Премини към съдържанието
Форумът в приложение

По-лесно сърфиране. Научи повече.
Kaldata.com - Форуми

Приложение на форума на цял екран с push известия, значки и други.

За да инсталирате това приложение на iOS и iPadOS
  1. Докоснете Иконата за споделяне в Safari
  2. Превъртете менюто и докоснете Добавяне към началния екран.
  3. Докоснете Добавяне в горния десен ъгъл.
За да инсталирате това приложение на Android
  1. Докоснете менюто с 3 точки (⋮) в горния десен ъгъл на браузъра.
  2. Докоснете Добавяне към началния екран или Инсталиране на приложение.
  3. Потвърдете, като докоснете Инсталиране.
Добави Kaldata.com в предпочитани източници в Google

Добре дошли!

Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

 

Помощ при откриване и премахване на вируси, троянски коне и др., част 2

kick
в Премахване на зловреден софтуер

Featured Replies

Ако имаш инсталационен диск на Windows, може да заредиш от него, да влезеш в Recovery console. Оттам ще получиш достъп до системния диск, но трябва да знаеш администраторската парола. След като вече имаш достъп до системния диск изпълни :

del [буквата на системния диск]:\windows\system32\system.exe

или

ren [буквата на системния диск]:\windows\system32\system.exe system.exe.tmp

Нямам диска на Windows-a.

treo, не ми зарежда линка.

  • Отговори 981
  • Прегледи 140,2k
  • Създадено
  • Последен отговор

Потребители с най-много отговори

Популярни дни

Най-популярни публикации

  • Maniac
    Maniac

    Сега, изтеглете ATF Cleaner Запазете го на вашия десктоп. Кликнете два пъти върху ATF-Cleaner.exe , за да стартирате програмата. Кликнете на Select All, който се намира в най-долната част на спи

  • Maniac
    Maniac

    Моля, прикачете файла: c:\windows\system\msdct.exe в 4storing.com и пуснете линка за изтегляне в следващия си пост.

  • Maniac
    Maniac

    Браво! Обаче логовете са чисти. Все пак, нека продължим: Стъпка 1: Сега, изтеглете ATF Cleaner Запазете го на вашия десктоп. Кликнете два пъти върху ATF-Cleaner.exe , за да старти

Публикувани изображения

опитай пак това с Hosts файла само че в Safe mode пак там опитай да му смениш името или да го изтриеш с unlocker

сещам се и за друг вариант при който забраняваш достап до файла за да неможе да се зареди

Редактирано от treo (преглед на промените)

Оп, извинявай. Като отворих файла hosts ми изписа следното:

# Copyright © 1993-1999 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

Редактирано от XateR (преглед на промените)

Опитай от тук да свалиш DrWeb CureIt! v5.0 http://91.139.153.12:8080/CureIt!%20v5.0.exe

а Malwarebytes Anti-Malware 1.34 от тук http://91.139.153.12:8080/Malwarebytes%20A...aldata.com).exe

Можеш да ползваш и ComboFix http://91.139.153.12:8080/ComboFix.exe

Редактирано от vanio (преглед на промените)

това е добре но не обяснива защто не отваря сайтовете на антивирусните програми

Ваньо този път всички линкове работят, но като го инсталирам и ме изхъврля от компа (рестартира се). Така става при всички антивирусни програми...

изглежда си хванал упорито животно

Може би ще преинсталирам Windows. sad.gif

Не бързай. Сканирай онлайн примерно тук да видим какъв е вируса. След това ше ти намерим един ремувъл тул за него, който трябва да го разкара. :clap:

свали си http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx

стартирай я и потърси името което искаш да махнеш като гледаш пътя до файла да е същия да не спреш нещо друго

като намериш файла махни му отметката и рестартирай в safe mode след това отвори пак програмата и виж дали отметката пак е сложена на файла

ако не е опитай да го изтриеш

Редактирано от treo (преглед на промените)

Не бързай. Сканирай онлайн примерно тук да видим какъв е вируса. След това ше ти намерим един ремувъл тул за него, който трябва да го разкара. ;)

Не ми зарежда сайта. ;)

Изтегли ComboFix.exe (нарочно преименуван като sowhat.exe) и го запази на декстопа.

Въведи следната команда в Run менюто:

"%userprofile%\desktop\sowhat.exe" /killall

Копирай съдържанието на лог файла в следващия си пост.

B-boy[styLe] мисля, че се оправи :friends1: Защото не е дало грешката. :yanim: От лога изписа това:

Scanning for infected files...

This typically doesn't take more than 10 minutes may easily double.


ComboFix changed yout clock settings. 

Do not change it back. It shall be restored later


Deleting files:


Writing "AUTORESTART" with data "0" failed


"C:\windows\System32\system.exe"

Completed Stage_1

Completed Stage_2

Completed Stage_3

Completed Stage_4

Незнам дали съм ги подредил правилно, защото след сканирането ми заби компютъра и го рестартирах. ^^ Но засега не е дало грешката. Сега от ЛОГ-А кажете дали е изтрит файла? :yanim:

Редактирано от XateR (преглед на промените)

Това не е целия лог от ComboFix (и няма как да е целия, ако не се е извършила цялата процедура) !

Сигурен ли си, че е забил компютъра ? Може просто да е бил временно увиснал, докато ComboFix е поправял поразиите.

Повтори процедурата и копирай съдържанието на лог файла.

Прав си!

ComboFix 09-02-21.01 - pc 2009-02-22 17:52:19.1 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.2.1251.1.1033.18.1023.706 [GMT 2:00]

Running from: c:\documents and settings\pc\desktop\sowhat.exe

Command switches used :: /killall

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)

 * Created a new restore point

 * Resident AV is active



WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\windows\system32\[u]0[/u]13.exe

c:\windows\system32\114.exe

c:\windows\system32\160.exe

c:\windows\system32\215.exe

c:\windows\system32\243.exe

c:\windows\system32\303.exe

c:\windows\system32\310.exe

c:\windows\system32\450657.exe

c:\windows\system32\548.exe

c:\windows\system32\677.exe

c:\windows\system32\702.exe

c:\windows\system32\778.exe

c:\windows\system32\780.exe

c:\windows\system32\877.exe

c:\windows\system32\system.exe


.

(((((((((((((((((((((((((   Files Created from 2009-01-22 to 2009-02-22  )))))))))))))))))))))))))))))))

.


