Премини към съдържанието
Форумът в приложение

По-лесно сърфиране. Научи повече.
Kaldata.com - Форуми

Приложение на форума на цял екран с push известия, значки и други.

За да инсталирате това приложение на iOS и iPadOS
  1. Докоснете Иконата за споделяне в Safari
  2. Превъртете менюто и докоснете Добавяне към началния екран.
  3. Докоснете Добавяне в горния десен ъгъл.
За да инсталирате това приложение на Android
  1. Докоснете менюто с 3 точки (⋮) в горния десен ъгъл на браузъра.
  2. Докоснете Добавяне към началния екран или Инсталиране на приложение.
  3. Потвърдете, като докоснете Инсталиране.
Добави Kaldata.com в предпочитани източници в Google

Добре дошли!

Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

 

Помощ при откриване и премахване на вируси, троянски коне и др., част 2

kick
в Премахване на зловреден софтуер

Featured Replies

Благодарение на B-Boy[styLe], можеш да си я изтеглиш от тук:

http://4storing.com/i4sq3/07718d2217f2cb69...79514059dc.html

Първо направи това с ComboFIx, а след това с тази програма.

  • Отговори 981
  • Прегледи 140,2k
  • Създадено
  • Последен отговор

Потребители с най-много отговори

Популярни дни

Най-популярни публикации

  • Maniac
    Maniac

    Сега, изтеглете ATF Cleaner Запазете го на вашия десктоп. Кликнете два пъти върху ATF-Cleaner.exe , за да стартирате програмата. Кликнете на Select All, който се намира в най-долната част на спи

  • Maniac
    Maniac

    Моля, прикачете файла: c:\windows\system\msdct.exe в 4storing.com и пуснете линка за изтегляне в следващия си пост.

  • Maniac
    Maniac

    Браво! Обаче логовете са чисти. Все пак, нека продължим: Стъпка 1: Сега, изтеглете ATF Cleaner Запазете го на вашия десктоп. Кликнете два пъти върху ATF-Cleaner.exe , за да старти

Публикувани изображения

Благодарение на B-Boy[styLe], можеш да си я изтеглиш от тук:

http://4storing.com/i4sq3/07718d2217f2cb69...79514059dc.html

Първо направи това с ComboFIx, а след това с тази програма.

Благодаря и на B-Boy[styLe] ... окси свалям безплатната и запо4вам под ред

ComboFix 09-01-31.01 - Ronksi 2009-02-01 14:56:01.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.1023.567 [GMT -8:00]

Running from: c:\documents and settings\Ronksi\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Ronksi\Desktop\CFScript.txt

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

c:\windows\system32\msvcrt2.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system\smsc32.exe

c:\windows\system32\drivers\sysdrv32.sys

c:\windows\system32\msvcrt2.dll

c:\windows\system32\x.exe

c:\windows\temp

c:\windows\temp\35.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SYSDRV32

-------\Service_sysdrv32

((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))))

.

2009-02-01 13:20 . 2009-02-01 13:20 <DIR> d-------- c:\documents and settings\Ronksi\dwhelper

2009-01-28 20:02 . 2009-01-28 20:02 <DIR> d-------- c:\program files\Sagasoft

2009-01-27 18:26 . 2009-01-27 20:03 <DIR> d-------- c:\program files\MSN Messenger

2009-01-27 17:17 . 2009-01-27 17:30 <DIR> d-------- c:\documents and settings\Ronksi\Contacts

2009-01-27 16:31 . 2009-01-27 16:32 <DIR> d-------- c:\documents and settings\Ronksi\Application Data\MSNInstaller

2009-01-27 15:52 . 2009-01-27 15:52 <DIR> d-------- c:\program files\Common Files\Windows Live

2009-01-27 13:35 . 2009-01-27 13:35 <DIR> d--hs---- C:\found.000

2009-01-27 13:30 . 2009-01-27 13:30 <DIR> d-------- c:\program files\Adobe Media Player

2009-01-22 15:37 . 2009-02-01 12:54 <DIR> d-------- c:\documents and settings\multiskype.RONKSI\Application Data\Skype

2009-01-22 15:37 . 2009-01-27 13:32 <DIR> d-------- c:\documents and settings\multiskype.RONKSI

2009-01-22 12:43 . 2008-10-16 12:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

2009-01-22 12:43 . 2008-10-16 12:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

2009-01-22 12:43 . 2008-10-16 12:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

2009-01-22 12:43 . 2008-10-16 12:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2009-01-22 12:43 . 2008-10-16 12:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

2009-01-22 12:43 . 2008-10-16 05:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

2009-01-22 12:42 . 2008-10-16 12:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll

2009-01-22 12:42 . 2007-04-17 01:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

2009-01-22 12:42 . 2007-03-07 21:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

2009-01-22 12:25 . 2009-01-22 12:24 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-17 17:41 . 2009-01-17 17:41 <DIR> d-------- c:\program files\Webteh

2009-01-17 17:41 . 2009-01-17 17:43 <DIR> d-------- c:\program files\BS.Player ControlBar

2009-01-17 17:41 . 2009-01-17 17:41 <DIR> d-------- c:\documents and settings\Ronksi\Application Data\BSplayer Pro

2009-01-17 17:41 . 2009-01-17 20:23 <DIR> d-------- c:\documents and settings\Ronksi\Application Data\BSplayer

2009-01-16 11:41 . 2009-01-16 11:41 323,584 --a------ c:\windows\system32\AUDIOGENIE2.DLL

2009-01-16 11:40 . 2009-01-16 11:40 <DIR> d-------- c:\windows\Freecorder Toolbar

2009-01-16 11:39 . 2009-01-16 11:39 <DIR> d-------- c:\windows\Replay Media Catcher

2009-01-16 11:39 . 2009-01-16 11:42 <DIR> d-------- c:\program files\Replay Media Catcher

2009-01-16 11:38 . 2009-01-16 11:38 <DIR> d-------- c:\windows\Applian FLV Player

2009-01-16 11:38 . 2009-01-16 11:43 <DIR> d-------- c:\program files\FLV Player

2009-01-14 16:56 . 2008-08-19 18:08 1,435,272 --a------ c:\windows\system32\Flash8.ocx

2009-01-12 13:24 . 2009-01-12 13:25 <DIR> d-------- c:\documents and settings\Ronksi\Application Data\Super-Cow

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-01 23:02 --------- d-----w c:\documents and settings\Ronksi\Application Data\Skype

2009-02-01 21:03 --------- d-----w c:\documents and settings\Ronksi\Application Data\skypePM

