Премини към съдържанието

Препоръчан отговор


Имам следния проблем след като стартирам луиндолса ми се зарежда един файл fac.exe който започва да ми отваря едни еxe-ta например setup14154363.еxe,setup141376375.еxe setup1415489679.еxe койтоМаlwarebytes` Antimalware миги засича като (Rootkit.TDSS) и така около 10тина exe-ta не смея да ги разреша за отваряне защото не зная какво може да стане и натискам "НЕ" на всичките след като ги затворя в таск менъджера имам стартирано pecep.exe (след като го премахна от start up ми се зарежда друг подобен файл и така всеки път когато го изключа от system configuration директно от таск менаджера немога като натисна върху файла ми дава "stop working") опитах да го махна този файл fac.exe но след всеки рестарт се появява на ново и зарежда всичко от начало пробвах да го премахна ръчно от c:\user\user\fac.exe но след рестарт пак се появява и с него много ехе-та в c:\user\user\local\temp\setup15341623.exe опитах с Маlwarebytes` Antimalware след като премахне всичките вируси който са този файл fac.exe и всичките setup15*****.ехе (Rootkit.TDSS) проверявам и показва че е чист харда но след рестарт този fac.exe пак се появява зарежда един флаш файл всеки път с различно име и в темп се появяват тези всички setup15***** и започват да се отварят един след един кажете как да се справя с проблема мисля че се заразих след свалянето на един архив който имаше парола и имаше вътре едно url койте пишеше да се отвориза да си вземеш парола аз не съобразих че може да се зараза защото мислех че ако отворя сайта без да свалям нищо от него немога да се заразя все пак не съм сигурен че от там прихванах вируса с Луиндолс 7 ултиматум 86 съм

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте!

Аз ще се опитам да ви помогна с проблема ви. Моля, публикувайте директно във вашия пост лог файловете, а не да ги прикачвате. Сега:

Следвайте следната инструкция за работа с DDS:

  • Изтеглете DDS: от bleepingcomputer.
  • След изтегляне на файла го запишете (бутон Save -> Save as) DDS на вашия десктоп, снимка:

    Публикувано изображение

  • След като изтеглите DDS на десктопа, иконката на програмата би трябвало да изглежда така: Публикувано изображение
  • Прекратете временно работата на всички скрипт блокиращи приложения, ако има такива или разрешете изпълнението на dds.scr. След това стартирайте DDS с двоен клик на иконката, като потвърдите с Run.
  • След приключване на работата на DDS копирайте с Copy текста от двата файлови лога, които ще се появят в Notepad: DDS.txt и Attach.txt и ги запазете (бутон Save -> Save as) на десктопа. После публикувайте лог файловете в следващия ви пост в тази тема.
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

:blink: ivayloandreev , как успя в думата Windows да видиш толкова букви Л , като то една за цяр няма :wors: !???!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

DDS (Ver_10-12-12.02) - NTFSx86

Run by user at 20:25:17,36 on Ї®­ 21.03.2011 Ј.

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2047.810 [GMT 2:00]

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Windows\system32\crypserv.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Program Files\Trust\GXT14 Mouse\GameMouseServiceApp.exe

C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Windows\system32\PnkBstrA.exe

C:\Program Files\Tunngle\TnglCtrl.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files\Trust\GXT14 Mouse\POINTERGHOST.exe

C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files\Trust\GXT14 Mouse\StartAutorun.exe

C:\Windows\System32\alg.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Trust\GXT14 Mouse\RapooV1Process.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Registry Mechanic\RMTray.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\user\duroc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\msiexec.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\prevhost.exe

D:\Install Files\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

uRun: [ASRockIES]

uRun: [zASRockInstantBoot]

uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [bitComet] "c:\program files\bitcomet\BitComet.exe" /tray

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [duroc] c:\users\user\duroc.exe /g

mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r

mRun: [trustGTX14] "c:\program files\trust\gxt14 mouse\POINTERGHOST.exe" showhide

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"

mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll/206

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: {79830D73-0B02-4050-A347-4655A4D61D2A} = 78.90.248.7 78.90.248.1

================= FIREFOX ===================

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\FFExternalAlert.dll

FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\RadioWMPCore.dll

FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll

FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\inhatchteam\inhatch\npinhatch.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

FF - Ext: Amplify: {8f5ce3f8-1735-4680-b15e-108f2f50e8ba} - %profile%\extensions\{8f5ce3f8-1735-4680-b15e-108f2f50e8ba}

FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

FF - Ext: digitalchocolate Toolbar: {60c4696a-e4eb-4d2d-9060-38928dd0b6a2} - %profile%\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}

FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}

============= SERVICES / DRIVERS ===============

R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]

R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-12-21 95384]

R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-3-4 37944]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-27 7566848]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-27 238592]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]

R3 KMWDFILTERV1;HIDUASServiceDesc;c:\windows\system32\drivers\RPGMOUSEV1.sys [2009-5-4 18432]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-13 20952]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-10-12 277536]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-2-4 27136]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-12 1127936]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

=============== Created Last 30 ================

2011-03-21 18:16:52 -------- d-----w- c:\program files\ESET

2011-03-21 17:18:27 249856 --sh--r- c:\users\user\duroc.exe

2011-03-21 17:10:21 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{3f31c296-e7b3-4801-929d-6dba08d8b44b}\mpengine.dll

2011-03-21 06:21:50 135168 --sha-r- c:\users\user\appdata\roaming\C_201051.dll

2011-03-20 15:32:44 -------- d-----w- c:\users\user\appdata\roaming\goalbit

2011-03-20 15:31:50 -------- d-----w- c:\program files\InhatchTeam

2011-03-20 12:19:09 -------- d-----w- c:\users\user\appdata\roaming\StokedBigAir

2011-03-19 13:09:56 -------- d-----w- c:\users\user\appdata\local\ALI213

2011-03-16 19:23:58 -------- d-----w- c:\users\user\appdata\local\3DMGAME

2011-03-16 13:04:41 -------- d-----w- c:\users\user\appdata\roaming\PunkBuster

2011-03-13 16:30:40 -------- d-----w- c:\users\user\appdata\local\wanted

2011-03-13 16:30:40 -------- d-----w- c:\progra~2\wanted

2011-03-12 00:18:40 -------- d-----w- c:\program files\StarCraft II

2011-03-11 21:05:26 -------- d-----w- c:\program files\Uniblue

2011-03-08 09:04:05 -------- d-----w- c:\users\user\appdata\local\SKIDROW

2011-03-04 16:17:19 -------- d-----w- c:\users\user\appdata\local\AMD

2011-03-04 16:17:00 -------- d-----w- c:\program files\ATI Stream

2011-03-04 16:16:36 -------- d-----w- c:\progra~2\AMD

2011-03-04 16:16:28 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys

2011-03-03 19:30:26 -------- d-----w- c:\program files\Spider Video Downloader

2011-03-02 23:16:37 -------- d-----w- c:\progra~2\EA Core

2011-02-28 00:16:20 189248 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-02-27 01:11:40 -------- d-----w- c:\users\user\appdata\local\PunkBuster

==================== Find3M ====================

2011-03-16 13:04:44 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-02-26 22:55:48 22328 ----a-w- c:\users\user\appdata\roaming\PnkBstrK.sys

2011-02-17 18:00:53 406528 ----a-w- c:\windows\system32\ReWire.dll

2011-02-17 18:00:53 338432 ----a-w- c:\windows\system32\REX Shared Library.dll

2011-02-02 16:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-26 23:00:44 143360 ----a-w- c:\windows\system32\atiapfxx.exe

2011-01-26 23:00:30 596480 ----a-w- c:\windows\system32\aticfx32.dll

2011-01-26 22:59:46 17204736 ----a-w- c:\windows\system32\atioglxx.dll

2011-01-26 22:56:30 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-01-26 22:55:54 393216 ----a-w- c:\windows\system32\atieclxx.exe

2011-01-26 22:55:24 176128 ----a-w- c:\windows\system32\atiesrxx.exe

2011-01-26 22:54:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2011-01-26 22:53:54 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2011-01-26 22:53:42 278528 ----a-w- c:\windows\system32\Oemdspif.dll

2011-01-26 22:53:34 15872 ----a-w- c:\windows\system32\atimuixx.dll

2011-01-26 22:53:26 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-01-26 22:49:44 4105728 ----a-w- c:\windows\system32\atidxx32.dll

2011-01-26 22:32:12 1912832 ----a-w- c:\windows\system32\atiumdmv.dll

2011-01-26 22:28:52 4170752 ----a-w- c:\windows\system32\atiumdag.dll

2011-01-26 22:27:50 46080 ----a-w- c:\windows\system32\aticalrt.dll

2011-01-26 22:27:40 44032 ----a-w- c:\windows\system32\aticalcl.dll

2011-01-26 22:25:50 5580800 ----a-w- c:\windows\system32\aticaldd.dll

2011-01-26 22:24:18 3463680 ----a-w- c:\windows\system32\atiumdva.dll

2011-01-26 22:20:44 52736 ----a-w- c:\windows\system32\coinst.dll

2011-01-26 22:14:06 249856 ----a-w- c:\windows\system32\atiadlxx.dll

2011-01-26 22:13:52 12800 ----a-w- c:\windows\system32\atiglpxx.dll

2011-01-26 22:13:42 32768 ----a-w- c:\windows\system32\atigktxx.dll

2011-01-26 22:12:40 30720 ----a-w- c:\windows\system32\atiuxpag.dll

2011-01-26 22:12:24 28672 ----a-w- c:\windows\system32\atiu9pag.dll

2011-01-26 22:08:40 52736 ----a-w- c:\windows\system32\atimpc32.dll

2011-01-26 22:08:40 52736 ----a-w- c:\windows\system32\amdpcom32.dll

2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-05 13:56:12 11484 ----a-w- c:\windows\system32\ealregsnapshot1.reg

2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 20:26:41,42 ===============

:blink: ivayloandreev , как успя в думата Windows да видиш толкова букви Л , като то една за цяр няма :wors: !???!