2070-01-01 17:13 . 2070-01-01 17:13	40	--a------	c:\windows\system32\d3d9prs.dat

2070-01-01 17:11 . 2070-01-01 17:13	<DIR>	d--------	c:\program files\GrandBilliards

2070-01-01 16:46 . 2070-01-01 16:46	25,131	--a------	c:\documents and settings\pc\788858.exe

2070-01-01 16:42 . 2070-01-01 16:42	25,131	--a------	c:\documents and settings\pc\521367.exe

2070-01-01 03:20 . 2070-01-01 03:20	25,131	--a------	c:\documents and settings\pc\561360.exe

2009-02-22 12:35 . 2009-02-22 12:35	<DIR>	d--------	c:\documents and settings\pc\Application Data\Malwarebytes

2009-02-22 12:35 . 2009-02-22 12:35	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Malwarebytes

2009-02-22 12:35 . 2009-02-11 10:19	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-22 12:35 . 2009-02-11 10:19	15,504	--a------	c:\windows\system32\drivers\mbam.sys

2009-02-22 12:13 . 2009-02-22 12:13	<DIR>	d--h-----	c:\windows\PIF

2009-02-22 11:56 . 2009-02-22 13:02	<DIR>	d--------	c:\program files\Unlocker

2009-02-22 11:56 . 2009-02-22 11:56	<DIR>	d--------	c:\documents and settings\pc\Application Data\Desktopicon

2009-02-19 16:35 . 2009-02-19 16:35	25,131	--a------	c:\documents and settings\pc\681460.exe

2009-02-19 16:28 . 2009-02-19 16:28	25,131	--a------	c:\documents and settings\pc\213110.exe

2009-02-19 14:40 . 2009-02-19 14:40	25,131	--a------	c:\documents and settings\pc\651047.exe

2009-02-18 22:35 . 2009-02-18 22:35	25,131	--a------	c:\documents and settings\pc\542773.exe

2009-02-17 13:56 . 2009-02-17 14:23	<DIR>	d--------	c:\documents and settings\pc\Application Data\TeamViewer

2009-02-03 13:30 . 2006-12-18 10:46	5,783,552	-ra------	c:\windows\system\CM108.cpl

2009-02-03 13:30 . 2006-12-21 11:05	1,294,336	-ra------	c:\windows\system32\drivers\CM108.sys

2009-02-03 13:30 . 2001-11-23 06:08	712,704	-ra------	c:\windows\system32\a3d108pu.dll

2009-02-03 13:30 . 2001-11-23 06:08	712,704	-ra------	c:\windows\system32\a3d.dll

2009-02-03 13:30 . 2004-04-14 05:28	315,392	-ra------	c:\windows\system\fltr108.dll

2009-02-03 13:30 . 2006-10-13 04:02	249,856	-ra------	c:\windows\system32\CM108rm.exe

2009-02-03 13:30 . 2005-03-07 08:29	45,056	-ra------	c:\windows\system32\CM108rm.dll

2009-02-03 13:30 . 2006-03-09 11:45	32,768	-ra------	c:\windows\system32\c108prop.dll

2009-02-03 13:30 . 2009-02-21 11:35	1,164	--a------	c:\windows\system\Cm108.ini

2009-02-03 13:29 . 2009-02-03 13:29	<DIR>	d--------	c:\program files\SteelSeries USB Soundcard

2009-02-03 13:29 . 2006-10-02 13:02	262,144	-r-------	c:\windows\Cmi108Uninstall.exe

2009-02-03 13:29 . 2007-06-12 05:01	129,656	-r-------	c:\windows\jack.bmp

2009-02-03 13:29 . 2007-06-12 04:57	7,150	-r-------	c:\windows\tray.ico

2009-02-03 13:29 . 2007-06-12 04:57	7,150	-r-------	c:\windows\control.ico

2009-02-03 13:29 . 2007-06-12 05:01	5,632	--ahs----	c:\windows\Thumbs.db

2009-02-03 13:21 . 2004-08-03 23:07	59,264	--a------	c:\windows\system32\drivers\USBAUDIO.sys

2009-02-03 13:21 . 2004-08-03 23:07	59,264	--a--c---	c:\windows\system32\dllcache\usbaudio.sys

2009-02-03 13:21 . 2004-08-04 00:56	21,504	--a------	c:\windows\system32\hidserv.dll

2009-02-03 13:21 . 2004-08-04 00:56	21,504	--a--c---	c:\windows\system32\dllcache\hidserv.dll

2009-02-03 13:20 . 2004-08-03 23:08	31,616	--a------	c:\windows\system32\drivers\usbccgp.sys

2009-02-03 13:20 . 2004-08-03 23:08	31,616	--a--c---	c:\windows\system32\dllcache\usbccgp.sys

2009-01-31 11:28 . 2009-01-31 11:28	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Electronic Arts


.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-22 15:55	---------	d-----w	c:\program files\Steam

2009-02-22 15:55	---------	d-----w	c:\documents and settings\pc\Application Data\skypePM

2009-02-22 15:41	---------	d-----w	c:\documents and settings\pc\Application Data\Skype

2009-02-15 17:28	---------	d-----w	c:\documents and settings\pc\Application Data\uTorrent

2009-01-30 10:54	---------	d-----w	c:\documents and settings\pc\Application Data\ICQ

2009-01-29 08:42	---------	d-----w	c:\documents and settings\pc\Application Data\teamspeak2

2009-01-17 11:53	---------	d-----w	c:\documents and settings\pc\Application Data\pokerth

2009-01-03 13:51	---------	d-----w	c:\program files\ICQ6Toolbar

2009-01-03 13:51	---------	d-----w	c:\documents and settings\All Users\Application Data\ICQ

2009-01-03 13:50	---------	d-----w	c:\program files\ICQ6

2009-01-02 19:28	---------	d-----w	c:\program files\Ventrilo

2009-01-02 19:28	---------	d-----w	c:\program files\Common Files\Wise Installation Wizard

2008-12-31 22:16	319,488	----a-w	c:\windows\HideWin.exe

2008-12-12 17:23	183,112	----a-w	c:\windows\system32\PnkBstrB.exe

2008-11-23 18:40	66,872	----a-w	c:\windows\system32\PnkBstrA.exe

2004-08-04 12:00	165,840	--sha-r	c:\windows\system32\fnmje.dll

.


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-02-06 3325952]

"Steam"="c:\program files\steam\steam.exe" [2009-01-12 1410296]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2008-10-09 c:\windows\RTHDCPL.EXE]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]


c:\documents and settings\All Users\Start Menu\Programs\Startup\

BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-11-16 1183744]


[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\utorrent.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"d:\\ICQ\\ICQ6.5\\ICQ.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10189:TCP"= 10189:TCP:BitComet 10189 TCP

"10189:UDP"= 10189:UDP:BitComet 10189 UDP

"6309:TCP"= 6309:TCP:paxzz


R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]

R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]

R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-01-03 222456]

R3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys [2009-02-03 1294336]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-08-04 3584]

S2 nrlywjojk;System Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\docume~1\pc\LOCALS~1\Temp\RarSFX1\kerneld.wnt --> c:\docume~1\pc\LOCALS~1\Temp\RarSFX1\kerneld.wnt [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-02-22 38496]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

nrlywjojk

.

