coolmeen - Не знам за какъв пакет говориш, просто ползвам максимална защита, защото вече троянци са ми правили сечено и свърших с формат... Постоянно се пръкват, без да знам кога и откъде.

Comodo Internet Security е интегриран пакет от антивирус,защитна стена и т.н.Спроед мен антивируса на Комодо не заслужава особенно внимание (поне за сега),но може с Авира да ползваш стената на Comodo или някоя друга по избор.

Усепх в борбата с паразитите,слушай B-boy и всичко ще се оправи !

Редактирано 12 март 200917 г. от coolmeen (преглед на промените)

Malware Bytes ми дава Not Responding, като почне да сканира. В момента правя пълна проверка (3-ти път го казвам) и открива вируси. Работата е там, че ако делне ехе файл от system32 и крашне Уина, после не знам как ще го възстановявам...

А иначе сигурно ли е, че заключения ddcDsqqo.dll в System32 е вирус, а не инфектиран файл, който ако изтрия може да стане гаф?

Обикновено си държа ръцете далеч от WINDOWS папката и не му разбирам много.

Редактирано 12 март 200917 г. от Crimsader (преглед на промените)

fix, ето:

ComboFix 09-03-10.03 - gooner 2009-03-12 15:16:39.2 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1251.1.1033.18.3198.2503 [GMT 2:00]

Running from: c:\users\gooner\desktop\ComboFix.exe

Command switches used :: /killall

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)

.

((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))

.

2009-03-12 02:26 . 2009-03-12 02:26 <DIR> d-------- C:\Intel

2009-03-12 02:26 . 2009-03-12 02:26 <DIR> d-------- C:\inf

2009-03-11 16:18 . 2009-02-24 03:29 2,034,176 --a------ c:\windows\System32\win32k.sys

2009-03-10 16:16 . 2009-03-10 16:16 <DIR> d-------- c:\program files\MPC HomeCinema

2009-03-10 11:50 . 2009-03-10 12:02 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy

2009-03-10 11:50 . 2009-03-10 12:02 <DIR> d-------- c:\programdata\Spybot - Search & Destroy

2009-03-10 11:50 . 2009-03-12 02:31 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2009-03-10 01:43 . 2009-03-10 01:43 <DIR> d-------- c:\users\gooner\AppData\Roaming\Malwarebytes

2009-03-10 01:43 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-03-10 01:42 . 2009-03-10 01:42 <DIR> d-------- c:\users\All Users\Malwarebytes

2009-03-10 01:42 . 2009-03-10 01:42 <DIR> d-------- c:\programdata\Malwarebytes

2009-03-10 01:42 . 2009-03-10 01:43 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-10 01:42 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-03-09 02:31 . 2009-03-09 02:31 280 --a------ c:\windows\System32\PDBootState

2009-03-08 00:29 . 2009-03-09 02:19 <DIR> d-------- c:\users\All Users\Media Center Programs

2009-03-08 00:29 . 2009-03-09 02:19 <DIR> d-------- c:\programdata\Media Center Programs

2009-03-05 00:05 . 2009-03-05 00:05 <DIR> d-------- c:\windows\System32\vi-VN

2009-03-05 00:05 . 2009-03-05 00:05 <DIR> d-------- c:\windows\System32\eu-ES

2009-03-05 00:05 . 2009-03-05 00:05 <DIR> d-------- c:\windows\System32\ca-ES

2009-03-05 00:05 . 2007-07-02 16:30 8,393 --a------ c:\windows\System32\CTAPO32.cat

2009-03-05 00:03 . 2009-03-05 00:03 <DIR> d-------- c:\windows\System32\SPReview

2009-03-04 23:55 . 2009-03-04 23:55 <DIR> d-------- c:\windows\System32\EventProviders

2009-03-01 15:39 . 2009-03-01 15:39 <DIR> d-------- c:\program files\CCleaner

2009-02-28 18:02 . 2009-02-28 18:02 <DIR> d-------- c:\program files\Veetle

2009-02-26 14:26 . 2009-02-26 14:26 <DIR> d-------- c:\users\gooner\AppData\Roaming\Nero

2009-02-26 14:26 . 2009-02-26 14:26 <DIR> d-------- c:\program files\Common Files\Nero

2009-02-26 14:25 . 2009-02-26 14:26 <DIR> d-------- c:\program files\Nero 9

2009-02-25 00:39 . 2009-02-25 01:00 <DIR> d-------- c:\users\gooner\AppData\Roaming\FileZilla

2009-02-25 00:39 . 2009-02-25 00:39 <DIR> d-------- c:\program files\FileZilla FTP Client

2009-02-23 15:59 . 2009-02-23 15:59 231,176 --a------ c:\windows\System32\PDBoot.exe

2009-02-23 01:24 . 2009-02-23 01:24 <DIR> d-------- c:\program files\eMule

2009-02-23 00:29 . 2009-02-23 00:29 <DIR> d-------- c:\program files\Common Files\ATI Technologies

2009-02-23 00:24 . 2009-02-23 00:24 <DIR> d-------- c:\users\All Users\ATI

2009-02-23 00:24 . 2009-02-23 00:24 <DIR> d-------- c:\programdata\ATI

2009-02-23 00:21 . 2009-02-23 00:21 <DIR> d-------- c:\program files\ATI

2009-02-23 00:20 . 2009-02-23 00:22 <DIR> d-------- c:\program files\ATI Technologies

2009-02-23 00:03 . 2009-02-23 00:12 <DIR> d-------- c:\program files\Driver Cleaner PE

2009-02-20 16:45 . 2009-02-20 16:45 <DIR> d-------- c:\program files\OpenAL

2009-02-20 16:45 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\System32\D3DCompiler_40.dll

2009-02-20 16:45 . 2008-10-10 04:52 452,440 --a------ c:\windows\System32\d3dx10_40.dll

2009-02-20 16:45 . 2008-10-27 10:04 235,856 --a------ c:\windows\System32\xactengine3_3.dll