Приемам забележката но все пак ако имах нужда от правопис нямаше да търся помощ тук ако можеш да ми помогнеш относно проблема с компа ще съм ти благодарен!!! все пак знам че се пише Уиндолс споко от бързина не съм се съобразил за което признавам грешката си Редактирано от ivayloandreev (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

немога да го кача архивиран затова го качвам тесктов

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Аз ще се опитам да ви помогна с проблема ви. Моля, публикувайте директно във вашия пост лог файловете, а не да ги прикачвате. Сега:

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 12.10.2010 г. 21:09:50 System Uptime: 21.3.2011 г. 19:16:53 (1 hours ago) Motherboard: ASRock | | 890GX Extreme3 Processor: AMD Athlon II X4 640 Processor | CPUSocket | 3006/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 58 GiB total, 4,755 GiB free. D: is FIXED (NTFS) - 239 GiB total, 6,614 GiB free. E: is CDROM () F: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: Description: Universal Serial Bus (USB) Controller Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_01941849&REV_03\4&2E90359D&0&0048 Manufacturer: Name: Universal Serial Bus (USB) Controller PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_01941849&REV_03\4&2E90359D&0&0048 Service: ==== System Restore Points =================== RP555: 21.3.2011 г. 15:44:39 - Made by Registry Mechanic RP557: 21.3.2011 г. 15:46:41 - Made by Registry Mechanic RP558: 21.3.2011 г. 18:05:03 - virus RP559: 21.3.2011 г. 19:10:00 - Windows Update RP560: 21.3.2011 г. 20:16:27 - Installed ESET NOD32 Antivirus ==== Installed Programs ====================== µTorrent 3dsmax ancillary install 7-Zip 4.65 Adobe After Effects CS4 Adobe After Effects CS4 Presets Adobe After Effects CS4 Template Projects & Footage Adobe After Effects CS4 Third Party Content Adobe AIR Adobe Anchor Service CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color Video Profiles AE CS4 Adobe Community Help Adobe CS4 American English Speech Analysis Models Adobe Default Language CS4 Adobe Device Central CS4 Adobe Dynamiclink Support Adobe Encore CS4 Adobe Encore CS4 Codecs Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Media Encoder CS4 Adobe Media Encoder CS4 Additional Exporter Adobe Media Encoder CS4 Dolby Adobe Media Encoder CS4 Exporter Adobe Media Encoder CS4 Importer Adobe Media Player Adobe MotionPicture Color Files CS4 Adobe OnLocation CS4 Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS5 Adobe Premiere Pro CS4 Adobe Premiere Pro CS4 Functional Content Adobe Premiere Pro CS4 Third Party Content Adobe Reader 9.4.2 Adobe Setup Adobe Type Support CS4 Adobe Update Manager CS4 Adobe XMP Panels CS4 AMD Drag and Drop Transcoding AMD Fuel Apple Application Support Apple Software Update Application Profiles ArchiCAD 13 INT ASRock IES v2.0.83 ASRock InstantBoot v1.24 ASRock OC DNA v1.6 Assassin's Creed Brotherhood ATI AVIVO Codecs ATI Catalyst Install Manager ATI Catalyst Registration ATI Stream SDK v2 Developer Autodesk 3ds Max 9 32-bit Autodesk DWF Viewer 7 Backburner Battlefield: Bad Company™ 2 BattlEye Uninstall BitComet 1.25 BS.Player PRO Bulletstorm Call of Duty Modern Warfare 2 Call of Duty® 4 - Modern Warfare Call of Duty® 4 - Modern Warfare 1.1 Patch Call of Duty® 4 - Modern Warfare 1.2 Patch Call of Duty® 4 - Modern Warfare 1.3 Patch Call of Duty® 4 - Modern Warfare 1.4 Patch Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch Call of Duty® 4 - Modern Warfare 1.5 Patch Call of Duty® 4 - Modern Warfare 1.6 Patch Call of Duty® 4 - Modern Warfare 1.7 Patch Call of Duty: Black Ops Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy ccc-core-static ccc-utility CCC Help English CINEMA 4D 12.028 Colin McRae - DiRT 2 Conduit Engine DAEMON Tools Toolbar Dead Space™ Dead Space™ 2 Dual-Core Optimizer EA Download Manager EAX4 Unified Redist ESET NOD32 Antivirus EVEREST Ultimate Edition v5.50 FBX Plugin 2006.08 for Max 9.0 Firebird SQL Server - MAGIX Edition Futuremark SystemInfo Garena Garena 2010 Google Земя Google Chrome Google Update Helper Grand Theft Auto: Episodes From Liberty City Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) HydraVision Impulse Inhatch web plugins Java 6 Update 22 Mafia II DLC Joe's Adventures MAGIX Music Maker 16 Premium Download Version MAGIX Screenshare MAGIX Speed burnR Malwarebytes' Anti-Malware Medal of Honor Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft Visual Studio Tools for Applications 2.0 Runtime Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox (3.6.15) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Need for Speed Hot Pursuit Nero 8 Lite NVIDIA PhysX Octoshape add-in for Adobe Flash Player OpenAL Opera 10.63 oZone3D.Net FurMark v1.8.2 PDF Settings CS5 Photoshop Camera Raw Pixel Bender Toolkit Platform Pro Evolution Soccer 2011 PunkBuster Services QuickTime Realtek Ethernet Controller Driver For Windows 7 Reason 5.0 Registry Mechanic 9.0 SiSoftware Sandra Lite 2011 Skype™ 5.1 SpeedFan (remove only) StarCraft II StokedBigAir Suite Shared Configuration CS4 SVD 1.4.6 System Requirements Lab CYRI Test Drive Unlimited 2 Text-To-Speech-Runtime The KMPlayer (remove only) The Lord of the Rings FREE Trial Tom Clancy's Rainbow Six Vegas 2 Tom Clancy's Splinter Cell Conviction Tom Clancy's Splinter Cell Double Agent Total CMA Pack 0.43 (public) Trust GXT14 Mouse Tunngle beta Ubisoft Game Launcher VIA п»ї Virtual DJ Pro Full - Atomix Productions Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 Vuze Vuze Remote Toolbar Wanted: Weapons of Fate Winamp Winamp Detector Plug-in Winamp Toolbar Windows Media Player Firefox Plugin WinRAR archiver WMV9/VC-1 Video Playback Your Uninstaller! 2010 ==== Event Viewer Messages From Past Week ======== 21.3.2011 г. 20:16:56, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 21.3.2011 г. 19:17:28, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 21.3.2011 г. 19:12:22, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 21.3.2011 г. 19:12:22, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 21.3.2011 г. 19:06:26, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004 21.3.2011 г. 18:17:29, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 19.3.2011 г. 13:48:59, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 19.3.2011 г. 12:28:51, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 19.3.2011 г. 12:28:50, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 19.3.2011 г. 02:03:19, Error: volsnap [35] - The shadow copies of volume D: were aborted because the shadow copy storage failed to grow. 17.3.2011 г. 14:31:47, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 17.3.2011 г. 13:55:57, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 16.3.2011 г. 17:42:50, Error: volsnap [35] - The shadow copies of volume D: were aborted because the shadow copy storage failed to grow. 16.3.2011 г. 13:41:03, Error: volsnap [36] - The shadow copies of volume D: were aborted because the shadow copy storage could not grow due to a user imposed limit. 16.3.2011 г. 11:04:30, Error: volsnap [35] - The shadow copies of volume D: were aborted because the shadow copy storage failed to grow. 16.3.2011 г. 10:39:21, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 16.3.2011 г. 08:54:08, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 16.3.2011 г. 08:54:08, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 15.3.2011 г. 19:51:20, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 15.3.2011 г. 14:20:13, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 15.3.2011 г. 07:02:46, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 15.3.2011 г. 07:02:46, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 14.3.2011 г. 15:49:52, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 14.3.2011 г. 15:23:01, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 14.3.2011 г. 05:02:06, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 14.3.2011 г. 04:43:53, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 14.3.2011 г. 02:34:01, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. ==== End Of File ===========================

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ще ви помоля стриктно да следвате инструкциите ми, за да не си повтаряме едно и също да губим време за глупости. Държа на това, което ви говоря, за да бъде както лесно за вас, така и за мен и по-бързо да протича работния процес, както и резултата да бъде ясен и хубав.

