu7y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll

2009-07-22 20:50 . 2009-03-24 11:42 345088 ----a-w- c:\documents and settings\Boris\Application Data\Mozilla\Firefox\Profiles\quv4qu7y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2009-07-22 12:00 . 2009-07-26 09:23 -------- d-----w- c:\documents and settings\Boris\Local Settings\Application Data\WMTools Downloaded Files

2009-07-22 11:05 . 2009-07-22 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2009-07-22 11:03 . 2009-07-22 11:03 -------- d-----w- c:\documents and settings\Boris\Application Data\Notepad++

2009-07-22 10:57 . 2009-07-22 10:57 -------- d-----w- c:\program files\Adobe Media Player

2009-07-22 10:56 . 2009-07-26 11:59 -------- d-----w- c:\documents and settings\Boris\Local Settings\Application Data\Adobe

2009-07-22 10:55 . 2009-07-22 10:55 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-07-22 10:54 . 2009-07-22 10:54 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2009-07-22 10:50 . 2009-07-26 11:56 -------- d-----w- c:\program files\Common Files\Adobe

2009-07-22 10:38 . 2009-07-22 10:38 -------- d-----w- c:\documents and settings\Boris\Application Data\Media Player Classic

2009-07-21 20:41 . 2009-07-21 20:41 10945 ----a-w- c:\documents and settings\Boris\Application Data\IDM\DwnlData\Boris\HJTInstall_12\HJTInstall.exe

2009-07-21 17:27 . 2005-09-01 08:03 5888 ------w- c:\windows\system32\drivers\imagedrv.sys

2009-07-21 17:27 . 2005-09-01 08:03 127488 ------w- c:\windows\system32\drivers\imagesrv.sys

2009-07-21 17:27 . 2004-07-26 13:16 476320 ------w- c:\windows\system32\ImagXpr7.dll

2009-07-21 17:27 . 2004-07-26 13:16 471040 ------w- c:\windows\system32\ImagXRA7.dll

2009-07-21 17:27 . 2004-07-26 13:16 262144 ------w- c:\windows\system32\ImagXR7.dll

2009-07-21 17:27 . 2004-07-26 13:16 1568768 ------w- c:\windows\system32\ImagX7.dll

2009-07-21 17:27 . 2004-07-09 05:43 364544 ------w- c:\windows\system32\TwnLib4.dll

2009-07-21 17:27 . 2001-07-09 07:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

2009-07-21 17:27 . 2000-06-26 07:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll

2009-07-21 17:27 . 2009-07-21 17:27 -------- d-----w- c:\program files\Common Files\Ahead

2009-07-21 17:22 . 2009-07-23 11:32 -------- d-----w- c:\documents and settings\Boris\Application Data\BSplayer PRO

2009-07-21 17:15 . 2009-07-21 17:16 -------- d-----w- c:\documents and settings\Boris\Application Data\Pandion

2009-07-21 17:08 . 2009-07-21 17:08 -------- d-----w- c:\documents and settings\Boris\Application Data\URSoft

2009-07-21 16:43 . 2009-07-21 16:43 -------- d-----w- c:\documents and settings\Boris\Application Data\Avira

2009-07-21 16:38 . 2009-07-21 16:42 -------- d-----w- c:\documents and settings\Boris\Application Data\Winamp

2009-07-21 16:32 . 2009-07-21 16:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-07-21 16:21 . 2009-07-26 15:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-26 17:47 . 2009-07-21 13:38 -------- d-----w- c:\documents and settings\Boris\Application Data\DMCache

2009-07-26 17:47 . 2009-07-21 13:41 -------- d-----w- c:\documents and settings\Boris\Application Data\Skype

2009-07-26 17:44 . 2009-07-26 17:44 742375 ----a-w- c:\documents and settings\Boris\Application Data\IDM\DwnlData\Boris\ComboFix_42\ComboFix.exe

2009-07-26 16:30 . 2009-07-21 13:32 -------- d-----w- c:\documents and settings\Boris\Application Data\uTorrent

2009-07-26 14:59 . 2009-07-21 13:55 -------- d-----w- c:\documents and settings\Boris\Application Data\skypePM

2009-07-26 11:58 . 2009-07-21 13:31 68456 ----a-w- c:\documents and settings\Boris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-24 14:43 . 2009-07-21 14:29 604488 ----a-w- c:\windows\system32\TUProgSt.exe

2009-07-24 14:43 . 2009-07-21 14:29 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe

2009-07-23 12:00 . 2009-07-21 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-07-23 08:41 . 2009-07-21 13:16 -------- d-----w- c:\program files\Microsoft Works

2009-07-22 11:10 . 2009-07-21 13:18 -------- d-----w- c:\documents and settings\Boris\Application Data\FileZilla

2009-07-21 18:46 . 2009-07-21 13:20 -------- d-----w- c:\documents and settings\Boris\Application Data\Ventrilo