2009-02-20 16:44 . 2008-07-10 11:00 1,493,528 --a------ c:\windows\System32\D3DCompiler_39.dll

2009-02-20 16:44 . 2008-07-10 11:01 467,984 --a------ c:\windows\System32\d3dx10_39.dll

2009-02-20 16:44 . 2008-07-30 06:20 238,088 --a------ c:\windows\System32\xactengine3_2.dll

2009-02-13 02:32 . 2009-02-13 02:40 <DIR> d-------- c:\users\All Users\ArcSoft

2009-02-13 02:32 . 2009-02-13 02:40 <DIR> d-------- c:\programdata\ArcSoft

2009-02-13 02:32 . 2009-03-05 10:28 <DIR> d-------- c:\program files\Common Files\ArcSoft

2009-02-13 02:32 . 2008-11-27 09:58 69,632 --a------ c:\windows\System32\MMCEDT.exe

2009-02-13 00:45 . 2009-02-13 00:45 <DIR> d-------- c:\windows\Sun

2009-02-12 04:28 . 2009-02-12 04:30 <DIR> d-------- c:\users\gooner\AppData\Roaming\Media Player Classic

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-12 13:20 --------- d-----w c:\users\gooner\AppData\Roaming\uTorrent

2009-03-12 13:19 --------- d-----w c:\users\gooner\AppData\Roaming\Skype

2009-03-12 13:19 --------- d-----w c:\programdata\Kaspersky Lab

2009-03-12 13:18 679,968 --sha-w c:\windows\system32\drivers\fidbox2.dat

2009-03-12 13:18 4,465,696 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-03-12 13:18 4,452 --sha-w c:\windows\system32\drivers\fidbox2.idx

2009-03-12 13:18 38,064 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-03-10 10:38 --------- d-----w c:\program files\Common Files\Adobe

2009-03-09 00:19 --------- d--h--w c:\program files\InstallShield Installation Information

2009-03-09 00:19 --------- d-----w c:\programdata\CyberLink

2009-03-07 23:37 29,480 ----a-w c:\windows\System32\msxml3a.dll

2009-03-07 23:37 --------- d-----w c:\programdata\Temp

2009-03-07 23:31 --------- d-----w c:\users\gooner\AppData\Roaming\foobar2000

2009-03-04 22:05 --------- d-----w c:\program files\Windows Sidebar

2009-03-04 22:05 --------- d-----w c:\program files\Windows Photo Gallery

2009-03-04 22:05 --------- d-----w c:\program files\Windows Mail

2009-03-04 22:05 --------- d-----w c:\program files\Windows Defender

2009-03-04 22:05 --------- d-----w c:\program files\Windows Calendar

2009-03-04 14:41 --------- d-----w c:\programdata\Creative

2009-02-26 19:45 --------- d-----w c:\program files\The KMPlayer

2009-02-22 23:54 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-02-22 23:53 --------- d-----w c:\program files\AGEIA Technologies

2009-02-22 23:24 --------- d-----w c:\programdata\eMule

2009-02-22 22:24 --------- d-----w c:\users\gooner\AppData\Roaming\ATI

2009-02-21 22:02 --------- d-----w c:\users\gooner\AppData\Roaming\skypePM

2009-02-20 14:45 413,696 ----a-w c:\windows\System32\wrap_oal.dll

2009-02-20 14:45 110,592 ----a-w c:\windows\System32\OpenAL32.dll

2009-02-10 19:40 --------- d-----w c:\program files\SopCast

2009-02-10 17:09 --------- d-----w c:\program files\SA Dictionary 2008 Beta 4

2009-02-10 15:35 --------- d-----w c:\program files\SimBin

2009-02-10 10:57 --------- d-----w c:\programdata\SlySoft

2009-02-10 01:00 --------- d-----w c:\program files\MSXML 4.0

2009-02-08 19:22 --------- d-----w c:\programdata\Microsoft Help

2009-02-08 19:05 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf

2009-02-08 19:04 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-02-08 19:04 --------- d-----w c:\programdata\PC Suite

2009-02-08 18:58 --------- d-----w c:\program files\Nokia

2009-02-08 18:57 --------- d-----w c:\programdata\Installations

2009-02-08 18:57 --------- d-----w c:\program files\Common Files\Nokia

2009-02-08 13:12 --------- d-----w c:\users\gooner\AppData\Roaming\Nokia

2009-02-08 12:50 --------- d-----w c:\programdata\Nokia

2009-02-08 12:49 --------- d-----w c:\users\gooner\AppData\Roaming\PC Suite

2009-02-08 12:49 --------- d-----w c:\program files\Common Files\muvee Technologies

2009-02-08 12:48 --------- d-----w c:\program files\DIFX

2009-02-08 12:48 --------- d-----w c:\program files\Common Files\PCSuite

2009-02-08 01:27 --------- d-----w c:\program files\OCCT

2009-02-07 20:33 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-02-07 19:31 22,328 ----a-w c:\users\gooner\AppData\Roaming\PnkBstrK.sys

2009-02-07 19:04 --------- d-----w c:\programdata\Minnetonka Audio Software

2009-02-07 18:37 --------- d-----w c:\programdata\FLEXnet

2009-02-07 18:19 --------- d-----w c:\program files\Adobe Media Player

2009-02-07 18:18 --------- d-----w c:\program files\Common Files\Adobe AIR

2009-02-07 18:15 --------- d-----w c:\program files\Common Files\Macrovision Shared

2009-02-07 18:12 --------- d-----w c:\users\gooner\AppData\Roaming\DAEMON Tools Lite