Стъпка 1

Деинсталирайте следните приложения:

Conduit Engine

DAEMON Tools Toolbar

Vuze Remote Toolbar

Winamp Toolbar

Conduit Engine - Това е Adware, който извежда дразнещи и нежелани реклами. Освен това, влияе негативно на интернет връзката и производителността на системата.

DAEMON Tools Toolbar - Най-често се среща поради небрежно кликане на Next > бутона при инсталиране на Daemon Tools. Заема излишни ресурси и като цяло с нищо не е полезен, направо си е излишен. Същото се отнася и за Vuze Remote Toolbar и Winamp Toolbar.

Стъпка 2

Стартирайте Malwarebytes' Anti-Malware, обновете го и направете бързо сканиране. Накрая премахнете, ако открие нещо и публикувайте лог файла в следващия си пост, заедно с нов свеж лог файл от DDS (не е необходим Attach.txt).

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Премахнах това което ми каза онових Malwarebytes' Anti-Malware направих бързо сканиране и нищо не намери защото бях изтрил заразените файлове но знам че след рестарта ще се появят пак затова рестартирах и сканирах на ново и засече 54 заразени ето и лога: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6121 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 21.3.2011 г. 21:15:24 mbam-log-2011-03-21 (21-15-24).txt Scan type: Quick scan Objects scanned: 174560 Time elapsed: 3 minute(s), 45 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 53 Memory Processes Infected: c:\Users\user\bisah.exe (Heuristics.Shuriken) -> 4856 -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bisah (Heuristics.Shuriken) -> Value: bisah -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\user\bisah.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3235046096.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3275352680.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3528096896.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3695991040.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3726978324.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3819899392.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3859410504.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3946798336.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup4000950240.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup4042370720.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup4220793600.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2052089980.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2094178960.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2375215744.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2412275088.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2429032896.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2525392640.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2571259648.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2628881536.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2644267808.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup266232752.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2664161348.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2945732996.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup571199600.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup679087760.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup701879680.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup774402576.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup82215376.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3029988608.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3038090124.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3058500224.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3199501696.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1089714688.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1144243840.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1408121104.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1537509760.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1541433952.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1625282944.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1633805568.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1645106608.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1663233528.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1663963172.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1732408680.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1759762072.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup930078892.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\3E8.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\ED0.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\F5D4.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup1067888560.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup2994931728.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\setup3204858240.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\user\fac.exe (Trojan.Downloader) -> Quarantined and deleted successfully. след изтриване на всички тези файлове след рестарт пак се появяват като този bisah.exе го нямаше но винаги се появява един файл с различно име който се зарежда в таск менъджера и немога да го затворя защото таск менъджера блокира след като натисна нещп по него ето и другия лог ддс: DDS (Ver_10-12-12.02) - NTFSx86 Run by user at 21:18:47,70 on Ї®­ 21.03.2011 Ј. Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22 Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2047.1098 [GMT 2:00] AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Windows\system32\crypserv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Program Files\Trust\GXT14 Mouse\GameMouseServiceApp.exe C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\Tunngle\TnglCtrl.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files\Trust\GXT14 Mouse\POINTERGHOST.exe C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files\Trust\GXT14 Mouse\StartAutorun.exe C:\Program Files\Trust\GXT14 Mouse\RapooV1Process.exe C:\Windows\System32\alg.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Registry Mechanic\RMTray.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe D:\Install Files\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [ASRockIES] uRun: [zASRockInstantBoot] uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [bitComet] "c:\program files\bitcomet\BitComet.exe" /tray uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r mRun: [trustGTX14] "c:\program files\trust\gxt14 mouse\POINTERGHOST.exe" showhide mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe" mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll/206 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: {79830D73-0B02-4050-A347-4655A4D61D2A} = 78.90.248.8 78.90.248.1 ================= FIREFOX =================== FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\FFExternalAlert.dll FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\RadioWMPCore.dll FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\inhatchteam\inhatch\npinhatch.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF - Ext: Amplify: {8f5ce3f8-1735-4680-b15e-108f2f50e8ba} - %profile%\extensions\{8f5ce3f8-1735-4680-b15e-108f2f50e8ba} FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} FF - Ext: digitalchocolate Toolbar: {60c4696a-e4eb-4d2d-9060-38928dd0b6a2} - %profile%\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2} FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} ============= SERVICES / DRIVERS =============== R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-27 176128] R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-1-26 284672] R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224] R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144] R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-12-21 95384] R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376] R2 KmGameMouseServiceV1;Game Mouse Communication And Update Service V1;c:\program files\trust\gxt14 mouse\GameMouseServiceApp.exe [2009-5-4 354816] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-13 363344] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-10-17 632792] R2 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2011-2-5 718072] R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-3-4 37944] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-27 7566848] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-27 238592] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392] R3 KMWDFILTERV1;HIDUASServiceDesc;c:\windows\system32\drivers\RPGMOUSEV1.sys [2009-5-4 18432] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-13 20952] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-1-13 38224] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-10-12 277536] R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-2-4 27136] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-12 1127936] S2 gupdate;Услуга Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-15 136176] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2011\RpcAgentSrv.exe [2010-12-5 93848] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] =============== Created Last 30 ================ 2011-03-21 19:08:26 328872 ----a-w- c:\users\user\pouvok.exe 2011-03-21 18:33:17 -------- d-----w- c:\users\user\appdata\local\ESET 2011-03-21 18:16:52 -------- d-----w- c:\program files\ESET 2011-03-21 17:10:21 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{3f31c296-e7b3-4801-929d-6dba08d8b44b}\mpengine.dll 2011-03-21 06:21:50 135168 --sha-r- c:\users\user\appdata\roaming\C_201051.dll 2011-03-20 15:32:44 -------- d-----w- c:\users\user\appdata\roaming\goalbit 2011-03-20 15:31:50 -------- d-----w- c:\program files\InhatchTeam 2011-03-20 12:19:09 -------- d-----w- c:\users\user\appdata\roaming\StokedBigAir 2011-03-19 13:09:56 -------- d-----w- c:\users\user\appdata\local\ALI213 2011-03-16 19:23:58 -------- d-----w- c:\users\user\appdata\local\3DMGAME 2011-03-16 13:04:41 -------- d-----w- c:\users\user\appdata\roaming\PunkBuster 2011-03-13 16:30:40 -------- d-----w- c:\users\user\appdata\local\wanted 2011-03-13 16:30:40 -------- d-----w- c:\progra~2\wanted 2011-03-12 00:18:40 -------- d-----w- c:\program files\StarCraft II 2011-03-11 21:05:26 -------- d-----w- c:\program files\Uniblue 2011-03-08 09:04:05 -------- d-----w- c:\users\user\appdata\local\SKIDROW 2011-03-04 16:17:19 -------- d-----w- c:\users\user\appdata\local\AMD 2011-03-04 16:17:00 -------- d-----w- c:\program files\ATI Stream 2011-03-04 16:16:36 -------- d-----w- c:\progra~2\AMD 2011-03-04 16:16:28 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys 2011-03-03 19:30:26 -------- d-----w- c:\program files\Spider Video Downloader 2011-03-02 23:16:37 -------- d-----w- c:\progra~2\EA Core 2011-02-28 00:16:20 189248 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-02-27 01:11:40 -------- d-----w- c:\users\user\appdata\local\PunkBuster ==================== Find3M ==================== 2011-03-16 13:04:44 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-02-26 22:55:48 22328 ----a-w- c:\users\user\appdata\roaming\PnkBstrK.sys 2011-02-17 18:00:53 406528 ----a-w- c:\windows\system32\ReWire.dll 2011-02-17 18:00:53 338432 ----a-w- c:\windows\system32\REX Shared Library.dll 2011-02-02 16:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-26 23:00:44 143360 ----a-w- c:\windows\system32\atiapfxx.exe 2011-01-26 23:00:30 596480 ----a-w- c:\windows\system32\aticfx32.dll 2011-01-26 22:59:46 17204736 ----a-w- c:\windows\system32\atioglxx.dll 2011-01-26 22:56:30 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-01-26 22:55:54 393216 ----a-w- c:\windows\system32\atieclxx.exe 2011-01-26 22:55:24 176128 ----a-w- c:\windows\system32\atiesrxx.exe 2011-01-26 22:54:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll 2011-01-26 22:53:54 356352 ----a-w- c:\windows\system32\atipdlxx.dll 2011-01-26 22:53:42 278528 ----a-w- c:\windows\system32\Oemdspif.dll 2011-01-26 22:53:34 15872 ----a-w- c:\windows\system32\atimuixx.dll 2011-01-26 22:53:26 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2011-01-26 22:49:44 4105728 ----a-w- c:\windows\system32\atidxx32.dll 2011-01-26 22:32:12 1912832 ----a-w- c:\windows\system32\atiumdmv.dll 2011-01-26 22:28:52 4170752 ----a-w- c:\windows\system32\atiumdag.dll 2011-01-26 22:27:50 46080 ----a-w- c:\windows\system32\aticalrt.dll 2011-01-26 22:27:40 44032 ----a-w- c:\windows\system32\aticalcl.dll 2011-01-26 22:25:50 5580800 ----a-w- c:\windows\system32\aticaldd.dll 2011-01-26 22:24:18 3463680 ----a-w- c:\windows\system32\atiumdva.dll 2011-01-26 22:20:44 52736 ----a-w- c:\windows\system32\coinst.dll 2011-01-26 22:14:06 249856 ----a-w- c:\windows\system32\atiadlxx.dll 2011-01-26 22:13:52 12800 ----a-w- c:\windows\system32\atiglpxx.dll 2011-01-26 22:13:42 32768 ----a-w- c:\windows\system32\atigktxx.dll 2011-01-26 22:12:40 30720 ----a-w- c:\windows\system32\atiuxpag.dll 2011-01-26 22:12:24 28672 ----a-w- c:\windows\system32\atiu9pag.dll 2011-01-26 22:08:40 52736 ----a-w- c:\windows\system32\atimpc32.dll 2011-01-26 22:08:40 52736 ----a-w- c:\windows\system32\amdpcom32.dll 2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll 2011-01-05 13:56:12 11484 ----a-w- c:\windows\system32\ealregsnapshot1.reg 2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys ============= FINISH: 21:19:23,31 ===============