2009-02-01 21:02 --------- d-----w c:\documents and settings\Ronksi\Application Data\VoozieMaker

2009-02-01 05:57 --------- d-----w c:\program files\a-squared Anti-Malware

2009-01-30 01:06 --------- d-----w c:\documents and settings\Ronksi\Application Data\ICQ

2009-01-29 10:33 --------- d-----w c:\documents and settings\Ronksi\Application Data\Any Video Converter

2009-01-28 23:39 --------- d-----w c:\program files\multiskype

2009-01-28 04:51 --------- d-----w c:\program files\Common Files\Skype

2009-01-28 04:51 --------- d-----w c:\documents and settings\All Users\Application Data\Skype

2009-01-28 04:51 --------- d-----r c:\program files\Skype

2009-01-28 00:12 --------- d-----w c:\documents and settings\All Users\Application Data\Make A Voozie

2009-01-27 20:45 --------- d-----w c:\program files\IncrediGames

2009-01-27 20:36 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-01-23 02:35 --------- d-----w c:\program files\Winamp

2009-01-22 20:24 --------- d-----w c:\program files\Java

2009-01-19 01:10 --------- d-----w c:\program files\Favorite-Games

2009-01-15 01:37 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-13 07:00 --------- d-----w c:\program files\SA Dictionary 2004 Datacenter

2009-01-12 21:56 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-01-12 21:23 --------- d-----w c:\program files\Oberon Media

2009-01-12 02:56 --------- d-----w c:\documents and settings\Ronksi\Application Data\Flood Light Games

2009-01-12 02:56 --------- d-----w c:\documents and settings\All Users\Application Data\Flood Light Games

2009-01-09 21:45 --------- d-----w c:\documents and settings\Ronksi\Application Data\Winamp

2008-12-28 02:30 --------- d-----w c:\program files\Common Files\BOONTY Shared

2008-12-16 01:56 --------- d-----w c:\program files\ESET

2008-12-12 02:41 --------- d-----w c:\documents and settings\Ronksi\Application Data\Nokia

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]

"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-05-19 832824]

"BitComet"="c:\program files\BitComet\BitComet.exe" [2005-09-07 2600960]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]

"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-13 7323648]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-13 86016]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]

"Make A Voozie"="c:\documents and settings\All Users\Application Data\Make A Voozie\VoozieMaker.exe" [2008-02-20 64000]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]

"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]

"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2009-01-27 2784912]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]

"nwiz"="nwiz.exe" [2005-12-13 c:\windows\system32\nwiz.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 c:\windows\RTHDCPL.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/13/2004 5:44:06 PM 29696]

FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [8/8/2008 10:32:40 PM 145920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-20 22:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinSpooler32]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\Program Files\\ICQ6\\ICQ.exe"=

"c:\\Program Files\\Magentic\\bin\\magentic_install.exe"=

"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=

"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=

"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=

"c:\\WINDOWS\\ServicePackFiles\\i386\\tcptest.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 7:21:56 AM 33800]

R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [6/9/2008 9:33:20 PM 428160]

R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 7:21:16 AM 468224]

R4 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 3:56:58 PM 14336]

S4 WinSpooler32;Windows System Memory Manager;"c:\windows\system\smsc32.exe" --> c:\windows\system\smsc32.exe [?]

.

Contents of the 'Scheduled Tasks' folder

2009-02-01 c:\windows\Tasks\User_Feed_Synchronization-{1A65FC88-7467-47E1-B9DD-5D27F270F940}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mystart.magentic.com/english/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {22A2CADE-1F4B-4E19-BC3F-24888EE7672D} = 84.238.220.1

DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} - hxxp://www.quest3d.com/webplugin/download/quest3dactivex2.cab

DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://piclens.com/shared/plinstll.cab

FF - ProfilePath - c:\documents and settings\Ronksi\Application Data\Mozilla\Firefox\Profiles\tb3x7mbd.default\

FF - prefs.js: browser.search.selectedEngine - Google.bg

FF - prefs.js: browser.startup.homepage - hxxp://mystart.magentic.com/

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-01 15:02:15

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)

c:\program files\AlienGUIse\fastload.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\a-squared Anti-Malware\a2service.exe

c:\windows\ATKKBService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe

c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe

c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\MSN Messenger\usnsvc.exe

.

**************************************************************************

.

Completion time: 2009-02-01 15:04:38 - machine was rebooted

ComboFix-quarantined-files.txt 2009-02-01 23:04:17

ComboFix2.txt 2009-02-01 21:06:16

Pre-Run: 5,464,420,352 bytes free

Post-Run: 5,464,326,144 bytes free

208 --- E O F --- 2008-06-08 10:07:01

Malwarebytes' Anti-Malware 1.33

Database version: 1712

Windows 5.1.2600 Service Pack 3

2009-02-01 15:11:12

mbam-log-2009-02-01 (15-11-12).txt

Scan type: Quick Scan

Objects scanned: 50873

Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 12

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 2

Files Infected: 17

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\WINDOWS\RSM (Spyware.RealSpyMonitor) -> Quarantined and deleted successfully.

C:\Program Files\Real Spy Monitor (Spyware.RealSpyMonitor) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\RSM\1.jpg (Spyware.RealSpyMonitor) -> Quarantined and deleted successfully.

C:\WINDOWS\RSM\10.jpg (Spyware.RealSpyMonitor) -> Quarantined and deleted successfully.

C:\WINDOWS\RSM\11.jpg (Spyware.RealSpyMonitor) -> Quarantined and deleted successfully.

C:\WINDOWS\RSM\12.jpg (Spyware.RealSpyMonitor) -> Quarantined and deleted successfully.

C:\WINDOWS\RSM\13.jpg (Spyware.RealSpyMonitor) -> Quarantined and deleted successfully.

C:\WINDOWS\RSM\2.jpg (Spyware.RealSpyMonitor) -> Quarantined and deleted successfully.

C:\WINDOWS\RSM\3.jpg (Spyware.RealSpyMonitor) -> Quarantined and deleted successfully.

C:\WINDOWS\RSM\4.jpg (Spyware.RealSpyMonitor) -> Quarantined and deleted successfully.

C:\WINDOWS\RSM\5.jpg (Spyware.RealSpyMonitor) -> Quarantined and deleted successfully.

C:\WINDOWS\RSM\6.jpg (Spyware.RealSpyMonitor) -> Quarantined and deleted successfully.

C:\WINDOWS\RSM\7.jpg (Spyware.RealSpyMonitor) -> Quarantined and deleted successfully.

C:\WINDOWS\RSM\8.jpg (Spyware.RealSpyMonitor) -> Quarantined and deleted successfully.

