Премини към съдържанието

    Препоръчан отговор


    Имам следния проблем след като стартирам луиндолса ми се зарежда един файл fac.exe който започва да ми отваря едни еxe-ta например setup14154363.еxe,setup141376375.еxe setup1415489679.еxe койтоМаlwarebytes` Antimalware миги засича като (Rootkit.TDSS) и така около 10тина exe-ta не смея да ги разреша за отваряне защото не зная какво може да стане и натискам "НЕ" на всичките след като ги затворя в таск менъджера имам стартирано pecep.exe (след като го премахна от start up ми се зарежда друг подобен файл и така всеки път когато го изключа от system configuration директно от таск менаджера немога като натисна върху файла ми дава "stop working") опитах да го махна този файл fac.exe но след всеки рестарт се появява на ново и зарежда всичко от начало пробвах да го премахна ръчно от c:\user\user\fac.exe но след рестарт пак се появява и с него много ехе-та в c:\user\user\local\temp\setup15341623.exe опитах с Маlwarebytes` Antimalware след като премахне всичките вируси който са този файл fac.exe и всичките setup15*****.ехе (Rootkit.TDSS) проверявам и показва че е чист харда но след рестарт този fac.exe пак се появява зарежда един флаш файл всеки път с различно име и в темп се появяват тези всички setup15***** и започват да се отварят един след един кажете как да се справя с проблема мисля че се заразих след свалянето на един архив който имаше парола и имаше вътре едно url койте пишеше да се отвориза да си вземеш парола аз не съобразих че може да се зараза защото мислех че ако отворя сайта без да свалям нищо от него немога да се заразя все пак не съм сигурен че от там прихванах вируса с Луиндолс 7 ултиматум 86 съм

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте!

    Аз ще се опитам да ви помогна с проблема ви. Моля, публикувайте директно във вашия пост лог файловете, а не да ги прикачвате. Сега:

    Следвайте следната инструкция за работа с DDS:

    • Изтеглете DDS: от bleepingcomputer.
    • След изтегляне на файла го запишете (бутон Save -> Save as) DDS на вашия десктоп, снимка:

      Публикувано изображение

    • След като изтеглите DDS на десктопа, иконката на програмата би трябвало да изглежда така: Публикувано изображение
    • Прекратете временно работата на всички скрипт блокиращи приложения, ако има такива или разрешете изпълнението на dds.scr. След това стартирайте DDS с двоен клик на иконката, като потвърдите с Run.
    • След приключване на работата на DDS копирайте с Copy текста от двата файлови лога, които ще се появят в Notepad: DDS.txt и Attach.txt и ги запазете (бутон Save -> Save as) на десктопа. После публикувайте лог файловете в следващия ви пост в тази тема.
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    :blink: ivayloandreev , как успя в думата Windows да видиш толкова букви Л , като то една за цяр няма :wors: !???!

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    DDS (Ver_10-12-12.02) - NTFSx86

    Run by user at 20:25:17,36 on Ї®­ 21.03.2011 Ј.

    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

    Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2047.810 [GMT 2:00]

    AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

    SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\system32\atiesrxx.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\atieclxx.exe

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\system32\Dwm.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

    C:\Windows\system32\crypserv.exe

    C:\Windows\system32\taskhost.exe

    C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

    C:\Program Files\Trust\GXT14 Mouse\GameMouseServiceApp.exe

    C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

    C:\Windows\system32\PnkBstrA.exe

    C:\Program Files\Tunngle\TnglCtrl.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

    C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

    C:\Program Files\Trust\GXT14 Mouse\POINTERGHOST.exe

    C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

    C:\Program Files\Trust\GXT14 Mouse\StartAutorun.exe

    C:\Windows\System32\alg.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Program Files\Trust\GXT14 Mouse\RapooV1Process.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files\Registry Mechanic\RMTray.exe

    C:\Program Files\DAEMON Tools Lite\DTLite.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\Program Files\BitComet\BitComet.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Users\user\duroc.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Mozilla Firefox\plugin-container.exe

    C:\Windows\system32\msiexec.exe

    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\servicing\TrustedInstaller.exe

    C:\Windows\system32\prevhost.exe

    D:\Install Files\dds.scr

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll

    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

    mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll

    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll

    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll

    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

    TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll

    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

    uRun: [ASRockIES]

    uRun: [zASRockInstantBoot]

    uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H

    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

    uRun: [bitComet] "c:\program files\bitcomet\BitComet.exe" /tray

    uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

    uRun: [duroc] c:\users\user\duroc.exe /g

    mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r

    mRun: [trustGTX14] "c:\program files\trust\gxt14 mouse\POINTERGHOST.exe" showhide

    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    mRun: [sSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe

    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

    mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

    mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"

    mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe

    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

    mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

    IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

    IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

    IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html

    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll/206

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

    TCP: {79830D73-0B02-4050-A347-4655A4D61D2A} = 78.90.248.7 78.90.248.1

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

    FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

    FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\FFExternalAlert.dll

    FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\RadioWMPCore.dll

    FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll

    FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

    FF - plugin: c:\program files\inhatchteam\inhatch\npinhatch.dll

    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

    FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

    FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

    FF - Ext: Amplify: {8f5ce3f8-1735-4680-b15e-108f2f50e8ba} - %profile%\extensions\{8f5ce3f8-1735-4680-b15e-108f2f50e8ba}

    FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

    FF - Ext: digitalchocolate Toolbar: {60c4696a-e4eb-4d2d-9060-38928dd0b6a2} - %profile%\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}

    FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}

    ============= SERVICES / DRIVERS ===============

    R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]

    R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-12-21 95384]

    R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-3-4 37944]

    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-27 7566848]

    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-27 238592]

    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]

    R3 KMWDFILTERV1;HIDUASServiceDesc;c:\windows\system32\drivers\RPGMOUSEV1.sys [2009-5-4 18432]

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-13 20952]

    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-10-12 277536]

    R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-2-4 27136]

    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-12 1127936]

    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

    =============== Created Last 30 ================

    2011-03-21 18:16:52 -------- d-----w- c:\program files\ESET

    2011-03-21 17:18:27 249856 --sh--r- c:\users\user\duroc.exe

    2011-03-21 17:10:21 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{3f31c296-e7b3-4801-929d-6dba08d8b44b}\mpengine.dll

