Премини към съдържанието
prawler

Забавяне на системата [РЕШЕН]

    Препоръчан отговор


    Здравейте, накратко нямам явни доказателства за наличието на гадинки, но системата ми се струва доста по-бавна от едно известно време и таск мениджъра е странен, не се отваря целия, а е тъй да се каже орязан - менютата му не се виждат горе и долу, прилагам скрийн шот. . DDS (Ver_11-03-05.01) - NTFSx86 Run by User at 22:56:56,81 on 23.03.2011 г. Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1251.381.1033.18.1014.269 [GMT 2:00] . AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} AV: Emsisoft Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255} . ============== Running Processes =============== . C:\Program Files\Emsisoft Anti-Malware\a2service.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\ICQ6Toolbar\ICQ Service.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe C:\Program Files\Gigabyte\Gigabyte Super Wireless LAN Card\Installer\Winxp\GNConfig.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Rynga.com\Rynga\Rynga.exe C:\Program Files\Panasonic\HD Writer AE 1\HDWriterAutoStart.exe C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\PRMT8\PrmtSvr.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\ABBYY PDF Transformer 2.0\PDF X-Change\pdfSaver\pdfSaver3a.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Maxthon2\Maxthon.exe C:\Documents and Settings\User\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.icq.com/ uInternet Settings,ProxyServer = 150.165.181.64:8000 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll uURLSearchHooks: H - No File mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll mURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: PandoraTV Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: PROMT: {892e81f6-ec63-4d13-8422-835a7a05d6eb} - c:\program files\prmt8\prmtie\prmtie.dll TB: Copernic Desktop Search: {c5f7a735-70f1-477f-8c36-6ff3c736017b} - c:\program files\copernic desktop search\CopernicDesktopSearchIntegration977.dll TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll TB: PandoraTV Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll EB: Перевод текста: {0b36d47c-7613-4b8d-89da-809f66de9b31} - c:\program files\prmt8\prmtie\prmtie.dll EB: Online-словари: {ce1b52db-f55e-4135-b22b-6529ef90ea52} - c:\program files\prmt8\prmtie\prmtie.dll EB: Незнакомые слова: {eb8f177f-ead2-44f8-bb4e-0e967f90be21} - c:\program files\prmt8\prmtie\prmtie.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Rynga] "c:\program files\rynga.com\rynga\Rynga.exe" -nosplash -minimized uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [btTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe" mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [GNConfig] "c:\program files\gigabyte\gigabyte super wireless lan card\installer\winxp\GNConfig.exe" -nogui mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [a-squared] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60 mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hdwrit~1.lnk - c:\program files\panasonic\hd writer ae 1\HDWriterAutoStart.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Online-словари - c:\program files\prmt8\prmtie\oda.htm IE: Автоматически определить шаблон тематики - c:\program files\prmt8\prmtie\aot.htm IE: Настроить параметры перевода - c:\program files\prmt8\prmtie\options.htm IE: Незнакомые слова - c:\program files\prmt8\prmtie\infopanel.htm IE: Открыть словарную статью - c:\program files\prmt8\prmtie\addentry.htm IE: Перевести - c:\program files\prmt8\prmtie\translat.htm IE: Перевести страницу - c:\program files\prmt8\prmtie\page.htm IE: Поиск в Интернете - c:\program files\prmt8\prmtie\search.htm IE: {4034D172-4C52-49de-A6A1-E75F8F591FEC} - c:\program files\prmt8\prmtie\options.htm IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} - c:\program files\prmt8\prmtie\prmtie5.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx DPF: {215b8138-a3cf-44c5-803f-8226143cfc0a} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/67.17/uploader2.cab DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} - hxxp://84.54.191.233/push03.cab DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239045705046 DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {6531d99c-0d0e-4293-b3cb-a3e1d0d41847} - hxxp://aspglobal.ahnlab.com/asp/cab/AhnASP.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8A96EAE5-D262-4226-A517-304C88B53F1F} - hxxp://84.54.191.233/access01.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {B7E80E27-0EDC-453B-A294-6CDDE7E4031D} - hxxp://84.54.191.233/audio01.cab DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/emsisoft_webscan.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\v7fymua8.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q= FF - prefs.js: network.proxy.http - 150.165.181.64 FF - prefs.js: network.proxy.http_port - 8000 FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\opera\program\plugins\np_gp.dll FF - plugin: c:\program files\sony\media go\npmediago.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} FF - Ext: Flash Video Downloader (Youtube Downloader): artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com . ============= SERVICES / DRIVERS =============== . R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2010-8-3 41928] R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2010-8-3 11776] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-11-16 96408] R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2010-8-3 2964312] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960] R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2010-12-15 247096] R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2010-8-3 73728] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-9-16 27632] S1 32d6c418;32d6c418;c:\windows\system32\drivers\32d6c418.sys --> c:\windows\system32\drivers\32d6c418.sys [?] S1 71980439;71980439;c:\windows\system32\drivers\71980439.sys --> c:\windows\system32\drivers\71980439.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-25 136176] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-9-16 13224] S3 PCIUtil;PCI Utility;\??\c:\docume~1\user\locals~1\temp\pciutil.sys --> c:\docume~1\user\locals~1\temp\PCIUtil.sys [?] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2010-9-16 153808] . =============== Created Last 30 ================ . 2011-03-19 17:49:14 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Deployment 2011-03-10 14:03:32 -------- d-----w- c:\docume~1\user\applic~1\Auslogics 2011-03-10 13:54:16 -------- d-----w- c:\program files\Auslogics 2011-03-09 18:56:16 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Cooliris 2011-03-09 18:54:43 -------- d-----w- c:\program files\PicLensIE 2011-03-06 09:52:55 -------- d-----w- c:\program files\common files\SourceTec 2011-03-06 09:51:25 -------- d-----w- c:\program files\SourceTec 2011-03-03 08:55:39 -------- d-----w- c:\docume~1\user\applic~1\Funambol 2011-03-03 07:12:55 -------- d-----w- c:\docume~1\user\applic~1\Maxthon3 2011-03-03 07:12:36 -------- d-----w- c:\program files\Maxthon3 . ==================== Find3M ==================== . 2011-02-13 17:11:45 15600 ----a-w- c:\windows\gdrv.sys 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 22:58:48,54 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12.10.2006 г. 16:29:29 System Uptime: 21.3.2011 г. 16:21:17 (54 hours ago) . Motherboard: GIGABYTE | | 0755 Processor: Genuine Intel® CPU T1080 @ 1.73GHz | U1 | 1729/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 29 GiB total, 8,189 GiB free. D: is CDROM () E: is FIXED (NTFS) - 34 GiB total, 24,99 GiB free. F: is FIXED (NTFS) - 30 GiB total, 3,87 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Intel® PRO/100 VE Network Connection Device ID: PCI\VEN_8086&DEV_1092&SUBSYS_0755152D&REV_02\4&6B16D5B&0&40F0 Manufacturer: Intel Name: Intel® PRO/100 VE Network Connection PNP Device ID: PCI\VEN_8086&DEV_1092&SUBSYS_0755152D&REV_02\4&6B16D5B&0&40F0 Service: E100B . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\18324D1B2400 Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\18324D1B2400 Service: NIC1394 . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Bluetooth PAN Network Adapter Device ID: ROOT\NET\0000 Manufacturer: IVT Corporation Name: Bluetooth PAN Network Adapter PNP Device ID: ROOT\NET\0000 Service: BT . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . ABBYY PDF Transformer 2.0 Able2Extract v4.0 AC3 Decoder v.1.2.4b Adobe Audition 1.5 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 7.0.5 Language Support Adobe Reader 7.0.9 Advanced SystemCare 3 AFPL Ghostscript Fonts AhnLab MyV3 AllSubmitter 3.4 Any DWG to Image Converter 2010 Apple Application Support Apple Mobile Device Support Apple Software Update AtomixMP3 v2.0 AtomixMP3 v2.1.1 Auslogics BoostSpeed BisonCam Bluesoleil 5.0.5.178 Bonjour Bulgarian(Phonetic-ici) BulgarianPhonetic XP by G. Atanasov CCleaner Compatibility Pack for the 2007 Office system Conexant HD Audio Copernic Desktop Search Corel Graphics - Windows Shell Extension CorelDRAW Graphics Suite X5 CorelDRAW Graphics Suite X5 - Capture CorelDRAW Graphics Suite X5 - Common CorelDRAW Graphics Suite X5 - Connect CorelDRAW Graphics Suite X5 - Custom Data CorelDRAW Graphics Suite X5 - Draw CorelDRAW Graphics Suite X5 - EN CorelDRAW Graphics Suite X5 - Filters CorelDRAW Graphics Suite X5 - FontNav CorelDRAW Graphics Suite X5 - IPM CorelDRAW Graphics Suite X5 - PHOTO-PAINT CorelDRAW Graphics Suite X5 - Photozoom Plugin CorelDRAW Graphics Suite X5 - Redist CorelDRAW Graphics Suite X5 - Setup Files CorelDRAW Graphics Suite X5 - VBA CorelDRAW Graphics Suite X5 - VideoBrowser CorelDRAW Graphics Suite X5 - VSTA CorelDRAW Graphics Suite X5 - WT CorelDRAW® Graphics Suite X5 Dell Driver Download Manager DWGSee DWG Viewer Pro Emsisoft Anti-Malware 5.0 ESET NOD32 Antivirus EVEREST Corporate Edition v5.50 FastStone Photo Resizer 2.4 FlashFXP v3 Foxit PDF Editor Free DVD MP3 Ripper 1.12 Ghostscript GPL 8.64 (Msi Setup) Gigabyte Wireless LAN Card GIMP 2.4.2 GLOBUL Connection Manager Google Gears Google Update Helper Google Земља Graphic Workshop Professional 3 HD Tune 2.52 HD Tune Pro 3.00 HD Writer AE 1.0 for HDC HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) ICQ Toolbar ICQ7.2 Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections Drivers IrfanView (remove only) iTunes Java Auto Updater Java 6 Update 20 K-Lite Codec Pack 4.5.3 (Full) L&H TTS3000 Deutsch L&H TTS3000 Espaсol L&H TTS3000 Franзais L&H TTS3000 Italiano L&H TTS3000 Russian Malwarebytes' Anti-Malware Maxthon 3 Maxthon2 Media Go Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Kernel-Mode Driver Framework 1.0 Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft Office 2003 Bulgarian User Interface Pack Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft Visual Studio Tools for Applications 2.0 Runtime Mozilla Firefox (3.6.8) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB954459) Nero 7 Premium oggcodecs 0.71.0946 Opera 11.01 PDF to DXF JPG TIFF Converter PDFToIMAGE v1.6 PlayStation®Network Downloader PlayStation®Store PROMT Expert 8 Giant Try-Buy QuickTime Realtek High Definition Audio Driver Russian (New Phonetic) Rynga SA Dictionary 2004 Datacenter Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows XP (KB913433) Skype™ 3.8 Soft Data Fax Modem with SmartCP Sony Ericsson PC Companion 2.00.146 SopCast 2.0.4 Sothink FLV Player SoulSeek Client 156c Synaptics Pointing Device Driver TextMaker Viewer The KMPlayer (remove only) Uninstall Crystal Internet Meter Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB971180) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update Service VeryDOC PDF To Word Converter v2.5 Visual Basic for Applications ® Core Visual Basic for Applications ® Core - English Visual Studio 2005 Tools for Office Second Edition Runtime Wallpaper Downloader 2.0 WebFldrs XP Winamp (remove only) Windows Imaging Component Windows Media Format 11 runtime Windows Media Player 10 Windows Presentation Foundation Windows XP Service Pack 3 WinRAR archiver XML Paper Specification Shared Components Pack 1.0 µTorrent . ==== Event Viewer Messages From Past Week ======== . 23.3.2011 г. 16:51:56, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 23.3.2011 г. 16:51:26, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 23.3.2011 г. 16:50:56, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 23.3.2011 г. 16:50:25, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 23.3.2011 г. 09:55:33, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 21.3.2011 г. 08:43:01, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 21.3.2011 г. 08:42:31, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 21.3.2011 г. 08:42:01, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 19.3.2011 г. 20:49:29, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 19.3.2011 г. 20:45:50, error: Service Control Manager [7031] - The Emsisoft Anti-Malware 5.0 - Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 19.3.2011 г. 20:44:06, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 19.3.2011 г. 20:24:13, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 19.3.2011 г. 16:51:19, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 19.3.2011 г. 16:50:49, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 19.3.2011 г. 16:50:19, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 19.3.2011 г. 08:47:58, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 18.3.2011 г. 21:59:16, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 18.3.2011 г. 09:01:01, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 16.3.2011 г. 13:36:39, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . ==== End Of File ===========================