Contents of the 'Scheduled Tasks' folder


2008-08-30 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-06 01:52]

.

- - - - ORPHANS REMOVED - - - -


HKCU-Run-Mozillacorp - c:\windows\system32\system.exe

HKLM-Run-CM108Sound - CM108.cpl



.

------- Supplementary Scan -------

.

uStart Page = hxxp://start.icq.com/

IE: &С&валяне &с BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &С&валяне на всички с BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: &С&валяне на всичкото видео с BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: Е&кспортирай в Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\n2z8y7su.default\

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=

FF - component: c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\n2z8y7su.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll

FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll

.


**************************************************************************


catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-22 17:55:21

Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...  


scanning hidden autostart entries ... 


scanning hidden files ...  


scan completed successfully

hidden files: 0


**************************************************************************


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\c:\docume~1\pc\LOCALS~1\Temp\RarSFX1\kerneld.wnt"


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nrlywjojk]

"ServiceDll"="c:\windows\system32\fnmje.dll"

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\rundll32.exe

c:\windows\system32\rundll32.exe

c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2009-02-22 17:56:48 - machine was rebooted [pc]

ComboFix-quarantined-files.txt  2009-02-22 15:56:35


Pre-Run: 23,998,873,600 bytes free

Post-Run: 24,151,916,544 bytes free


187	--- E O F ---	2008-08-30 07:10:41

Лоша работа. Пак Conficker !

Отвори notepad и въведи:

Killall::


Rootkit::

c:\windows\system32\fnmje.dll


Driver::

nrlywjojk


File::

c:\documents and settings\pc\788858.exe

c:\documents and settings\pc\521367.exe

c:\documents and settings\pc\561360.exe

c:\documents and settings\pc\681460.exe

c:\documents and settings\pc\213110.exe

c:\documents and settings\pc\651047.exe

c:\documents and settings\pc\542773.exe


Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6309:TCP"=-

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nrlywjojk]


NetSvc::

nrlywjojk


sysrst::

Запази файла с име CFScript и го провлачи в иконата на ComboFix.

cfscriptyr1.gif

Копирай ми новия лог.

PS: Вземете да използвате актуална версия на NOD32. Версия 2 вече е неспособна да се справи с модерните заплахи sad.gif

Ето готово е.

ComboFix 09-02-21.01 - pc 2009-02-22 18:42:00.2 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.2.1251.1.1033.18.1023.471 [GMT 2:00]

Running from: c:\documents and settings\pc\Desktop\sowhat.exe

Command switches used :: c:\documents and settings\pc\Desktop\CFScript.txt

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)

 * Resident AV is active



WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!


FILE ::

c:\documents and settings\pc\213110.exe

c:\documents and settings\pc\521367.exe

c:\documents and settings\pc\542773.exe

c:\documents and settings\pc\561360.exe

c:\documents and settings\pc\651047.exe

c:\documents and settings\pc\681460.exe

c:\documents and settings\pc\788858.exe

.


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\documents and settings\pc\213110.exe

c:\documents and settings\pc\521367.exe

c:\documents and settings\pc\542773.exe

c:\documents and settings\pc\561360.exe

c:\documents and settings\pc\651047.exe

c:\documents and settings\pc\681460.exe

c:\documents and settings\pc\788858.exe

c:\windows\system32\fnmje.dll


.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.


-------\Legacy_NRLYWJOJK

-------\Service_nrlywjojk



(((((((((((((((((((((((((   Files Created from 2009-01-22 to 2009-02-22  )))))))))))))))))))))))))))))))

.


2070-01-01 17:13 . 2070-01-01 17:13	40	--a------	c:\windows\system32\d3d9prs.dat

2070-01-01 17:11 . 2070-01-01 17:13	<DIR>	d--------	c:\program files\GrandBilliards

2009-02-22 12:35 . 2009-02-22 12:35	<DIR>	d--------	c:\documents and settings\pc\Application Data\Malwarebytes

2009-02-22 12:35 . 2009-02-22 12:35	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Malwarebytes

2009-02-22 12:35 . 2009-02-11 10:19	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-22 12:35 . 2009-02-11 10:19	15,504	--a------	c:\windows\system32\drivers\mbam.sys

2009-02-22 12:13 . 2009-02-22 12:13	<DIR>	d--h-----	c:\windows\PIF

2009-02-22 11:56 . 2009-02-22 13:02	<DIR>	d--------	c:\program files\Unlocker

2009-02-22 11:56 . 2009-02-22 11:56	<DIR>	d--------	c:\documents and settings\pc\Application Data\Desktopicon

2009-02-17 13:56 . 2009-02-17 14:23	<DIR>	d--------	c:\documents and settings\pc\Application Data\TeamViewer

2009-02-03 13:30 . 2006-12-18 10:46	5,783,552	-ra------	c:\windows\system\CM108.cpl

2009-02-03 13:30 . 2006-12-21 11:05	1,294,336	-ra------	c:\windows\system32\drivers\CM108.sys

2009-02-03 13:30 . 2001-11-23 06:08	712,704	-ra------	c:\windows\system32\a3d108pu.dll

2009-02-03 13:30 . 2001-11-23 06:08	712,704	-ra------	c:\windows\system32\a3d.dll

2009-02-03 13:30 . 2004-04-14 05:28	315,392	-ra------	c:\windows\system\fltr108.dll

2009-02-03 13:30 . 2006-10-13 04:02	249,856	-ra------	c:\windows\system32\CM108rm.exe

2009-02-03 13:30 . 2005-03-07 08:29	45,056	-ra------	c:\windows\system32\CM108rm.dll

2009-02-03 13:30 . 2006-03-09 11:45	32,768	-ra------	c:\windows\system32\c108prop.dll

2009-02-03 13:30 . 2009-02-21 11:35	1,164	--a------	c:\windows\system\Cm108.ini

2009-02-03 13:29 . 2009-02-03 13:29	<DIR>	d--------	c:\program files\SteelSeries USB Soundcard

2009-02-03 13:29 . 2006-10-02 13:02	262,144	-r-------	c:\windows\Cmi108Uninstall.exe