C:\WINDOWS\RSM\9.jpg (Spyware.RealSpyMonitor) -> Quarantined and deleted successfully.

C:\WINDOWS\RSM\Filelog.txt (Spyware.RealSpyMonitor) -> Quarantined and deleted successfully.

C:\WINDOWS\RSM\Photo.txt (Spyware.RealSpyMonitor) -> Quarantined and deleted successfully.

C:\WINDOWS\RSM\ProgramEnd.txt (Spyware.RealSpyMonitor) -> Quarantined and deleted successfully.

C:\WINDOWS\RSM\Title.txt (Spyware.RealSpyMonitor) -> Quarantined and deleted successfully.

Ужас...

1. Изтеглете ATF-Cleaner

2. Запишете я на произволно място.

3. Стартирайте файла (не е нужна инсталация) . Ще са необходими администраторски права (особено при Windows Vista).

4. Сложете отметки на всички редове, освен на Prefetch и изберете Empty Selected.

След това:

Отвори Notepad и въведи следното:

Killall::


Rootkit::

c:\windows\system\smsc32.exe


Driver::

WinSpooler32


Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinSpooler32]

След, което знаеш процедурата.

Накрая следвай тези инструкции:

http://www.eset.bg/forum/viewtopic.php?f=5...e19f74679e71bdc

ComboFix 09-01-31.01 - Ronksi 2009-02-01 15:49:11.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.1023.607 [GMT -8:00]

Running from: c:\documents and settings\Ronksi\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Ronksi\Desktop\CFScript.txt

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system\smsc32.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_WINSPOOLER32

-------\Service_WinSpooler32

((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))))

.

2009-02-01 15:07 . 2009-02-01 15:07 <DIR> d-------- c:\documents and settings\Ronksi\Application Data\Malwarebytes

2009-02-01 15:06 . 2009-02-01 15:12 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-02-01 15:06 . 2009-02-01 15:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-02-01 15:06 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-01 15:06 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-01 13:20 . 2009-02-01 13:20 <DIR> d-------- c:\documents and settings\Ronksi\dwhelper

2009-01-28 20:02 . 2009-01-28 20:02 <DIR> d-------- c:\program files\Sagasoft

2009-01-27 18:26 . 2009-01-27 20:03 <DIR> d-------- c:\program files\MSN Messenger

2009-01-27 17:17 . 2009-01-27 17:30 <DIR> d-------- c:\documents and settings\Ronksi\Contacts

2009-01-27 16:31 . 2009-01-27 16:32 <DIR> d-------- c:\documents and settings\Ronksi\Application Data\MSNInstaller

2009-01-27 15:52 . 2009-01-27 15:52 <DIR> d-------- c:\program files\Common Files\Windows Live

2009-01-27 13:35 . 2009-01-27 13:35 <DIR> d--hs---- C:\found.000

2009-01-27 13:30 . 2009-01-27 13:30 <DIR> d-------- c:\program files\Adobe Media Player

2009-01-22 15:37 . 2009-02-01 12:54 <DIR> d-------- c:\documents and settings\multiskype.RONKSI\Application Data\Skype

2009-01-22 15:37 . 2009-01-27 13:32 <DIR> d-------- c:\documents and settings\multiskype.RONKSI

2009-01-22 12:43 . 2008-10-16 12:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

2009-01-22 12:43 . 2008-10-16 12:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

2009-01-22 12:43 . 2008-10-16 12:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

2009-01-22 12:43 . 2008-10-16 12:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2009-01-22 12:43 . 2008-10-16 12:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

2009-01-22 12:43 . 2008-10-16 05:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

2009-01-22 12:42 . 2008-10-16 12:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll

2009-01-22 12:42 . 2007-04-17 01:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

2009-01-22 12:42 . 2007-03-07 21:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

2009-01-22 12:25 . 2009-01-22 12:24 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-17 17:41 . 2009-01-17 17:41 <DIR> d-------- c:\program files\Webteh

2009-01-17 17:41 . 2009-01-17 17:43 <DIR> d-------- c:\program files\BS.Player ControlBar

2009-01-17 17:41 . 2009-01-17 17:41 <DIR> d-------- c:\documents and settings\Ronksi\Application Data\BSplayer Pro

2009-01-17 17:41 . 2009-01-17 20:23 <DIR> d-------- c:\documents and settings\Ronksi\Application Data\BSplayer

2009-01-16 11:41 . 2009-01-16 11:41 323,584 --a------ c:\windows\system32\AUDIOGENIE2.DLL

2009-01-16 11:40 . 2009-01-16 11:40 <DIR> d-------- c:\windows\Freecorder Toolbar

2009-01-16 11:39 . 2009-01-16 11:39 <DIR> d-------- c:\windows\Replay Media Catcher

2009-01-16 11:39 . 2009-01-16 11:42 <DIR> d-------- c:\program files\Replay Media Catcher

2009-01-16 11:38 . 2009-01-16 11:38 <DIR> d-------- c:\windows\Applian FLV Player

2009-01-16 11:38 . 2009-01-16 11:43 <DIR> d-------- c:\program files\FLV Player

2009-01-14 16:56 . 2008-08-19 18:08 1,435,272 --a------ c:\windows\system32\Flash8.ocx

2009-01-12 13:24 . 2009-01-12 13:25 <DIR> d-------- c:\documents and settings\Ronksi\Application Data\Super-Cow

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-01 23:53 --------- d-----w c:\documents and settings\Ronksi\Application Data\Skype

2009-02-01 21:03 --------- d-----w c:\documents and settings\Ronksi\Application Data\skypePM

2009-02-01 21:02 --------- d-----w c:\documents and settings\Ronksi\Application Data\VoozieMaker

2009-02-01 05:57 --------- d-----w c:\program files\a-squared Anti-Malware

2009-01-30 01:06 --------- d-----w c:\documents and settings\Ronksi\Application Data\ICQ

2009-01-29 10:33 --------- d-----w c:\documents and settings\Ronksi\Application Data\Any Video Converter

2009-01-28 23:39 --------- d-----w c:\program files\multiskype

2009-01-28 04:51 --------- d-----w c:\program files\Common Files\Skype

2009-01-28 04:51 --------- d-----w c:\documents and settings\All Users\Application Data\Skype

2009-01-28 04:51 --------- d-----r c:\program files\Skype

2009-01-28 00:12 --------- d-----w c:\documents and settings\All Users\Application Data\Make A Voozie

2009-01-27 20:45 --------- d-----w c:\program files\IncrediGames

2009-01-27 20:36 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-01-23 02:35 --------- d-----w c:\program files\Winamp