    2011-03-21 06:21:50 135168 --sha-r- c:\users\user\appdata\roaming\C_201051.dll

    2011-03-20 15:32:44 -------- d-----w- c:\users\user\appdata\roaming\goalbit

    2011-03-20 15:31:50 -------- d-----w- c:\program files\InhatchTeam

    2011-03-20 12:19:09 -------- d-----w- c:\users\user\appdata\roaming\StokedBigAir

    2011-03-19 13:09:56 -------- d-----w- c:\users\user\appdata\local\ALI213

    2011-03-16 19:23:58 -------- d-----w- c:\users\user\appdata\local\3DMGAME

    2011-03-16 13:04:41 -------- d-----w- c:\users\user\appdata\roaming\PunkBuster

    2011-03-13 16:30:40 -------- d-----w- c:\users\user\appdata\local\wanted

    2011-03-13 16:30:40 -------- d-----w- c:\progra~2\wanted

    2011-03-12 00:18:40 -------- d-----w- c:\program files\StarCraft II

    2011-03-11 21:05:26 -------- d-----w- c:\program files\Uniblue

    2011-03-08 09:04:05 -------- d-----w- c:\users\user\appdata\local\SKIDROW

    2011-03-04 16:17:19 -------- d-----w- c:\users\user\appdata\local\AMD

    2011-03-04 16:17:00 -------- d-----w- c:\program files\ATI Stream

    2011-03-04 16:16:36 -------- d-----w- c:\progra~2\AMD

    2011-03-04 16:16:28 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys

    2011-03-03 19:30:26 -------- d-----w- c:\program files\Spider Video Downloader

    2011-03-02 23:16:37 -------- d-----w- c:\progra~2\EA Core

    2011-02-28 00:16:20 189248 ----a-w- c:\windows\system32\PnkBstrB.exe

    2011-02-27 01:11:40 -------- d-----w- c:\users\user\appdata\local\PunkBuster

    ==================== Find3M ====================

    2011-03-16 13:04:44 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

    2011-02-26 22:55:48 22328 ----a-w- c:\users\user\appdata\roaming\PnkBstrK.sys

    2011-02-17 18:00:53 406528 ----a-w- c:\windows\system32\ReWire.dll

    2011-02-17 18:00:53 338432 ----a-w- c:\windows\system32\REX Shared Library.dll

    2011-02-02 16:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

    2011-01-26 23:00:44 143360 ----a-w- c:\windows\system32\atiapfxx.exe

    2011-01-26 23:00:30 596480 ----a-w- c:\windows\system32\aticfx32.dll

    2011-01-26 22:59:46 17204736 ----a-w- c:\windows\system32\atioglxx.dll

    2011-01-26 22:56:30 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll

    2011-01-26 22:55:54 393216 ----a-w- c:\windows\system32\atieclxx.exe

    2011-01-26 22:55:24 176128 ----a-w- c:\windows\system32\atiesrxx.exe

    2011-01-26 22:54:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll

    2011-01-26 22:53:54 356352 ----a-w- c:\windows\system32\atipdlxx.dll

    2011-01-26 22:53:42 278528 ----a-w- c:\windows\system32\Oemdspif.dll

    2011-01-26 22:53:34 15872 ----a-w- c:\windows\system32\atimuixx.dll

    2011-01-26 22:53:26 43520 ----a-w- c:\windows\system32\ati2edxx.dll

    2011-01-26 22:49:44 4105728 ----a-w- c:\windows\system32\atidxx32.dll

    2011-01-26 22:32:12 1912832 ----a-w- c:\windows\system32\atiumdmv.dll

    2011-01-26 22:28:52 4170752 ----a-w- c:\windows\system32\atiumdag.dll

    2011-01-26 22:27:50 46080 ----a-w- c:\windows\system32\aticalrt.dll

    2011-01-26 22:27:40 44032 ----a-w- c:\windows\system32\aticalcl.dll

    2011-01-26 22:25:50 5580800 ----a-w- c:\windows\system32\aticaldd.dll

    2011-01-26 22:24:18 3463680 ----a-w- c:\windows\system32\atiumdva.dll

    2011-01-26 22:20:44 52736 ----a-w- c:\windows\system32\coinst.dll

    2011-01-26 22:14:06 249856 ----a-w- c:\windows\system32\atiadlxx.dll

    2011-01-26 22:13:52 12800 ----a-w- c:\windows\system32\atiglpxx.dll

    2011-01-26 22:13:42 32768 ----a-w- c:\windows\system32\atigktxx.dll

    2011-01-26 22:12:40 30720 ----a-w- c:\windows\system32\atiuxpag.dll

    2011-01-26 22:12:24 28672 ----a-w- c:\windows\system32\atiu9pag.dll

    2011-01-26 22:08:40 52736 ----a-w- c:\windows\system32\atimpc32.dll

    2011-01-26 22:08:40 52736 ----a-w- c:\windows\system32\amdpcom32.dll

    2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll

    2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll

    2011-01-05 13:56:12 11484 ----a-w- c:\windows\system32\ealregsnapshot1.reg

    2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll

    2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys

    ============= FINISH: 20:26:41,42 ===============

    :blink: ivayloandreev , как успя в думата Windows да видиш толкова букви Л , като то една за цяр няма :wors: !???!

    Приемам забележката но все пак ако имах нужда от правопис нямаше да търся помощ тук ако можеш да ми помогнеш относно проблема с компа ще съм ти благодарен!!! все пак знам че се пише Уиндолс споко от бързина не съм се съобразил за което признавам грешката си Редактирано от ivayloandreev (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    немога да го кача архивиран затова го качвам тесктов

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Аз ще се опитам да ви помогна с проблема ви. Моля, публикувайте директно във вашия пост лог файловете, а не да ги прикачвате. Сега:

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 12.10.2010 г. 21:09:50 System Uptime: 21.3.2011 г. 19:16:53 (1 hours ago) Motherboard: ASRock | | 890GX Extreme3 Processor: AMD Athlon II X4 640 Processor | CPUSocket | 3006/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 58 GiB total, 4,755 GiB free. D: is FIXED (NTFS) - 239 GiB total, 6,614 GiB free. E: is CDROM () F: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: Description: Universal Serial Bus (USB) Controller Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_01941849&REV_03\4&2E90359D&0&0048 Manufacturer: Name: Universal Serial Bus (USB) Controller PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_01941849&REV_03\4&2E90359D&0&0048 Service: ==== System Restore Points =================== RP555: 21.3.2011 г. 15:44:39 - Made by Registry Mechanic RP557: 21.3.2011 г. 15:46:41 - Made by Registry Mechanic RP558: 21.3.2011 г. 18:05:03 - virus RP559: 21.3.2011 г. 19:10:00 - Windows Update RP560: 21.3.2011 г. 20:16:27 - Installed ESET NOD32 Antivirus ==== Installed Programs ====================== µTorrent 3dsmax ancillary install 7-Zip 4.65 Adobe After Effects CS4 Adobe After Effects CS4 Presets Adobe After Effects CS4 Template Projects & Footage Adobe After Effects CS4 Third Party Content Adobe AIR Adobe Anchor Service CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color Video Profiles AE CS4 Adobe Community Help Adobe CS4 American English Speech Analysis Models Adobe Default Language CS4 Adobe Device Central CS4 Adobe Dynamiclink Support Adobe Encore CS4 Adobe Encore CS4 Codecs Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Media Encoder CS4 Adobe Media Encoder CS4 Additional Exporter Adobe Media Encoder CS4 Dolby Adobe Media Encoder CS4 Exporter Adobe Media Encoder CS4 Importer Adobe Media Player Adobe MotionPicture Color Files CS4 Adobe OnLocation CS4 Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS5 Adobe Premiere Pro CS4 Adobe Premiere Pro CS4 Functional Content Adobe Premiere Pro CS4 Third Party Content Adobe Reader 9.4.2 Adobe Setup Adobe Type Support CS4 Adobe Update Manager CS4 Adobe XMP Panels CS4 AMD Drag and Drop Transcoding AMD Fuel Apple Application Support Apple Software Update Application Profiles ArchiCAD 13 INT ASRock IES v2.0.83 ASRock InstantBoot v1.24 ASRock OC DNA v1.6 Assassin's Creed Brotherhood ATI AVIVO Codecs ATI Catalyst Install Manager ATI Catalyst Registration ATI Stream SDK v2 Developer Autodesk 3ds Max 9 32-bit Autodesk DWF Viewer 7 Backburner Battlefield: Bad Company™ 2 BattlEye Uninstall BitComet 1.25 BS.Player PRO Bulletstorm Call of Duty Modern Warfare 2 Call of Duty® 4 - Modern Warfare Call of Duty® 4 - Modern Warfare 1.1 Patch Call of Duty® 4 - Modern Warfare 1.2 Patch Call of Duty® 4 - Modern Warfare 1.3 Patch Call of Duty® 4 - Modern Warfare 1.4 Patch Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch Call of Duty® 4 - Modern Warfare 1.5 Patch Call of Duty® 4 - Modern Warfare 1.6 Patch Call of Duty® 4 - Modern Warfare 1.7 Patch Call of Duty: Black Ops Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy ccc-core-static ccc-utility CCC Help English CINEMA 4D 12.028 Colin McRae - DiRT 2 Conduit Engine DAEMON Tools Toolbar Dead Space™ Dead Space™ 2 Dual-Core Optimizer EA Download Manager EAX4 Unified Redist ESET NOD32 Antivirus EVEREST Ultimate Edition v5.50 FBX Plugin 2006.08 for Max 9.0 Firebird SQL Server - MAGIX Edition Futuremark SystemInfo Garena Garena 2010 Google Земя Google Chrome Google Update Helper Grand Theft Auto: Episodes From Liberty City Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) HydraVision Impulse Inhatch web plugins Java 6 Update 22 Mafia II DLC Joe's Adventures MAGIX Music Maker 16 Premium Download Version MAGIX Screenshare MAGIX Speed burnR Malwarebytes' Anti-Malware Medal of Honor Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft Visual Studio Tools for Applications 2.0 Runtime Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox (3.6.15) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Need for Speed Hot Pursuit Nero 8 Lite NVIDIA PhysX Octoshape add-in for Adobe Flash Player OpenAL Opera 10.63 oZone3D.Net FurMark v1.8.2 PDF Settings CS5 Photoshop Camera Raw Pixel Bender Toolkit Platform Pro Evolution Soccer 2011 PunkBuster Services QuickTime Realtek Ethernet Controller Driver For Windows 7 Reason 5.0 Registry Mechanic 9.0 SiSoftware Sandra Lite 2011 Skype™ 5.1 SpeedFan (remove only) StarCraft II StokedBigAir Suite Shared Configuration CS4 SVD 1.4.6 System Requirements Lab CYRI Test Drive Unlimited 2 Text-To-Speech-Runtime The KMPlayer (remove only) The Lord of the Rings FREE Trial Tom Clancy's Rainbow Six Vegas 2 Tom Clancy's Splinter Cell Conviction Tom Clancy's Splinter Cell Double Agent Total CMA Pack 0.43 (public) Trust GXT14 Mouse Tunngle beta Ubisoft Game Launcher VIA п»ї Virtual DJ Pro Full - Atomix Productions Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 Vuze Vuze Remote Toolbar Wanted: Weapons of Fate Winamp Winamp Detector Plug-in Winamp Toolbar Windows Media Player Firefox Plugin WinRAR archiver WMV9/VC-1 Video Playback Your Uninstaller! 2010 ==== Event Viewer Messages From Past Week ======== 21.3.2011 г. 20:16:56, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 21.3.2011 г. 19:17:28, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 21.3.2011 г. 19:12:22, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 21.3.2011 г. 19:12:22, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 21.3.2011 г. 19:06:26, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004 21.3.2011 г. 18:17:29, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 19.3.2011 г. 13:48:59, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 19.3.2011 г. 12:28:51, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 19.3.2011 г. 12:28:50, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 19.3.2011 г. 02:03:19, Error: volsnap [35] - The shadow copies of volume D: were aborted because the shadow copy storage failed to grow. 17.3.2011 г. 14:31:47, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 17.3.2011 г. 13:55:57, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 16.3.2011 г. 17:42:50, Error: volsnap [35] - The shadow copies of volume D: were aborted because the shadow copy storage failed to grow. 16.3.2011 г. 13:41:03, Error: volsnap [36] - The shadow copies of volume D: were aborted because the shadow copy storage could not grow due to a user imposed limit. 16.3.2011 г. 11:04:30, Error: volsnap [35] - The shadow copies of volume D: were aborted because the shadow copy storage failed to grow. 16.3.2011 г. 10:39:21, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 16.3.2011 г. 08:54:08, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 16.3.2011 г. 08:54:08, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 15.3.2011 г. 19:51:20, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 15.3.2011 г. 14:20:13, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 15.3.2011 г. 07:02:46, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 15.3.2011 г. 07:02:46, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 14.3.2011 г. 15:49:52, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 14.3.2011 г. 15:23:01, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 14.3.2011 г. 05:02:06, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 14.3.2011 г. 04:43:53, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 14.3.2011 г. 02:34:01, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. ==== End Of File ===========================

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ще ви помоля стриктно да следвате инструкциите ми, за да не си повтаряме едно и също да губим време за глупости. Държа на това, което ви говоря, за да бъде както лесно за вас, така и за мен и по-бързо да протича работния процес, както и резултата да бъде ясен и хубав.