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Благодаря ви!

Изтеглете ComboFix от някой от следните линкове:

Линк 1

Линк 2

* ВАЖНО !!! Запазете ComboFix.exe на вашия десктоп

  • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

  • Преименувайте ComboFix.exe на Tool.exe

  • Стартирайте Tool.exe и следвайте инструкциите.

Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

  • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

  • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

Публикувано изображение

След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

Публикувано изображение

Изберете Yes, за да продължи сканирането за зловреден софтуер.

Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

Бележка:

  • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
  • ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
  • ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
  • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
  • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Леле извинявам се грешката е била в мене съжалявам че ви изгубих времето проблема се реши просто съм глупав и не се съобразих че някой файлове несе премахват докато са стартирани и не рестартирвах в момента в който ми искаше програмата Malwarebytes' Anti-Malware защото си мислех че след рестарта пак ще се появи вируса без да се съобразя че за да премахне всичко програмата си изисква рестарт на момента а аз рестартирах по късно чак сега се сетих че това ми е било грешката след като се замислих как да изтрия тези файлове извън уиндолса например мс-дос или друга ОС и тогава се сетих че Malwarebytes' Anti-Malware рестартира и трие това което не е успяла да изтрие под уиндолс сега всичко е нормално.

Извинявам се пак че ви изгубих времето и благодаря че се отзовахте на молбата ми.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Това е много груба грешка! Моля, публикувайте нов свеж лог файл от DDS, за да се уверим, че всичко е изчистено, защото някои изглежда, че не ги засича.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Приемам забележката напрвил съм наистина груба грешка ето и лога от ДДС а Malwarebytes' Anti-Malware не засича нищо между другото сега уиндолса работи нормално таск менаджера също

DDS (Ver_10-12-12.02) - NTFSx86

Run by user at 22:05:02,12 on Ї®­ 21.03.2011 Ј.

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2047.1118 [GMT 2:00]

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\crypserv.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Program Files\Trust\GXT14 Mouse\GameMouseServiceApp.exe

C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Windows\system32\PnkBstrA.exe

C:\Program Files\Tunngle\TnglCtrl.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files\Trust\GXT14 Mouse\POINTERGHOST.exe

C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files\Trust\GXT14 Mouse\StartAutorun.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Trust\GXT14 Mouse\RapooV1Process.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Registry Mechanic\RMTray.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\prevhost.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

D:\Install Files\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

uRun: [ASRockIES]

uRun: [zASRockInstantBoot]

uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [bitComet] "c:\program files\bitcomet\BitComet.exe" /tray

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r

mRun: [trustGTX14] "c:\program files\trust\gxt14 mouse\POINTERGHOST.exe" showhide

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"

mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll/206

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: {79830D73-0B02-4050-A347-4655A4D61D2A} = 78.90.248.7 78.90.248.1

================= FIREFOX ===================

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\FFExternalAlert.dll

FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\RadioWMPCore.dll

FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll

FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\6zdoudlu.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\inhatchteam\inhatch\npinhatch.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

FF - Ext: Amplify: {8f5ce3f8-1735-4680-b15e-108f2f50e8ba} - %profile%\extensions\{8f5ce3f8-1735-4680-b15e-108f2f50e8ba}

FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

FF - Ext: digitalchocolate Toolbar: {60c4696a-e4eb-4d2d-9060-38928dd0b6a2} - %profile%\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}

FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}

============= SERVICES / DRIVERS ===============

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-27 176128]

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-1-26 284672]

R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]

R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]

R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-12-21 95384]

R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]

R2 KmGameMouseServiceV1;Game Mouse Communication And Update Service V1;c:\program files\trust\gxt14 mouse\GameMouseServiceApp.exe [2009-5-4 354816]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-13 363344]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-10-17 632792]

R2 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2011-2-5 718072]

R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-3-4 37944]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-27 7566848]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-27 238592]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]

R3 KMWDFILTERV1;HIDUASServiceDesc;c:\windows\system32\drivers\RPGMOUSEV1.sys [2009-5-4 18432]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-13 20952]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-10-12 277536]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-2-4 27136]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-12 1127936]

S2 gupdate;Услуга Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-15 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2011\RpcAgentSrv.exe [2010-12-5 93848]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

=============== Created Last 30 ================

2011-03-21 19:08:26 328872 ----a-w- c:\users\user\pouvok.exe

2011-03-21 18:33:17 -------- d-----w- c:\users\user\appdata\local\ESET

2011-03-21 18:16:52 -------- d-----w- c:\program files\ESET

2011-03-21 17:10:21 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{3f31c296-e7b3-4801-929d-6dba08d8b44b}\mpengine.dll

2011-03-21 06:21:50 135168 --sha-r- c:\users\user\appdata\roaming\C_201051.dll

2011-03-20 15:32:44 -------- d-----w- c:\users\user\appdata\roaming\goalbit

2011-03-20 15:31:50 -------- d-----w- c:\program files\InhatchTeam

2011-03-20 12:19:09 -------- d-----w- c:\users\user\appdata\roaming\StokedBigAir

2011-03-19 13:09:56 -------- d-----w- c:\users\user\appdata\local\ALI213

2011-03-16 19:23:58 -------- d-----w- c:\users\user\appdata\local\3DMGAME

2011-03-16 13:04:41 -------- d-----w- c:\users\user\appdata\roaming\PunkBuster

2011-03-13 16:30:40 -------- d-----w- c:\users\user\appdata\local\wanted

2011-03-13 16:30:40 -------- d-----w- c:\progra~2\wanted

2011-03-12 00:18:40 -------- d-----w- c:\program files\StarCraft II

2011-03-11 21:05:26 -------- d-----w- c:\program files\Uniblue

2011-03-08 09:04:05 -------- d-----w- c:\users\user\appdata\local\SKIDROW

2011-03-04 16:17:19 -------- d-----w- c:\users\user\appdata\local\AMD

2011-03-04 16:17:00 -------- d-----w- c:\program files\ATI Stream

2011-03-04 16:16:36 -------- d-----w- c:\progra~2\AMD

2011-03-04 16:16:28 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys

2011-03-03 19:30:26 -------- d-----w- c:\program files\Spider Video Downloader

2011-03-02 23:16:37 -------- d-----w- c:\progra~2\EA Core

2011-02-28 00:16:20 189248 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-02-27 01:11:40 -------- d-----w- c:\users\user\appdata\local\PunkBuster

==================== Find3M ====================

2011-03-16 13:04:44 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-02-26 22:55:48 22328 ----a-w- c:\users\user\appdata\roaming\PnkBstrK.sys

2011-02-17 18:00:53 406528 ----a-w- c:\windows\system32\ReWire.dll

2011-02-17 18:00:53 338432 ----a-w- c:\windows\system32\REX Shared Library.dll

2011-02-02 16:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-26 23:00:44 143360 ----a-w- c:\windows\system32\atiapfxx.exe

2011-01-26 23:00:30 596480 ----a-w- c:\windows\system32\aticfx32.dll

2011-01-26 22:59:46 17204736 ----a-w- c:\windows\system32\atioglxx.dll

2011-01-26 22:56:30 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-01-26 22:55:54 393216 ----a-w- c:\windows\system32\atieclxx.exe

2011-01-26 22:55:24 176128 ----a-w- c:\windows\system32\atiesrxx.exe

2011-01-26 22:54:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2011-01-26 22:53:54 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2011-01-26 22:53:42 278528 ----a-w- c:\windows\system32\Oemdspif.dll