2009-01-22 20:24 --------- d-----w c:\program files\Java

2009-01-19 01:10 --------- d-----w c:\program files\Favorite-Games

2009-01-15 01:37 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-13 07:00 --------- d-----w c:\program files\SA Dictionary 2004 Datacenter

2009-01-12 21:56 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-01-12 21:23 --------- d-----w c:\program files\Oberon Media

2009-01-12 02:56 --------- d-----w c:\documents and settings\Ronksi\Application Data\Flood Light Games

2009-01-12 02:56 --------- d-----w c:\documents and settings\All Users\Application Data\Flood Light Games

2009-01-09 21:45 --------- d-----w c:\documents and settings\Ronksi\Application Data\Winamp

2008-12-28 02:30 --------- d-----w c:\program files\Common Files\BOONTY Shared

2008-12-16 01:56 --------- d-----w c:\program files\ESET

2008-12-12 02:41 --------- d-----w c:\documents and settings\Ronksi\Application Data\Nokia

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]

"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-05-19 832824]

"BitComet"="c:\program files\BitComet\BitComet.exe" [2005-09-07 2600960]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]

"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-13 7323648]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-13 86016]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]

"Make A Voozie"="c:\documents and settings\All Users\Application Data\Make A Voozie\VoozieMaker.exe" [2008-02-20 64000]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]

"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]

"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2009-01-27 2784912]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]

"nwiz"="nwiz.exe" [2005-12-13 c:\windows\system32\nwiz.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 c:\windows\RTHDCPL.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/13/2004 5:44:06 PM 29696]

FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [8/8/2008 10:32:40 PM 145920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-20 22:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\Program Files\\ICQ6\\ICQ.exe"=

"c:\\Program Files\\Magentic\\bin\\magentic_install.exe"=

"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=

"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=

"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=

"c:\\WINDOWS\\ServicePackFiles\\i386\\tcptest.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 7:21:56 AM 33800]

R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [6/9/2008 9:33:20 PM 428160]

R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 7:21:16 AM 468224]

R4 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 3:56:58 PM 14336]

.

Contents of the 'Scheduled Tasks' folder

2009-02-01 c:\windows\Tasks\User_Feed_Synchronization-{1A65FC88-7467-47E1-B9DD-5D27F270F940}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mystart.magentic.com/english/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {22A2CADE-1F4B-4E19-BC3F-24888EE7672D} = 84.238.220.1

DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} - hxxp://www.quest3d.com/webplugin/download/quest3dactivex2.cab

DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://piclens.com/shared/plinstll.cab

FF - ProfilePath - c:\documents and settings\Ronksi\Application Data\Mozilla\Firefox\Profiles\tb3x7mbd.default\

FF - prefs.js: browser.search.selectedEngine - Google.bg

FF - prefs.js: browser.startup.homepage - hxxp://mystart.magentic.com/

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-01 15:52:45

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)

c:\program files\AlienGUIse\fastload.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\savedump.exe

c:\program files\a-squared Anti-Malware\a2service.exe

c:\windows\ATKKBService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe

c:\program files\MSN Messenger\usnsvc.exe

.

**************************************************************************

.

Completion time: 2009-02-01 15:55:45 - machine was rebooted

ComboFix-quarantined-files.txt 2009-02-01 23:55:23

ComboFix2.txt 2009-02-01 23:04:40

ComboFix3.txt 2009-02-01 21:06:16

Pre-Run: 5,659,058,176 bytes free

Post-Run: 5,640,105,984 bytes free

203 --- E O F --- 2008-06-08 10:07:01

Tолкова ли е зле ? sad.gifsad.gifsad.gif

хммм направих всичо и инструкциите изпулних без една която беше за програмата Ewido micro защото тя не ми тръгва въобще и пише на нея отгоре на прозореца Ерор и толкова и не зарежда иначе сичко друго направих ей сега преди малко свърши сканирането през Safe mode и сканира почти час и нещо и така ... сега да правя ли нещо или ?

ей това ми излезна точно преди 5 мин явно нешата отиват на зле ? ? ?

untitled.bmp

хммм направих всичо и инструкциите изпулних без една която беше за програмата Ewido micro защото тя не ми тръгва въобще и пише на нея отгоре на прозореца Ерор и толкова и не зарежда иначе сичко друго направих ей сега преди малко свърши сканирането през Safe mode и сканира почти час и нещо и така ... сега да правя ли нещо или ?

ей това ми излезна точно преди 5 мин явно нешата отиват на зле ? ? ?

Явно NOD32 е изтрил нещо, но искам да видя какво точно. Влез в ESET NOD32 Antivirus, в долния ляв ъгъл цъкни на Change... и избери Advanced Mode. След това, влез в Tools -> Log Files срещу Log: посочи On-demand computer scan и кликни два пъти върху най-горния ред ще ти се отвори един прозорец. Върху празно място, цъкни десен бутон на мишката и избери Copy all, нека се копира всичко. И постави копирането в следващия си пост тук. Мисля, че ComboFix оправи проблема, но нека видим и NOD32 какво е открил.

Scan Log

Version of virus signature database: 3815 (20090131)

Date: 2009-01-31 Time: 8:21:43 PM

Scanned disks, folders and files: C:\;D:\

C:\pagefile.sys - error opening [4]

C:\Documents and Settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_eng.exe » 7ZIP » - error reading archive

C:\Documents and Settings\LocalService\NTUSER.DAT - error opening [4]

C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening [4]

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]

C:\Documents and Settings\multiskype.RONKSI\ntuser.dat - error opening [4]

C:\Documents and Settings\multiskype.RONKSI\NTUSER.DAT.LOG - error opening [4]

C:\Documents and Settings\multiskype.RONKSI\Application Data\Skype\irena.sladkata\call256.dbb - error opening [4]

C:\Documents and Settings\multiskype.RONKSI\Application Data\Skype\irena.sladkata\callmember256.dbb - error opening [4]

C:\Documents and Settings\multiskype.RONKSI\Application Data\Skype\irena.sladkata\chat256.dbb - error opening [4]

C:\Documents and Settings\multiskype.RONKSI\Application Data\Skype\irena.sladkata\chat512.dbb - error opening [4]

C:\Documents and Settings\multiskype.RONKSI\Application Data\Skype\irena.sladkata\chatmember256.dbb - error opening [4]

C:\Documents and Settings\multiskype.RONKSI\Application Data\Skype\irena.sladkata\chatmsg256.dbb - error opening [4]

C:\Documents and Settings\multiskype.RONKSI\Application Data\Skype\irena.sladkata\chatmsg512.dbb - error opening [4]