2009-02-07 18:00 --------- d-----w c:\program files\Frameworkx

2009-02-07 17:58 --------- d-----w c:\program files\uTorrent

2009-02-07 17:56 --------- d-----w c:\program files\TVAnts

2009-02-07 17:55 --------- d-----w c:\programdata\Apple Computer

2009-02-07 17:53 --------- d-----w c:\programdata\Apple

2009-02-07 17:53 --------- d-----w c:\program files\QuickTime

2009-02-07 17:53 --------- d-----w c:\program files\Apple Software Update

2009-02-07 17:44 --------- d-----w c:\program files\foobar2000

2009-02-07 17:42 410,984 ----a-w c:\windows\System32\deploytk.dll

2009-02-07 17:42 --------- d-----w c:\program files\Java

2009-02-07 17:37 --------- d-----w c:\programdata\Raxco

2009-02-07 17:37 --------- d-----w c:\program files\Raxco

2009-02-07 17:18 --------- d-----w c:\programdata\Skype

2009-02-07 17:18 --------- d-----w c:\program files\Common Files\Skype

2009-02-07 17:18 --------- d-----r c:\program files\Skype

2009-02-07 17:13 --------- d-----w c:\users\gooner\AppData\Roaming\DAEMON Tools Pro

2009-02-07 17:13 --------- d-----w c:\users\gooner\AppData\Roaming\DAEMON Tools

2009-02-07 17:12 --------- d-----w c:\programdata\DAEMON Tools Lite

2009-02-07 17:12 --------- d-----w c:\program files\DAEMON Tools Lite

2009-02-07 17:10 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2009-02-07 17:07 89,601 ----a-w c:\windows\system32\drivers\klick.dat

2009-02-07 17:07 33,808 ----a-w c:\windows\system32\drivers\klbg.sys

2009-02-07 17:07 101,287 ----a-w c:\windows\system32\drivers\klin.dat

2009-02-07 17:03 --------- d-----w c:\program files\Kaspersky Lab

2009-02-07 17:02 --------- d-----w c:\programdata\Kaspersky Lab Setup Files

2009-02-07 16:29 --------- d-----w c:\program files\Media Key

2009-02-07 16:26 --------- d-----w c:\program files\Common Files\InstallShield

2009-02-07 16:26 --------- d-----w c:\program files\ASUS

2009-02-07 16:24 --------- d--h--w c:\program files\Creative Installation Information

2009-02-07 16:24 --------- d-----w c:\program files\Creative

2009-02-07 16:24 --------- d-----w c:\program files\Common Files\Creative

2009-02-07 16:21 --------- d-----w c:\program files\Common Files\Creative Labs Shared

2009-02-07 06:06 --------- d-----w c:\program files\Intel

2009-02-07 06:05 --------- d-----w c:\users\gooner\AppData\Roaming\InstallShield

2009-02-04 07:29 4,303,360 ----a-w c:\windows\system32\drivers\atikmdag.sys

2009-02-04 05:02 442,368 ----a-w c:\windows\System32\ATIDEMGX.dll

2009-02-04 05:00 43,520 ----a-w c:\windows\System32\ati2edxx.dll

2009-02-04 05:00 348,160 ----a-w c:\windows\System32\atipdlxx.dll

2009-02-04 05:00 274,432 ----a-w c:\windows\System32\Oemdspif.dll

2009-02-04 05:00 159,744 ----a-w c:\windows\System32\atitmmxx.dll

2009-02-04 05:00 11,264 ----a-w c:\windows\System32\atimuixx.dll

2009-02-04 04:59 286,720 ----a-w c:\windows\System32\Ati2evxx.dll

2009-02-04 04:58 729,088 ----a-w c:\windows\System32\Ati2evxx.exe

2009-02-04 04:49 2,391,552 ----a-w c:\windows\System32\atidxx32.dll

2009-02-04 04:43 3,903,488 ----a-w c:\windows\System32\atiumdag.dll

2009-02-04 04:22 4,905,472 ----a-w c:\windows\System32\atiumdva.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-03-11_17.53.26.94 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-03-07 22:29:44 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

+ 2009-03-11 19:39:59 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

- 2009-03-07 22:29:44 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

+ 2009-03-11 19:40:00 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

- 2009-03-07 22:29:44 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

+ 2009-03-11 19:40:00 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

- 2009-03-07 22:29:41 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-03-11 19:39:57 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-03-07 22:29:42 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-03-11 19:39:58 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-03-07 22:29:43 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-03-11 19:39:58 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-03-07 22:29:43 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-03-11 19:39:58 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-03-07 22:29:43 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-03-11 19:39:59 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-03-07 22:29:43 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-03-11 19:39:59 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-03-07 22:29:43 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-03-11 19:39:59 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-03-07 22:29:43 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-03-11 19:39:59 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-03-07 22:29:43 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-03-11 19:39:59 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-03-07 22:29:44 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-03-11 19:40:00 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-03-07 22:29:44 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

+ 2009-03-11 19:40:00 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

- 2009-03-07 22:29:44 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

+ 2009-03-11 19:40:00 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

- 2009-03-07 22:29:44 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

+ 2009-03-11 19:40:00 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

- 2009-03-07 22:29:44 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

+ 2009-03-11 19:40:00 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

- 2009-03-07 22:29:44 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2009-03-11 19:39:59 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

- 2009-03-04 22:09:43 51,200 ----a-w c:\windows\inf\infpub.dat

+ 2009-03-12 00:33:49 51,200 ----a-w c:\windows\inf\infpub.dat

- 2009-03-04 22:09:43 86,016 ----a-w c:\windows\inf\infstor.dat

+ 2009-03-12 00:33:39 86,016 ----a-w c:\windows\inf\infstor.dat

- 2009-03-04 22:09:43 143,360 ----a-w c:\windows\inf\infstrng.dat

+ 2009-03-12 00:33:49 143,360 ----a-w c:\windows\inf\infstrng.dat

- 2009-03-11 15:52:11 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-03-12 13:19:25 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

- 2009-03-11 15:52:11 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-03-12 13:19:25 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2009-03-11 15:47:58 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-03-11 19:33:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-03-11 15:47:58 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-03-11 19:33:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-03-11 15:47:58 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-03-11 19:33:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-03-11 14:25:03 101,052 ----a-w c:\windows\System32\perfc009.dat