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте..!Един предварителен въпрос: това IP познато ли ви е - 150.165.181.64 : Публикувано изображение

    IP адрес: 150.165.181.64

    Страна: Brazil

    Регион: Paraiba

    Город: Joгo Pessoa

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ясно..!Благодаря ви...Продължаваме:

    Изтеглете ComboFix от тук или тук и го запазете на десктопа си.

    • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

    Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

    • Стартирайте Combo-Fix.com и следвайте инструкциите.

    Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

    • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

    • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

    ** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

    Публикувано изображение

    След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

    Публикувано изображение

    Изберете Yes, за да продължи сканирането за зловреден софтуер.

    Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

    Бележка:

    • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
    • ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
    • ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
    • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
    • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

    Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

    Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Грешки ми даваше по време на сканирането, REGT i regedit: ComboFix 11-03-23.03 - User 03.2011 г. 0:23.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.381.1033.18.1014.262 [GMT 2:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255} AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . . ((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 ))))))))))))))))))))))))))))))) . . 2011-03-23 21:30 . 2011-03-23 21:35 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\AskToolbar 2011-03-19 17:49 . 2011-03-19 17:51 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Deployment 2011-03-10 14:03 . 2011-03-10 17:25 -------- d-----w- c:\documents and settings\User\Application Data\Auslogics 2011-03-10 13:54 . 2011-03-10 13:54 -------- d-----w- c:\program files\Auslogics 2011-03-09 18:56 . 2011-03-10 14:21 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Cooliris 2011-03-09 18:54 . 2011-03-10 14:21 -------- d-----w- c:\program files\PicLensIE 2011-03-06 09:52 . 2011-03-06 09:52 -------- d-----w- c:\program files\Common Files\SourceTec 2011-03-06 09:51 . 2011-03-06 09:51 -------- d-----w- c:\program files\SourceTec 2011-03-03 08:55 . 2011-03-03 08:55 -------- d-----w- c:\documents and settings\User\Application Data\Funambol 2011-03-03 07:12 . 2011-03-03 07:13 -------- d-----w- c:\documents and settings\User\Application Data\Maxthon3 2011-03-03 07:12 . 2011-03-03 07:12 -------- d-----w- c:\program files\Maxthon3 . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-13 17:11 . 2007-10-05 10:43 15600 ----a-w- c:\windows\gdrv.sys 2011-02-09 13:53 . 2004-08-03 22:56 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-03 22:56 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58 . 2006-10-12 13:22 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2006-10-12 13:22 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-03 22:56 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-03 22:56 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2004-08-03 21:17 1854976 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-03-23_22.02.36 ))))))))))))))))))))))))))))))))))))))))) . + 2011-03-23 22:17 . 2011-03-23 22:17 16384 c:\windows\TEMP\Perflib_Perfdata_790.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Rynga"="c:\program files\Rynga.com\Rynga\Rynga.exe" [2010-12-17 12947744] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-07-29 258134] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "GNConfig"="c:\program files\Gigabyte\Gigabyte Super Wireless LAN Card\Installer\Winxp\GNConfig.exe" [2006-03-08 380928] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360] "a-squared"="c:\program files\EMSISOFT ANTI-MALWARE\a2guard.exe" [2011-03-10 3438992] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HD Writer AE 1.0.lnk - c:\program files\Panasonic\HD Writer AE 1\HDWriterAutoStart.exe [2010-10-25 189784] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-09-01 05:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP] c:\program files\Common Files\PPLiveNetwork\PPAP.exe [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPLiveVA] c:\program files\PPLive\PPVA\PPLiveVA.exe [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-08-10 02:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion] 2010-04-19 10:12 405712 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 08:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "RTHDCPL"=RTHDCPL.EXE . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"= "c:\\Program Files\\Soulseek\\slsk.exe"= "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Documents and Settings\\User\\Desktop\\Lotary\\Lotary\\Lotary.exe"= "c:\\Documents and Settings\\User\\Desktop\\Damqn\\Lotary.exe"= "c:\\Program Files\\Rynga.com\\Rynga\\Rynga.exe"= "c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Maxthon2\\Maxthon.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\ICQ7.2\\ICQ.exe"= "c:\\Program Files\\ICQ7.2\\aolload.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "3246:TCP"= 3246:TCP:Services "2479:TCP"= 2479:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop . R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [03.8.2010 г. 10:03 41928] R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [03.8.2010 г. 10:03 11776] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 г. 09:03 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16.11.2009 г. 09:06 96408] R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [03.8.2010 г. 10:02 2964312] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [16.11.2009 г. 09:04 735960] R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.12.2010 г. 16:53 247096] R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [03.8.2010 г. 10:03 73728] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [16.9.2010 г. 09:54 27632] S1 32d6c418;32d6c418;c:\windows\system32\drivers\32d6c418.sys --> c:\windows\system32\drivers\32d6c418.sys [?] S1 71980439;71980439;c:\windows\system32\drivers\71980439.sys --> c:\windows\system32\drivers\71980439.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.5.2010 г. 12:48 136176] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [16.9.2010 г. 09:53 13224] S3 PCIUtil;PCI Utility;\??\c:\docume~1\User\LOCALS~1\Temp\PCIUtil.sys --> c:\docume~1\User\LOCALS~1\Temp\PCIUtil.sys [?] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [16.9.2010 г. 12:57 153808] . Contents of the 'Scheduled Tasks' folder . 2011-03-23 c:\windows\Tasks\AWC AutoSweep.job - c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-08-06 11:11] . 2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 10:48] . 2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 10:48] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyServer = 150.165.181.64:8000 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Online-словари - c:\program files\PRMT8\PRMTIE\oda.htm IE: Автоматически определить шаблон тематики - c:\program files\PRMT8\PRMTIE\aot.htm IE: Настроить параметры перевода - c:\program files\PRMT8\PRMTIE\options.htm IE: Незнакомые слова - c:\program files\PRMT8\PRMTIE\infopanel.htm IE: Открыть словарную статью - c:\program files\PRMT8\PRMTIE\addentry.htm IE: Перевести - c:\program files\PRMT8\PRMTIE\translat.htm IE: Перевести страницу - c:\program files\PRMT8\PRMTIE\page.htm IE: Поиск в Интернете - c:\program files\PRMT8\PRMTIE\search.htm IE: {{4034D172-4C52-49de-A6A1-E75F8F591FEC} - c:\program files\PRMT8\PRMTIE\options.htm IE: {{A2DA13D5-AC77-43b7-963B-40445EBCB8E0} - c:\program files\PRMT8\PRMTIE\prmtie5.htm DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} - hxxp://84.54.191.233/push03.cab DPF: {8A96EAE5-D262-4226-A517-304C88B53F1F} - hxxp://84.54.191.233/access01.cab DPF: {B7E80E27-0EDC-453B-A294-6CDDE7E4031D} - hxxp://84.54.191.233/audio01.cab DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\v7fymua8.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q= FF - prefs.js: network.proxy.http - 150.165.181.64 FF - prefs.js: network.proxy.http_port - 8000 FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} FF - Ext: Flash Video Downloader (Youtube Downloader): artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-24 00:30 Windows 5.1.2600 Service Pack 3 NTFS . detected NTDLL code modification: ZwOpenFile . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Eset\ESET Security\CurrentVersion\Info] @Denied: (2) (LocalSystem) "AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET NOD32 Antivirus\\" "DataDir"="ESET\\ESET NOD32 Antivirus\\" "EditionName"="BUSINESS EDITION" "InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\" "LanguageId"=dword:00000409 "PackageTag"=dword:6090e758 "ProductBase"=dword:00000000 "ProductCode"="{6864ABC3-A982-436B-BEF1-5652D6303361}" "ProductName"="ESET NOD32 Antivirus" "ProductType"="eavbe" "ProductVersion"="4.0.474.0" "UniqueId"="002A67E54B2F4795" "ScannerBuild"=dword:000017cd "ScannerVersionId"=dword:00001214 "ScannerVersion"="Locked/open ESET for status." "FixId"=dword:00000007 . Completion time: 2011-03-24 00:35:40 ComboFix-quarantined-files.txt 2011-03-23 22:35 ComboFix2.txt 2011-03-23 22:09 ComboFix3.txt 2009-12-21 09:22 ComboFix4.txt 2009-05-13 10:30 ComboFix5.txt 2011-03-23 22:22 . Pre-Run: 9 279 541 248 bytes free Post-Run: 9 249 927 168 bytes free . Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 390EBAFF194FFDDF617520E1E638E952