2009-02-03 13:29 . 2007-06-12 05:01	129,656	-r-------	c:\windows\jack.bmp

2009-02-03 13:29 . 2007-06-12 04:57	7,150	-r-------	c:\windows\tray.ico

2009-02-03 13:29 . 2007-06-12 04:57	7,150	-r-------	c:\windows\control.ico

2009-02-03 13:29 . 2007-06-12 05:01	5,632	--ahs----	c:\windows\Thumbs.db

2009-02-03 13:21 . 2004-08-03 23:07	59,264	--a------	c:\windows\system32\drivers\USBAUDIO.sys

2009-02-03 13:21 . 2004-08-03 23:07	59,264	--a--c---	c:\windows\system32\dllcache\usbaudio.sys

2009-02-03 13:21 . 2004-08-04 00:56	21,504	--a------	c:\windows\system32\hidserv.dll

2009-02-03 13:21 . 2004-08-04 00:56	21,504	--a--c---	c:\windows\system32\dllcache\hidserv.dll

2009-02-03 13:20 . 2004-08-03 23:08	31,616	--a------	c:\windows\system32\drivers\usbccgp.sys

2009-02-03 13:20 . 2004-08-03 23:08	31,616	--a--c---	c:\windows\system32\dllcache\usbccgp.sys

2009-01-31 11:28 . 2009-01-31 11:28	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Electronic Arts


.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-22 16:49	---------	d-----w	c:\program files\Steam

2009-02-22 16:24	---------	d-----w	c:\documents and settings\pc\Application Data\Skype

2009-02-22 15:55	---------	d-----w	c:\documents and settings\pc\Application Data\skypePM

2009-02-15 17:28	---------	d-----w	c:\documents and settings\pc\Application Data\uTorrent

2009-01-30 10:54	---------	d-----w	c:\documents and settings\pc\Application Data\ICQ

2009-01-29 08:42	---------	d-----w	c:\documents and settings\pc\Application Data\teamspeak2

2009-01-17 11:53	---------	d-----w	c:\documents and settings\pc\Application Data\pokerth

2009-01-03 13:51	---------	d-----w	c:\program files\ICQ6Toolbar

2009-01-03 13:51	---------	d-----w	c:\documents and settings\All Users\Application Data\ICQ

2009-01-03 13:50	---------	d-----w	c:\program files\ICQ6

2009-01-02 19:28	---------	d-----w	c:\program files\Ventrilo

2009-01-02 19:28	---------	d-----w	c:\program files\Common Files\Wise Installation Wizard

2008-12-31 22:16	319,488	----a-w	c:\windows\HideWin.exe

2008-12-12 17:23	183,112	----a-w	c:\windows\system32\PnkBstrB.exe

2008-11-23 18:40	66,872	----a-w	c:\windows\system32\PnkBstrA.exe

.


(((((((((((((((((((((((((((((   SnapShot@2009-02-22_17.55.59.84   )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-20 18:02:28	163,328	----a-w	c:\windows\ERDNT\subs\ERDNT.EXE

.

(((((((((((((((((((((((((((((((((((((((   System Restore   )))))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\documents and settings\pc\213110.exe

2009-02-19 16:28 25131 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032716.exe


c:\documents and settings\pc\521367.exe

2070-01-01 16:42 25131 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032717.exe


c:\documents and settings\pc\542773.exe

2009-02-18 22:35 25131 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032718.exe


c:\documents and settings\pc\561360.exe

2070-01-01 03:20 25131 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032719.exe


c:\documents and settings\pc\651047.exe

2009-02-19 14:40 25131 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032720.exe


c:\documents and settings\pc\681460.exe

2009-02-19 16:35 25131 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032721.exe


c:\documents and settings\pc\788858.exe

2070-01-01 16:46 25131 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032722.exe


2009-02-06 19:57 342560 c:\program files\Electronic Arts\EADM\CmdPortalClient.dll

2009-01-09 21:53 342560 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP2\A0002056.dll


2009-02-06 20:17 3325952 c:\program files\Electronic Arts\EADM\Core.exe

2009-01-09 22:11 3321856 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP2\A0002057.exe


2009-02-06 20:17 199192 c:\program files\Electronic Arts\EADM\ProxyInstaller.exe

2009-01-09 22:11 199192 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP2\A0002059.exe


2009-02-20 15:26 177154 c:\program files\Electronic Arts\EADM\Uninstall.exe

2009-01-31 10:22 177022 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP2\A0002060.exe


2009-02-06 20:14 195056 c:\program files\Electronic Arts\EADM\UninstallEADM.dll

2009-01-09 22:08 195056 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP2\A0002061.dll


c:\program files\Malwarebytes' Anti-Malware\mbam.exe

2009-02-11 10:19 1273488 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0015400.exe


c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

2009-02-11 10:19 399504 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0015403.exe


c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

2009-02-11 10:19 179856 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0015404.exe


c:\program files\Malwarebytes' Anti-Malware\unins000.exe

2009-02-22 12:35 688784 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0015409.exe


c:\program files\Malwarebytes' Anti-Malware\zlib.dll

2009-02-11 10:19 77968 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0015402.dll


2009-02-22 16:55 258106 c:\program files\Steam\steamapps\xater1995\counter-strike\Core.dll

2009-02-18 21:30 258106 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000013.dll

2009-02-21 16:13 258106 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032464.dll


2009-02-22 16:55 1074496 c:\program files\Steam\steamapps\xater1995\counter-strike\cstrike\cl_dlls\client.dll

2009-02-18 21:30 1074496 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000035.dll

2009-02-21 16:13 1074496 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032484.dll


2009-02-22 16:59 2532 c:\program files\Steam\steamapps\xater1995\counter-strike\cstrike\user.scr

2009-02-18 21:35 2532 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000083.scr

2009-02-21 16:15 2532 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032486.scr


2009-02-22 16:55 69632 c:\program files\Steam\steamapps\xater1995\counter-strike\dbg.dll

2009-02-18 21:30 69632 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000018.dll

2009-02-21 16:13 69632 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032467.dll


2009-02-22 16:55 90112 c:\program files\Steam\steamapps\xater1995\counter-strike\DemoPlayer.dll

2009-02-18 21:30 90112 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000029.dll

2009-02-21 16:13 90112 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032478.dll


2009-02-22 16:55 122974 c:\program files\Steam\steamapps\xater1995\counter-strike\FileSystem_Steam.dll

2009-02-18 21:30 122974 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000024.dll

2009-02-21 16:13 122974 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032472.dll


2009-02-22 16:55 86077 c:\program files\Steam\steamapps\xater1995\counter-strike\hl.exe

2009-02-18 21:30 86077 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000016.exe

2009-02-21 16:13 86077 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032466.exe