2009-07-21 15:50 . 2009-07-21 15:50 -------- d-----w- c:\program files\Reference Assemblies

2009-07-21 15:49 . 2009-07-21 15:49 -------- d-----w- c:\program files\Windows Media Connect 2

2009-07-21 14:41 . 2009-07-21 13:38 -------- d-----w- c:\documents and settings\Boris\Application Data\IDM

2009-07-21 14:29 . 2009-07-21 14:29 -------- d-----w- c:\documents and settings\Boris\Application Data\TuneUp Software

2009-07-21 14:29 . 2009-07-21 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2009-07-21 14:28 . 2009-07-21 14:28 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

2009-07-21 14:21 . 2009-07-21 14:21 -------- d-----w- c:\documents and settings\Boris\Application Data\Malwarebytes

2009-07-21 14:21 . 2009-07-21 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-07-21 13:55 . 2009-07-21 13:55 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-07-21 13:54 . 2009-07-21 13:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-07-21 13:41 . 2009-07-21 13:41 -------- d-----w- c:\program files\Skype

2009-07-21 13:41 . 2009-07-21 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2009-07-21 13:41 . 2009-07-21 13:41 -------- d-----w- c:\program files\Common Files\Skype

2009-07-21 13:38 . 2009-07-21 13:38 198064 ----a-w- c:\documents and settings\Boris\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

2009-07-21 13:35 . 2009-07-21 13:18 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-07-21 13:35 . 2009-07-21 13:18 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-07-21 13:32 . 2009-07-21 13:32 -------- d-----w- c:\program files\uTorrent

2009-07-21 13:31 . 2009-07-21 13:31 0 ----a-w- c:\windows\nsreg.dat

2009-07-21 13:24 . 2009-07-21 13:24 -------- d-----w- c:\program files\Microsoft IntelliPoint

2009-07-21 13:21 . 2009-07-21 13:21 -------- d-----w- c:\documents and settings\Boris\Application Data\IObit

2009-07-21 13:18 . 2009-07-21 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-07-21 13:18 . 2009-07-21 13:18 -------- d-----w- c:\program files\Avira

2009-07-21 13:16 . 2009-07-21 12:51 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-07-21 13:15 . 2009-07-21 13:15 -------- d-----w- c:\program files\MSBuild

2009-07-21 13:03 . 2009-07-21 13:02 -------- d-----w- c:\program files\AGEIA Technologies

2009-07-21 13:01 . 2009-07-21 12:59 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-21 13:01 . 2009-07-21 12:59 -------- d-----w- c:\program files\Realtek

2009-07-21 13:01 . 2009-07-21 13:01 -------- d-----w- c:\documents and settings\Boris\Application Data\InstallShield

2009-07-21 13:00 . 2009-07-21 12:56 15600 ----a-w- c:\windows\gdrv.sys

2009-07-21 12:59 . 2009-07-21 12:59 315392 ----a-w- c:\windows\HideWin.exe

2009-07-21 12:59 . 2009-07-21 12:59 -------- d-----w- c:\program files\Common Files\InstallShield

2009-07-21 12:57 . 2009-07-21 12:57 -------- d-----w- c:\program files\Intel

2009-07-21 12:57 . 2009-07-21 12:57 -------- d-----w- c:\program files\Yahoo!

2009-07-21 12:52 . 2009-07-21 12:52 -------- d-----w- c:\program files\microsoft frontpage

2009-07-21 12:49 . 2009-07-21 12:49 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2009-07-17 08:10 . 2009-07-17 08:10 232200 ----a-w- c:\windows\system32\PDBoot.exe

2009-07-15 09:48 . 2009-07-21 14:29 29000 ----a-w- c:\windows\system32\uxtuneup.dll

2009-07-13 10:36 . 2009-07-21 14:21 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-13 10:36 . 2009-07-21 14:21 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-21 05:46 . 2009-07-21 13:02 485920 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-06-16 14:36 . 2008-04-14 03:42 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:36 . 2008-04-14 03:41 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-10 05:28 . 2009-06-10 05:28 3510272 ----a-w- c:\windows\system32\nvgames.dll

2009-06-10 05:28 . 2009-06-10 05:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll

2009-06-10 05:28 . 2009-06-10 05:28 86016 ----a-w- c:\windows\system32\nvmctray.dll

2009-06-10 05:28 . 2009-06-10 05:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe

2009-06-10 05:28 . 2009-06-10 05:28 143360 ----a-w- c:\windows\system32\nvcolor.exe

2009-06-10 05:28 . 2009-06-10 05:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll

2009-06-10 05:28 . 2009-06-10 05:28 229376 ----a-w- c:\windows\system32\nvmccs.dll

2009-06-10 03:03 . 2009-07-21 13:02 457248 ----a-w- c:\windows\system32\nvudisp.exe

2009-06-10 03:03 . 2009-06-10 03:03 9998336 ----a-w- c:\windows\system32\nvoglnt.dll