+ 2009-03-12 11:08:56 101,052 ----a-w c:\windows\System32\perfc009.dat

- 2009-03-11 14:25:03 586,980 ----a-w c:\windows\System32\perfh009.dat

+ 2009-03-12 11:08:56 586,980 ----a-w c:\windows\System32\perfh009.dat

- 2009-03-11 14:22:34 5,562 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2101442651-3924509895-293194107-1000_UserData.bin

+ 2009-03-12 11:06:11 5,858 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2101442651-3924509895-293194107-1000_UserData.bin

- 2009-03-11 14:22:34 65,064 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-03-12 11:06:11 65,330 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-03-11 14:22:33 36,320 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-03-12 11:06:10 37,026 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-02-07 270128]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-06 24095528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]

"Ai Quicker Help"="c:\program files\ASUS\ASUS DH Remote\AsRc.exe" [2006-11-09 3165696]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-07 206088]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-07 148888]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"P17RunE"="P17RunE.dll" [2007-04-09 c:\windows\System32\P17RunE.dll]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Media Key.lnk - c:\program files\Media Key\MagicKey.exe [2009-02-07 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2101442651-3924509895-293194107-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{357576B1-CD64-4F0D-A028-5B24F59BB280}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{894C66EC-6BB3-4C98-BC74-D60B7019F181}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{7D8AF942-D658-4CE0-983E-CF805B94D392}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"{2D831BFA-35ED-4482-93BE-5D7580C9B79F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{D063B82B-8A4A-478D-B98D-198E881AA94E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{C39F338F-75B3-41DF-9694-0A38FBBB7FBD}"= UDP:5353:Adobe CSI CS4

"{0057CB30-C7A5-400E-BCE0-D14D4010A2BC}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{E53188D8-DBED-4D29-8EA5-C24CDAD313B7}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{729DE850-9B0A-4D34-993F-2C2C4B0BA6E4}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{96B9EA80-B7AD-4DB1-AB48-0A329E984AD3}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{55A30F7A-9710-4F00-9692-F3FB8354D752}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{386922DB-AB53-4AD7-93E4-134DCCDB5654}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{88018C83-A96F-4396-A986-556F1C53113F}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{C69774F7-03C0-4831-B0F7-287114A51BF5}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{15F46170-5051-42E3-AF0E-2353C72A93CA}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{552A39EC-1A73-4200-A914-1EDB8B65CD31}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{2510EFE7-FBB1-422E-995C-659BD9D1C71E}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{48A8C6B9-422A-46CF-B801-AD32077F4448}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{208A4320-C5F6-44BC-8786-DF65B46EAD1E}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{4E0AE165-26F9-4D0B-AAD0-A97ECF2F5E26}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{492DE6FA-2562-49F8-8B69-1D821191E2D5}c:\\program files\\nokia\\software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\software updater\nsu_ui_client.exe:Nokia Software Updater

"UDP Query User{89861361-3E3D-45C9-8591-13322CFECD5A}c:\\program files\\nokia\\software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\software updater\nsu_ui_client.exe:Nokia Software Updater

"TCP Query User{3A17CF85-D256-409A-882D-0E711BD68447}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{147191FC-8610-4534-9317-11AA3A3AF01F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"{E42E64AD-F0FE-49D2-9D0A-4422A07E07AD}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{A2A394FE-2705-4963-A046-9FFBE4E4DCEE}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

"UDP Query User{32A5959B-73C8-4D59-ABE3-E36C3F81FC68}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

"TCP Query User{BCC73C00-3D2B-482D-BE7F-A3F6765A4F57}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

"UDP Query User{AA087DD7-7DBB-4028-9CF2-6137256C7CA2}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

"{CD5735F6-43F9-4FF7-BFA3-F4F7139EF2F5}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{61674B6E-74D3-4CE1-8F66-64520B1DEEE2}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{1111EAEA-AE79-4C35-825C-3AAE78CA392E}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{91C48AD9-AE21-48C3-AC41-FBCA68100E37}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts

"UDP Query User{7DD75C2C-B157-4347-806F-5E18E5DD8DB7}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts

"TCP Query User{2408C897-68D0-4F0D-87F9-F9C5E8794AC2}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"UDP Query User{310ECFCA-F858-447D-9A1E-E6884AEDFCC5}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"{23A46B80-96BD-45E7-838F-E4E6E4EEEEB8}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{53C0AA7C-FD2E-41BC-9A5C-FAF56142326A}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{4F9F4A34-5871-4259-9087-A2C4755BC65B}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{F0153B52-0CDF-442F-8AE4-8A341C500068}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{72CD6C15-779F-4296-B7BA-DFE17B942CA6}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{339EF50A-A237-4844-96C9-BBD359FCA022}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{3A935BBD-5EFA-40B0-802F-2D790E44B4B3}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{81949C9F-8050-4CBE-A33A-D89BBF4D92E6}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{77C587BF-FA1E-4B6F-97A8-6E1DF6A3213B}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{D928A087-1DF7-4E32-B3A9-F472F778D6A6}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{A1F6C9D2-B0A6-4AE2-B806-4A872EFA290C}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{9358EF27-FFF7-4288-81D9-091D07EE81A6}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{72AAF988-21AC-4439-BC03-260A7489CDE9}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{E021143B-21C3-401F-81DB-456A6D4B54AC}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{0F12C769-ADD9-41CF-A09C-36D2552CD41A}c:\\users\\gooner\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\gooner\appdata\local\google\chrome\application\chrome.exe:chrome.exe

"UDP Query User{8EDEEF08-A12F-4135-AE8B-BBEBDCC31E8B}c:\\users\\gooner\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\gooner\appdata\local\google\chrome\application\chrome.exe:chrome.exe

"{9BBF8C6A-93B0-4C65-9D9E-CEE3106E051B}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{F1483C5A-EFA7-4E40-AA80-9698E451F7AE}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{E83BF5E2-4ADA-4807-B2DC-4D790379B96D}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{231C9DCC-915C-4E6F-B828-E601A9895EE1}"= c:\program files\Skype\Phone\Skype.exe:Skype

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-03-10 1153368]

R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187.sys [2008-10-31 335872]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-02-07 79360]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ee47d49-f53a-11dd-968c-0018f3f55c6c}]

\shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f41e31a-fd59-11dd-a18d-0018f3f55c6c}]

\shell\AutoRun\command - g:\wd_windows_tools\Setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.sky.bg/

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-12 15:19:58

Windows 6.0.6002 Service Pack 2, v.286 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\conime.exe

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\rundll32.exe

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\windows\ehome\ehmsas.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\program files\Raxco\PerfectDisk10\PDAgent.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\program files\Media Key\OSD.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Raxco\PerfectDisk10\PDAgentS1.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Completion time: 2009-03-12 15:22:20 - machine was rebooted

ComboFix-quarantined-files.txt 2009-03-12 13:22:17

ComboFix2.txt 2009-03-11 15:54:43

Pre-Run: 15 511 359 488 bytes free

Post-Run: 15,333,089,280 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10

380 --- E O F --- 2009-03-11 14:18:07

Malware Bytes ми дава Not Responding, като почне да сканира. В момента правя пълна проверка (3-ти път го казвам) и открива вируси. Работата е там, че ако делне ехе файл от system32 и крашне Уина, после не знам как ще го възстановявам...

А иначе сигурно ли е, че заключения ddcDsqqo.dll в System32 е вирус, а не инфектиран файл, който ако изтрия може да стане гаф?

Сигурно е!

C:\WINDOWS\system32\ddcDsqqo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Мерси, пич! Е ся им видях сметката!

Как става тая работа не ми е ясно много, да ти премине вирус ( и то цяла библиотека) през толкова защити! Защитната стена няма да даде да се модифицират системни папки без ти да разрешиш. Това, което пишеш "сърфирах и изтеглих малко картинки на компа си" не ми прилича на пълно бездействие. Мисълта ми е, че за в бъдеще трябва да си по-внимателен.

Поздрави!

@Crimsader,след като завършиш със сканирането ,дай един лог в темата: HiJackThis

Редактирано 12 март 200917 г. от mihnev_sz (преглед на промените)

Аз съм не по-малко озадачен от тебе! Аз нарочно качвах толкова защитни програми за да ми няма нищо, ама ей на! Освен от някой сайт да са се дръпнали... Не знам, свикнал съм вирусите да са на exe файлчета, които се представят за кракове/кейгени...

Ре-буутнах и май успях да го делна тоя ***** ******** Сега продължавам пълната проверка... Само не знам кога пак ще ме log off-не тоя наглец...

@mihnev - roger that.

@Hanibal_Lektar - Ето ти кода, който не успях да снимам: Faulting application winlogon.exe, version 6.0.6001.18000, time stamp 0x47918db3, faulting module ddcDsqqo.dll_unloaded, version 0.0.0.0, time stamp 0x49562f66, exception code 0xc0000005, fault offset 0x100055b1, process id 0x338, application start time 0x01c9a30e0acd67b4

Редактирано 12 март 200917 г. от Crimsader (преглед на промените)

...Аз нарочно качвах толкова защитни програми за да ми няма нищо...

Много е вероятно точно по тази причина ти има нещо:

...Използвам Авира Анти-вир, Комодо Интернет Секюрити + Спайбот...

Две активни антивирусни програми обикновено пазят по-лошо от една.

Две активни антивирусни програми обикновено пазят по-лошо от една.

Щом казваш...

Както и да е, B-Boy ми писа по ЛС, оправихме проблема с няколко софтуера Благодаря на всички за помощта!

Щом казваш...

@hlevoust в случая е абсолютно прав,имаш дублиране на модули в защита в реално време,което от тяхна страна става нестабилна и конфликтите са много вероятни,което в случая пък води до пропуски в защитата и то на много ниско ниво.

И все пак,ако имаш време и желание:

@Crimsader,след като завършиш със сканирането ,дай един лог в темата: HiJackThis

Пиша толкова форуми със съвети и като не ги четете и не се научихте да си правите бекъп на ОС на друг дял с Acronis или Norton Ghost сега пищите...Както и да е: и за документите имя цяр - добре, че го има ЛИНУКС - ЧЕ ЗА КЪДЕ СТЕ БЕЗ НЕГО...

Пиша толкова форуми със съвети и като не ги четете и не се научихте да си правите бекъп на ОС на друг дял с Acronis или Norton Ghost сега пищите...Както и да е: и за документите имя цяр - добре, че го има ЛИНУКС - ЧЕ ЗА КЪДЕ СТЕ БЕЗ НЕГО...

Не разбирам самодоволната ти иронична забележка!

Ами пиши си в темата за ЛИНУКС .

Пиша толкова форуми със съвети и като не ги четете и не се научихте да си правите бекъп на ОС на друг дял с Acronis или Norton Ghost сега пищите...Както и да е: и за документите имя цяр - добре, че го има ЛИНУКС - ЧЕ ЗА КЪДЕ СТЕ БЕЗ НЕГО...

Kaкво предлагаш? Да си купим:

1. Acronis True Image Home 2009 или Acronis Disk Director Suite 10.0 за 49.99 USD.

2. Norton Ghost 14.0 за 69.99 USD.

Не знам дали прочете, че в темата става дума за Vista. Например версия Ultimate на Vista има доста добри възможности по въпроса: Backup and Restore Center. Което е безплатно.

В този случай е по-добре да се махнат заразите, като направи B-Boy. Ако има зарази по MBR или те са някъде на по-скришно място. Например ако има rootkit е много възможно да не се постигне 100% възстановяване, макар да има имидж на системата. Мисля, че ти потретвам този казус, заболяха ме пръстите да пиша едно и също...