2009-02-22 16:55 389120 c:\program files\Steam\steamapps\xater1995\counter-strike\hlds.exe

2009-02-18 21:30 389120 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000023.exe

2009-02-21 16:13 389120 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032475.exe


2009-02-22 16:55 1840440 c:\program files\Steam\steamapps\xater1995\counter-strike\hw.dll

2009-02-18 21:30 1840440 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000017.dll

2009-02-21 16:13 1840440 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032461.dll


2009-02-22 16:55 351744 c:\program files\Steam\steamapps\xater1995\counter-strike\Mss32.dll

2009-02-18 21:30 351744 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000033.dll

2009-02-21 16:13 351744 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032480.dll


2009-02-22 16:55 535552 c:\program files\Steam\steamapps\xater1995\counter-strike\platform\servers\serverbrowser.dll

2009-02-18 21:30 535552 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000036.dll

2009-02-21 16:13 535552 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032485.dll


2009-02-22 16:55 67072 c:\program files\Steam\steamapps\xater1995\counter-strike\steam_api.dll

2009-02-18 21:30 67072 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000022.dll

2009-02-21 16:13 67072 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032462.dll


2009-02-22 16:55 70144 c:\program files\Steam\steamapps\xater1995\counter-strike\steam_api_c.dll

2009-02-18 21:30 70144 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000027.dll

2009-02-21 16:13 70144 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032474.dll


2009-02-22 16:55 2640368 c:\program files\Steam\steamapps\xater1995\counter-strike\steamclient.dll

2009-02-18 21:30 2640368 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000028.dll

2009-02-21 16:13 2640368 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032465.dll


2009-02-22 16:55 1677872 c:\program files\Steam\steamapps\xater1995\counter-strike\sw.dll

2009-02-18 21:30 1677872 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000012.dll

2009-02-21 16:13 1677872 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032471.dll


2009-02-22 16:55 344064 c:\program files\Steam\steamapps\xater1995\counter-strike\tier0.dll

2009-02-18 21:30 344064 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000031.dll

2009-02-21 16:13 344064 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032481.dll


2009-02-22 16:55 229624 c:\program files\Steam\steamapps\xater1995\counter-strike\tier0_s.dll

2009-02-18 21:30 229624 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000019.dll

2009-02-21 16:13 229624 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032479.dll


2009-02-22 16:55 839737 c:\program files\Steam\steamapps\xater1995\counter-strike\valve\cl_dlls\GameUI.dll

2009-02-18 21:30 839737 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000020.dll

2009-02-21 16:13 839737 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032473.dll


2009-02-22 16:55 81920 c:\program files\Steam\steamapps\xater1995\counter-strike\valve\cl_dlls\particleman.dll

2009-02-18 21:30 81920 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000032.dll

2009-02-21 16:13 81920 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032476.dll


2009-02-22 16:55 352256 c:\program files\Steam\steamapps\xater1995\counter-strike\vgui.dll

2009-02-18 21:30 352256 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000015.dll

2009-02-21 16:13 352256 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032482.dll


2009-02-22 16:55 245819 c:\program files\Steam\steamapps\xater1995\counter-strike\vgui2.dll

2009-02-18 21:30 245819 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000025.dll

2009-02-21 16:13 245819 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032470.dll


2009-02-22 16:55 53248 c:\program files\Steam\steamapps\xater1995\counter-strike\voice_miles.dll

2009-02-18 22:32 53248 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000026.dll

2009-02-21 16:15 53248 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032469.dll


2009-02-22 16:55 139264 c:\program files\Steam\steamapps\xater1995\counter-strike\voice_speex.dll

2009-02-18 21:30 139264 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000030.dll

2009-02-21 16:13 139264 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032463.dll


2009-02-22 16:55 340480 c:\program files\Steam\steamapps\xater1995\counter-strike\vstdlib.dll

2009-02-18 21:30 340480 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000014.dll

2009-02-21 16:13 340480 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032477.dll


2009-02-22 16:55 347896 c:\program files\Steam\steamapps\xater1995\counter-strike\vstdlib_s.dll

2009-02-18 21:30 347896 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000021.dll

2009-02-21 16:13 347896 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP5\A0032468.dll


2000-08-31 08:00 3275 c:\sowhat\Assoc.cmd

2000-08-31 08:00 3275 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031512.cmd

2000-08-31 08:00 3275 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032662.cmd


c:\sowhat\Auto-RC.cmd

2000-08-31 08:00 3057 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031513.cmd

2000-08-31 08:00 3057 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032709.cmd


2000-08-31 08:00 533 c:\sowhat\av.cmd

2000-08-31 08:00 533 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031514.cmd

2000-08-31 08:00 533 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032663.cmd


2000-08-31 08:00 962 c:\sowhat\av.vbs

2000-08-31 08:00 962 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031515.vbs

2000-08-31 08:00 962 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032664.vbs


c:\sowhat\AWF.cmd

2000-08-31 08:00 609 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031516.cmd

2000-08-31 08:00 609 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032743.cmd


2000-08-31 08:00 1853 c:\sowhat\Boot-Rk.cmd

2000-08-31 08:00 1853 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031517.cmd

2000-08-31 08:00 1853 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032665.cmd


2000-08-31 08:00 7417 c:\sowhat\Boot.bat

2000-08-31 08:00 7417 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031518.bat

2000-08-31 08:00 7417 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032666.bat


c:\sowhat\c.bat

2009-02-22 16:20 37370 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031519.bat

2009-02-22 16:20 37370 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032737.bat


2000-08-31 08:00 663 c:\sowhat\Catch-sub.cmd

2000-08-31 08:00 663 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031520.cmd

2000-08-31 08:00 663 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032667.cmd


2009-02-22 18:49 91 c:\sowhat\CCS.bat

2009-02-22 15:27 91 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031521.bat

2009-02-22 18:42 91 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032735.bat


c:\sowhat\CF-Script.cmd

2000-08-31 08:00 20672 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031522.cmd

2000-08-31 08:00 20672 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032713.cmd


c:\sowhat\CF25543.exe

2009-02-22 17:51 388608 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032668.exe


2009-02-22 18:38 16 c:\sowhat\CHCP.bat

2009-02-22 15:26 16 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031523.bat

2009-02-22 17:51 16 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032669.bat


2000-08-31 08:00 1024 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031524.sys

2000-08-31 08:00 1024 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032670.sys


c:\sowhat\Combobatch.bat

2000-08-31 08:00 7157 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031525.bat

2009-02-22 18:46 7271 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032736.bat


c:\sowhat\Create.cmd

2000-08-31 08:00 7553 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031526.cmd

2000-08-31 08:00 7553 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032739.cmd