    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте..!Понеже съм служебно ангажиран ....сега не мога да пиша за което ви се извинявам..!Ще продължим довечера..!

    Между другото:

    • Изтеглете Security Check (автор: screen317) от тук или от тук и го запишете на десктопа.
    • Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.
    • Когато програмата завърши работата си, ще се отвори един текстов документ: checkup.txt.
    • Копирайте съдържанието с Копирай (Copy) на checkup.txt и с Постави (Paste) го поставете в следващия си коментар.
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Results of screen317's Security Check version 0.99.10

    Windows XP Service Pack 3

    Internet Explorer 8

    ``````````````````````````````

    Antivirus/Firewall Check:

    Windows Firewall Enabled!

    ESET NOD32 Antivirus

    Antivirus up to date!

    ```````````````````````````````

    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware

    CCleaner

    Java 6 Update 20

    Out of date Java installed!

    Adobe Flash Player 10.1.82.76

    Adobe Reader 7.0.9

    Adobe Reader 7.0.5 Language Support

    Out of date Adobe Reader installed!

    Mozilla Firefox (3.6.8) Firefox Out of Date!

    ````````````````````````````````

    Process Check:

    objlist.exe by Laurent

    Emsisoft Anti-Malware a2service.exe

    EMSISOFT ANTI-MALWARE a2guard.exe

    ``````````End of Log````````````

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте..!Моля изтеглете HAMeb_check.exe и го запазете на вашия десктоп.

    • Кликнете два пъти върху HAMeb_check.exe за да стартирате програмата.След като завърши работата си ще създаде лог.
    • Копирайте съдържанието му и го поставете в следващия си пост.
    Освен това нещо много важно - виждам две антивирусни,което е предпоставка за конфликт и некоректна работа и на двете програми (ESET NOD32 Antivirus и Emsisoft Anti-Malware)...Препоръчвам да деинсталирате едната програма по ваше решение,като задължително използвайте деинсталаторите за съответната програма..!
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Някъде бях чел, че Емсисофт не влиза в конфликти с други АВ и затова държа две, но сега Емсисофт го деинсталирах. C:\Documents and Settings\User\Desktop\HAMeb_check.exe 24.03.2011 г. at 20:18:43,17 Account active Yes Local Group Memberships *Administrators ~~ Checking profile list ~~ S-1-5-21-515967899-1604221776-839522115-1000 %SystemDrive%\Documents and Settings\HelpAssistant ~~ Checking for HelpAssistant directories ~~ HelpAssistant ~~ Checking mbr ~~ Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 0x0BA50E41 malicious code @ sector 0x0BA50E44 ! PE file found in sector at 0x0BA50E5A ! ~~ Checking for termsrv32.dll ~~ termsrv32.dll present! HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll ~~ Checking firewall ports ~~ [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List] "65533:TCP"=65533:TCP:*:Enabled:Services "52344:TCP"=52344:TCP:*:Enabled:Services "3246:TCP"=3246:TCP:*:Enabled:Services "2479:TCP"=2479:TCP:*:Enabled:Services "3389:TCP"=3389:TCP:*:Enabled:Remote Desktop [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65533:TCP"=65533:TCP:*:Enabled:Services "52344:TCP"=52344:TCP:*:Enabled:Services "3246:TCP"=3246:TCP:*:Enabled:Services "2479:TCP"=2479:TCP:*:Enabled:Services "3389:TCP"=3389:TCP:*:Enabled:Remote Desktop ~~ EOF ~~

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Копирайте текста в карето на notepad и го запазваш с име CFScript.txt на десктопа си:

    KILLALL::
    
    File::
    c:\windows\system32\drivers\32d6c418.sys
    c:\windows\system32\drivers\71980439.sys
    
    DDS::
    uInternet Settings,ProxyServer = 150.165.181.64:8000
    
    Driver::
    32d6c418
    71980439
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "65533:TCP"=-
    "52344:TCP"=-
    "3246:TCP"=-
    "2479:TCP"=-
    "3389:TCP"=-
    
    firefox::
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\v7fymua8.default\
    FF - prefs.js: network.proxy.http - 150.165.181.64
    FF - prefs.js: network.proxy.http_port - 8000
    FF - prefs.js: network.proxy.type - 0
    
    Fixcset::
    
    Reboot::
    
    
    

    След съхранението премести CFScript.txt на иконата на ComboFix.exe

    Публикувано изображение

    Генерирания рапорт прикачете в следващия си пост..!