    Стъпка 1

    Деинсталирайте следните приложения:

    Conduit Engine

    DAEMON Tools Toolbar

    Vuze Remote Toolbar

    Winamp Toolbar

    Conduit Engine - Това е Adware, който извежда дразнещи и нежелани реклами. Освен това, влияе негативно на интернет връзката и производителността на системата.

    DAEMON Tools Toolbar - Най-често се среща поради небрежно кликане на Next > бутона при инсталиране на Daemon Tools. Заема излишни ресурси и като цяло с нищо не е полезен, направо си е излишен. Същото се отнася и за Vuze Remote Toolbar и Winamp Toolbar.

    Стъпка 2

    Стартирайте Malwarebytes' Anti-Malware, обновете го и направете бързо сканиране. Накрая премахнете, ако открие нещо и публикувайте лог файла в следващия си пост, заедно с нов свеж лог файл от DDS (не е необходим Attach.txt).

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Премахнах това което ми каза онових Malwarebytes' Anti-Malware направих бързо сканиране и нищо не намери защото бях изтрил заразените файлове но знам че след рестарта ще се появят пак затова рестартирах и сканирах на ново и засече 54 заразени ето и лога: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6121 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 21.3.2011 г. 21:15:24 mbam-log-2011-03-21 (21-15-24).txt Scan type: Quick scan Objects scanned: 174560 Time elapsed: 3 minute(s), 45 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 53 Memory Processes Infected: c:\Users\user\bisah.exe (Heuristics.Shuriken) -> 4856 -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bisah (Heuristics.Shuriken) -> Value: bisah -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\user\bisah.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3235046096.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3275352680.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3528096896.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3695991040.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3726978324.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3819899392.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3859410504.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3946798336.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup4000950240.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup4042370720.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup4220793600.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2052089980.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2094178960.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2375215744.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2412275088.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2429032896.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2525392640.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2571259648.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2628881536.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2644267808.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup266232752.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2664161348.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2945732996.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup571199600.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup679087760.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup701879680.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup774402576.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup82215376.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3029988608.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3038090124.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3058500224.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3199501696.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1089714688.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1144243840.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1408121104.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1537509760.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1541433952.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1625282944.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1633805568.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1645106608.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1663233528.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1663963172.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1732408680.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1759762072.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup930078892.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\3E8.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\ED0.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\F5D4.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1067888560.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2994931728.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3204858240.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\fac.exe (Trojan.Downloader) -> Quarantined and deleted successfully. след изтриване на всички тези файлове след рестарт пак се появяват като този bisah.exе го нямаше но винаги се появява един файл с различно име който се зарежда в таск менъджера и немога да го затворя защото таск менъджера блокира след като натисна нещп по него ето и другия лог ддс: DDS (Ver_10-12-12.02) - NTFSx86 Run by user at 21:18:47,70 on Ї®­ 21.03.2011 Ј. Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22 Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2047.1098 [GMT 2:00] AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Windows\system32\crypserv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Program Files\Trust\GXT14 Mouse\GameMouseServiceApp.exe C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\Tunngle\TnglCtrl.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files\Trust\GXT14 Mouse\POINTERGHOST.exe C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files\Trust\GXT14 Mouse\StartAutorun.exe C:\Program Files\Trust\GXT14 Mouse\RapooV1Process.exe C:\Windows\System32\alg.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Registry Mechanic\RMTray.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe D:\Install Files\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [ASRockIES] uRun: [zASRockInstantBoot] uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [bitComet] "c:\program files\bitcomet\BitComet.exe" /tray uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r mRun: [trustGTX14] "c:\program files\trust\gxt14 mouse\POINTERGHOST.exe" showhide mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe" mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll/206 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: {79830D73-0B02-4050-A347-4655A4D61D2A} = 78.90.248.8 78.90.248.1 ================= FIREFOX =================== FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\FFExternalAlert.dll FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\RadioWMPCore.dll FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\inhatchteam\inhatch\npinhatch.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF - Ext: Amplify: {8f5ce3f8-1735-4680-b15e-108f2f50e8ba} - %profile%\extensions\{8f5ce3f8-1735-4680-b15e-108f2f50e8ba} FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} FF - Ext: digitalchocolate Toolbar: {60c4696a-e4eb-4d2d-9060-38928dd0b6a2} - %profile%\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2} FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} ============= SERVICES / DRIVERS =============== R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-27 176128] R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-1-26 284672] R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224] R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144] R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-12-21 95384] R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376] R2 KmGameMouseServiceV1;Game Mouse Communication And Update Service V1;c:\program files\trust\gxt14 mouse\GameMouseServiceApp.exe [2009-5-4 354816] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-13 363344] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-10-17 632792] R2 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2011-2-5 718072] R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-3-4 37944] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-27 7566848] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-27 238592] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392] R3 KMWDFILTERV1;HIDUASServiceDesc;c:\windows\system32\drivers\RPGMOUSEV1.sys [2009-5-4 18432] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-13 20952] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-1-13 38224] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-10-12 277536] R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-2-4 27136] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-12 1127936] S2 gupdate;Услуга Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-15 136176] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2011\RpcAgentSrv.exe [2010-12-5 93848] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] =============== Created Last 30 ================ 2011-03-21 19:08:26 328872 ----a-w- c:\users\user\pouvok.exe 2011-03-21 18:33:17 -------- d-----w- c:\users\user\appdata\local\ESET 2011-03-21 18:16:52 -------- d-----w- c:\program files\ESET 2011-03-21 17:10:21 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{3f31c296-e7b3-4801-929d-6dba08d8b44b}\mpengine.dll 2011-03-21 06:21:50 135168 --sha-r- c:\users\user\appdata\roaming\C_201051.dll 2011-03-20 15:32:44 -------- d-----w- c:\users\user\appdata\roaming\goalbit 2011-03-20 15:31:50 -------- d-----w- c:\program files\InhatchTeam 2011-03-20 12:19:09 -------- d-----w- c:\users\user\appdata\roaming\StokedBigAir 2011-03-19 13:09:56 -------- d-----w- c:\users\user\appdata\local\ALI213 2011-03-16 19:23:58 -------- d-----w- c:\users\user\appdata\local\3DMGAME 2011-03-16 13:04:41 -------- d-----w- c:\users\user\appdata\roaming\PunkBuster 2011-03-13 16:30:40 -------- d-----w- c:\users\user\appdata\local\wanted 2011-03-13 16:30:40 -------- d-----w- c:\progra~2\wanted 2011-03-12 00:18:40 -------- d-----w- c:\program files\StarCraft II 2011-03-11 21:05:26 -------- d-----w- c:\program files\Uniblue 2011-03-08 09:04:05 -------- d-----w- c:\users\user\appdata\local\SKIDROW 2011-03-04 16:17:19 -------- d-----w- c:\users\user\appdata\local\AMD 2011-03-04 16:17:00 -------- d-----w- c:\program files\ATI Stream 2011-03-04 16:16:36 -------- d-----w- c:\progra~2\AMD 2011-03-04 16:16:28 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys 2011-03-03 19:30:26 -------- d-----w- c:\program files\Spider Video Downloader 2011-03-02 23:16:37 -------- d-----w- c:\progra~2\EA Core 2011-02-28 00:16:20 189248 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-02-27 01:11:40 -------- d-----w- c:\users\user\appdata\local\PunkBuster ==================== Find3M ==================== 2011-03-16 13:04:44 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-02-26 22:55:48 22328 ----a-w- c:\users\user\appdata\roaming\PnkBstrK.sys 2011-02-17 18:00:53 406528 ----a-w- c:\windows\system32\ReWire.dll 2011-02-17 18:00:53 338432 ----a-w- c:\windows\system32\REX Shared Library.dll 2011-02-02 16:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-26 23:00:44 143360 ----a-w- c:\windows\system32\atiapfxx.exe 2011-01-26 23:00:30 596480 ----a-w- c:\windows\system32\aticfx32.dll 2011-01-26 22:59:46 17204736 ----a-w- c:\windows\system32\atioglxx.dll 2011-01-26 22:56:30 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-01-26 22:55:54 393216 ----a-w- c:\windows\system32\atieclxx.exe 2011-01-26 22:55:24 176128 ----a-w- c:\windows\system32\atiesrxx.exe 2011-01-26 22:54:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll 2011-01-26 22:53:54 356352 ----a-w- c:\windows\system32\atipdlxx.dll 2011-01-26 22:53:42 278528 ----a-w- c:\windows\system32\Oemdspif.dll 2011-01-26 22:53:34 15872 ----a-w- c:\windows\system32\atimuixx.dll 2011-01-26 22:53:26 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2011-01-26 22:49:44 4105728 ----a-w- c:\windows\system32\atidxx32.dll 2011-01-26 22:32:12 1912832 ----a-w- c:\windows\system32\atiumdmv.dll 2011-01-26 22:28:52 4170752 ----a-w- c:\windows\system32\atiumdag.dll 2011-01-26 22:27:50 46080 ----a-w- c:\windows\system32\aticalrt.dll 2011-01-26 22:27:40 44032 ----a-w- c:\windows\system32\aticalcl.dll 2011-01-26 22:25:50 5580800 ----a-w- c:\windows\system32\aticaldd.dll 2011-01-26 22:24:18 3463680 ----a-w- c:\windows\system32\atiumdva.dll 2011-01-26 22:20:44 52736 ----a-w- c:\windows\system32\coinst.dll 2011-01-26 22:14:06 249856 ----a-w- c:\windows\system32\atiadlxx.dll 2011-01-26 22:13:52 12800 ----a-w- c:\windows\system32\atiglpxx.dll 2011-01-26 22:13:42 32768 ----a-w- c:\windows\system32\atigktxx.dll 2011-01-26 22:12:40 30720 ----a-w- c:\windows\system32\atiuxpag.dll 2011-01-26 22:12:24 28672 ----a-w- c:\windows\system32\atiu9pag.dll 2011-01-26 22:08:40 52736 ----a-w- c:\windows\system32\atimpc32.dll 2011-01-26 22:08:40 52736 ----a-w- c:\windows\system32\amdpcom32.dll 2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll 2011-01-05 13:56:12 11484 ----a-w- c:\windows\system32\ealregsnapshot1.reg 2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys ============= FINISH: 21:19:23,31 ===============

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Благодаря ви!