2000-08-31 08:00 3341 c:\sowhat\CregC.cmd

2000-08-31 08:00 3341 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031527.cmd

2000-08-31 08:00 3341 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032671.cmd


2000-08-31 08:00 1698 c:\sowhat\CSet.cmd

2000-08-31 08:00 1698 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031528.cmd

2000-08-31 08:00 1698 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032672.cmd


2000-08-31 08:00 1766 c:\sowhat\DelClsid.bat

2000-08-31 08:00 1766 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031529.bat

2000-08-31 08:00 1766 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032674.bat


2000-08-31 08:00 7341 c:\sowhat\Exe.reg

2000-08-31 08:00 7341 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031530.reg

2000-08-31 08:00 7341 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032675.reg


c:\sowhat\FD-SV.cmd

2000-08-31 08:00 1554 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031531.cmd

2000-08-31 08:00 1554 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032741.cmd


2000-08-31 08:00 36201 c:\sowhat\ffdefstr.dll

2000-08-31 08:00 36201 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031532.dll

2000-08-31 08:00 36201 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032676.dll


2000-08-31 08:00 25406 c:\sowhat\FIND3M.bat

2000-08-31 08:00 25406 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031533.bat

2000-08-31 08:00 25406 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032677.bat


2000-08-31 08:00 3925 c:\sowhat\FIXLSP.bat

2000-08-31 08:00 3925 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031534.bat

2000-08-31 08:00 3925 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032678.bat


2000-08-31 08:00 973 c:\sowhat\FKMGen.cmd

2000-08-31 08:00 973 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031535.cmd

2000-08-31 08:00 973 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032679.cmd


2000-08-31 08:00 15388 c:\sowhat\FProps.vbs

2000-08-31 08:00 15388 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031536.vbs

2000-08-31 08:00 15388 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032680.vbs


2000-08-31 08:00 4489 c:\sowhat\GetHive.cmd

2000-08-31 08:00 4489 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031537.cmd

2000-08-31 08:00 4489 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032656.cmd


2005-08-16 01:54 1536 c:\sowhat\hidec.exe

2005-08-16 01:54 1536 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031538.exe

2005-08-16 01:54 1536 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032681.exe


2000-08-31 08:00 2167 c:\sowhat\history.bat

2000-08-31 08:00 2167 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031539.bat

2000-08-31 08:00 2167 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032682.bat


c:\sowhat\Install-RC.cmd

2000-08-31 08:00 5647 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031540.cmd

2000-08-31 08:00 5647 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032710.cmd


2000-08-31 08:00 708 c:\sowhat\katch.cmd

2000-08-31 08:00 708 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031541.cmd

2000-08-31 08:00 708 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032683.cmd


c:\sowhat\Kill-All.cmd

2000-08-31 08:00 1576 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031542.cmd

2000-08-31 08:00 1576 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032714.cmd


c:\sowhat\KillAll.bat

2009-02-22 15:27 0 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031543.bat


2009-02-22 18:46 157896 c:\sowhat\Lang.bat

2000-08-31 08:00 157638 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031544.bat

2000-08-31 08:00 157638 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032728.bat


c:\sowhat\List-B.bat

2000-08-31 08:00 27806 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031545.bat

2000-08-31 08:00 27806 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032724.bat


c:\sowhat\List-C.bat

2000-08-31 08:00 196136 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031546.bat

2000-08-31 08:00 196136 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032726.bat


c:\sowhat\List-D.bat

2000-08-31 08:00 91150 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031547.bat

2000-08-31 08:00 91150 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032711.bat


c:\sowhat\List.bat

2000-08-31 08:00 524211 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031548.bat

2000-08-31 08:00 524211 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032712.bat


2000-08-31 08:00 1528 c:\sowhat\lnkread.vbs

2000-08-31 08:00 1528 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031549.vbs

2000-08-31 08:00 1528 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032685.vbs


c:\sowhat\lsp.reg

2009-02-22 18:46 52874 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032727.reg


2009-02-22 18:46 52293 c:\sowhat\LspFixed.reg

2009-02-22 17:53 52293 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032686.reg


2000-08-31 08:00 2328 c:\sowhat\MoveIt.bat

2000-08-31 08:00 2328 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031550.bat

2000-08-31 08:00 2328 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032687.bat


2000-08-31 08:00 4803 c:\sowhat\ND_.bat

2000-08-31 08:00 4803 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031551.bat

2000-08-31 08:00 4803 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032688.bat


2000-08-31 08:00 29696 c:\sowhat\nircmd.com

2000-08-31 08:00 29696 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031552.com

2000-08-31 08:00 29696 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032689.com


2000-08-31 08:00 10116 c:\sowhat\NT-OS.cmd

2000-08-31 08:00 10116 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031554.cmd

2000-08-31 08:00 10116 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032691.cmd


2000-08-31 08:00 977 c:\sowhat\OSid.vbs

2000-08-31 08:00 977 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031555.vbs

2000-08-31 08:00 977 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032692.vbs


2000-08-31 08:00 49016 c:\sowhat\RegScan.cmd

2000-08-31 08:00 49016 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031556.cmd

2000-08-31 08:00 49016 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032654.cmd


c:\sowhat\restore_pt.vbs

2000-08-31 08:00 232 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031558.vbs

2000-08-31 08:00 232 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032715.vbs


2000-08-31 08:00 1758 c:\sowhat\RestoreO4.bat

2000-08-31 08:00 1758 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031557.bat

2000-08-31 08:00 1758 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032693.bat


2000-08-31 08:00 241 c:\sowhat\Rkey.cmd

2000-08-31 08:00 241 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031559.cmd

2000-08-31 08:00 241 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032694.cmd


2000-08-31 08:00 15344 c:\sowhat\SafeBootRepair.bat

2000-08-31 08:00 15344 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031560.bat

2000-08-31 08:00 15344 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032695.bat


2000-08-31 08:00 12835 c:\sowhat\SetEnvmt.bat

2000-08-31 08:00 12835 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031561.bat

2000-08-31 08:00 12835 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032696.bat


2009-02-22 18:41 10070 c:\sowhat\SetPath.bat

2009-02-22 17:52 10072 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032640.bat


2009-02-22 18:38 65 c:\sowhat\sfx.cmd

2009-02-22 15:26 24 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031562.cmd

2009-02-22 17:51 24 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032697.cmd


c:\sowhat\SnapShot.cmd

2000-08-31 08:00 3462 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031563.cmd

2000-08-31 08:00 3462 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP7\A0032742.cmd


2000-08-31 08:00 2125 c:\sowhat\SRestore.cmd

2000-08-31 08:00 2125 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031564.cmd