C:\Documents and Settings\multiskype.RONKSI\Application Data\Skype\irena.sladkata\contactgroup256.dbb - error opening [4]

C:\Documents and Settings\multiskype.RONKSI\Application Data\Skype\irena.sladkata\index2.dat - error opening [4]

C:\Documents and Settings\multiskype.RONKSI\Application Data\Skype\irena.sladkata\main.lock - error opening [4]

C:\Documents and Settings\multiskype.RONKSI\Application Data\Skype\irena.sladkata\profile16384.dbb - error opening [4]

C:\Documents and Settings\multiskype.RONKSI\Application Data\Skype\irena.sladkata\user1024.dbb - error opening [4]

C:\Documents and Settings\multiskype.RONKSI\Application Data\Skype\irena.sladkata\user16384.dbb - error opening [4]

C:\Documents and Settings\multiskype.RONKSI\Application Data\Skype\irena.sladkata\user256.dbb - error opening [4]

C:\Documents and Settings\multiskype.RONKSI\Application Data\Skype\irena.sladkata\user32768.dbb - error opening [4]

C:\Documents and Settings\multiskype.RONKSI\Application Data\Skype\irena.sladkata\user4096.dbb - error opening [4]

C:\Documents and Settings\multiskype.RONKSI\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]

C:\Documents and Settings\multiskype.RONKSI\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]

C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening [4]

C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening [4]

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]

C:\Documents and Settings\Ronksi\ntuser.dat - error opening [4]

C:\Documents and Settings\Ronksi\NTUSER.DAT.LOG - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\ICQ\Application.mdb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\ICQ\486418997\Messages.mdb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\ICQ\486418997\Owner.mdb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\call256.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\callmember256.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\chat1024.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\chat2048.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\chat256.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\chat4096.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\chat512.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\chat8192.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\chatmember256.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\chatmsg1024.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\chatmsg16384.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\chatmsg2048.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\chatmsg256.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\chatmsg32768.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\chatmsg4096.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\chatmsg512.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\chatmsg8192.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\contactgroup256.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\conversation256.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\index2.dat - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\main.lock - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\participant256.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\profile16384.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\transfer256.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\transfer512.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\user1024.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\user16384.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\user256.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\user32768.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\user4096.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Application Data\Skype\ronksi\voicemail256.dbb - error opening [4]

C:\Documents and Settings\Ronksi\Cookies\[email protected][1].txt » MIME - is OK (internal scanning not performed)

C:\Documents and Settings\Ronksi\Cookies\ronksi@mylivepage[2].txt » MIME - is OK (internal scanning not performed)

C:\Documents and Settings\Ronksi\Local Settings\Application Data\Identities\{254F66E2-76D0-4B2B-8B4F-4830207973AE}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)

C:\Documents and Settings\Ronksi\Local Settings\Application Data\Identities\{254F66E2-76D0-4B2B-8B4F-4830207973AE}\Microsoft\Outlook Express\Outbox.dbx » DBX - is OK (internal scanning not performed)

C:\Documents and Settings\Ronksi\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat - error opening [4]

C:\Documents and Settings\Ronksi\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_F2B8_290A_B828_CEC3\dfsr.db - error opening [4]

C:\Documents and Settings\Ronksi\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_F2B8_290A_B828_CEC3\fsr.log - error opening [4]

C:\Documents and Settings\Ronksi\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_F2B8_290A_B828_CEC3\fsrtmp.log - error opening [4]

C:\Documents and Settings\Ronksi\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_F2B8_290A_B828_CEC3\tmp.edb - error opening [4]

C:\Documents and Settings\Ronksi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]

C:\Documents and Settings\Ronksi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]

C:\Documents and Settings\Ronksi\Local Settings\Temp\JET2E3F.tmp - error opening [4]

C:\Documents and Settings\Ronksi\Local Settings\Temp\Nokia_PC_Suite_rel_6_86_9_3_eng.exe » 7ZIP » - error reading archive

C:\Documents and Settings\Ronksi\Local Settings\Temp\ICQ603_25_52\toolbarfirefox\chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Documents and Settings\Ronksi\Local Settings\Temp\ICQ617_34_20\toolbarfirefox\chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Documents and Settings\Ronksi\Local Settings\Temporary Internet Files\Content.IE5\GZ0A2CVN\.eml[1] » MIME - is OK (internal scanning not performed)

C:\Documents and Settings\Ronksi\Local Settings\Temporary Internet Files\Content.IE5\IXZ0LK32\.eml[1] » MIME - is OK (internal scanning not performed)

C:\Documents and Settings\Ronksi\Local Settings\Temporary Internet Files\Content.IE5\P80W99EF\zone[1] - error opening [4]

C:\Program Files\Ahead\Nero\CDI\CDI_VCD.CFG » MIME - is OK (internal scanning not performed)

C:\Program Files\BitComet\fav\search_en_us.mht » MIME - is OK (internal scanning not performed)

C:\Program Files\BitComet\fav\search_zh_cn.mht » MIME - is OK (internal scanning not performed)

C:\Program Files\BS.Player ControlBar\bsplayer234.980_clip.exe » NSIS » cmdline.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_01\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_01\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_01\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_01\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_02\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_02\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_02\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_02\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_03\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_05\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_05\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_05\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_05\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_07\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_07\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_07\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_07\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Mozilla Firefox\Firefox Setup 3.0.5.exe » 7ZIP » nonlocalized/chrome/browser.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Mozilla Firefox\Firefox Setup 3.0.5.exe » 7ZIP » nonlocalized/chrome/comm.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Mozilla Firefox\Firefox Setup 3.0.5.exe » 7ZIP » nonlocalized/chrome/pippki.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Mozilla Firefox\Firefox Setup 3.0.5.exe » 7ZIP » nonlocalized/chrome/reporter.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Mozilla Firefox\Firefox Setup 3.0.5.exe » 7ZIP » nonlocalized/chrome/toolkit.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Mozilla Firefox\chrome\browser.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Mozilla Firefox\chrome\reporter.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Mozilla Firefox\chrome\toolkit.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Nero\Nero Burning ROM 6.6.1.4.exe » RAR » Nero\CDI\CDI_VCD.CFG » MIME - is OK (internal scanning not performed)

C:\Program Files\Nero\Nero Burning ROM 6.6.1.4.exe » RAR » setup\Eula_esm.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Nero\Nero Burning ROM 6.6.1.4.exe » RAR » setup\Eula_esp.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Nero\Nero Burning ROM 6.6.1.4.exe » RAR » setup\Eula_fra.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Nero\Nero Burning ROM 6.6.1.4.exe » RAR » setup\Eula_frc.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Nero\Nero Burning ROM 6.6.1.4.exe » RAR » setup\Eula_ita.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Nero\Nero Burning ROM 6.6.1.4.exe » RAR » setup\Eula_ptg.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Nokia\Nokia_PC_Suite_rel_6_85_14_1_eng_web.exe » 7ZIP » - error reading archive