2011-01-26 22:53:34 15872 ----a-w- c:\windows\system32\atimuixx.dll

2011-01-26 22:53:26 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-01-26 22:49:44 4105728 ----a-w- c:\windows\system32\atidxx32.dll

2011-01-26 22:32:12 1912832 ----a-w- c:\windows\system32\atiumdmv.dll

2011-01-26 22:28:52 4170752 ----a-w- c:\windows\system32\atiumdag.dll

2011-01-26 22:27:50 46080 ----a-w- c:\windows\system32\aticalrt.dll

2011-01-26 22:27:40 44032 ----a-w- c:\windows\system32\aticalcl.dll

2011-01-26 22:25:50 5580800 ----a-w- c:\windows\system32\aticaldd.dll

2011-01-26 22:24:18 3463680 ----a-w- c:\windows\system32\atiumdva.dll

2011-01-26 22:20:44 52736 ----a-w- c:\windows\system32\coinst.dll

2011-01-26 22:14:06 249856 ----a-w- c:\windows\system32\atiadlxx.dll

2011-01-26 22:13:52 12800 ----a-w- c:\windows\system32\atiglpxx.dll

2011-01-26 22:13:42 32768 ----a-w- c:\windows\system32\atigktxx.dll

2011-01-26 22:12:40 30720 ----a-w- c:\windows\system32\atiuxpag.dll

2011-01-26 22:12:24 28672 ----a-w- c:\windows\system32\atiu9pag.dll

2011-01-26 22:08:40 52736 ----a-w- c:\windows\system32\atimpc32.dll

2011-01-26 22:08:40 52736 ----a-w- c:\windows\system32\amdpcom32.dll

2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-05 13:56:12 11484 ----a-w- c:\windows\system32\ealregsnapshot1.reg

2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 22:05:34,56 =========

ето и атач файла

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 12.10.2010 г. 21:09:50

System Uptime: 21.3.2011 г. 21:31:17 (1 hours ago)

Motherboard: ASRock | | 890GX Extreme3

Processor: AMD Athlon II X4 640 Processor | CPUSocket | 3006/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 58 GiB total, 3,983 GiB free.

D: is FIXED (NTFS) - 239 GiB total, 6,381 GiB free.

E: is CDROM ()

F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:

Description: Universal Serial Bus (USB) Controller

Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_01941849&REV_03\4&2E90359D&0&0048

Manufacturer:

Name: Universal Serial Bus (USB) Controller

PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_01941849&REV_03\4&2E90359D&0&0048

Service:

==== System Restore Points ===================

RP555: 21.3.2011 г. 15:44:39 - Made by Registry Mechanic

RP557: 21.3.2011 г. 15:46:41 - Made by Registry Mechanic

RP558: 21.3.2011 г. 18:05:03 - virus

RP559: 21.3.2011 г. 19:10:00 - Windows Update

RP560: 21.3.2011 г. 20:16:27 - Installed ESET NOD32 Antivirus

RP562: 21.3.2011 г. 20:58:21 - Before uninstalling Conduit Engine

RP564: 21.3.2011 г. 21:00:44 - Before uninstalling DAEMON Tools Toolbar

RP566: 21.3.2011 г. 21:02:35 - Before uninstalling Vuze Remote Toolbar

RP568: 21.3.2011 г. 21:03:37 - Before uninstalling Winamp Toolbar

==== Installed Programs ======================

µTorrent

3dsmax ancillary install

7-Zip 4.65

Adobe After Effects CS4

Adobe After Effects CS4 Presets

Adobe After Effects CS4 Template Projects & Footage

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color Video Profiles AE CS4

Adobe Community Help

Adobe CS4 American English Speech Analysis Models

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Dynamiclink Support

Adobe Encore CS4

Adobe Encore CS4 Codecs

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Additional Exporter

Adobe Media Encoder CS4 Dolby

Adobe Media Encoder CS4 Exporter

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe MotionPicture Color Files CS4

Adobe OnLocation CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS5

Adobe Premiere Pro CS4

Adobe Premiere Pro CS4 Functional Content

Adobe Premiere Pro CS4 Third Party Content

Adobe Reader 9.4.2

Adobe Setup

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe XMP Panels CS4

AMD Drag and Drop Transcoding

AMD Fuel

Apple Application Support

Apple Software Update

Application Profiles

ArchiCAD 13 INT

ASRock IES v2.0.83

ASRock InstantBoot v1.24

ASRock OC DNA v1.6

Assassin's Creed Brotherhood

ATI AVIVO Codecs

ATI Catalyst Install Manager

ATI Catalyst Registration

ATI Stream SDK v2 Developer

Autodesk 3ds Max 9 32-bit

Autodesk DWF Viewer 7

Backburner

Battlefield: Bad Company™ 2

BattlEye Uninstall

BitComet 1.25

BS.Player PRO

Bulletstorm

Call of Duty Modern Warfare 2

Call of Duty® 4 - Modern Warfare

Call of Duty® 4 - Modern Warfare 1.1 Patch

Call of Duty® 4 - Modern Warfare 1.2 Patch

Call of Duty® 4 - Modern Warfare 1.3 Patch

Call of Duty® 4 - Modern Warfare 1.4 Patch

Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch

Call of Duty® 4 - Modern Warfare 1.5 Patch

Call of Duty® 4 - Modern Warfare 1.6 Patch

Call of Duty® 4 - Modern Warfare 1.7 Patch

Call of Duty: Black Ops

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

ccc-core-static

ccc-utility

CCC Help English

CINEMA 4D 12.028

Colin McRae - DiRT 2

Dead Space™

Dead Space™ 2

Dual-Core Optimizer

EA Download Manager

EAX4 Unified Redist

ESET NOD32 Antivirus

EVEREST Ultimate Edition v5.50

FBX Plugin 2006.08 for Max 9.0

Firebird SQL Server - MAGIX Edition

Futuremark SystemInfo

Garena

Garena 2010

Google Земя

Google Chrome

Google Update Helper

Grand Theft Auto: Episodes From Liberty City

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)

HydraVision

Impulse

Inhatch web plugins

Java 6 Update 22

Mafia II DLC Joe's Adventures

MAGIX Music Maker 16 Premium Download Version

MAGIX Screenshare

MAGIX Speed burnR

Malwarebytes' Anti-Malware

Medal of Honor

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729

Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729

Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729

Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual Studio Tools for Applications 2.0 - ENU

Microsoft Visual Studio Tools for Applications 2.0 Runtime

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox (3.6.15)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Need for Speed Hot Pursuit

Nero 8 Lite

NVIDIA PhysX

Octoshape add-in for Adobe Flash Player

OpenAL

Opera 10.63

oZone3D.Net FurMark v1.8.2

PDF Settings CS5

Photoshop Camera Raw

Pixel Bender Toolkit

Platform

Pro Evolution Soccer 2011

PunkBuster Services

QuickTime

Realtek Ethernet Controller Driver For Windows 7

Reason 5.0

Registry Mechanic 9.0

SiSoftware Sandra Lite 2011

Skype™ 5.1

SpeedFan (remove only)

StarCraft II

StokedBigAir

Suite Shared Configuration CS4

SVD 1.4.6

System Requirements Lab CYRI

Test Drive Unlimited 2

Text-To-Speech-Runtime

The KMPlayer (remove only)

The Lord of the Rings FREE Trial

Tom Clancy's Rainbow Six Vegas 2

Tom Clancy's Splinter Cell Conviction

Tom Clancy's Splinter Cell Double Agent

Total CMA Pack 0.43 (public)

Trust GXT14 Mouse

Tunngle beta

Ubisoft Game Launcher

VIA п»ї

Virtual DJ Pro Full - Atomix Productions

Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177

Vuze

Wanted: Weapons of Fate

Winamp

Winamp Detector Plug-in

Windows Media Player Firefox Plugin

WinRAR archiver

WMV9/VC-1 Video Playback

Your Uninstaller! 2010

==== Event Viewer Messages From Past Week ========

21.3.2011 г. 21:32:10, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

21.3.2011 г. 21:21:48, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

21.3.2011 г. 21:07:34, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

21.3.2011 г. 20:16:56, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

21.3.2011 г. 19:17:28, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

21.3.2011 г. 19:12:22, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

21.3.2011 г. 19:12:22, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

21.3.2011 г. 19:06:26, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004

21.3.2011 г. 18:17:29, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

19.3.2011 г. 13:48:59, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

19.3.2011 г. 12:28:51, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

19.3.2011 г. 12:28:50, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

19.3.2011 г. 02:03:19, Error: volsnap [35] - The shadow copies of volume D: were aborted because the shadow copy storage failed to grow.

17.3.2011 г. 14:31:47, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

17.3.2011 г. 13:55:57, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

16.3.2011 г. 17:42:50, Error: volsnap [35] - The shadow copies of volume D: were aborted because the shadow copy storage failed to grow.

16.3.2011 г. 13:41:03, Error: volsnap [36] - The shadow copies of volume D: were aborted because the shadow copy storage could not grow due to a user imposed limit.

16.3.2011 г. 11:04:30, Error: volsnap [35] - The shadow copies of volume D: were aborted because the shadow copy storage failed to grow.