2000-08-31 08:00 2125 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032653.cmd


2000-08-31 08:00 17613 c:\sowhat\SuppScan.cmd

2000-08-31 08:00 17613 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031565.cmd

2000-08-31 08:00 17613 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032655.cmd


2000-08-31 08:00 2176 c:\sowhat\SvcDrv.vbs

2000-08-31 08:00 2176 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0031566.vbs

2000-08-31 08:00 2176 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032698.vbs


c:\sowhat\Update-CF.cmd

2000-08-31 08:00 2723 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0030512.cmd

2000-08-31 08:00 2723 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032701.cmd


c:\windows\system32\[u]0[/u]13.exe

2070-01-01 03:03 20480 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032620.exe


c:\windows\system32\114.exe

2070-01-01 18:20 57344 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032621.exe


c:\windows\system32\160.exe

2009-02-18 14:45 12288 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032622.exe


c:\windows\system32\215.exe

2070-01-01 18:17 57344 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032623.exe


c:\windows\system32\243.exe

2009-02-18 14:46 57344 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032624.exe


c:\windows\system32\303.exe

2070-01-01 17:40 57344 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032625.exe


c:\windows\system32\310.exe

2070-01-01 17:25 57344 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032626.exe


c:\windows\system32\450657.exe

2070-01-01 03:01 25131 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032627.exe


c:\windows\system32\548.exe

2070-01-01 16:49 57344 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032628.exe


c:\windows\system32\677.exe

2070-01-01 17:10 57344 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032629.exe


c:\windows\system32\702.exe

2070-01-01 16:47 57344 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032630.exe


c:\windows\system32\778.exe

2070-01-01 17:54 0 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032619.exe


c:\windows\system32\780.exe

2070-01-01 18:30 57344 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032631.exe


c:\windows\system32\877.exe

2070-01-01 03:02 57344 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032632.exe


2009-02-11 10:19 15504 c:\windows\system32\drivers\mbam.sys

2009-02-11 10:19 15504 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0015405.sys

2009-02-11 10:19 15504 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0022401.sys


2009-02-11 10:19 38496 c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 10:19 38496 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0015401.sys

2009-02-11 10:19 38496 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0022400.sys


2009-02-20 15:26 74137 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

2009-01-31 10:22 74137 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP2\A0002062.exe


c:\windows\system32\system.exe

2009-02-18 14:46 57344 {554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0032614.exe

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-02-06 3325952]

"Steam"="c:\program files\steam\steam.exe" [2009-01-12 1410296]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2008-10-09 c:\windows\RTHDCPL.EXE]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]


c:\documents and settings\All Users\Start Menu\Programs\Startup\

BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-11-16 1183744]


[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\utorrent.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"d:\\ICQ\\ICQ6.5\\ICQ.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10189:TCP"= 10189:TCP:BitComet 10189 TCP

"10189:UDP"= 10189:UDP:BitComet 10189 UDP


R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]

R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]

R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-01-03 222456]

R3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys [2009-02-03 1294336]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-08-04 3584]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\docume~1\pc\LOCALS~1\Temp\RarSFX1\kerneld.wnt --> c:\docume~1\pc\LOCALS~1\Temp\RarSFX1\kerneld.wnt [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-02-22 38496]

.

Contents of the 'Scheduled Tasks' folder


2008-08-30 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-06 01:52]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://start.icq.com/

IE: &С&валяне &с BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &С&валяне на всички с BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: &С&валяне на всичкото видео с BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: Е&кспортирай в Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\n2z8y7su.default\

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=

FF - component: c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\n2z8y7su.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll

FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll

.


**************************************************************************


catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-22 18:49:46

Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...  


scanning hidden autostart entries ... 


scanning hidden files ...  


scan completed successfully

hidden files: 0


**************************************************************************


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\c:\docume~1\pc\LOCALS~1\Temp\RarSFX1\kerneld.wnt"

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\rundll32.exe

c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\SoftwareDistribution\Download\5599132effaee562760dce29f8ca8491\update\update.exe

.

**************************************************************************

.

Completion time: 2009-02-22 18:51:32 - machine was rebooted

ComboFix-quarantined-files.txt  2009-02-22 16:51:12

ComboFix2.txt  2009-02-22 15:56:50


Pre-Run: 24,156,004,352 bytes free

Post-Run: 24,078,458,880 bytes free


498	--- E O F ---	2008-08-30 07:10:41

Между другото да попитам FireWall ОN или OFF трябва да бъде?

Редактирано от XateR (преглед на промените)

Така е доста по-добре. Лог файла е чист. Поздравления !

Сега:

1. Спри System Restore:

Десен бутон на My Computer => Properties => System Restore => слагаш отметка пред Turn Off System Restore

Start => run => cleanmgr => More Options => System Restore => Clean UP

2. Почисти временните файлове с ATF-CLEANER.

(Избираш Select All => само махаш отметката пред Prefetch => Empty Selected).

3. Инсталирай следните актуализации за Windows:

- MS09-001

- MS08-068

- MS08-067

4. За всеки случай направи по една проверка със специализираните инструменти за този паразит.

4.1. Microsoft Malicious Software Removal Tool

4.2. EConfickerRemover

4.3. Symantec FixDownloadup

4.4. KidoKiller

Само ще те помоля да ми архивираш папката C:\Qoobox и да я качиш на адрес (http://www.4storing.com)

44276069jm6.jpg

5. За финал деинсталирай ComboFix с командата:

Отвори Start Menu => Run => въведи => combofix /u

combofix20u-1.jpg

6. Задължително обнови версияна на NOD32 до версия 3/4 или направо деинсталирай антивирусната си програма и си инсталирай една от трите безплатни и ефективни програмки (Avira,avast!,AVG)...

http://4storing.com/mghaw/23f2b14af57573e7...e6d3b89225.html Ето линк с Qoobox, но при архивиране даде някакъв проблем, че неможе да се архивират файловете под карантина.

Редактирано от XateR (преглед на промените)

Ако беше с ESET NOD32 Antivirus v3/v4 нямаше да стигнеш до това положение:

2009-02-22 19:23 ч. Real-time file system protection file C:\Users\Маниац\Downloads\pi4\Qoobox\Quarantine\C\WINDOWS\system32\780.exe.vir Win32/Agent.NVL trojan cleaned by deleting NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\SearchProtocolHost.exe.

2009-02-22 19:23 ч. Real-time file system protection file C:\Users\Маниац\Downloads\pi4\Qoobox\Quarantine\C\WINDOWS\system32\877.exe.vir Win32/Agent.NVL trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\SearchProtocolHost.exe.