ето и линк към безплатната версия на Аcronis Тrue Image 10 Personal Edition която фирмата пусна:

http://www.webisee.com/2009/02/02/acronis-...10-free-serial/

========================================================================

Айде няма нужда :

http://www.kaldata.com/forums/index.php?showtopic=111246

Редактирано 12 март 200917 г. от mihnev_sz (преглед на промените)

rvp, сега:

Отворете Notepad и чрез copy/paste поставете следното:

Killall::


DirLook::

c:\programdata\Temp

Запазете файла с името CFScript.txt и го поставете върху ComboFix. След, като програмата приключи ще Ви изведе лог файла. Чрез Copy/Paste поставете информацията тук. cranky, а вие:

1. Изтеглете ComboFix 2. Запазете го на десктопа 3. Влезте в Start -> Run... и въведете следната команда последвана от OK:

"%userprofile%\desktop\combofix.exe" /killall

4. След, като програмата приключи ще Ви се отвори Notepad, копирайте съдържанието му и го поставете в следващия си пост тук.

Редактирано 12 март 200917 г. от Fixer (преглед на промените)

ето и линк към безплатната версия на Аcronis Тrue Image 10 Personal Edition която фирмата пусна:

http://www.webisee.com/2009/02/02/acronis-...10-free-serial/

========================================================================

Айде няма нужда :

http://www.kaldata.com/forums/index.php?showtopic=111246

Това ми е известно, а ти защо не прочетеш пак какво съм написал по-горе за скритите процеси? След като не ти са ясни нещата защо даваш акъл?

B-boy[styLe] Здравей отново, извинявам се че отговорих малко късно но имах проблеми докато си оправя кирилицата. И съжалявам ако лог файла на ComboFix не съм го постнал на правилното му място. А ето го и него: ComboFix 09-03-10.03 - Spunky 2009-03-12 19:21:15.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.2047.1355 [GMT 2:00]

Running from: c:\documents and settings\Spunky\desktop\combofix.exe

Command switches used :: /killall

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)

FW: Kaspersky Internet Security *disabled*

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\bfdaccccb9_d.dll

c:\windows\system32\kbdbds.Dll

c:\windows\system32\KBDBPH.dLL

c:\windows\system32\kbdbphz.dLL

c:\windows\system32\mfc45.dll

.

((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))

.

2009-03-11 21:48 . 2009-03-11 21:54 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2009-03-11 21:48 . 2009-03-11 21:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-03-11 09:32 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys

2009-03-11 09:32 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys

2009-03-11 09:32 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys

2009-03-11 09:32 . 2001-08-17 14:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys

2009-03-08 18:22 . 2009-03-08 18:22 406 --a------ c:\windows\system32\ioloBootDefrag.cfg

2009-03-08 18:21 . 2009-03-08 18:21 <DIR> d-------- c:\documents and settings\LocalService\Application Data\iolo

2009-03-08 18:15 . 2009-03-09 20:30 <DIR> d-------- c:\documents and settings\Spunky\Application Data\iolo

2009-03-08 18:15 . 2009-03-11 08:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo

2009-03-06 22:46 . 2009-03-06 22:46 23 --a------ c:\windows\system32\fefcbedcccd6_d.ocx

2009-03-06 22:45 . 2009-03-06 22:50 <DIR> d-------- c:\program files\RegSupreme Pro

2009-03-06 18:14 . 2009-03-10 19:33 267,458 --a------ C:\_crash.dmp

2009-03-06 18:14 . 2009-03-10 19:33 52,399 --a------ C:\report.zip

2009-03-05 12:56 . 2009-03-05 12:56 <DIR> d-------- c:\program files\Common Files\xing shared

2009-03-04 19:33 . 2009-03-04 19:33 <DIR> d-------- c:\program files\Lavalys

2009-03-04 19:05 . 2009-03-04 19:05 <DIR> d-------- c:\program files\Tunatic

2009-03-02 23:21 . 2009-03-02 23:21 542 --a------ c:\windows\system32\%LocalXml%

2009-03-01 19:10 . 2009-03-01 19:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bluetooth

2009-03-01 17:59 . 2009-03-01 17:59 <DIR> d-------- c:\program files\IVT Corporation

2009-03-01 14:27 . 2009-03-03 19:51 <DIR> d-------- c:\program files\RegistryFix7

2009-03-01 14:13 . 2009-03-01 14:15 <DIR> d-------- c:\program files\Error Repair Professional

2009-03-01 13:17 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll

2009-03-01 13:17 . 2009-03-01 13:17 376 --a------ c:\windows\ODBC.INI

2009-03-01 13:08 . 2009-03-01 13:08 <DIR> d-------- c:\program files\DAEMON Tools Lite

2009-03-01 13:03 . 2009-03-01 13:03 <DIR> d-------- c:\documents and settings\Spunky\Application Data\DAEMON Tools

2009-03-01 13:03 . 2009-03-01 13:03 717,296 --a------ c:\windows\system32\drivers\sptd.sys

2009-03-01 12:39 . 2009-03-12 19:16 <DIR> d-------- c:\program files\The Best Bg mIRC

2009-03-01 12:17 . 2009-03-12 19:17 <DIR> d-------- c:\program files\CrazymIRC

2009-03-01 03:05 . 2009-03-01 03:05 <DIR> d-------- c:\program files\XP Codec Pack

2009-03-01 03:02 . 2009-03-01 03:02 <DIR> d-------- c:\program files\Webteh

2009-03-01 02:45 . 2009-03-01 02:45 <DIR> d-------- c:\program files\IObit

2009-03-01 02:45 . 2009-03-01 02:45 <DIR> d-------- c:\documents and settings\Spunky\Application Data\IObit

2009-03-01 02:09 . 2009-03-01 02:09 <DIR> d-------- c:\program files\SEMC

2009-03-01 02:09 . 2006-02-01 10:01 41,792 --a------ c:\windows\system32\drivers\zebrceb.sys

2009-03-01 02:09 . 2006-02-01 10:01 5,776 --a------ c:\windows\system32\drivers\zebrwhnt.sys

2009-03-01 02:09 . 2006-02-01 10:01 5,776 --a------ c:\windows\system32\drivers\zebrwh.sys

2009-03-01 01:53 . 2009-03-01 01:59 <DIR> d-------- c:\program files\Your Uninstaller 2008

2009-03-01 01:53 . 2009-03-01 01:53 <DIR> d-------- c:\documents and settings\Spunky\Application Data\URSoft