16.3.2011 г. 10:39:21, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

16.3.2011 г. 08:54:08, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

16.3.2011 г. 08:54:08, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

15.3.2011 г. 19:51:20, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

15.3.2011 г. 14:20:13, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

15.3.2011 г. 07:02:46, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

15.3.2011 г. 07:02:46, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

14.3.2011 г. 15:49:52, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

14.3.2011 г. 15:23:01, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

14.3.2011 г. 05:02:06, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

14.3.2011 г. 04:43:53, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

14.3.2011 г. 02:34:01, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

14.3.2011 г. 00:16:55, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

==== End Of File ===========================

Извинявам се пак ако съм ви изгубил времето с моя проблем и благодаря че се отзовахте

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ами не, всъщност не сте ми го изгубили, за щастие. Проблемът все още е наличен, това че няма признаци нищо не означава. Бързи два примера:

2011-03-21 19:08:26 328872 ----a-w- c:\users\user\pouvok.exe

2011-03-21 06:21:50 135168 --sha-r- c:\users\user\appdata\roaming\C_201051.dll

Моля, следвайте инструкциите ми за ComboFix.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

това се канех да попитам в system configuration / start up имам също някой подобни файлове приличат на тези който ми правеше това fac.exe подобни също на този pouvok.exe но аз ги изключвах от start up и сега са там но не са отметнати несе зареждат но са там някакви идеи ? този pouvok.exe до преди неми даваше да го трия но сега успях да го премахна а за този C_201051.dll какво да направя да го махна лиа също ако може да ме посъветвате за тези в system configuration / start up който бяха от вируса ? А извинете пак избързах не видях съвета по доло за ComboFix ще направя казаното от вас и ще пиша допълнително

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Правете само това, което ви казвам и нищо, което ви идва на ум, не случайно ви давам инструкции, а не сам да се досещате.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Само да попитам нормално ли е след завършването на ComboFix дане мога да отворя никое ехе защото ми изписва че е маркирано за изтриване от регистъра и трябваше да рестартирам зжа да се оправи между другото преименувах го стартирах го и започна да действа без да свалям нищо допълнително и свърши за около 8мин нормално ли е дали съм направил всичко както трябва или съм збъркал ето го лога и преценете вие ComboFix 11-03-21.01 - user 03.2011 г. 22:33:05.1.4 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2047.1279 [GMT 2:00] Running from: c:\users\user\Desktop\Tool.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\user\AppData\Roaming\C_201051.dll c:\windows\XSxS . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_RKHIT -------\Service_RkHit . . ((((((((((((((((((((((((( Files Created from 2011-02-21 to 2011-03-21 ))))))))))))))))))))))))))))))) . . 2011-03-21 20:37 . 2011-03-21 20:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-03-21 20:37 . 2011-03-21 20:37 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-03-21 18:33 . 2011-03-21 18:33 -------- d-----w- c:\users\user\AppData\Local\ESET 2011-03-21 18:16 . 2011-03-21 18:16 -------- d-----w- c:\program files\ESET 2011-03-21 17:10 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F31C296-E7B3-4801-929D-6DBA08D8B44B}\mpengine.dll 2011-03-20 15:32 . 2011-03-20 16:10 -------- d-----w- c:\users\user\AppData\Roaming\goalbit 2011-03-20 15:31 . 2011-03-20 15:31 -------- d-----w- c:\program files\InhatchTeam 2011-03-20 12:19 . 2011-03-20 12:19 -------- d-----w- c:\users\user\AppData\Roaming\StokedBigAir 2011-03-19 13:09 . 2011-03-19 13:09 -------- d-----w- c:\users\user\AppData\Local\ALI213 2011-03-16 19:23 . 2011-03-16 19:23 -------- d-----w- c:\users\user\AppData\Local\3DMGAME 2011-03-16 13:04 . 2011-03-16 13:04 -------- d-----w- c:\users\user\AppData\Roaming\PunkBuster 2011-03-13 16:30 . 2011-03-13 16:30 -------- d-----w- c:\users\user\AppData\Local\wanted 2011-03-13 16:30 . 2011-03-13 16:30 -------- d-----w- c:\programdata\wanted 2011-03-12 00:18 . 2011-03-12 00:18 -------- d-----w- c:\program files\StarCraft II 2011-03-11 21:05 . 2011-03-11 21:05 -------- d-----w- c:\program files\Uniblue 2011-03-08 09:04 . 2011-03-08 09:04 -------- d-----w- c:\users\user\AppData\Local\SKIDROW 2011-03-04 16:17 . 2011-03-04 16:17 -------- d-----w- c:\users\user\AppData\Local\AMD 2011-03-04 16:17 . 2011-03-04 16:17 -------- d-----w- c:\programdata\ATI 2011-03-04 16:17 . 2011-03-04 16:17 -------- d-----w- c:\program files\ATI Stream 2011-03-04 16:16 . 2011-03-04 16:16 -------- d-----w- c:\programdata\AMD 2011-03-04 16:16 . 2010-02-18 07:18 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys 2011-03-03 19:30 . 2011-03-03 19:30 -------- d-----w- c:\program files\Spider Video Downloader 2011-03-02 23:16 . 2011-03-02 23:16 -------- d-----w- c:\programdata\EA Core 2011-02-28 00:16 . 2011-03-16 13:04 189248 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-02-27 01:11 . 2011-02-27 01:11 -------- d-----w- c:\users\user\AppData\Local\PunkBuster . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-16 13:04 . 2010-10-25 17:45 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-02-28 00:16 . 2010-10-25 17:46 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-02-26 22:55 . 2010-10-25 17:46 22328 ----a-w- c:\users\user\AppData\Roaming\PnkBstrK.sys 2011-02-17 18:00 . 2011-02-17 18:00 406528 ----a-w- c:\windows\system32\ReWire.dll 2011-02-17 18:00 . 2011-02-17 18:00 338432 ----a-w- c:\windows\system32\REX Shared Library.dll 2011-02-02 16:11 . 2009-10-14 09:58 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-26 23:36 . 2011-01-26 23:36 7566848 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2011-01-26 23:00 . 2011-01-26 23:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe 2011-01-26 23:00 . 2010-10-12 20:29 596480 ----a-w- c:\windows\system32\aticfx32.dll 2011-01-26 22:59 . 2011-01-26 22:59 17204736 ----a-w- c:\windows\system32\atioglxx.dll 2011-01-26 22:56 . 2011-01-26 22:56 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-01-26 22:55 . 2011-01-26 22:55 393216 ----a-w- c:\windows\system32\atieclxx.exe 2011-01-26 22:55 . 2011-01-26 22:55 176128 ----a-w- c:\windows\system32\atiesrxx.exe 2011-01-26 22:54 . 2011-01-26 22:54 159744 ----a-w- c:\windows\system32\atitmmxx.dll 2011-01-26 22:53 . 2011-01-26 22:53 356352 ----a-w- c:\windows\system32\atipdlxx.dll 2011-01-26 22:53 . 2011-01-26 22:53 278528 ----a-w- c:\windows\system32\Oemdspif.dll 2011-01-26 22:53 . 2011-01-26 22:53 15872 ----a-w- c:\windows\system32\atimuixx.dll 2011-01-26 22:53 . 2011-01-26 22:53 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2011-01-26 22:49 . 2010-10-12 20:29 4105728 ----a-w- c:\windows\system32\atidxx32.dll 2011-01-26 22:32 . 2011-01-26 22:32 1912832 ----a-w- c:\windows\system32\atiumdmv.dll 2011-01-26 22:28 . 2010-05-05 01:41 4170752 ----a-w- c:\windows\system32\atiumdag.dll 2011-01-26 22:27 . 2011-01-26 22:27 46080 ----a-w- c:\windows\system32\aticalrt.dll 2011-01-26 22:27 . 2011-01-26 22:27 44032 ----a-w- c:\windows\system32\aticalcl.dll 2011-01-26 22:25 . 2011-01-26 22:25 5580800 ----a-w- c:\windows\system32\aticaldd.dll 2011-01-26 22:24 . 2010-05-05 01:19 3463680 ----a-w- c:\windows\system32\atiumdva.dll 2011-01-26 22:20 . 2010-10-12 20:29 52736 ----a-w- c:\windows\system32\coinst.dll 2011-01-26 22:14 . 2011-01-26 22:14 249856 ----a-w- c:\windows\system32\atiadlxx.dll 2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\system32\atiglpxx.dll 2011-01-26 22:13 . 2011-01-26 22:13 32768 ----a-w- c:\windows\system32\atigktxx.dll 2011-01-26 22:13 . 2011-01-26 22:13 238592 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2011-01-26 22:12 . 2010-10-12 20:29 30720 ----a-w- c:\windows\system32\atiuxpag.dll 2011-01-26 22:12 . 2010-05-05 01:22 28672 ----a-w- c:\windows\system32\atiu9pag.dll 2011-01-26 22:11 . 2011-01-26 22:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\system32\atimpc32.dll 2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\system32\amdpcom32.dll 2011-01-07 07:27 . 2011-02-14 18:37 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 05:33 . 2011-02-14 18:37 294400 ----a-w- c:\windows\system32\atmfd.dll 2011-01-05 13:56 . 2010-12-14 23:56 11484 ----a-w- c:\windows\system32\ealregsnapshot1.reg 2011-01-05 05:37 . 2011-02-14 18:38 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 03:37 . 2011-02-14 18:38 2329088 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2010-04-08 292824] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "BitComet"="c:\program files\BitComet\BitComet.exe" [2010-12-08 10811696] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-17 1780736] "trustGTX14"="c:\program files\Trust\GXT14 Mouse\POINTERGHOST.exe" [2009-06-05 4833792] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-04-08 104408] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 gupdate;Услуга Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-15 136176] R3 ALSysIO;ALSysIO;c:\users\user\AppData\Local\Temp\ALSysIO.sys [x] R3 AsrOcDrv;AsrOcDrv;c:\windows\system32\Drivers\AsrOcDrv.sys [x] R3 cpuz130;cpuz130;c:\users\user\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x] R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [2009-08-17 93848] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-06 691696] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 284672] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376] S2 KmGameMouseServiceV1;Game Mouse Communication And Update Service V1;c:\program files\Trust\GXT14 Mouse\GameMouseServiceApp.exe [2009-05-18 354816] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-08 632792] S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-11-22 718072] S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392] S3 KMWDFILTERV1;HIDUASServiceDesc;c:\windows\system32\DRIVERS\RPGMOUSEV1.sys [2009-06-10 18432] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1127936] . . Contents of the 'Scheduled Tasks' folder . 2011-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-15 15:59] . 2011-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-15 15:59] . . ------- Supplementary Scan ------- . IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {79830D73-0B02-4050-A347-4655A4D61D2A} = 78.90.248.8 78.90.248.1 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF - Ext: Amplify: {8f5ce3f8-1735-4680-b15e-108f2f50e8ba} - %profile%\extensions\{8f5ce3f8-1735-4680-b15e-108f2f50e8ba} FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} FF - Ext: digitalchocolate Toolbar: {60c4696a-e4eb-4d2d-9060-38928dd0b6a2} - %profile%\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2} FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) HKCU-Run-ASRockIES - (no file) HKCU-Run-zASRockInstantBoot - (no file) MSConfigStartUp-duroc - c:\users\user\duroc.exe MSConfigStartUp-ftkood - c:\users\user\ftkood.exe MSConfigStartUp-pecep - c:\users\user\pecep.exe MSConfigStartUp-ruiewan - c:\users\user\ruiewan.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3665731932-2979998410-65975730-1000\Software\SecuROM\License information*] "datasecu"=hex:b0,da,5d,73,e0,a3,b5,22,fa,74,63,61,58,b3,d5,f2,57,2a,24,f8,e3, 79,b1,b7,ef,c1,3f,d4,7c,84,dd,c6,ab,63,1e,9c,54,02,42,1a,ef,bb,f9,46,d2,79,\ "rkeysecu"=hex:a3,6f,90,51,92,75,48,06,18,32,66,f0,cf,e6,f7,74 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\windows\system32\crypserv.exe c:\windows\system32\taskhost.exe c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\sppsvc.exe c:\windows\system32\conhost.exe . ************************************************************************** . Completion time: 2011-03-21 22:42:04 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-21 20:42 . Pre-Run: 4 411 056 128 bytes free Post-Run: 4 192 075 776 bytes free . - - End Of File - - C8954AF07E2D30E34DADE457897EE252 тези който бяха от вируса в старт ъпа са премахнати сега SConfigStartUp-duroc - c:\users\user\duroc.exe MSConfigStartUp-ftkood - c:\users\user\ftkood.exe MSConfigStartUp-pecep - c:\users\user\pecep.exe MSConfigStartUp-ruiewan - c:\users\user\ruiewan.exe