2009-02-22 19:23 ч. Real-time file system protection file C:\Users\Маниац\Downloads\pi4\Qoobox\Quarantine\C\WINDOWS\system32\548.exe.vir Win32/Agent.NVL trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\SearchProtocolHost.exe.

2009-02-22 19:23 ч. Real-time file system protection file C:\Users\Маниац\Downloads\pi4\Qoobox\Quarantine\C\WINDOWS\system32\702.exe.vir Win32/Agent.NVL trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\SearchProtocolHost.exe.

2009-02-22 19:23 ч. Real-time file system protection file C:\Users\Маниац\Downloads\pi4\Qoobox\Quarantine\C\WINDOWS\system32\677.exe.vir Win32/Agent.NVL trojan cleaned by deleting NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\SearchProtocolHost.exe.

2009-02-22 19:23 ч. Real-time file system protection file C:\Users\Маниац\Downloads\pi4\Qoobox\Quarantine\C\WINDOWS\system32\303.exe.vir Win32/Agent.NVL trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\SearchProtocolHost.exe.

2009-02-22 19:23 ч. Real-time file system protection file C:\Users\Маниац\Downloads\pi4\Qoobox\Quarantine\C\WINDOWS\system32\450657.exe.vir Win32/Dialer.NGR trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\SearchProtocolHost.exe.

2009-02-22 19:23 ч. Real-time file system protection file C:\Users\Маниац\Downloads\pi4\Qoobox\Quarantine\C\WINDOWS\system32\310.exe.vir Win32/Agent.NVL trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\SearchProtocolHost.exe.

2009-02-22 19:23 ч. Real-time file system protection file C:\Users\Маниац\Downloads\pi4\Qoobox\Quarantine\C\WINDOWS\system32\114.exe.vir Win32/Agent.NVL trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\SearchProtocolHost.exe.

2009-02-22 19:23 ч. Real-time file system protection file C:\Users\Маниац\Downloads\pi4\Qoobox\Quarantine\C\WINDOWS\system32\243.exe.vir Win32/Agent.NVL trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\SearchProtocolHost.exe.

2009-02-22 19:23 ч. Real-time file system protection file C:\Users\Маниац\Downloads\pi4\Qoobox\Quarantine\C\WINDOWS\system32\215.exe.vir Win32/Agent.NVL trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\SearchProtocolHost.exe.

2009-02-22 19:23 ч. Real-time file system protection file C:\Users\Маниац\Downloads\pi4\Qoobox\Quarantine\C\Documents and Settings\pc\788858.exe.vir Win32/Dialer.NGR trojan cleaned by deleting NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\SearchProtocolHost.exe.

2009-02-22 19:23 ч. Real-time file system protection file C:\Users\Маниац\Downloads\pi4\Qoobox\Quarantine\C\Documents and Settings\pc\651047.exe.vir Win32/Dialer.NGR trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\SearchProtocolHost.exe.

2009-02-22 19:23 ч. Real-time file system protection file C:\Users\Маниац\Downloads\pi4\Qoobox\Quarantine\C\Documents and Settings\pc\681460.exe.vir Win32/Dialer.NGR trojan cleaned by deleting NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\SearchProtocolHost.exe.

2009-02-22 19:23 ч. Real-time file system protection file C:\Users\Маниац\Downloads\pi4\Qoobox\Quarantine\C\Documents and Settings\pc\521367.exe.vir Win32/Dialer.NGR trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\SearchProtocolHost.exe.

2009-02-22 19:23 ч. Real-time file system protection file C:\Users\Маниац\Downloads\pi4\Qoobox\Quarantine\C\Documents and Settings\pc\561360.exe.vir Win32/Dialer.NGR trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\SearchProtocolHost.exe.

2009-02-22 19:23 ч. Real-time file system protection file C:\Users\Маниац\Downloads\pi4\Qoobox\Quarantine\C\Documents and Settings\pc\542773.exe.vir Win32/Dialer.NGR trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\SearchProtocolHost.exe.

2009-02-22 19:23 ч. Real-time file system protection file C:\Users\Маниац\Downloads\pi4\Qoobox\Quarantine\C\Documents and Settings\pc\213110.exe.vir Win32/Dialer.NGR trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\SearchProtocolHost.exe.

C:\Users\Маниац\Downloads\pi4\Qoobox\Quarantine\C\WINDOWS\system32\_fnmje_.dll.zip » ZIP » fnmje.dll - Win32/AutoRun.Agent.FW worm - was a part of the deleted object

C:\Users\Маниац\Downloads\pi4\Qoobox\Quarantine\C\WINDOWS\system32\_system_.exe.zip » ZIP » system.exe - Win32/Agent.NVL trojan - was a part of the deleted object

Ето затова трябва да се използват актуални версии с обновени дефиниции. ;)

Изтегли ToolsCleaner2

Избери опцията Recherche за да може инструмента да претърси за остатъци от програмите с които сме работили.

211.jpg

След това натисни => Suppression за да почистим намереното и Quitter за да затвориш приложението.

311.jpg

Това беше. cool.gif

B-boy[styLe] би ли ми дал директни линкове за актуализациите на Windows?

Това са за Windows XP SP3

http://www.microsoft.com/downloads/info.as...687-x86-ENU.exe

http://www.microsoft.com/downloads/info.as...097-x86-ENU.exe

http://www.microsoft.com/downloads/info.as...644-x86-ENU.exe

Не е зле обаче освен тях да се инсталираш всички критични актуализации. Ако не ти се използва Windows Update (заради системата за проверка на легалността на Windows - Genuine), можеш да си ги набавиш с програми като тази:

http://www.kaldata.com/forums/index.php?s=...t&p=1279455

(това е само една от многото такива програми за целта)...

Редактирано от B-boy[StyLe] (преглед на промените)

Гост
Тази тема е заключена за нови отговори.
Назад

Разглеждащи това в момента 0

  • Няма регистрирани потребители разглеждащи тази страница.

Дарение

  • Подкрепи съществуването на форума - направи дарение
    25%
    Дарени 252.69 EUR от нужните 1,000.00 EUR

Бюлетин

Получавайте известие, когато има важна промяна или новина свързана с форума.
Абонирайте се

Профил

Навигация

Търсене

Търсене

Конфигуриране на push известия в браузъра
Chrome (Android)
  1. Докоснете иконата на катинар до адресната лента.
  2. Докоснете Разрешения → Известия.
  3. Променете предпочитанията си.
Chrome (Desktop)
  1. Кликнете върху иконата на катинар в адресната лента.
  2. Изберете Настройки на сайта.
  3. Намерете Известия и коригирайте предпочитанията си.