    Изтеглете ComboFix от някой от следните линкове:

    Линк 1

    Линк 2

    * ВАЖНО !!! Запазете ComboFix.exe на вашия десктоп

    • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

    Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

    • Преименувайте ComboFix.exe на Tool.exe

    • Стартирайте Tool.exe и следвайте инструкциите.

    Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

    • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

    • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

    ** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

    Публикувано изображение

    След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

    Публикувано изображение

    Изберете Yes, за да продължи сканирането за зловреден софтуер.

    Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

    Бележка:

    • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
    • ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
    • ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
    • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
    • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

    Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

    Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Леле извинявам се грешката е била в мене съжалявам че ви изгубих времето проблема се реши просто съм глупав и не се съобразих че някой файлове несе премахват докато са стартирани и не рестартирвах в момента в който ми искаше програмата Malwarebytes' Anti-Malware защото си мислех че след рестарта пак ще се появи вируса без да се съобразя че за да премахне всичко програмата си изисква рестарт на момента а аз рестартирах по късно чак сега се сетих че това ми е било грешката след като се замислих как да изтрия тези файлове извън уиндолса например мс-дос или друга ОС и тогава се сетих че Malwarebytes' Anti-Malware рестартира и трие това което не е успяла да изтрие под уиндолс сега всичко е нормално.

    Извинявам се пак че ви изгубих времето и благодаря че се отзовахте на молбата ми.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Това е много груба грешка! Моля, публикувайте нов свеж лог файл от DDS, за да се уверим, че всичко е изчистено, защото някои изглежда, че не ги засича.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Приемам забележката напрвил съм наистина груба грешка ето и лога от ДДС а Malwarebytes' Anti-Malware не засича нищо между другото сега уиндолса работи нормално таск менаджера също

    DDS (Ver_10-12-12.02) - NTFSx86

    Run by user at 22:05:02,12 on Ї®­ 21.03.2011 Ј.

    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

    Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2047.1118 [GMT 2:00]

    AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

    SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\system32\atiesrxx.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\atieclxx.exe

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\system32\Dwm.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

    C:\Windows\system32\taskhost.exe

    C:\Windows\system32\crypserv.exe

    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

    C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

    C:\Program Files\Trust\GXT14 Mouse\GameMouseServiceApp.exe

    C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

    C:\Windows\system32\PnkBstrA.exe

    C:\Program Files\Tunngle\TnglCtrl.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

    C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

    C:\Program Files\Trust\GXT14 Mouse\POINTERGHOST.exe

    C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

    C:\Program Files\Trust\GXT14 Mouse\StartAutorun.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Program Files\Trust\GXT14 Mouse\RapooV1Process.exe

    C:\Windows\System32\alg.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\Program Files\Registry Mechanic\RMTray.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Program Files\DAEMON Tools Lite\DTLite.exe

    C:\Program Files\BitComet\BitComet.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

    C:\Program Files\Mozilla Firefox\plugin-container.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    C:\Windows\system32\prevhost.exe

    C:\Windows\system32\NOTEPAD.EXE

    C:\Windows\system32\NOTEPAD.EXE

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    D:\Install Files\dds.scr

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uURLSearchHooks: H - No File

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

    TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File

    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

    uRun: [ASRockIES]

    uRun: [zASRockInstantBoot]

    uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H

    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

    uRun: [bitComet] "c:\program files\bitcomet\BitComet.exe" /tray

    uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

    mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r

    mRun: [trustGTX14] "c:\program files\trust\gxt14 mouse\POINTERGHOST.exe" showhide

    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    mRun: [sSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe

    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

    mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

    mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"

    mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe

    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

    mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

    IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

    IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll/206

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

    TCP: {79830D73-0B02-4050-A347-4655A4D61D2A} = 78.90.248.7 78.90.248.1

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

    FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

    FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\FFExternalAlert.dll

    FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\RadioWMPCore.dll

    FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll

    FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

    FF - plugin: c:\program files\inhatchteam\inhatch\npinhatch.dll

    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

    FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

    FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

    FF - Ext: Amplify: {8f5ce3f8-1735-4680-b15e-108f2f50e8ba} - %profile%\extensions\{8f5ce3f8-1735-4680-b15e-108f2f50e8ba}

    FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

    FF - Ext: digitalchocolate Toolbar: {60c4696a-e4eb-4d2d-9060-38928dd0b6a2} - %profile%\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}

    FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}

    ============= SERVICES / DRIVERS ===============

    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-27 176128]

    R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-1-26 284672]

    R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]

    R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]

    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]

    R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-12-21 95384]

    R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]

    R2 KmGameMouseServiceV1;Game Mouse Communication And Update Service V1;c:\program files\trust\gxt14 mouse\GameMouseServiceApp.exe [2009-5-4 354816]

    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-13 363344]

    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-10-17 632792]

    R2 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2011-2-5 718072]

    R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-3-4 37944]

    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-27 7566848]

    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-27 238592]

    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]

    R3 KMWDFILTERV1;HIDUASServiceDesc;c:\windows\system32\drivers\RPGMOUSEV1.sys [2009-5-4 18432]

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-13 20952]

    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-10-12 277536]

    R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-2-4 27136]

    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-12 1127936]

    S2 gupdate;Услуга Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-15 136176]

    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]

    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2011\RpcAgentSrv.exe [2010-12-5 93848]

    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

    =============== Created Last 30 ================

    2011-03-21 19:08:26 328872 ----a-w- c:\users\user\pouvok.exe

    2011-03-21 18:33:17 -------- d-----w- c:\users\user\appdata\local\ESET

    2011-03-21 18:16:52 -------- d-----w- c:\program files\ESET

    2011-03-21 17:10:21 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{3f31c296-e7b3-4801-929d-6dba08d8b44b}\mpengine.dll