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не, по принцип това не би трябвало да се случва. Изчакахте ли до пълното завършване на работата на ComboFix? Движихте ли мишката или вършихте ли нещо по време на работата на ComboFix?

Има още няколко остатъци за които е необходимо да се погрижим, затова моля:

Отворете Notepad и чрез комбинацията copy/paste поставете следния текст:

Folder::
c:\program files\Uniblue 

FireFox::
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= 
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= 
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com 
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} 
FF - Ext: digitalchocolate Toolbar: {60c4696a-e4eb-4d2d-9060-38928dd0b6a2} - %profile%\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2} 

Запазете файла с името CFScript.txt и го поставете върху ComboFix.

Публикувано изображение

След като, програмата приключи ще Ви изведе лог файла. Отново чрез комбинацията от Copy/Paste поставете информацията тук.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

не не съм правил нищо дори и мишката не съм мръднал и изчаках да приключи напълно сега ще направя това с текстовия сега малко по различно беше преди рестартира сам а сега не рестартира и нямаше проблем с отварянето на ехе но пак мина по бързо от очакваното за около 6мин дано този път е минало нормално ето лог: ComboFix 11-03-21.01 - user 03.2011 г. 23:08:44.2.4 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2047.1441 [GMT 2:00] Running from: d:\downloads\ComboFix.exe Command switches used :: D:\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Uniblue c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome.manifest c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome\winamptoolbar.jar c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\IWinampPlayer.xpt c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\IWinampUninstallObserver.xpt c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampUninstallObserver.js c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\install.rdf c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF\MANIFEST.MF c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF\ZIGBERT.RSA c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF\ZIGBERT.SF c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2} c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\chrome.manifest c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\chrome\digitalchocolate.jar c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\ConduitAutoCompleteSearch.js c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\ConduitAutoCompleteSearch.xpt c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\ConduitToolbar.idl c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\ConduitToolbar.js c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\ConduitToolbar.xpt c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\FFExternalAlert.dll c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\FFExternalAlert.xpt c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\RadioWMPCore.dll c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\components\RadioWMPCore.xpt c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\defaults\default_radio_skin.xml c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\defaults\fbAlert.js c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\install.rdf c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\lib\xpcom.js c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\META-INF\manifest.mf c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\META-INF\zigbert.rsa c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\META-INF\zigbert.sf c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\searchplugin\conduit.gif c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\searchplugin\conduit.ico c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\searchplugin\conduit.PNG c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\searchplugin\conduit.src c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\searchplugin\conduit.xml c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}\version.txt c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\chrome.manifest c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\chrome\conduitengine.jar c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\components\ConduitToolbar.idl c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\components\ConduitToolbar.js c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\components\RadioWMPCore.dll c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\defaults\appContextMenu.xml c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\defaults\engineSettings.json c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\defaults\fbAlert.js c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\DualPackage\install.rdf c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\install.rdf c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\lib\xpcom.js c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\META-INF\manifest.mf c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\META-INF\zigbert.rsa c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\META-INF\zigbert.sf c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\searchplugin\conduit.gif c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\searchplugin\conduit.ico c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\searchplugin\conduit.PNG c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\searchplugin\conduit.src c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\searchplugin\conduit.xml c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\extensions\engine@conduit.com\version.txt . . ((((((((((((((((((((((((( Files Created from 2011-02-21 to 2011-03-21 ))))))))))))))))))))))))))))))) . . 2011-03-21 21:12 . 2011-03-21 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-03-21 21:12 . 2011-03-21 21:12 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-03-21 18:33 . 2011-03-21 18:33 -------- d-----w- c:\users\user\AppData\Local\ESET 2011-03-21 18:16 . 2011-03-21 18:16 -------- d-----w- c:\program files\ESET 2011-03-21 17:10 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F31C296-E7B3-4801-929D-6DBA08D8B44B}\mpengine.dll 2011-03-20 15:32 . 2011-03-20 16:10 -------- d-----w- c:\users\user\AppData\Roaming\goalbit 2011-03-20 15:31 . 2011-03-20 15:31 -------- d-----w- c:\program files\InhatchTeam 2011-03-20 12:19 . 2011-03-20 12:19 -------- d-----w- c:\users\user\AppData\Roaming\StokedBigAir 2011-03-19 13:09 . 2011-03-19 13:09 -------- d-----w- c:\users\user\AppData\Local\ALI213 2011-03-16 19:23 . 2011-03-16 19:23 -------- d-----w- c:\users\user\AppData\Local\3DMGAME 2011-02-27 01:11 . 2011-02-27 01:11 -------- d-----w- c:\users\user\AppData\Local\PunkBuster . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-16 13:04 . 2010-10-25 17:45 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-02-28 00:16 . 2010-10-25 17:46 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-02-26 22:55 . 2010-10-25 17:46 22328 ----a-w- c:\users\user\AppData\Roaming\PnkBstrK.sys 2011-02-17 18:00 . 2011-02-17 18:00 406528 ----a-w- c:\windows\system32\ReWire.dll 2011-02-17 18:00 . 2011-02-17 18:00 338432 ----a-w- c:\windows\system32\REX Shared Library.dll 2011-02-02 16:11 . 2009-10-14 09:58 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-26 23:36 . 2011-01-26 23:36 7566848 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2011-01-26 23:00 . 2011-01-26 23:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe 2011-01-26 23:00 . 2010-10-12 20:29 596480 ----a-w- c:\windows\system32\aticfx32.dll 2011-01-26 22:59 . 2011-01-26 22:59 17204736 ----a-w- c:\windows\system32\atioglxx.dll 2011-01-26 22:56 . 2011-01-26 22:56 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-01-26 22:55 . 2011-01-26 22:55 393216 ----a-w- c:\windows\system32\atieclxx.exe 2011-01-26 22:55 . 2011-01-26 22:55 176128 ----a-w- c:\windows\system32\atiesrxx.exe 2011-01-26 22:54 . 2011-01-26 22:54 159744 ----a-w- c:\windows\system32\atitmmxx.dll 2011-01-26 22:53 . 2011-01-26 22:53 356352 ----a-w- c:\windows\system32\atipdlxx.dll 2011-01-26 22:53 . 2011-01-26 22:53 278528 ----a-w- c:\windows\system32\Oemdspif.dll 2011-01-26 22:53 . 2011-01-26 22:53 15872 ----a-w- c:\windows\system32\atimuixx.dll 2011-01-26 22:53 . 