C:\Program Files\Webteh\BSplayer\doc\cmdline.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Winamp\winamp5531_full_emusic-7plus_en-us.exe » NSIS » file.bin - error - unknown compression method

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Data\Sea_Bottom.eld - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Data\Cam_Track1.evd - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Data\Map.emp - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\boat.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\Capt.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\CaptWall.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\dfg.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\fish1.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\jakor.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\parusa.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\rock01.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\rock03.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\rock04.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\rock05.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\rock06.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\rock07.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\shark.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\shell2.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\Ship.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\skala1.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\stone1.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\Trum.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\TrumWall.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\TST.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\vodor10.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\vodor2.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\vodor8.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\vodor9.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\fish1.ESA - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\Parusa.ESA - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\shark.ESA - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\TST.esa - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\vodor10.esa - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\vodor2.ESA - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\vodor8.ESA - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\vodor9.ESA - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\Sphere.ms3d - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\fish2.ESA - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\fish2.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\fish3.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\fish3.ESA - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\FISH4.ESA - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\FISH4.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\FISH5.ESA - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Meshes\FISH5.EMD - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\ground03.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\Plankton.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\Rays.bmp - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust11.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust12.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust13.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust14.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust15.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust16.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust17.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust18.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust19.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust20.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust21.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust22.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust23.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust24.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust25.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust26.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust27.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust28.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust29.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust30.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust31.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust00.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust01.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust02.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust03.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust04.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust05.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust06.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust07.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust08.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust09.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\caust10.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\Sun.JPG - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\Cur.BMP - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\Cur_alpha.BMP - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\InfoBar.BMP - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\Sphere.bmp - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\bruki.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\carpet_fancy3.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\flag.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\fuc.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\glass.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\green01.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\lam01.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\lam02.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\lam03.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\odeshda.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\plav01.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\red01.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\red02.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\red03.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\rukav.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\trunk1drk.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\wodorosli.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\wood03.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\wood04.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\bed.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\bochka.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\book.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\book_c02.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\book_c03.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\book_c04.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\bottle.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\bottle2.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\candle.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\corona.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\cwood_mo5c.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\debri_m01.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\desk_c04.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\door01.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\fish01.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\gold.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\gold2.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\kanat.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\kuvsh.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\lantern.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\meshok.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\metal01.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\metall01.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\minen_post.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\pattern_marq1.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\PLATE.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\pol_02.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\potolok.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\rock.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\ROCK01.JPG - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\shark.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\shell.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\shell2.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\skilet.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\skull.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\sp_wdtrim_townhall.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\sunduk.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\text.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\tool_m02.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\trim_c09.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\w_01.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\w_02.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\w_03.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\w_04.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\w_05.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\w_06.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\w_07.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\w_09.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\w_10.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\w_11.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\wood_c06.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\wood_c11.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\wood_nar.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\wood_nar2.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\wood01.JPG - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\wood06.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\wood08.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\wood09.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\yashik.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\loader.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\fish02.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\fish03.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\fish04.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\fish05.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\plav02.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\plav03.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\plav04.tga - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\White.JPG - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\Bubbles.jpg - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\oceangradient.bmp - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\mpcarentan_up.JPG - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » Texture\Waterbump3.JPG - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » shaders\OceanWater.psh - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\Pirate Ship 3D Screensaver.scr » RAR » shaders\OceanWater.vsh - Incorrect file checksum (CRC); the file is probably password protected.

C:\WINDOWS\system32\CatRoot2\edb.log - error opening [4]

C:\WINDOWS\system32\CatRoot2\edbtmp.log - error opening [4]

C:\WINDOWS\system32\CatRoot2\tmp.edb - error opening [4]

C:\WINDOWS\system32\config\default - error opening [4]

C:\WINDOWS\system32\config\default.LOG - error opening [4]

C:\WINDOWS\system32\config\SAM - error opening [4]

C:\WINDOWS\system32\config\SAM.LOG - error opening [4]

C:\WINDOWS\system32\config\SECURITY - error opening [4]

C:\WINDOWS\system32\config\SECURITY.LOG - error opening [4]

C:\WINDOWS\system32\config\software - error opening [4]

C:\WINDOWS\system32\config\software.LOG - error opening [4]

C:\WINDOWS\system32\config\system - error opening [4]

C:\WINDOWS\system32\config\system.LOG - error opening [4]

C:\WINDOWS\system32\drivers\sptd.sys - error opening [4]

D:\ba5a460b943155c3eff25d\admparse.dll - error opening [4]

D:\ba5a460b943155c3eff25d\admparse.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\advpack.dll - error opening [4]

D:\ba5a460b943155c3eff25d\advpack.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\browseui.dll - error opening [4]

D:\ba5a460b943155c3eff25d\corpol.dll - error opening [4]

D:\ba5a460b943155c3eff25d\custsat.dll - error opening [4]

D:\ba5a460b943155c3eff25d\dxtmsft.dll - error opening [4]

D:\ba5a460b943155c3eff25d\dxtrans.dll - error opening [4]

D:\ba5a460b943155c3eff25d\extmgr.dll - error opening [4]

D:\ba5a460b943155c3eff25d\extmgr.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\feeddisc.wav - error opening [4]

D:\ba5a460b943155c3eff25d\hmmapi.dll - error opening [4]

D:\ba5a460b943155c3eff25d\hmmapi.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\html.iec - error opening [4]

D:\ba5a460b943155c3eff25d\html.iec.mui - error opening [4]

D:\ba5a460b943155c3eff25d\icardie.dll - error opening [4]

D:\ba5a460b943155c3eff25d\icardie.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\icrav03.rat - error opening [4]

D:\ba5a460b943155c3eff25d\ie4uinit.exe - error opening [4]

D:\ba5a460b943155c3eff25d\ie4uinit.exe.mui - error opening [4]

D:\ba5a460b943155c3eff25d\ieakeng.dll - error opening [4]

D:\ba5a460b943155c3eff25d\ieakeng.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\ieakmmc.chm - error opening [4]

D:\ba5a460b943155c3eff25d\ieaksie.dll - error opening [4]

D:\ba5a460b943155c3eff25d\ieaksie.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\ieakui.dll - error opening [4]