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ComboFix 11-03-24.01 - User 03.2011 г. 20:45:41.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.381.1033.18.1014.283 [GMT 2:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . FILE :: "c:\windows\system32\drivers\32d6c418.sys" "c:\windows\system32\drivers\71980439.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_32d6c418 -------\Service_71980439 . . ((((((((((((((((((((((((( Files Created from 2011-02-24 to 2011-03-24 ))))))))))))))))))))))))))))))) . . 2011-03-23 21:30 . 2011-03-23 21:35 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\AskToolbar 2011-03-19 17:49 . 2011-03-19 17:51 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Deployment 2011-03-10 14:03 . 2011-03-10 17:25 -------- d-----w- c:\documents and settings\User\Application Data\Auslogics 2011-03-10 13:54 . 2011-03-10 13:54 -------- d-----w- c:\program files\Auslogics 2011-03-09 18:56 . 2011-03-10 14:21 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Cooliris 2011-03-09 18:54 . 2011-03-10 14:21 -------- d-----w- c:\program files\PicLensIE 2011-03-06 09:52 . 2011-03-06 09:52 -------- d-----w- c:\program files\Common Files\SourceTec 2011-03-06 09:51 . 2011-03-06 09:51 -------- d-----w- c:\program files\SourceTec 2011-03-03 08:55 . 2011-03-03 08:55 -------- d-----w- c:\documents and settings\User\Application Data\Funambol 2011-03-03 07:12 . 2011-03-03 07:13 -------- d-----w- c:\documents and settings\User\Application Data\Maxthon3 2011-03-03 07:12 . 2011-03-03 07:12 -------- d-----w- c:\program files\Maxthon3 . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-13 17:11 . 2007-10-05 10:43 15600 ----a-w- c:\windows\gdrv.sys 2011-02-09 13:53 . 2004-08-03 22:56 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-03 22:56 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58 . 2006-10-12 13:22 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2006-10-12 13:22 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-03 22:56 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-03 22:56 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2004-08-03 21:17 1854976 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Rynga"="c:\program files\Rynga.com\Rynga\Rynga.exe" [2010-12-17 12947744] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-07-29 258134] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "GNConfig"="c:\program files\Gigabyte\Gigabyte Super Wireless LAN Card\Installer\Winxp\GNConfig.exe" [2006-03-08 380928] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HD Writer AE 1.0.lnk - c:\program files\Panasonic\HD Writer AE 1\HDWriterAutoStart.exe [2010-10-25 189784] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-09-01 05:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP] c:\program files\Common Files\PPLiveNetwork\PPAP.exe [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPLiveVA] c:\program files\PPLive\PPVA\PPLiveVA.exe [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-08-10 02:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion] 2010-04-19 10:12 405712 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 08:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "RTHDCPL"=RTHDCPL.EXE . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"= "c:\\Program Files\\Soulseek\\slsk.exe"= "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Documents and Settings\\User\\Desktop\\Lotary\\Lotary\\Lotary.exe"= "c:\\Documents and Settings\\User\\Desktop\\Damqn\\Lotary.exe"= "c:\\Program Files\\Rynga.com\\Rynga\\Rynga.exe"= "c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Maxthon2\\Maxthon.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\ICQ7.2\\ICQ.exe"= "c:\\Program Files\\ICQ7.2\\aolload.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 г. 09:03 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16.11.2009 г. 09:06 96408] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [16.11.2009 г. 09:04 735960] R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.12.2010 г. 16:53 247096] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [16.9.2010 г. 09:54 27632] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.5.2010 г. 12:48 136176] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [16.9.2010 г. 09:53 13224] S3 PCIUtil;PCI Utility;\??\c:\docume~1\User\LOCALS~1\Temp\PCIUtil.sys --> c:\docume~1\User\LOCALS~1\Temp\PCIUtil.sys [?] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [16.9.2010 г. 12:57 153808] . Contents of the 'Scheduled Tasks' folder . 2011-03-24 c:\windows\Tasks\AWC AutoSweep.job - c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-08-06 11:11] . 2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 10:48] . 2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 10:48] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Online-словари - c:\program files\PRMT8\PRMTIE\oda.htm IE: Автоматически определить шаблон тематики - c:\program files\PRMT8\PRMTIE\aot.htm IE: Настроить параметры перевода - c:\program files\PRMT8\PRMTIE\options.htm IE: Незнакомые слова - c:\program files\PRMT8\PRMTIE\infopanel.htm IE: Открыть словарную статью - c:\program files\PRMT8\PRMTIE\addentry.htm IE: Перевести - c:\program files\PRMT8\PRMTIE\translat.htm IE: Перевести страницу - c:\program files\PRMT8\PRMTIE\page.htm IE: Поиск в Интернете - c:\program files\PRMT8\PRMTIE\search.htm IE: {{4034D172-4C52-49de-A6A1-E75F8F591FEC} - c:\program files\PRMT8\PRMTIE\options.htm IE: {{A2DA13D5-AC77-43b7-963B-40445EBCB8E0} - c:\program files\PRMT8\PRMTIE\prmtie5.htm DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} - hxxp://84.54.191.233/push03.cab DPF: {8A96EAE5-D262-4226-A517-304C88B53F1F} - hxxp://84.54.191.233/access01.cab DPF: {B7E80E27-0EDC-453B-A294-6CDDE7E4031D} - hxxp://84.54.191.233/audio01.cab DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\v7fymua8.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} FF - Ext: Flash Video Downloader (Youtube Downloader): artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-24 20:53 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Eset\ESET Security\CurrentVersion\Info] @Denied: (2) (LocalSystem) "AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET NOD32 Antivirus\\" "DataDir"="ESET\\ESET NOD32 Antivirus\\" "EditionName"="BUSINESS EDITION" "InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\" "LanguageId"=dword:00000409 "PackageTag"=dword:6090e758 "ProductBase"=dword:00000000 "ProductCode"="{6864ABC3-A982-436B-BEF1-5652D6303361}" "ProductName"="ESET NOD32 Antivirus" "ProductType"="eavbe" "ProductVersion"="4.0.474.0" "UniqueId"="002A67E54B2F4795" "ScannerBuild"=dword:000017cd "ScannerVersionId"=dword:00001214 "ScannerVersion"="Locked/open ESET for status." "FixId"=dword:00000007 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(944) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\BsLangInDepRes.dll c:\windows\system32\Bs2Res.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\acs.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\system32\bgsvcgen.exe c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2011-03-24 20:59:56 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-24 18:59 ComboFix2.txt 2011-03-23 22:35 ComboFix3.txt 2011-03-23 22:09 ComboFix4.txt 2009-12-21 09:22 ComboFix5.txt 2011-03-24 18:42 . Pre-Run: 8 726 765 568 bytes free Post-Run: 9 022 283 776 bytes free . - - End Of File - - D2DEE4F58563E3FAC41CB3FF48235456

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Какво е моментното състояние на системата ви..?Наблюдавате ли някъкви проблеми..?;)

    * Изтеглете Malwarebytes' Anti-Malware Free от тук

    * Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.

    * Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.

    * Ако има намерени обновявания, тя ще ги изтегли и инсталира.

    * Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.

    * Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.

    * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.

    * Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.

    * Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. Копирайте този лог и го публикувайте в следващия си коментар по темата.

    Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Системата е по-бърза, няма две мнения по въпроса, отварянето на свалени файлове от нета беше съпътствано с дълго чакане на етап 'verifying', сега то вече е наред, таск мениджъра обаче все-още изглежда по орязания начин, прикачвам ти снимка. Отделно при първото сканиране с Комбофикс, language bar-a ми изчезна и не мога да проумея как да си го върна в статус бара, бутона Language Bar в Регионални настройки и езици ми е неактивен... Сега сканирам с указания софтуер и ще ви пусна лога в най-скоро време.

    post-297105-0-56352900-1300994482_thumb.

    Редактирано от prawler (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    language bar-a ми изчезна и не мога да проумея как да си го върна в статус бара, бутона Language Bar в Регионални настройки и езици ми е неактивен...

    За language bar-a..:

    Изтеглете този файл ..разархивирайте го и стартираш *reg файла ..Рестартирайте компютъра си..!

    За таск мениджъра:

    Посочваш с мишката в сив сектор(поле) и кликваш два пъти и си готов..!:)

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 24.3.2011 г. 22:26:52 mbam-log-2011-03-24 (22-26-52).txt Scan type: Full scan (C:\|E:\|F:\|) Objects scanned: 241103 Time elapsed: 1 hour(s), 6 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Супер...проблемите с language bar-a и таск мениджъра решиха ли се..?:)

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Благодаря ти, вече всичко е наред, считам че съм готов :) Какво беше бразилското айпи?

    Редактирано от prawler (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Деинсталирайте ComboFix така:

    1.Натиснете Start ==> Run ==> въведете командата Combofix /Uninstall ==> OK

    Публикувано изображение

    2.Изтеглете OTCleanIt или от тук,стартирайте и натиснете Clean up

    Подгответе свеж лог с DDS от инструкцията : Системата ми е инфектирана - Какво да правя сега?

    И ВИ КАЗВАМ ЧЕ ИМАМЕ ОЩЕ МАЛКО РАБОТА....НО ЩЕ ПРОДЪЛЖИМ УТРЕ...!:)