2011-01-26 22:53 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2011-01-26 22:49 . 2010-10-12 20:29 4105728 ----a-w- c:\windows\system32\atidxx32.dll 2011-01-26 22:32 . 2011-01-26 22:32 1912832 ----a-w- c:\windows\system32\atiumdmv.dll 2011-01-26 22:28 . 2010-05-05 01:41 4170752 ----a-w- c:\windows\system32\atiumdag.dll 2011-01-26 22:27 . 2011-01-26 22:27 46080 ----a-w- c:\windows\system32\aticalrt.dll 2011-01-26 22:27 . 2011-01-26 22:27 44032 ----a-w- c:\windows\system32\aticalcl.dll 2011-01-26 22:25 . 2011-01-26 22:25 5580800 ----a-w- c:\windows\system32\aticaldd.dll 2011-01-26 22:24 . 2010-05-05 01:19 3463680 ----a-w- c:\windows\system32\atiumdva.dll 2011-01-26 22:20 . 2010-10-12 20:29 52736 ----a-w- c:\windows\system32\coinst.dll 2011-01-26 22:14 . 2011-01-26 22:14 249856 ----a-w- c:\windows\system32\atiadlxx.dll 2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\system32\atiglpxx.dll 2011-01-26 22:13 . 2011-01-26 22:13 32768 ----a-w- c:\windows\system32\atigktxx.dll 2011-01-26 22:13 . 2011-01-26 22:13 238592 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2011-01-26 22:12 . 2010-10-12 20:29 30720 ----a-w- c:\windows\system32\atiuxpag.dll 2011-01-26 22:12 . 2010-05-05 01:22 28672 ----a-w- c:\windows\system32\atiu9pag.dll 2011-01-26 22:11 . 2011-01-26 22:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\system32\atimpc32.dll 2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\system32\amdpcom32.dll 2011-01-07 07:27 . 2011-02-14 18:37 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 05:33 . 2011-02-14 18:37 294400 ----a-w- c:\windows\system32\atmfd.dll 2011-01-05 13:56 . 2010-12-14 23:56 11484 ----a-w- c:\windows\system32\ealregsnapshot1.reg 2011-01-05 05:37 . 2011-02-14 18:38 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 03:37 . 2011-02-14 18:38 2329088 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-03-21_20.39.02 ))))))))))))))))))))))))))))))))))))))))) . - 2009-12-09 06:18 . 2011-03-21 20:15 43662 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-12-09 06:18 . 2011-03-21 20:47 43662 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 04:55 . 2011-03-21 20:15 41010 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2011-03-21 20:47 41010 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-10-12 18:21 . 2011-03-21 20:47 11406 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3665731932-2979998410-65975730-1000_UserData.bin + 2010-10-12 18:10 . 2011-03-21 20:46 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-10-12 18:10 . 2011-03-21 20:14 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-10-12 18:10 . 2011-03-21 20:46 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-10-12 18:10 . 2011-03-21 20:14 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:41 . 2011-03-21 20:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:41 . 2011-03-21 20:46 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-10-12 19:10 . 2011-03-21 20:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-10-12 19:10 . 2011-03-21 20:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-10-12 19:10 . 2011-03-21 20:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-10-12 19:10 . 2011-03-21 20:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-03-21 20:45 . 2011-03-21 20:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-03-21 20:45 . 2011-03-21 20:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-03-21 20:13 . 2011-03-21 20:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2010-04-08 292824] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "BitComet"="c:\program files\BitComet\BitComet.exe" [2010-12-08 10811696] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-17 1780736] "trustGTX14"="c:\program files\Trust\GXT14 Mouse\POINTERGHOST.exe" [2009-06-05 4833792] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-04-08 104408] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 gupdate;Услуга Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-15 136176] R3 ALSysIO;ALSysIO;c:\users\user\AppData\Local\Temp\ALSysIO.sys [x] R3 AsrOcDrv;AsrOcDrv;c:\windows\system32\Drivers\AsrOcDrv.sys [x] R3 cpuz130;cpuz130;c:\users\user\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x] R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [2009-08-17 93848] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-06 691696] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 284672] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376] S2 KmGameMouseServiceV1;Game Mouse Communication And Update Service V1;c:\program files\Trust\GXT14 Mouse\GameMouseServiceApp.exe [2009-05-18 354816] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-08 632792] S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-11-22 718072] S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392] S3 KMWDFILTERV1;HIDUASServiceDesc;c:\windows\system32\DRIVERS\RPGMOUSEV1.sys [2009-06-10 18432] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1127936] . . Contents of the 'Scheduled Tasks' folder . 2011-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-15 15:59] . 2011-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-15 15:59] . . ------- Supplementary Scan ------- . IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {79830D73-0B02-4050-A347-4655A4D61D2A} = 78.90.248.7 78.90.248.1 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6zdoudlu.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF - Ext: Amplify: {8f5ce3f8-1735-4680-b15e-108f2f50e8ba} - %profile%\extensions\{8f5ce3f8-1735-4680-b15e-108f2f50e8ba} FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3665731932-2979998410-65975730-1000\Software\SecuROM\License information*] "datasecu"=hex:b0,da,5d,73,e0,a3,b5,22,fa,74,63,61,58,b3,d5,f2,57,2a,24,f8,e3, 79,b1,b7,ef,c1,3f,d4,7c,84,dd,c6,ab,63,1e,9c,54,02,42,1a,ef,bb,f9,46,d2,79,\ "rkeysecu"=hex:a3,6f,90,51,92,75,48,06,18,32,66,f0,cf,e6,f7,74 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-03-21 23:14:22 ComboFix-quarantined-files.txt 2011-03-21 21:14 ComboFix2.txt 2011-03-21 20:42 . Pre-Run: 4 331 323 392 bytes free Post-Run: 4 140 621 824 bytes free . - - End Of File - - DAD6530E2973078573A343CF12A65CF8 надявам се сега да са се изчистили вирусите

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Съвсем нормално искам да попитам създадени са тези папки c:\tool c:\Recovery тези са празни C:\Qoobox а в тази има файлове от ComboFix карантината мога ли да ги премахна ???

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

В началото ви бях споменал да работим по експедитивно и по-конкретно. Попитах как се държи системата сега, тези неща се премахват след като приключи целия процес по почистването на системата от зловреден софтуер.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

явно не съм се изразил правилно в предния пост имах предвид че системата ми се държи "съвсем нормално" :P не че "съвсем нормално искам да попитам" за сега всичко е нормално няма излишно натоварване на памета и процесора няма нещо което е в процес и да него знам какво е няма бъгове наистина всичко е в рамките на нормалното за което съм благодарен на вас че отделихте време за да решим проблема ми

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Супер! Съжалявам, но бързам да си лягам, че ще ставам след 6 часа, защото съм на даскало. Ето няколко стъпки, с които ще оправим това, което ви притеснява:

Стъпка 1:

Деинсталирайте ComboFix и всички резервни копия на файлове, които той премахва:

* Кликнете върху бутона Start и изберете Run

* Въведете ComboFix /uninstall в полето и изберете OK

Бележка: Забележете, че има разстояние между ComboFix и /u, което задължително трябва да има.

Тази процедура ще извърши следните действия:

  • Ше изтрие ComboFix и всички свързани с нея файлове и папки.
  • Ше изтрие бакъпа на VundoFix (ако съществува).
  • Ще изтрие папката Deckard (ако съществува).
  • Папката _OtMoveIt (ако съществува).

  • Нулира настройките на часовника.
  • Скрива файлови разширения, ако е необходимо.
  • Скрива системни файлове, ако е необходимо.
  • Нулира System Restore.

Стъпка 2:

Моля, ръчно изтрийте DDS.

Стъпка 3:

Няколко превантивни мерки срещу повторно инфектиране:

http://www.cybercrime.bg/bg/internet/aee5c2/

Приятно сърфиране! :nono:

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход


×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.