    2011-03-21 06:21:50 135168 --sha-r- c:\users\user\appdata\roaming\C_201051.dll

    2011-03-20 15:32:44 -------- d-----w- c:\users\user\appdata\roaming\goalbit

    2011-03-20 15:31:50 -------- d-----w- c:\program files\InhatchTeam

    2011-03-20 12:19:09 -------- d-----w- c:\users\user\appdata\roaming\StokedBigAir

    2011-03-19 13:09:56 -------- d-----w- c:\users\user\appdata\local\ALI213

    2011-03-16 19:23:58 -------- d-----w- c:\users\user\appdata\local\3DMGAME

    2011-03-16 13:04:41 -------- d-----w- c:\users\user\appdata\roaming\PunkBuster

    2011-03-13 16:30:40 -------- d-----w- c:\users\user\appdata\local\wanted

    2011-03-13 16:30:40 -------- d-----w- c:\progra~2\wanted

    2011-03-12 00:18:40 -------- d-----w- c:\program files\StarCraft II

    2011-03-11 21:05:26 -------- d-----w- c:\program files\Uniblue

    2011-03-08 09:04:05 -------- d-----w- c:\users\user\appdata\local\SKIDROW

    2011-03-04 16:17:19 -------- d-----w- c:\users\user\appdata\local\AMD

    2011-03-04 16:17:00 -------- d-----w- c:\program files\ATI Stream

    2011-03-04 16:16:36 -------- d-----w- c:\progra~2\AMD

    2011-03-04 16:16:28 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys

    2011-03-03 19:30:26 -------- d-----w- c:\program files\Spider Video Downloader

    2011-03-02 23:16:37 -------- d-----w- c:\progra~2\EA Core

    2011-02-28 00:16:20 189248 ----a-w- c:\windows\system32\PnkBstrB.exe

    2011-02-27 01:11:40 -------- d-----w- c:\users\user\appdata\local\PunkBuster

    ==================== Find3M ====================

    2011-03-16 13:04:44 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

    2011-02-26 22:55:48 22328 ----a-w- c:\users\user\appdata\roaming\PnkBstrK.sys

    2011-02-17 18:00:53 406528 ----a-w- c:\windows\system32\ReWire.dll

    2011-02-17 18:00:53 338432 ----a-w- c:\windows\system32\REX Shared Library.dll

    2011-02-02 16:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

    2011-01-26 23:00:44 143360 ----a-w- c:\windows\system32\atiapfxx.exe

    2011-01-26 23:00:30 596480 ----a-w- c:\windows\system32\aticfx32.dll

    2011-01-26 22:59:46 17204736 ----a-w- c:\windows\system32\atioglxx.dll

    2011-01-26 22:56:30 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll

    2011-01-26 22:55:54 393216 ----a-w- c:\windows\system32\atieclxx.exe

    2011-01-26 22:55:24 176128 ----a-w- c:\windows\system32\atiesrxx.exe

    2011-01-26 22:54:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll

    2011-01-26 22:53:54 356352 ----a-w- c:\windows\system32\atipdlxx.dll

    2011-01-26 22:53:42 278528 ----a-w- c:\windows\system32\Oemdspif.dll

    2011-01-26 22:53:34 15872 ----a-w- c:\windows\system32\atimuixx.dll

    2011-01-26 22:53:26 43520 ----a-w- c:\windows\system32\ati2edxx.dll

    2011-01-26 22:49:44 4105728 ----a-w- c:\windows\system32\atidxx32.dll

    2011-01-26 22:32:12 1912832 ----a-w- c:\windows\system32\atiumdmv.dll

    2011-01-26 22:28:52 4170752 ----a-w- c:\windows\system32\atiumdag.dll

    2011-01-26 22:27:50 46080 ----a-w- c:\windows\system32\aticalrt.dll

    2011-01-26 22:27:40 44032 ----a-w- c:\windows\system32\aticalcl.dll

    2011-01-26 22:25:50 5580800 ----a-w- c:\windows\system32\aticaldd.dll

    2011-01-26 22:24:18 3463680 ----a-w- c:\windows\system32\atiumdva.dll

    2011-01-26 22:20:44 52736 ----a-w- c:\windows\system32\coinst.dll

    2011-01-26 22:14:06 249856 ----a-w- c:\windows\system32\atiadlxx.dll

    2011-01-26 22:13:52 12800 ----a-w- c:\windows\system32\atiglpxx.dll

    2011-01-26 22:13:42 32768 ----a-w- c:\windows\system32\atigktxx.dll

    2011-01-26 22:12:40 30720 ----a-w- c:\windows\system32\atiuxpag.dll

    2011-01-26 22:12:24 28672 ----a-w- c:\windows\system32\atiu9pag.dll

    2011-01-26 22:08:40 52736 ----a-w- c:\windows\system32\atimpc32.dll

    2011-01-26 22:08:40 52736 ----a-w- c:\windows\system32\amdpcom32.dll

    2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll

    2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll

    2011-01-05 13:56:12 11484 ----a-w- c:\windows\system32\ealregsnapshot1.reg

    2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll

    2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys

    ============= FINISH: 22:05:34,56 =========

    ето и атач файла

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Ultimate

    Boot Device: \Device\HarddiskVolume1

    Install Date: 12.10.2010 г. 21:09:50

    System Uptime: 21.3.2011 г. 21:31:17 (1 hours ago)

    Motherboard: ASRock | | 890GX Extreme3

    Processor: AMD Athlon II X4 640 Processor | CPUSocket | 3006/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 58 GiB total, 3,983 GiB free.

    D: is FIXED (NTFS) - 239 GiB total, 6,381 GiB free.

    E: is CDROM ()

    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID:

    Description: Universal Serial Bus (USB) Controller

    Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_01941849&REV_03\4&2E90359D&0&0048

    Manufacturer:

    Name: Universal Serial Bus (USB) Controller

    PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_01941849&REV_03\4&2E90359D&0&0048

    Service:

    ==== System Restore Points ===================

    RP555: 21.3.2011 г. 15:44:39 - Made by Registry Mechanic

    RP557: 21.3.2011 г. 15:46:41 - Made by Registry Mechanic

    RP558: 21.3.2011 г. 18:05:03 - virus

    RP559: 21.3.2011 г. 19:10:00 - Windows Update

    RP560: 21.3.2011 г. 20:16:27 - Installed ESET NOD32 Antivirus

    RP562: 21.3.2011 г. 20:58:21 - Before uninstalling Conduit Engine

    RP564: 21.3.2011 г. 21:00:44 - Before uninstalling DAEMON Tools Toolbar

    RP566: 21.3.2011 г. 21:02:35 - Before uninstalling Vuze Remote Toolbar

    RP568: 21.3.2011 г. 21:03:37 - Before uninstalling Winamp Toolbar

    ==== Installed Programs ======================

    µTorrent

    3dsmax ancillary install

    7-Zip 4.65

    Adobe After Effects CS4

    Adobe After Effects CS4 Presets

    Adobe After Effects CS4 Template Projects & Footage

    Adobe After Effects CS4 Third Party Content

    Adobe AIR

    Adobe Anchor Service CS4

    Adobe Bridge CS4

    Adobe CMaps CS4

    Adobe Color Video Profiles AE CS4

    Adobe Community Help

    Adobe CS4 American English Speech Analysis Models

    Adobe Default Language CS4

    Adobe Device Central CS4

    Adobe Dynamiclink Support

    Adobe Encore CS4

    Adobe Encore CS4 Codecs

    Adobe ExtendScript Toolkit CS4

    Adobe Extension Manager CS4

    Adobe Flash Player 10 ActiveX

    Adobe Flash Player 10 Plugin

    Adobe Fonts All

    Adobe Media Encoder CS4

    Adobe Media Encoder CS4 Additional Exporter

    Adobe Media Encoder CS4 Dolby

    Adobe Media Encoder CS4 Exporter

    Adobe Media Encoder CS4 Importer

    Adobe Media Player

    Adobe MotionPicture Color Files CS4

    Adobe OnLocation CS4

    Adobe Output Module

    Adobe PDF Library Files CS4

    Adobe Photoshop CS5

    Adobe Premiere Pro CS4

    Adobe Premiere Pro CS4 Functional Content

    Adobe Premiere Pro CS4 Third Party Content

    Adobe Reader 9.4.2

    Adobe Setup

    Adobe Type Support CS4

    Adobe Update Manager CS4

    Adobe XMP Panels CS4

    AMD Drag and Drop Transcoding

    AMD Fuel

    Apple Application Support

    Apple Software Update

    Application Profiles

    ArchiCAD 13 INT

    ASRock IES v2.0.83

    ASRock InstantBoot v1.24

    ASRock OC DNA v1.6

    Assassin's Creed Brotherhood

    ATI AVIVO Codecs

    ATI Catalyst Install Manager

    ATI Catalyst Registration

    ATI Stream SDK v2 Developer

    Autodesk 3ds Max 9 32-bit

    Autodesk DWF Viewer 7

    Backburner

    Battlefield: Bad Company™ 2

    BattlEye Uninstall

    BitComet 1.25

    BS.Player PRO

    Bulletstorm

    Call of Duty Modern Warfare 2

    Call of Duty® 4 - Modern Warfare

    Call of Duty® 4 - Modern Warfare 1.1 Patch

    Call of Duty® 4 - Modern Warfare 1.2 Patch

    Call of Duty® 4 - Modern Warfare 1.3 Patch

    Call of Duty® 4 - Modern Warfare 1.4 Patch

    Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch

    Call of Duty® 4 - Modern Warfare 1.5 Patch

    Call of Duty® 4 - Modern Warfare 1.6 Patch

    Call of Duty® 4 - Modern Warfare 1.7 Patch

    Call of Duty: Black Ops

    Catalyst Control Center - Branding

    Catalyst Control Center Graphics Previews Common

    Catalyst Control Center InstallProxy

    ccc-core-static

    ccc-utility

    CCC Help English

    CINEMA 4D 12.028

    Colin McRae - DiRT 2

    Dead Space™

    Dead Space™ 2

    Dual-Core Optimizer

    EA Download Manager

    EAX4 Unified Redist

    ESET NOD32 Antivirus

    EVEREST Ultimate Edition v5.50

    FBX Plugin 2006.08 for Max 9.0

    Firebird SQL Server - MAGIX Edition

    Futuremark SystemInfo

    Garena

    Garena 2010

    Google Земя

    Google Chrome

    Google Update Helper

    Grand Theft Auto: Episodes From Liberty City

    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)

    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)

    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)

    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)

    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)

    HydraVision

    Impulse

    Inhatch web plugins

    Java 6 Update 22

    Mafia II DLC Joe's Adventures

    MAGIX Music Maker 16 Premium Download Version

    MAGIX Screenshare

    MAGIX Speed burnR

    Malwarebytes' Anti-Malware

    Medal of Honor

    Microsoft Games for Windows - LIVE

    Microsoft Games for Windows - LIVE Redistributable

    Microsoft Office Access MUI (English) 2007

    Microsoft Office Access Setup Metadata MUI (English) 2007

    Microsoft Office Enterprise 2007

    Microsoft Office Excel MUI (English) 2007

    Microsoft Office Groove MUI (English) 2007

    Microsoft Office Groove Setup Metadata MUI (English) 2007

    Microsoft Office InfoPath MUI (English) 2007

    Microsoft Office OneNote MUI (English) 2007

    Microsoft Office Outlook MUI (English) 2007

    Microsoft Office PowerPoint MUI (English) 2007

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (French) 2007

    Microsoft Office Proof (Spanish) 2007

    Microsoft Office Proofing (English) 2007

    Microsoft Office Publisher MUI (English) 2007

    Microsoft Office Shared MUI (English) 2007

    Microsoft Office Shared Setup Metadata MUI (English) 2007

    Microsoft Office Word MUI (English) 2007

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729

    Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729

    Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729

    Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

    Microsoft Visual Studio Tools for Applications 2.0 - ENU

    Microsoft Visual Studio Tools for Applications 2.0 Runtime

    Microsoft_VC80_ATL_x86

    Microsoft_VC80_CRT_x86

    Microsoft_VC80_MFC_x86

    Microsoft_VC80_MFCLOC_x86

    Microsoft_VC90_ATL_x86

    Microsoft_VC90_CRT_x86

    Microsoft_VC90_MFC_x86

    Mozilla Firefox (3.6.15)

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    Need for Speed Hot Pursuit

    Nero 8 Lite

    NVIDIA PhysX

    Octoshape add-in for Adobe Flash Player

    OpenAL

    Opera 10.63

    oZone3D.Net FurMark v1.8.2

    PDF Settings CS5

    Photoshop Camera Raw

    Pixel Bender Toolkit

    Platform

    Pro Evolution Soccer 2011

    PunkBuster Services

    QuickTime

    Realtek Ethernet Controller Driver For Windows 7

    Reason 5.0

    Registry Mechanic 9.0

    SiSoftware Sandra Lite 2011

    Skype™ 5.1

    SpeedFan (remove only)