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    . DDS (Ver_11-03-05.01) - NTFSx86 Run by User at 22:59:55,96 on 24.03.2011 г. Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1251.381.1033.18.1014.405 [GMT 2:00] . AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\ICQ6Toolbar\ICQ Service.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\wuauclt.exe C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\Explorer.EXE C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Gigabyte\Gigabyte Super Wireless LAN Card\Installer\Winxp\GNConfig.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Rynga.com\Rynga\Rynga.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\CTFMON.EXE C:\Program Files\Panasonic\HD Writer AE 1\HDWriterAutoStart.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Maxthon2\Maxthon.exe C:\Documents and Settings\User\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearchURL,(Default) = hxxp://www.google.com/keyword/%s uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll uURLSearchHooks: H - No File mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll mURLSearchHooks: H - No File mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll mURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: PandoraTV Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: PROMT: {892e81f6-ec63-4d13-8422-835a7a05d6eb} - c:\program files\prmt8\prmtie\prmtie.dll TB: Copernic Desktop Search: {c5f7a735-70f1-477f-8c36-6ff3c736017b} - c:\program files\copernic desktop search\CopernicDesktopSearchIntegration977.dll TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll TB: PandoraTV Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll EB: Перевод текста: {0b36d47c-7613-4b8d-89da-809f66de9b31} - c:\program files\prmt8\prmtie\prmtie.dll EB: Online-словари: {ce1b52db-f55e-4135-b22b-6529ef90ea52} - c:\program files\prmt8\prmtie\prmtie.dll EB: Незнакомые слова: {eb8f177f-ead2-44f8-bb4e-0e967f90be21} - c:\program files\prmt8\prmtie\prmtie.dll uRun: [Rynga] "c:\program files\rynga.com\rynga\Rynga.exe" -nosplash -minimized uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [btTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe" mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [GNConfig] "c:\program files\gigabyte\gigabyte super wireless lan card\installer\winxp\GNConfig.exe" -nogui mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hdwrit~1.lnk - c:\program files\panasonic\hd writer ae 1\HDWriterAutoStart.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Online-словари - c:\program files\prmt8\prmtie\oda.htm IE: Автоматически определить шаблон тематики - c:\program files\prmt8\prmtie\aot.htm IE: Настроить параметры перевода - c:\program files\prmt8\prmtie\options.htm IE: Незнакомые слова - c:\program files\prmt8\prmtie\infopanel.htm IE: Открыть словарную статью - c:\program files\prmt8\prmtie\addentry.htm IE: Перевести - c:\program files\prmt8\prmtie\translat.htm IE: Перевести страницу - c:\program files\prmt8\prmtie\page.htm IE: Поиск в Интернете - c:\program files\prmt8\prmtie\search.htm IE: {4034D172-4C52-49de-A6A1-E75F8F591FEC} - c:\program files\prmt8\prmtie\options.htm IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} - c:\program files\prmt8\prmtie\prmtie5.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx DPF: {215b8138-a3cf-44c5-803f-8226143cfc0a} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/67.17/uploader2.cab DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} - hxxp://84.54.191.233/push03.cab DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239045705046 DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {6531d99c-0d0e-4293-b3cb-a3e1d0d41847} - hxxp://aspglobal.ahnlab.com/asp/cab/AhnASP.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8A96EAE5-D262-4226-A517-304C88B53F1F} - hxxp://84.54.191.233/access01.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {B7E80E27-0EDC-453B-A294-6CDDE7E4031D} - hxxp://84.54.191.233/audio01.cab DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/emsisoft_webscan.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\v7fymua8.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q= FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\sony\media go\npmediago.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} FF - Ext: Flash Video Downloader (Youtube Downloader): artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com . ============= SERVICES / DRIVERS =============== . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-11-16 96408] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960] R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2010-12-15 247096] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-9-16 27632] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-25 136176] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-9-16 13224] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-3-3 38224] S3 PCIUtil;PCI Utility;\??\c:\docume~1\user\locals~1\temp\pciutil.sys --> c:\docume~1\user\locals~1\temp\PCIUtil.sys [?] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2010-9-16 153808] . =============== Created Last 30 ================ . 2011-03-23 21:30:49 -------- d-----w- c:\docume~1\user\locals~1\applic~1\AskToolbar 2011-03-19 17:49:14 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Deployment 2011-03-10 14:03:32 -------- d-----w- c:\docume~1\user\applic~1\Auslogics 2011-03-10 13:54:16 -------- d-----w- c:\program files\Auslogics 2011-03-09 18:56:16 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Cooliris 2011-03-09 18:54:43 -------- d-----w- c:\program files\PicLensIE 2011-03-06 09:52:55 -------- d-----w- c:\program files\common files\SourceTec 2011-03-06 09:51:25 -------- d-----w- c:\program files\SourceTec 2011-03-03 08:55:39 -------- d-----w- c:\docume~1\user\applic~1\Funambol 2011-03-03 07:12:55 -------- d-----w- c:\docume~1\user\applic~1\Maxthon3 2011-03-03 07:12:36 -------- d-----w- c:\program files\Maxthon3 . ==================== Find3M ==================== . 2011-02-13 17:11:45 15600 ----a-w- c:\windows\gdrv.sys 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 23:00:57,76 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12.10.2006 г. 16:29:29 System Uptime: 24.3.2011 г. 22:57:22 (1 hours ago) . Motherboard: GIGABYTE | | 0755 Processor: Genuine Intel® CPU T1080 @ 1.73GHz | U1 | 1054/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 29 GiB total, 9,017 GiB free. D: is CDROM () E: is FIXED (NTFS) - 34 GiB total, 24,968 GiB free. F: is FIXED (NTFS) - 30 GiB total, 4,201 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Intel® PRO/100 VE Network Connection Device ID: PCI\VEN_8086&DEV_1092&SUBSYS_0755152D&REV_02\4&6B16D5B&0&40F0 Manufacturer: Intel Name: Intel® PRO/100 VE Network Connection PNP Device ID: PCI\VEN_8086&DEV_1092&SUBSYS_0755152D&REV_02\4&6B16D5B&0&40F0 Service: E100B . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\18324D1B2400 Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\18324D1B2400 Service: NIC1394 . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Bluetooth PAN Network Adapter Device ID: ROOT\NET\0000 Manufacturer: IVT Corporation Name: Bluetooth PAN Network Adapter PNP Device ID: ROOT\NET\0000 Service: BT . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . ABBYY PDF Transformer 2.0 Able2Extract v4.0 AC3 Decoder v.1.2.4b Adobe Audition 1.5 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 7.0.5 Language Support Adobe Reader 7.0.9 Advanced SystemCare 3 AFPL Ghostscript Fonts AhnLab MyV3 AllSubmitter 3.4 Any DWG to Image Converter 2010 Apple Application Support Apple Mobile Device Support Apple Software Update AtomixMP3 v2.0 AtomixMP3 v2.1.1 Auslogics BoostSpeed BisonCam Bluesoleil 5.0.5.178 Bonjour Bulgarian(Phonetic-ici) BulgarianPhonetic XP by G. Atanasov CCleaner Compatibility Pack for the 2007 Office system Conexant HD Audio Copernic Desktop Search Corel Graphics - Windows Shell Extension CorelDRAW Graphics Suite X5 CorelDRAW Graphics Suite X5 - Capture CorelDRAW Graphics Suite X5 - Common CorelDRAW Graphics Suite X5 - Connect CorelDRAW Graphics Suite X5 - Custom Data CorelDRAW Graphics Suite X5 - Draw CorelDRAW Graphics Suite X5 - EN CorelDRAW Graphics Suite X5 - Filters CorelDRAW Graphics Suite X5 - FontNav CorelDRAW Graphics Suite X5 - IPM CorelDRAW Graphics Suite X5 - PHOTO-PAINT CorelDRAW Graphics Suite X5 - Photozoom Plugin CorelDRAW Graphics Suite X5 - Redist CorelDRAW Graphics Suite X5 - Setup Files CorelDRAW Graphics Suite X5 - VBA CorelDRAW Graphics Suite X5 - VideoBrowser CorelDRAW Graphics Suite X5 - VSTA CorelDRAW Graphics Suite X5 - WT CorelDRAW® Graphics Suite X5 Dell Driver Download Manager DWGSee DWG Viewer Pro ESET NOD32 Antivirus EVEREST Corporate Edition v5.50 FastStone Photo Resizer 2.4 FlashFXP v3 Foxit PDF Editor Free DVD MP3 Ripper 1.12 Ghostscript GPL 8.64 (Msi Setup) Gigabyte Wireless LAN Card GIMP 2.4.2 GLOBUL Connection Manager Google Gears Google Update Helper Google Земља Graphic Workshop Professional 3 HD Tune 2.52 HD Tune Pro 3.00 HD Writer AE 1.0 for HDC HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) ICQ Toolbar ICQ7.2 Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections Drivers IrfanView (remove only) iTunes Java Auto Updater Java 6 Update 20 K-Lite Codec Pack 4.5.3 (Full) L&H TTS3000 Deutsch L&H TTS3000 Espaсol L&H TTS3000 Franзais L&H TTS3000 Italiano L&H TTS3000 Russian Malwarebytes' Anti-Malware Maxthon 3 Maxthon2 Media Go Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Kernel-Mode Driver Framework 1.0 Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft Office 2003 Bulgarian User Interface Pack Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft Visual Studio Tools for Applications 2.0 Runtime Mozilla Firefox (3.6.8) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB954459) Nero 7 Premium oggcodecs 0.71.0946 Opera 11.01 PDF to DXF JPG TIFF Converter PDFToIMAGE v1.6 PlayStation®Network Downloader PlayStation®Store PROMT Expert 8 Giant Try-Buy QuickTime Realtek High Definition Audio Driver Russian (New Phonetic) Rynga SA Dictionary 2004 Datacenter Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB913433) Skype™ 3.8 Soft Data Fax Modem with SmartCP Sony Ericsson PC Companion 2.00.146 SopCast 2.0.4 Sothink FLV Player SoulSeek Client 156c Synaptics Pointing Device Driver TextMaker Viewer The KMPlayer (remove only) Uninstall Crystal Internet Meter Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB971180) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update Service VeryDOC PDF To Word Converter v2.5 Visual Basic for Applications ® Core Visual Basic for Applications ® Core - English Visual Studio 2005 Tools for Office Second Edition Runtime Wallpaper Downloader 2.0 WebFldrs XP Winamp (remove only) Windows Imaging Component Windows Media Format 11 runtime Windows Media Player 10 Windows Presentation Foundation Windows XP Service Pack 3 WinRAR archiver XML Paper Specification Shared Components Pack 1.0 µTorrent . ==== Event Viewer Messages From Past Week ======== . 24.3.2011 г. 22:57:53, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 24.3.2011 г. 22:31:59, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 24.3.2011 г. 22:29:26, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 24.3.2011 г. 21:13:12, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 24.3.2011 г. 20:52:40, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 24.3.2011 г. 20:45:39, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). 24.3.2011 г. 20:45:39, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s). 24.3.2011 г. 20:45:39, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 24.3.2011 г. 20:45:39, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). 24.3.2011 г. 20:45:39, error: Service Control Manager [7034] - The BlueSoleilCS service terminated unexpectedly. It has done this 1 time(s). 24.3.2011 г. 20:45:39, error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s). 24.3.2011 г. 20:45:39, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). 24.3.2011 г. 20:45:38, error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s). 24.3.2011 г. 20:45:38, error: Service Control Manager [7034] - The ICQ Service service terminated unexpectedly. It has done this 1 time(s). 24.3.2011 г. 20:45:38, error: Service Control Manager [7034] - The BsHelpCS service terminated unexpectedly. It has done this 1 time(s). 24.3.2011 г. 20:45:38, error: Service Control Manager [7034] - The B's Recorder GOLD Library General Service service terminated unexpectedly. It has done this 1 time(s). 24.3.2011 г. 20:45:38, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 24.3.2011 г. 20:17:32, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 24.3.2011 г. 20:12:26, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 24.3.2011 г. 20:07:02, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001A4D3460F8 has been denied by the DHCP server 192.168.81.1 (The DHCP Server sent a DHCPNACK message). 24.3.2011 г. 20:05:04, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 24.3.2011 г. 19:38:44, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 24.3.2011 г. 15:43:17, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 24.3.2011 г. 00:17:29, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 24.3.2011 г. 00:12:14, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 23.3.2011 г. 16:51:56, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 23.3.2011 г. 16:51:26, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 23.3.2011 г. 16:50:56, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 23.3.2011 г. 16:50:25, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 23.3.2011 г. 09:55:33, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 21.3.2011 г. 08:43:01, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 21.3.2011 г. 08:42:31, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 21.3.2011 г. 08:42:01, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 19.3.2011 г. 20:49:29, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 19.3.2011 г. 20:45:50, error: Service Control Manager [7031] - The Emsisoft Anti-Malware 5.0 - Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 19.3.2011 г. 20:44:06, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 19.3.2011 г. 20:24:13, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 19.3.2011 г. 16:51:19, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 19.3.2011 г. 16:50:49, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 19.3.2011 г. 16:50:19, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 19.3.2011 г. 08:47:58, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 18.3.2011 г. 21:59:16, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BlueSoleilCS service. 18.3.2011 г. 09:01:01, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . ==== End Of File ===========================