D:\ba5a460b943155c3eff25d\ieakui.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\ieapfltr.dat - error opening [4]

D:\ba5a460b943155c3eff25d\ieapfltr.dll - error opening [4]

D:\ba5a460b943155c3eff25d\iedkcs32.dll - error opening [4]

D:\ba5a460b943155c3eff25d\iedkcs32.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\iedw.exe - error opening [4]

D:\ba5a460b943155c3eff25d\iedw.exe.mui - error opening [4]

D:\ba5a460b943155c3eff25d\ieencode.dll - error opening [4]

D:\ba5a460b943155c3eff25d\ieeula.chm - error opening [4]

D:\ba5a460b943155c3eff25d\ieframe.dll - error opening [4]

D:\ba5a460b943155c3eff25d\ieframe.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\iepeers.dll - error opening [4]

D:\ba5a460b943155c3eff25d\iepeers.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\ieproxy.dll - error opening [4]

D:\ba5a460b943155c3eff25d\iernonce.dll - error opening [4]

D:\ba5a460b943155c3eff25d\iernonce.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\iertutil.dll - error opening [4]

D:\ba5a460b943155c3eff25d\iesetup.dll - error opening [4]

D:\ba5a460b943155c3eff25d\iesetup.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\iesupp.chm - error opening [4]

D:\ba5a460b943155c3eff25d\ieudinit.exe - error opening [4]

D:\ba5a460b943155c3eff25d\ieui.dll - error opening [4]

D:\ba5a460b943155c3eff25d\ieui.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\ieuinit.inf - error opening [4]

D:\ba5a460b943155c3eff25d\ieunatt.exe.mui - error opening [4]

D:\ba5a460b943155c3eff25d\iexplore.chm - error opening [4]

D:\ba5a460b943155c3eff25d\iexplore.exe - error opening [4]

D:\ba5a460b943155c3eff25d\iexplore.exe.mui - error opening [4]

D:\ba5a460b943155c3eff25d\imgutil.dll - error opening [4]

D:\ba5a460b943155c3eff25d\inetcorp.iem - error opening [4]

D:\ba5a460b943155c3eff25d\inetcpl.cpl - error opening [4]

D:\ba5a460b943155c3eff25d\inetcpl.cpl.mui - error opening [4]

D:\ba5a460b943155c3eff25d\inetres.adm - error opening [4]

D:\ba5a460b943155c3eff25d\inetset.iem - error opening [4]

D:\ba5a460b943155c3eff25d\infobar.wav - error opening [4]

D:\ba5a460b943155c3eff25d\inseng.dll - error opening [4]

D:\ba5a460b943155c3eff25d\inseng.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\install.ins - error opening [4]

D:\ba5a460b943155c3eff25d\jscript.dll - error opening [4]

D:\ba5a460b943155c3eff25d\jsproxy.dll - error opening [4]

D:\ba5a460b943155c3eff25d\licmgr10.dll - error opening [4]

D:\ba5a460b943155c3eff25d\licmgr10.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\msfeeds.dll - error opening [4]

D:\ba5a460b943155c3eff25d\msfeeds.mof - error opening [4]

D:\ba5a460b943155c3eff25d\msfeedsbs.dll - error opening [4]

D:\ba5a460b943155c3eff25d\msfeedsbs.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\msfeedsbs.mof - error opening [4]

D:\ba5a460b943155c3eff25d\msfeedssync.exe - error opening [4]

D:\ba5a460b943155c3eff25d\mshta.exe - error opening [4]

D:\ba5a460b943155c3eff25d\mshta.exe.mui - error opening [4]

D:\ba5a460b943155c3eff25d\mshtml.dll - error opening [4]

D:\ba5a460b943155c3eff25d\mshtml.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\mshtml.tlb - error opening [4]

D:\ba5a460b943155c3eff25d\mshtmled.dll - error opening [4]

D:\ba5a460b943155c3eff25d\mshtmled.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\mshtmler.dll - error opening [4]

D:\ba5a460b943155c3eff25d\mshtmler.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\msls31.dll - error opening [4]

D:\ba5a460b943155c3eff25d\msrating.dll - error opening [4]

D:\ba5a460b943155c3eff25d\msrating.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\mstime.dll - error opening [4]

D:\ba5a460b943155c3eff25d\navstart.wav - error opening [4]

D:\ba5a460b943155c3eff25d\occache.dll - error opening [4]

D:\ba5a460b943155c3eff25d\occache.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\occache.ini - error opening [4]

D:\ba5a460b943155c3eff25d\pngfilt.dll - error opening [4]

D:\ba5a460b943155c3eff25d\popupblk.wav - error opening [4]

D:\ba5a460b943155c3eff25d\shdocvw.dll - error opening [4]

D:\ba5a460b943155c3eff25d\shlwapi.dll - error opening [4]

D:\ba5a460b943155c3eff25d\spmsg.dll - error opening [4]

D:\ba5a460b943155c3eff25d\spuninst.exe - error opening [4]

D:\ba5a460b943155c3eff25d\spupdsvc.exe - error opening [4]

D:\ba5a460b943155c3eff25d\tdc.ocx - error opening [4]

D:\ba5a460b943155c3eff25d\ticrf.rat - error opening [4]

D:\ba5a460b943155c3eff25d\url.dll - error opening [4]

D:\ba5a460b943155c3eff25d\urlmon.dll - error opening [4]

D:\ba5a460b943155c3eff25d\urlmon.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\vbscript.dll - error opening [4]

D:\ba5a460b943155c3eff25d\vgx.dll - error opening [4]

D:\ba5a460b943155c3eff25d\webcheck.dll - error opening [4]

D:\ba5a460b943155c3eff25d\webcheck.dll.mui - error opening [4]

D:\ba5a460b943155c3eff25d\webcheck.ini - error opening [4]

D:\ba5a460b943155c3eff25d\winfxdocobj.exe - error opening [4]

D:\ba5a460b943155c3eff25d\winfxdocobj.exe.mui - error opening [4]

D:\ba5a460b943155c3eff25d\wininet.dll - error opening [4]

D:\ba5a460b943155c3eff25d\wininet.dll.mui - error opening [4]

D:\Dokumenti\Studio Dance Zone-ceni.mht » MIME - is OK (internal scanning not performed)

D:\Dokumenti\STUDIO DANCE ZONE-kontakti.mht » MIME - is OK (internal scanning not performed)

D:\Dokumenti\Studio Dance Zone.mht » MIME - is OK (internal scanning not performed)

D:\Dokumenti\Новините от днешния ден.mht » MIME - is OK (internal scanning not performed)

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\YS561401.CAB » CAB » VIDEO.MHT_1033 » MIME - is OK (internal scanning not performed)

Number of scanned objects: 394785

Number of threats found: 0

Time of completion: 9:59:45 PM Total scanning time: 5882 sec (01:38:02)

Notes:

[4] Object cannot be opened. It may be in use by another application or operating system.