2009-03-01 01:50 . 2009-03-12 17:40 <DIR> d-------- c:\documents and settings\Spunky\Application Data\skypePM

2009-03-01 01:50 . 2009-03-01 01:50 56 --ah----- c:\windows\system32\ezsidmv.dat

2009-03-01 01:49 . 2009-03-01 01:49 <DIR> d-------- c:\program files\Skype

2009-03-01 01:49 . 2009-03-01 01:49 <DIR> d-------- c:\program files\Common Files\Skype

2009-03-01 01:49 . 2009-03-12 19:14 <DIR> d-------- c:\documents and settings\Spunky\Application Data\Skype

2009-03-01 01:48 . 2009-03-01 01:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype

2009-03-01 01:35 . 2009-03-08 21:17 <DIR> d-------- c:\program files\Winamp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-12 17:25 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-03-12 17:22 4,352 --sha-w c:\windows\system32\drivers\fidbox2.idx

2009-03-12 17:22 344,096 --sha-w c:\windows\system32\drivers\fidbox2.dat

2009-03-12 15:33 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-03-12 14:09 --------- d-----w c:\program files\Spyware Doctor

2009-03-11 23:37 40,192 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-03-11 23:37 4,738,080 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-03-11 21:47 --------- d-----w c:\documents and settings\Spunky\Application Data\uTorrent

2009-03-05 10:56 --------- d-----w c:\program files\Common Files\Real

2009-03-01 15:59 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-28 22:45 --------- d-----w c:\program files\uTorrent

2009-02-28 21:50 89,601 ----a-w c:\windows\system32\drivers\klick.dat

2009-02-28 21:50 33,808 ----a-w c:\windows\system32\drivers\klbg.sys

2009-02-28 21:50 101,287 ----a-w c:\windows\system32\drivers\klin.dat

2009-02-28 21:46 81,288 ----a-w c:\windows\system32\drivers\iksyssec.sys

2009-02-28 21:46 66,952 ----a-w c:\windows\system32\drivers\iksysflt.sys

2009-02-28 21:46 40,840 ----a-w c:\windows\system32\drivers\ikfilesec.sys

2009-02-28 21:44 --------- d-----w c:\documents and settings\Spunky\Application Data\PC Tools

2009-02-28 21:28 --------- d-----w c:\program files\Kaspersky Lab

2009-02-28 21:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-02-28 21:12 --------- d-----w c:\program files\Real

2009-02-28 20:55 --------- d-----w c:\program files\Realtek Sound Manager

2009-02-28 20:55 --------- d-----w c:\program files\AvRack

2009-02-28 20:52 --------- d-----w c:\program files\Common Files\InstallShield

2009-02-28 20:52 --------- d-----w c:\program files\ATI Technologies

2009-02-28 20:38 --------- d-----w c:\program files\microsoft frontpage

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-11 21741864]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-28 206088]

"SoundMan"="SOUNDMAN.EXE" [2005-05-17 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-03-01 1183744]

FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2009-02-28 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]

R3 N100;Compaq Ethernet or Fast Ethernet NIC Driver;c:\windows\system32\drivers\n100325.sys [2009-03-01 128000]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-28 356920]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb

.

Contents of the 'Scheduled Tasks' folder

2009-03-12 c:\windows\Tasks\AWC AutoSweep.job

- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe []

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.bg/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Добави към защитата от банери - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

FF - ProfilePath - c:\documents and settings\Spunky\Application Data\Mozilla\Firefox\Profiles\7hgkto61.default\

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-12 19:25:33

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\Spunky\LOCALS~1\Temp\etilqs_zaUXLvmQSWFHEKf 0 bytes

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1192)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2688)

c:\windows\system32\newdll.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Mozilla Firefox\firefox.exe

d:\programi\Process Explorer 11.33\procexp.exe

.

**************************************************************************

.

Completion time: 2009-03-12 19:30:26 - machine was rebooted

ComboFix-quarantined-files.txt 2009-03-12 17:30:19

Pre-Run: 15,130,320,896 bytes free

Post-Run: 15,164,297,216 bytes free

180 B-boy[styLe] Благодаря ти много за всичко още веднъж

log_ComboFix.txt

rvp, сега:

Отворете Notepad и чрез copy/paste поставете следното:

Killall::


DirLook::

c:\programdata\Temp

Запазете файла с името CFScript.txt и го поставете върху ComboFix.

След, като програмата приключи ще Ви изведе лог файла. Чрез Copy/Paste поставете информацията тук.

cranky, а вие:

ok мерси Ето го файла

Верния и по-точния е първия файл

ComboFix.txt

ComboFix.txt

Редактирано 12 март 200917 г. от cranky (преглед на промените)

колкото до имидж файловете и възстановяването, ако потребителя се съмнява в ефикасността на възстановаването и имайки предеид, че МБР-а е на активния дял какво му пречи да форматира преди възстановяването...целта ми не е да размивам темата, с цялото ми уважение към нея, целта ми е да се научат хората да се застраховат правейки бекъпи на системите си за да не стигат дотук...

@mihnev_cz - ами аз пратих едни логове, след като почистих на b-boy, той каза че няма нищо нередно... Аз само не разбрах за кои логове говориш. За тези на Windows-a или на антивирусната (не че успях да ги намеря на антивирусната де)?

Мерси за загрижеността, все пак!

@hlevoust - ще го имам в предвид това, мерси. Току-що деинсталирах COMODO между другото

И стига се карахте, който иска да помогне - ще ми помогне на момента, а не да ми казва какво е трябало да направя в миналото.

@lenylucky - аз си имам backup, батка. Само дето е от ноември миналата година и е толкова стар, че практически нямам нужда от него. Същата работа като да си преинсталирам уина.

Редактирано 12 март 200917 г. от Crimsader (преглед на промените)

@pranjev, здравей отново.