    StarCraft II

    StokedBigAir

    Suite Shared Configuration CS4

    SVD 1.4.6

    System Requirements Lab CYRI

    Test Drive Unlimited 2

    Text-To-Speech-Runtime

    The KMPlayer (remove only)

    The Lord of the Rings FREE Trial

    Tom Clancy's Rainbow Six Vegas 2

    Tom Clancy's Splinter Cell Conviction

    Tom Clancy's Splinter Cell Double Agent

    Total CMA Pack 0.43 (public)

    Trust GXT14 Mouse

    Tunngle beta

    Ubisoft Game Launcher

    VIA п»ї

    Virtual DJ Pro Full - Atomix Productions

    Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177

    Vuze

    Wanted: Weapons of Fate

    Winamp

    Winamp Detector Plug-in

    Windows Media Player Firefox Plugin

    WinRAR archiver

    WMV9/VC-1 Video Playback

    Your Uninstaller! 2010

    ==== Event Viewer Messages From Past Week ========

    21.3.2011 г. 21:32:10, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    21.3.2011 г. 21:21:48, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    21.3.2011 г. 21:07:34, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    21.3.2011 г. 20:16:56, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    21.3.2011 г. 19:17:28, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    21.3.2011 г. 19:12:22, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    21.3.2011 г. 19:12:22, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    21.3.2011 г. 19:06:26, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004

    21.3.2011 г. 18:17:29, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    19.3.2011 г. 13:48:59, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

    19.3.2011 г. 12:28:51, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    19.3.2011 г. 12:28:50, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    19.3.2011 г. 02:03:19, Error: volsnap [35] - The shadow copies of volume D: were aborted because the shadow copy storage failed to grow.

    17.3.2011 г. 14:31:47, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    17.3.2011 г. 13:55:57, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    16.3.2011 г. 17:42:50, Error: volsnap [35] - The shadow copies of volume D: were aborted because the shadow copy storage failed to grow.

    16.3.2011 г. 13:41:03, Error: volsnap [36] - The shadow copies of volume D: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    16.3.2011 г. 11:04:30, Error: volsnap [35] - The shadow copies of volume D: were aborted because the shadow copy storage failed to grow.

    16.3.2011 г. 10:39:21, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    16.3.2011 г. 08:54:08, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    16.3.2011 г. 08:54:08, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    15.3.2011 г. 19:51:20, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    15.3.2011 г. 14:20:13, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    15.3.2011 г. 07:02:46, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    15.3.2011 г. 07:02:46, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    14.3.2011 г. 15:49:52, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    14.3.2011 г. 15:23:01, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    14.3.2011 г. 05:02:06, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    14.3.2011 г. 04:43:53, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    14.3.2011 г. 02:34:01, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    14.3.2011 г. 00:16:55, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    ==== End Of File ===========================

    Извинявам се пак ако съм ви изгубил времето с моя проблем и благодаря че се отзовахте

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ами не, всъщност не сте ми го изгубили, за щастие. Проблемът все още е наличен, това че няма признаци нищо не означава. Бързи два примера:

    2011-03-21 19:08:26 328872 ----a-w- c:\users\user\pouvok.exe

    2011-03-21 06:21:50 135168 --sha-r- c:\users\user\appdata\roaming\C_201051.dll

    Моля, следвайте инструкциите ми за ComboFix.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    това се канех да попитам в system configuration / start up имам също някой подобни файлове приличат на тези който ми правеше това fac.exe подобни също на този pouvok.exe но аз ги изключвах от start up и сега са там но не са отметнати несе зареждат но са там някакви идеи ? този pouvok.exe до преди неми даваше да го трия но сега успях да го премахна а за този C_201051.dll какво да направя да го махна лиа също ако може да ме посъветвате за тези в system configuration / start up който бяха от вируса ? А извинете пак избързах не видях съвета по доло за ComboFix ще направя казаното от вас и ще пиша допълнително

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Правете само това, което ви казвам и нищо, което ви идва на ум, не случайно ви давам инструкции, а не сам да се досещате.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Само да попитам нормално ли е след завършването на ComboFix дане мога да отворя никое ехе защото ми изписва че е маркирано за изтриване от регистъра и трябваше да рестартирам зжа да се оправи между другото преименувах го стартирах го и започна да действа без да свалям нищо допълнително и свърши за около 8мин нормално ли е дали съм направил всичко както трябва или съм збъркал ето го лога и преценете вие ComboFix 11-03-21.01 - user 03.2011 г. 22:33:05.1.4 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2047.1279 [GMT 2:00] Running from: c:\users\user\Desktop\Tool.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\user\AppData\Roaming\C_201051.dll c:\windows\XSxS . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_RKHIT -------\Service_RkHit . . ((((((((((((((((((((((((( Files Created from 2011-02-21 to 2011-03-21 ))))))))))))))))))))))))))))))) . . 2011-03-21 20:37 . 2011-03-21 20:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-03-21 20:37 . 2011-03-21 20:37 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-03-21 18:33 . 2011-03-21 18:33 -------- d-----w- c:\users\user\AppData\Local\ESET 2011-03-21 18:16 . 2011-03-21 18:16 -------- d-----w- c:\program files\ESET 2011-03-21 17:10 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F31C296-E7B3-4801-929D-6DBA08D8B44B}\mpengine.dll 2011-03-20 15:32 . 2011-03-20 16:10 -------- d-----w- c:\users\user\AppData\Roaming\goalbit 2011-03-20 15:31 . 2011-03-20 15:31 -------- d-----w- c:\program files\InhatchTeam 2011-03-20 12:19 . 2011-03-20 12:19 -------- d-----w- c:\users\user\AppData\Roaming\StokedBigAir 2011-03-19 13:09 . 2011-03-19 13:09 -------- d-----w- c:\users\user\AppData\Local\ALI213 2011-03-16 19:23 . 2011-03-16 19:23 -------- d-----w- c:\users\user\AppData\Local\3DMGAME 2011-03-16 13:04 . 2011-03-16 13:04 -------- d-----w- c:\users\user\AppData\Roaming\PunkBuster 2011-03-13 16:30 . 2011-03-13 16:30 -------- d-----w- c:\users\user\AppData\Local\wanted 2011-03-13 16:30 . 2011-03-13 16:30 -------- d-----w- c:\programdata\wanted 2011-03-12 00:18 . 2011-03-12 00:18 -------- d-----w- c:\program files\StarCraft II 2011-03-11 21:05 . 2011-03-11 21:05 -------- d-----w- c:\program files\Uniblue 2011-03-08 09:04 . 2011-03-08 09:04 -------- d-----w- c:\users\user\AppData\Local\SKIDROW 2011-03-04 16:17 . 2011-03-04 16:17 -------- d-----w- c:\users\user\AppData\Local\AMD 2011-03-04 16:17 . 2011-03-04 16:17 -------- d-----w- c:\programdata\ATI 2011-03-04 16:17 . 2011-03-04 16:17 -------- d-----w- c:\program files\ATI Stream 2011-03-04 16:16 . 