Добре, мерси! Нека проверим, като за финал:

Изтеглете ESET SysInspector

http://www.eset.bg/download/sysinspector.html

- Стартирайте програмата чрез SysInspector.exe

Програмата ще започне да събира информация за ситуацията на машината Ви.

- Когато "Инспекторът" е готов и log файлът - генериран , изберете File > Save Log

- Потвърдете желанието си

Изберете да запазите файла някъде и след това го прикачете в:

http://www.4storing.com

И дайте линк за него.

Изтеглете Microsoft AutoRuns

http://download.sysinternals.com/Files/Autoruns.zip

Разархивирайте AutoRuns в негова собствена папка и стартирайте exe файла с име autoruns

1. Изберете Options -> Hide Microsoft Entries

2. Изберете File -> Refresh

3. Изберете File -> Export as

Изберете да запазите файла някъде и след това го прикачете в:

http://www.4storing.com

http://4storing.com/njjhj/e62c2781bfbcf253...48329ff273.html - ето го първото; действам по второто.

http://4storing.com/vv264/8c7eb99f27acd6b6...c32855816b.html - ето го и второто.

Редактирано от Wankata
Тук се пише на кирилица!!! (преглед на промените)

Ужас....

Отвори Notepad и въведи следното:

Killall::


File::

c:\windows\system32\vg.exe.exe

c:\windows\system\smsc32.exe

Заедно с лог файл, архивирай папката Qoobox, която се намира в C:\ и я качи в 4storing.com

След това, отвори AutoRuns и:

Махни отметките на следните редове:

+ DAEMON Tools Virtual DAEMON Manager DT Soft Ltd. c:\program files\daemon tools\daemon.exe

+ Domino Vimicro Vimicro c:\windows\domino.exe

+ Make A Voozie Surprize a friend with a creative message Smiling Giant Inc. c:\documents and settings\all users\application data\make a voozie\vooziemaker.exe

+ NeroFilterCheck NeroCheck Ahead Software Gmbh c:\windows\system32\nerocheck.exe

+ SunJavaUpdateSched Java™ Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre1.6.0_07\bin\jusched.exe

+ VMSnap3 ZSMCSNAP ZSMCSNAP c:\windows\vmsnap3.exe

+ WinampAgent c:\program files\winamp\winampa.exe

Кликни десен бутон върху следния ред и избери Delete:

+ abwv66kh File not found: C:\WINDOWS\System32\Drivers\abwv66kh.sys

След това, влез в Start -> Settings -> Control Panel -> Add or Remove Programs и деинсталирай:

Freecorder Toolbar 3.02 Application

NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)

ESET NOD32 Antivirus

http://4storing.com/kqyrl/ca04919d21b24851...e76b1ed6f5.html

така ето го линкчето , а въпросния файл + abwv66kh File not found: C:\WINDOWS\System32\Drivers\abwv66kh.sys 4-тири пъти проверих дали го има но го няма до тук всичко направих сега махам и тея от адд и ремув и съм готова ... има ли още ? sad.gif

Freecorder Toolbar 3.02 Application - за това като дам да се махне ми изписва някфа грешка че не може да се изтрие

Редактирано от ronksi (преглед на промените)

Здравейте, имам огромен проблем!Начинаеща съм с PCto и незная какво да правя?В компютъра ми бяха открити няколко троянски коне от антивирусната ми система,която е Аваст справих се някак си и ги изтрих,но един продължава да сигнализира.Аваста ми изписва това: Бе открит Malware файл име -C:\Users\geri\LOCALS~1\Temp\swhost.exe, Вирус име -Win32:VB-KYF [Drp],Dropper,давам му да го премести в клетката,но след 10мин пак ми се появява същото съобщение,така е от вчера и си мисля понеже детето е цъкнало някакъв файл по Скайпа от приятел,а същия човек казва,че не е изпращал нищо дори н е е бил на копютъра и Скайпа започна сам да прави някакви неща,да се появява сам и си мисля,че е от приетия файл,но проблема е че не мога да изтрия този вирус!Моля посъветвайте ме какво точно да направя и как по-сигурно да се защитя от подобни вируси!Освен всичко до тук в момента получавам съобщения от Аваст че са изпратени мн писма,какво ще рече това!Благодаря на всички предварително! sad.gif

Току що излезе и друг C:\DOCUME~1\geri\LOCALS~1\Temp\swhost.exe,но Аваст не може да го обработи,какво да правя?

Сканирай с Malwarebytes Anti-Malware 1.33 й SUPERAntiSpyware 4.25.1012 Final има ги тук свали си ги и не забравяй да ги ъпдейтнеш преди да сканираш.

Това ми се появи в скайпа иска да се инсталира като външна програма не мога да го махна от скайп и не знам какво е дайде инфо да го инсталирам ли и ако не как да го махна от скайпа все ми се появява .Благодаря предварително

Редактирано от mihnev_sz
2.3 Заглавието на темата трябва да е ясно и точно (преглед на промените)

това ми се появи в скайпа иска да се инсталира като външна програма не мога да го махна от скайп и не знам какво е дайде инфо да го инсталирам ли и ако не как да го махна от скайпа все ми се появява .Благодаря предварително

В никакъв случай не инсталирай pmropn.exe! Иначе няма (лесно) махане: справка@geekstogo.

P.S. Пусни лог на hijackthis в: този форум.

Редактирано от nologo (преглед на промените)

Защо не го качиш някъде, за да го тестваме

Гост
Тази тема е заключена за нови отговори.
Назад

Разглеждащи това в момента 0

  • Няма регистрирани потребители разглеждащи тази страница.

Дарение

  • Подкрепи съществуването на форума - направи дарение
    25%
    Дарени 252.69 EUR от нужните 1,000.00 EUR

Бюлетин

Получавайте известие, когато има важна промяна или новина свързана с форума.
Абонирайте се

Профил

Навигация

Търсене

Търсене

Конфигуриране на push известия в браузъра
Chrome (Android)
  1. Докоснете иконата на катинар до адресната лента.
  2. Докоснете Разрешения → Известия.
  3. Променете предпочитанията си.
Chrome (Desktop)
  1. Кликнете върху иконата на катинар в адресната лента.
  2. Изберете Настройки на сайта.
  3. Намерете Известия и коригирайте предпочитанията си.