1. Отвори Notepad и въведи:

Killall::


Rootkit::

c:\docume~1\Spunky\LOCALS~1\Temp\etilqs_zaUXLvmQSWFHEKf 


File::

c:\windows\system32\fefcbedcccd6_d.ocx

c:\windows\system32\%LocalXml%


ADS::


AWF::


snapshot::


extra::


sysrst::

Запазете файла с име CFScript и го провлачи в иконата на ComboFix.

Публикувай новия лог файл.

2. Изтегли HijackThis

Избери опцията => Open the Misc Tools Sections => Open Uninstall Manager => Save List => задай някакво име на документа и го прикачи в следващия си коментар.

3. Мисля, че трябва да разкараш FlexType и да сложиш нормална фонетична подредба или ако ще го използваш поне го преинсталирай, защото Combofix е изтрил част от файловете на софтуера.

Ето виж тази тема:

http://www.kaldata.com/forums/index.php?showtopic=29819

Редактирано 12 март 200917 г. от B-boy[StyLe] (преглед на промените)

cranky, благодаря! Сега:

Отворете Notepad и чрез copy/paste поставете следното:

Killall::


File::

c:\windows\system32\mlfcache.dat

c:\windows\System32\beropipe.dll

c:\windows\System32\forapahi.dll

c:\windows\System32\fuhiheje.dll

c:\windows\System32\gedofano.dll

c:\windows\System32\giyesewu.dll

c:\windows\System32\gosufido.dll

c:\windows\System32\halulula.dll

c:\windows\System32\jibafuge.dll

c:\windows\System32\jitebene.dll

c:\windows\System32\jovivumo.dll

c:\windows\System32\jumidani.dll

c:\windows\System32\juretasu.dll

c:\windows\System32\kelinepe.dll

c:\windows\System32\kukivofe.dll

c:\windows\System32\legijada.dll

c:\windows\System32\lekeroto.dll

c:\windows\System32\mepawadi.dll

c:\windows\System32\mulirowo.dll

c:\windows\System32\rolirefu.dll

c:\windows\System32\saheloju.dll

c:\windows\System32\vevapada.dll

c:\windows\System32\vinabino.dll

c:\windows\System32\wayapego.dll

c:\windows\System32\wiremaki.dll

c:\windows\System32\yusuyufe.dll

c:\windows\System32\zadoleso.dll

c:\windows\System32\zoyokuvu.dll


DirLook::

c:\programdata\Temp

c:\users\All Users\TEMP

Запазете файла с името CFScript.txt и го поставете върху ComboFix.

След, като програмата приключи ще Ви изведе лог файла. Чрез Copy/Paste поставете информацията тук.

Редактирано 12 март 200917 г. от Fixer (преглед на промените)

@mihnev_cz - ами аз пратих едни логове, след като почистих на b-boy, той каза че няма нищо нередно... Аз само не разбрах за кои логове говориш. За тези на Windows-a или на антивирусната (не че успях да ги намеря на антивирусната де)?

Знам,информира ме на ЛС относно логовете,исках да видя лог и от HiJackThis.

http://www.kaldata.com/forums/index.php?showtopic=102469

Редактирано 12 март 200917 г. от mihnev_sz (преглед на промените)

cranky, благодаря! Сега:

Отворете Notepad и чрез copy/paste поставете следното:

Killall::


File::

c:\windows\system32\mlfcache.dat

c:\windows\System32\beropipe.dll

c:\windows\System32\forapahi.dll

c:\windows\System32\fuhiheje.dll

c:\windows\System32\gedofano.dll

c:\windows\System32\giyesewu.dll

c:\windows\System32\gosufido.dll

c:\windows\System32\halulula.dll

c:\windows\System32\jibafuge.dll

c:\windows\System32\jitebene.dll

c:\windows\System32\jovivumo.dll

c:\windows\System32\jumidani.dll

c:\windows\System32\juretasu.dll

c:\windows\System32\kelinepe.dll

c:\windows\System32\kukivofe.dll

c:\windows\System32\legijada.dll

c:\windows\System32\lekeroto.dll

c:\windows\System32\mepawadi.dll

c:\windows\System32\mulirowo.dll

c:\windows\System32\rolirefu.dll

c:\windows\System32\saheloju.dll

c:\windows\System32\vevapada.dll

c:\windows\System32\vinabino.dll

c:\windows\System32\wayapego.dll

c:\windows\System32\wiremaki.dll

c:\windows\System32\yusuyufe.dll

c:\windows\System32\zadoleso.dll

c:\windows\System32\zoyokuvu.dll

C:\Windows\System32\wininit.exe

c:\windows\System32\LogonUI.exe

C:\Windows\system32\taskeng.exe

c:\windows\System32\dwm.exe


DirLook::

c:\programdata\Temp

c:\users\All Users\TEMP


Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{1E68C2A8-99A3-45DE-9671-0950475EC9B9}"=-

"{ECF500AD-35E8-47C0-90D9-C354E95A49BB}"=-

"{2375E0EE-9EDC-45D9-BA3C-6129B68E0218}"=-

"{B4FAD572-2D8F-48B8-B2DE-15D35D07FC2A}"=-

"{0A6778D6-0B57-435E-BD58-11B3F1AA0137}"=-

"{FD91C857-AFE3-4531-9E98-D795A42DA303}"=-

"{1A1CAC1F-5E10-44E9-9A95-81667AD2A592}"=-

"{66981A6C-8A68-4449-B2FD-197C9B2AAF66}"=-

"{693B9130-FF52-4238-9F81-A29D6EB675BC}"=-

"{067986D9-3022-4279-AB1F-284E37615FC9}"=-

"{34FE81A8-312A-4DDA-91C6-92DF951DC91F}"=-

"{6EBD889E-120C-4019-890F-5D5819A87069}"=-

"{AA330928-48FC-402D-AE65-49C9B1308E4D}"=-

"{480E0131-1B80-4268-95BA-A713EDF96606}"=-

Запазете файла с името CFScript.txt и го поставете върху ComboFix.

След, като програмата приключи ще Ви изведе лог файла. Чрез Copy/Paste поставете информацията тук.

Излезе ми синия екран на смъртта като направих това..Да пробвам ли пак???