2011-03-04 16:16 -------- d-----w- c:\programdata\AMD 2011-03-04 16:16 . 2010-02-18 07:18 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys 2011-03-03 19:30 . 2011-03-03 19:30 -------- d-----w- c:\program files\Spider Video Downloader 2011-03-02 23:16 . 2011-03-02 23:16 -------- d-----w- c:\programdata\EA Core 2011-02-28 00:16 . 2011-03-16 13:04 189248 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-02-27 01:11 . 2011-02-27 01:11 -------- d-----w- c:\users\user\AppData\Local\PunkBuster . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-16 13:04 . 2010-10-25 17:45 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-02-28 00:16 . 2010-10-25 17:46 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-02-26 22:55 . 2010-10-25 17:46 22328 ----a-w- c:\users\user\AppData\Roaming\PnkBstrK.sys 2011-02-17 18:00 . 2011-02-17 18:00 406528 ----a-w- c:\windows\system32\ReWire.dll 2011-02-17 18:00 . 2011-02-17 18:00 338432 ----a-w- c:\windows\system32\REX Shared Library.dll 2011-02-02 16:11 . 2009-10-14 09:58 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-26 23:36 . 2011-01-26 23:36 7566848 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2011-01-26 23:00 . 2011-01-26 23:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe 2011-01-26 23:00 . 2010-10-12 20:29 596480 ----a-w- c:\windows\system32\aticfx32.dll 2011-01-26 22:59 . 2011-01-26 22:59 17204736 ----a-w- c:\windows\system32\atioglxx.dll 2011-01-26 22:56 . 2011-01-26 22:56 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-01-26 22:55 . 2011-01-26 22:55 393216 ----a-w- c:\windows\system32\atieclxx.exe 2011-01-26 22:55 . 2011-01-26 22:55 176128 ----a-w- c:\windows\system32\atiesrxx.exe 2011-01-26 22:54 . 2011-01-26 22:54 159744 ----a-w- c:\windows\system32\atitmmxx.dll 2011-01-26 22:53 . 2011-01-26 22:53 356352 ----a-w- c:\windows\system32\atipdlxx.dll 2011-01-26 22:53 . 2011-01-26 22:53 278528 ----a-w- c:\windows\system32\Oemdspif.dll 2011-01-26 22:53 . 2011-01-26 22:53 15872 ----a-w- c:\windows\system32\atimuixx.dll 2011-01-26 22:53 . 2011-01-26 22:53 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2011-01-26 22:49 . 2010-10-12 20:29 4105728 ----a-w- c:\windows\system32\atidxx32.dll 2011-01-26 22:32 . 2011-01-26 22:32 1912832 ----a-w- c:\windows\system32\atiumdmv.dll 2011-01-26 22:28 . 2010-05-05 01:41 4170752 ----a-w- c:\windows\system32\atiumdag.dll 2011-01-26 22:27 . 2011-01-26 22:27 46080 ----a-w- c:\windows\system32\aticalrt.dll 2011-01-26 22:27 . 2011-01-26 22:27 44032 ----a-w- c:\windows\system32\aticalcl.dll 2011-01-26 22:25 . 2011-01-26 22:25 5580800 ----a-w- c:\windows\system32\aticaldd.dll 2011-01-26 22:24 . 2010-05-05 01:19 3463680 ----a-w- c:\windows\system32\atiumdva.dll 2011-01-26 22:20 . 2010-10-12 20:29 52736 ----a-w- c:\windows\system32\coinst.dll 2011-01-26 22:14 . 2011-01-26 22:14 249856 ----a-w- c:\windows\system32\atiadlxx.dll 2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\system32\atiglpxx.dll 2011-01-26 22:13 . 2011-01-26 22:13 32768 ----a-w- c:\windows\system32\atigktxx.dll 2011-01-26 22:13 . 2011-01-26 22:13 238592 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2011-01-26 22:12 . 2010-10-12 20:29 30720 ----a-w- c:\windows\system32\atiuxpag.dll 2011-01-26 22:12 . 2010-05-05 01:22 28672 ----a-w- c:\windows\system32\atiu9pag.dll 2011-01-26 22:11 . 2011-01-26 22:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\system32\atimpc32.dll 2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\system32\amdpcom32.dll 2011-01-07 07:27 . 2011-02-14 18:37 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 05:33 . 2011-02-14 18:37 294400 ----a-w- c:\windows\system32\atmfd.dll 2011-01-05 13:56 . 2010-12-14 23:56 11484 ----a-w- c:\windows\system32\ealregsnapshot1.reg 2011-01-05 05:37 . 2011-02-14 18:38 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 03:37 . 2011-02-14 18:38 2329088 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2010-04-08 292824] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "BitComet"="c:\program files\BitComet\BitComet.exe" [2010-12-08 10811696] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-17 1780736] "trustGTX14"="c:\program files\Trust\GXT14 Mouse\POINTERGHOST.exe" [2009-06-05 4833792] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-04-08 104408] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 gupdate;Услуга Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-15 136176] R3 ALSysIO;ALSysIO;c:\users\user\AppData\Local\Temp\ALSysIO.sys [x] R3 AsrOcDrv;AsrOcDrv;c:\windows\system32\Drivers\AsrOcDrv.sys [x] R3 cpuz130;cpuz130;c:\users\user\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x] R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [2009-08-17 93848] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-06 691696] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 284672] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376] S2 KmGameMouseServiceV1;Game Mouse Communication And Update Service V1;c:\program files\Trust\GXT14 Mouse\GameMouseServiceApp.exe [2009-05-18 354816] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-08 632792] S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-11-22 718072] S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392] S3 KMWDFILTERV1;HIDUASServiceDesc;c:\windows\system32\DRIVERS\RPGMOUSEV1.sys [2009-06-10 18432] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1127936] . . Contents of the 'Scheduled Tasks' folder . 2011-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-15 15:59] . 2011-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-15 15:59] . . ------- Supplementary Scan ------- . IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {79830D73-0B02-4050-A347-4655A4D61D2A} = 78.90.248.8 78.90.248.1 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF - Ext: Amplify: {8f5ce3f8-1735-4680-b15e-108f2f50e8ba} - %profile%\extensions\{8f5ce3f8-1735-4680-b15e-108f2f50e8ba} FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} FF - Ext: digitalchocolate Toolbar: {60c4696a-e4eb-4d2d-9060-38928dd0b6a2} - %profile%\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2} FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) HKCU-Run-ASRockIES - (no file) HKCU-Run-zASRockInstantBoot - (no file) MSConfigStartUp-duroc - c:\users\user\duroc.exe MSConfigStartUp-ftkood - c:\users\user\ftkood.exe MSConfigStartUp-pecep - c:\users\user\pecep.exe MSConfigStartUp-ruiewan - c:\users\user\ruiewan.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3665731932-2979998410-65975730-1000\Software\SecuROM\License information*] "datasecu"=hex:b0,da,5d,73,e0,a3,b5,22,fa,74,63,61,58,b3,d5,f2,57,2a,24,f8,e3, 79,b1,b7,ef,c1,3f,d4,7c,84,dd,c6,ab,63,1e,9c,54,02,42,1a,ef,bb,f9,46,d2,79,\ "rkeysecu"=hex:a3,6f,90,51,92,75,48,06,18,32,66,f0,cf,e6,f7,74 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\windows\system32\crypserv.exe c:\windows\system32\taskhost.exe c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\sppsvc.exe c:\windows\system32\conhost.exe . ************************************************************************** . Completion time: 2011-03-21 22:42:04 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-21 20:42 . Pre-Run: 4 411 056 128 bytes free Post-Run: 4 192 075 776 bytes free . - - End Of File - - C8954AF07E2D30E34DADE457897EE252 тези който бяха от вируса в старт ъпа са премахнати сега SConfigStartUp-duroc - c:\users\user\duroc.exe MSConfigStartUp-ftkood - c:\users\user\ftkood.exe MSConfigStartUp-pecep - c:\users\user\pecep.exe MSConfigStartUp-ruiewan - c:\users\user\ruiewan.exe