2009-06-10 03:03 . 2009-06-10 03:03 815104 ----a-w- c:\windows\system32\nvapi.dll

2009-06-10 03:03 . 2009-06-10 03:03 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2009-06-10 03:03 . 2009-06-10 03:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll

2009-06-10 03:03 . 2009-06-10 03:03 5908608 ----a-w- c:\windows\system32\nv4_disp.dll

2009-06-10 03:03 . 2009-06-10 03:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll

2009-06-10 03:03 . 2009-06-10 03:03 1580550 ----a-w- c:\windows\system32\nvdata.bin

2009-06-10 03:03 . 2009-06-10 03:03 151552 ----a-w- c:\windows\system32\nvcodins.dll

2009-06-10 03:03 . 2009-06-10 03:03 151552 ----a-w- c:\windows\system32\nvcod.dll

2009-06-10 03:03 . 2009-06-10 03:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-06-08 07:00 . 2009-06-08 07:00 71696 ----a-w- c:\windows\system32\drivers\DefragFs.sys

2009-06-05 04:16 . 2009-07-21 13:01 142336 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys

2009-06-03 19:09 . 2008-04-14 03:42 1291264 ----a-w- c:\windows\system32\quartz.dll

2009-06-02 16:11 . 2009-07-21 17:24 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-05-29 21:37 . 2009-07-21 17:24 205824 ----a-w- c:\windows\system32\xvidvfw.dll

2009-05-29 21:31 . 2009-07-21 17:24 881664 ----a-w- c:\windows\system32\xvidcore.dll

2009-05-13 05:15 . 2008-04-14 03:42 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:32 . 2008-04-14 03:41 345600 ----a-w- c:\windows\system32\localspl.dll

2009-05-01 21:02 . 2009-07-21 17:24 90112 ----a-w- c:\windows\system32\dpl100.dll

2009-05-01 21:02 . 2009-07-21 17:24 685056 ----a-w- c:\windows\system32\divx.dll

2009-04-29 04:46 . 2009-04-29 04:46 81920 ------w- c:\windows\system32\ieencode.dll

2009-04-28 20:20 . 2009-07-21 16:39 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys

2009-04-28 20:20 . 2009-07-21 16:39 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2009-04-28 20:20 . 2009-07-21 16:39 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys

2009-04-28 20:20 . 2009-07-21 16:39 129520 ------w- c:\windows\system32\pxafs.dll

2009-04-28 06:55 . 2009-04-28 06:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll

2009-07-15 20:30 . 2009-07-21 13:31 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [21.7.2009 г. 16:18 194817]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21.7.2009 г. 16:18 108289]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [21.7.2009 г. 16:18 434945]

R2 MBAMService;MBAMService;d:\my programs\Malwarebytes' Anti-Malware\mbamservice.exe [21.7.2009 г. 17:21 211216]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [21.7.2009 г. 17:29 604488]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21.7.2009 г. 17:21 19096]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-07-26 c:\windows\Tasks\1-Click Maintenance.job

- d:\my programs\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]

2009-07-26 c:\windows\Tasks\AWC AutoSweep.job

- d:\my programs\Advanced SystemCare 3\AutoSweep.exe [2009-07-21 12:35]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com

uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Свали видео съдържанието на FLV с IDM - d:\my programs\Internet Download Manager\IEGetVL.htm

IE: Свали всички линкове с IDM - d:\my programs\Internet Download Manager\IEGetAll.htm

IE: Свали с IDM - d:\my programs\Internet Download Manager\IEExt.htm

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

FF - ProfilePath - c:\documents and settings\Boris\Application Data\Mozilla\Firefox\Profiles\quv4qu7y.default\

FF - component: c:\documents and settings\Boris\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: d:\my programs\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: d:\my programs\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-26 20:49

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1316)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-07-26 20:50

ComboFix-quarantined-files.txt 2009-07-26 17:50

ComboFix2.txt 2009-07-26 16:36

Pre-Run: 10 155 872 256 bytes free

Post-Run: 10 116 890 624 bytes free

288 --- E O F --- 2009-07-23 12:00

26 юли 200916 г.

Отворете Notepad и чрез комбинацията copy/paste поставете следния текст:

Killall::


File::

c:\windows\SET3.tmp

c:\windows\SET4.tmp

Запазете файла с името CFScript.txt и го поставете върху ComboFix.

След като, програмата приключи ще Ви изведе лог файла. Отново чрез комбинацията от Copy/Paste поставете информацията тук.

26 юли 200916 г.

ComboFix 09-07-25.08 - Boris 07.2009 г. 21:04.3.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2046.1439 [GMT 3:00]

Running from: c:\documents and settings\Boris\Desktop\Kaldata.exe.exe

Command switches used :: c:\documents and settings\Boris\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

"c:\windows\SET3.tmp"

"c:\windows\SET4.tmp"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\SET3.tmp

c:\windows\SET4.tmp