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Не, по принцип това не би трябвало да се случва. Изчакахте ли до пълното завършване на работата на ComboFix? Движихте ли мишката или вършихте ли нещо по време на работата на ComboFix?

    Има още няколко остатъци за които е необходимо да се погрижим, затова моля:

    Отворете Notepad и чрез комбинацията copy/paste поставете следния текст:

    Folder::
    c:\program files\Uniblue 
    
    FireFox::
    FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= 
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= 
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com 
    FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} 
    FF - Ext: digitalchocolate Toolbar: {60c4696a-e4eb-4d2d-9060-38928dd0b6a2} - %profile%\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2} 
    

    Запазете файла с името CFScript.txt и го поставете върху ComboFix.

    Публикувано изображение

    След като, програмата приключи ще Ви изведе лог файла. Отново чрез комбинацията от Copy/Paste поставете информацията тук.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    не не съм правил нищо дори и мишката не съм мръднал и изчаках да приключи напълно сега ще направя това с текстовия сега малко по различно беше преди рестартира сам а сега не рестартира и нямаше проблем с отварянето на ехе но пак мина по бързо от очакваното за около 6мин дано този път е минало нормално ето лог: ComboFix 11-03-21.01 - user 03.2011 г. 23:08:44.2.4 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2047.1441 [GMT 2:00] Running from: d:\downloads\ComboFix.exe Command switches used :: D:\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Uniblue c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome.manifest c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome\winamptoolbar.jar c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\IWinampPlayer.xpt c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\IWinampUninstallObserver.xpt c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampUninstallObserver.js c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\install.rdf c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF\MANIFEST.MF c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF\ZIGBERT.RSA c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF\ZIGBERT.SF c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2} c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\chrome.manifest c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\chrome\digitalchocolate.jar c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\ConduitAutoCompleteSearch.js c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\ConduitAutoCompleteSearch.xpt c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\ConduitToolbar.idl c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\ConduitToolbar.js c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\ConduitToolbar.xpt c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\FFExternalAlert.dll c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\FFExternalAlert.xpt c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\RadioWMPCore.dll c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\RadioWMPCore.xpt c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\defaults\default_radio_skin.xml c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\defaults\fbAlert.js c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\install.rdf c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\lib\xpcom.js c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\META-INF\manifest.mf c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\META-INF\zigbert.rsa c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\META-INF\zigbert.sf c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\searchplugin\conduit.gif c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\searchplugin\conduit.ico c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\searchplugin\conduit.PNG c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\searchplugin\conduit.src c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\searchplugin\conduit.xml c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\version.txt c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\chrome.manifest c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\chrome\conduitengine.jar c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\components\ConduitToolbar.idl c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\components\ConduitToolbar.js c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\components\RadioWMPCore.dll c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\defaults\appContextMenu.xml c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\defaults\engineSettings.json c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\defaults\fbAlert.js c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\DualPackage\install.rdf c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\install.rdf c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\lib\xpcom.js c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\META-INF\manifest.mf c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\META-INF\zigbert.rsa c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\META-INF\zigbert.sf c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\searchplugin\conduit.gif c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\searchplugin\conduit.ico c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\searchplugin\conduit.PNG c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\searchplugin\conduit.src c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\searchplugin\conduit.xml c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\version.txt . . ((((((((((((((((((((((((( Files Created from 2011-02-21 to 2011-03-21 ))))))))))))))))))))))))))))))) . . 2011-03-21 21:12 . 2011-03-21 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-03-21 21:12 . 2011-03-21 21:12 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-03-21 18:33 . 2011-03-21 18:33 -------- d-----w- c:\users\user\AppData\Local\ESET 2011-03-21 18:16 . 2011-03-21 18:16 -------- d-----w- c:\program files\ESET 2011-03-21 17:10 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F31C296-E7B3-4801-929D-6DBA08D8B44B}\mpengine.dll 2011-03-20 15:32 . 2011-03-20 16:10 -------- d-----w- c:\users\user\AppData\Roaming\goalbit 2011-03-20 15:31 . 2011-03-20 15:31 -------- d-----w- c:\program files\InhatchTeam 2011-03-20 12:19 . 2011-03-20 12:19 -------- d-----w- c:\users\user\AppData\Roaming\StokedBigAir 2011-03-19 13:09 . 2011-03-19 13:09 -------- d-----w- c:\users\user\AppData\Local\ALI213 2011-03-16 19:23 . 2011-03-16 19:23 -------- d-----w- c:\users\user\AppData\Local\3DMGAME 2011-02-27 01:11 . 2011-02-27 01:11 -------- d-----w- c:\users\user\AppData\Local\PunkBuster . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-16 13:04 . 2010-10-25 17:45 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-02-28 00:16 . 2010-10-25 17:46 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-02-26 22:55 . 2010-10-25 17:46 22328 ----a-w- c:\users\user\AppData\Roaming\PnkBstrK.sys 2011-02-17 18:00 . 2011-02-17 18:00 406528 ----a-w- c:\windows\system32\ReWire.dll 2011-02-17 18:00 . 2011-02-17 18:00 338432 ----a-w- c:\windows\system32\REX Shared Library.dll 2011-02-02 16:11 . 2009-10-14 09:58 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-26 23:36 . 2011-01-26 23:36 7566848 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2011-01-26 23:00 . 2011-01-26 23:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe 2011-01-26 23:00 . 2010-10-12 20:29 596480 ----a-w- c:\windows\system32\aticfx32.dll 2011-01-26 22:59 . 2011-01-26 22:59 17204736 ----a-w- c:\windows\system32\atioglxx.dll 2011-01-26 22:56 . 2011-01-26 22:56 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-01-26 22:55 . 2011-01-26 22:55 393216 ----a-w- c:\windows\system32\atieclxx.exe 2011-01-26 22:55 . 2011-01-26 22:55 176128 ----a-w- c:\windows\system32\atiesrxx.exe 2011-01-26 22:54 . 2011-01-26 22:54 159744 ----a-w- c:\windows\system32\atitmmxx.dll 2011-01-26 22:53 . 2011-01-26 22:53 356352 ----a-w- c:\windows\system32\atipdlxx.dll 2011-01-26 22:53 . 2011-01-26 22:53 278528 ----a-w- c:\windows\system32\Oemdspif.dll 2011-01-26 22:53 . 2011-01-26 22:53 15872 ----a-w- c:\windows\system32\atimuixx.dll 2011-01-26 22:53 . 2011-01-26 22:53 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2011-01-26 22:49 . 2010-10-12 20:29 4105728 ----a-w- c:\windows\system32\atidxx32.dll 2011-01-26 22:32 . 2011-01-26 22:32 1912832 ----a-w- c:\windows\system32\atiumdmv.dll 2011-01-26 22:28 . 2010-05-05 01:41 4170752 ----a-w- c:\windows\system32\atiumdag.dll 2011-01-26 22:27 . 2011-01-26 22:27 46080 ----a-w- c:\windows\system32\aticalrt.dll 2011-01-26 22:27 . 2011-01-26 22:27 44032 ----a-w- c:\windows\system32\aticalcl.dll 2011-01-26 22:25 . 2011-01-26 22:25 5580800 ----a-w- c:\windows\system32\aticaldd.dll 2011-01-26 22:24 . 2010-05-05 01:19 3463680 ----a-w- c:\windows\system32\atiumdva.dll 2011-01-26 22:20 . 2010-10-12 20:29 52736 ----a-w- c:\windows\system32\coinst.dll 2011-01-26 22:14 . 2011-01-26 22:14 249856 ----a-w- c:\windows\system32\atiadlxx.dll 2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\system32\atiglpxx.dll 2011-01-26 22:13 . 2011-01-26 22:13 32768 ----a-w- c:\windows\system32\atigktxx.dll 2011-01-26 22:13 . 2011-01-26 22:13 238592 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2011-01-26 22:12 . 2010-10-12 20:29 30720 ----a-w- c:\windows\system32\atiuxpag.dll 2011-01-26 22:12 . 2010-05-05 01:22 28672 ----a-w- c:\windows\system32\atiu9pag.dll 2011-01-26 22:11 . 2011-01-26 22:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\system32\atimpc32.dll 2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\system32\amdpcom32.dll 2011-01-07 07:27 . 2011-02-14 18:37 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 05:33 . 2011-02-14 18:37 294400 ----a-w- c:\windows\system32\atmfd.dll 2011-01-05 13:56 . 2010-12-14 23:56 11484 ----a-w- c:\windows\system32\ealregsnapshot1.reg 2011-01-05 05:37 . 2011-02-14 18:38 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 03:37 . 2011-02-14 18:38 2329088 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-03-21_20.39.02 ))))))))))))))))))))))))))))))))))))))))) . - 2009-12-09 06:18 . 2011-03-21 20:15 43662 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-12-09 06:18 . 2011-03-21 20:47 43662 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 04:55 . 2011-03-21 20:15 41010 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2011-03-21 20:47 41010 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-10-12 18:21 . 2011-03-21 20:47 11406 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3665731932-2979998410-65975730-1000_UserData.bin + 2010-10-12 18:10 . 2011-03-21 20:46 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-10-12 18:10 . 2011-03-21 20:14 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-10-12 18:10 . 2011-03-21 20:46 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-10-12 18:10 . 2011-03-21 20:14 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:41 . 2011-03-21 20:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:41 . 2011-03-21 20:46 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-10-12 19:10 . 2011-03-21 20:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-10-12 19:10 . 2011-03-21 20:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-10-12 19:10 . 2011-03-21 20:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-10-12 19:10 . 2011-03-21 20:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-03-21 20:45 . 2011-03-21 20:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-03-21 20:45 . 2011-03-21 20:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-03-21 20:13 . 2011-03-21 20:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2010-04-08 292824] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "BitComet"="c:\program files\BitComet\BitComet.exe" [2010-12-08 10811696] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-17 1780736] "trustGTX14"="c:\program files\Trust\GXT14 Mouse\POINTERGHOST.exe" [2009-06-05 4833792] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-04-08 104408] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 gupdate;Услуга Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-15 136176] R3 ALSysIO;ALSysIO;c:\users\user\AppData\Local\Temp\ALSysIO.sys [x] R3 AsrOcDrv;AsrOcDrv;c:\windows\system32\Drivers\AsrOcDrv.sys [x] R3 cpuz130;cpuz130;c:\users\user\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x] R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [2009-08-17 93848] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-06 691696] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 284672] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376] S2 KmGameMouseServiceV1;Game Mouse Communication And Update Service V1;c:\program files\Trust\GXT14 Mouse\GameMouseServiceApp.exe [2009-05-18 354816] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-08 632792] S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-11-22 718072] S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392] S3 KMWDFILTERV1;HIDUASServiceDesc;c:\windows\system32\DRIVERS\RPGMOUSEV1.sys [2009-06-10 18432] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1127936] . . Contents of the 'Scheduled Tasks' folder . 2011-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-15 15:59] . 2011-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-15 15:59] . . ------- Supplementary Scan ------- . IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {79830D73-0B02-4050-A347-4655A4D61D2A} = 78.90.248.7 78.90.248.1 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF - Ext: Amplify: {8f5ce3f8-1735-4680-b15e-108f2f50e8ba} - %profile%\extensions\{8f5ce3f8-1735-4680-b15e-108f2f50e8ba} FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3665731932-2979998410-65975730-1000\Software\SecuROM\License information*] "datasecu"=hex:b0,da,5d,73,e0,a3,b5,22,fa,74,63,61,58,b3,d5,f2,57,2a,24,f8,e3, 79,b1,b7,ef,c1,3f,d4,7c,84,dd,c6,ab,63,1e,9c,54,02,42,1a,ef,bb,f9,46,d2,79,\ "rkeysecu"=hex:a3,6f,90,51,92,75,48,06,18,32,66,f0,cf,e6,f7,74 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-03-21 23:14:22 ComboFix-quarantined-files.txt 2011-03-21 21:14 ComboFix2.txt 2011-03-21 20:42 . Pre-Run: 4 331 323 392 bytes free Post-Run: 4 140 621 824 bytes free . - - End Of File - - DAD6530E2973078573A343CF12A65CF8 надявам се сега да са се изчистили вирусите

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Съвсем нормално искам да попитам създадени са тези папки c:\tool c:\Recovery тези са празни C:\Qoobox а в тази има файлове от ComboFix карантината мога ли да ги премахна ???

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    В началото ви бях споменал да работим по експедитивно и по-конкретно. Попитах как се държи системата сега, тези неща се премахват след като приключи целия процес по почистването на системата от зловреден софтуер.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    явно не съм се изразил правилно в предния пост имах предвид че системата ми се държи "съвсем нормално" :P не че "съвсем нормално искам да попитам" за сега всичко е нормално няма излишно натоварване на памета и процесора няма нещо което е в процес и да него знам какво е няма бъгове наистина всичко е в рамките на нормалното за което съм благодарен на вас че отделихте време за да решим проблема ми

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Супер! Съжалявам, но бързам да си лягам, че ще ставам след 6 часа, защото съм на даскало. Ето няколко стъпки, с които ще оправим това, което ви притеснява:

    Стъпка 1:

    Деинсталирайте ComboFix и всички резервни копия на файлове, които той премахва:

    * Кликнете върху бутона Start и изберете Run

    * Въведете ComboFix /uninstall в полето и изберете OK

    Бележка: Забележете, че има разстояние между ComboFix и /u, което задължително трябва да има.

    Тази процедура ще извърши следните действия:

    • Ше изтрие ComboFix и всички свързани с нея файлове и папки.
    • Ше изтрие бакъпа на VundoFix (ако съществува).
    • Ще изтрие папката Deckard (ако съществува).
    • Папката _OtMoveIt (ако съществува).

    • Нулира настройките на часовника.
    • Скрива файлови разширения, ако е необходимо.
    • Скрива системни файлове, ако е необходимо.
    • Нулира System Restore.

    Стъпка 2:

    Моля, ръчно изтрийте DDS.

    Стъпка 3:

    Няколко превантивни мерки срещу повторно инфектиране:

    http://www.cybercrime.bg/bg/internet/aee5c2/

    Приятно сърфиране! :nono:

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.