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте..!Необходимо е да направим още една много важна процедура :

    • Изтеглете HelpAsst_mebroot_fix.exe и го запазете на десктопа.
    • Спрете работата на всички програми, които сте стартирали.
    • Стартирайте HelpAsst_mebroot_fix.exe. Ако програмата намери MBR инфекция, позволете да стартира mbr -f и да изключи компютъра. Малко след рестарта (около 5 минути) Start -> Run -> и с Copy/Paste въведете следния текст, който е маркиран в синьо:

      helpasst -mbrt

      Следва ENTER

    • След като сканирането приключи, ще се появи лог. Публикувайте съдържанието му в следващия си коментар.
    Забележка: Ако няма MBR инфекция, Start -> Run -> и с Copy/Paste въведете следния текст, който е маркиран в синьо:

    mbr -f

    Следва ENTER

    ................................

    • Следва повторение: Start -> Run -> и с Copy/Paste въведете следния текст, който е маркиран в синьо:

      mbr -f

      Малко след рестарта (около 5 минути) Start -> Run -> и с Copy/Paste въведете следния текст, който е маркиран в синьо:

      helpasst -mbrt

      Следва ENTER

    • След като сканирането приключи, ще се появи лог. Публикувайте съдържанието му в следващия си коментар.
    Забележка: ако Windows не се рестартира, направете го принудително.

    P.S. Трябва да има два лога от HelpAsst_mebroot_fix

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    C:\Documents and Settings\User\Desktop\HelpAsst_mebroot_fix.exe 25.03.2011 г. at 13:24:20,32 HelpAssistant account is Active ~ attempting to de-activate Account active Yes Local Group Memberships *Administrators HelpAssistant successfully set Inactive ~~ Checking for termsrv32.dll ~~ termsrv32.dll present! ~ attempting to remove termsrv32.dll successfully removed ~~ Checking firewall ports ~~ backing up DomainProfile\GloballyOpenPorts\List registry key closing rogue ports HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list "65533:TCP"=- "52344:TCP"=- "3246:TCP"=- "2479:TCP"=- "3389:TCP"=- HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list ~~ Checking profile list ~~ HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-515967899-1604221776-839522115-1000 HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant ~ attempting to remove ~ All C:\Documents and Settings\HelpAssistant files successfully removed ~ ~~ Checking mbr ~~ user & kernel MBR OK ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Status check on 25.03.2011 г. at 13:31:31,56 Account active No Local Group Memberships ~~ Checking mbr ~~ Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 0x0BA50E41 malicious code @ sector 0x0BA50E44 ! PE file found in sector at 0x0BA50E5A ! ~~ Checking for termsrv32.dll ~~ termsrv32.dll not found HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll ~~ Checking profile list ~~ No HelpAssistant profile in registry ~~ Checking for HelpAssistant directories ~~ none found ~~ Checking firewall ports ~~ [HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] ~~ EOF ~~ Не съм убеден, че направих каквото трябва C:\Documents and Settings\User\Desktop\HelpAsst_mebroot_fix.exe 25.03.2011 г. at 13:24:20,32 HelpAssistant account is Active ~ attempting to de-activate Account active Yes Local Group Memberships *Administrators HelpAssistant successfully set Inactive ~~ Checking for termsrv32.dll ~~ termsrv32.dll present! ~ attempting to remove termsrv32.dll successfully removed ~~ Checking firewall ports ~~ backing up DomainProfile\GloballyOpenPorts\List registry key closing rogue ports HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list "65533:TCP"=- "52344:TCP"=- "3246:TCP"=- "2479:TCP"=- "3389:TCP"=- HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list ~~ Checking profile list ~~ HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-515967899-1604221776-839522115-1000 HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant ~ attempting to remove ~ All C:\Documents and Settings\HelpAssistant files successfully removed ~ ~~ Checking mbr ~~ user & kernel MBR OK ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Status check on 25.03.2011 г. at 13:31:31,56 Account active No Local Group Memberships ~~ Checking mbr ~~ Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 0x0BA50E41 malicious code @ sector 0x0BA50E44 ! PE file found in sector at 0x0BA50E5A ! ~~ Checking for termsrv32.dll ~~ termsrv32.dll not found HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll ~~ Checking profile list ~~ No HelpAssistant profile in registry ~~ Checking for HelpAssistant directories ~~ none found ~~ Checking firewall ports ~~ [HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] ~~ EOF ~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Status check on 25.03.2011 г. at 13:38:03,20 Account active No Local Group Memberships ~~ Checking mbr ~~ Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 0x0BA50E41 malicious code @ sector 0x0BA50E44 ! PE file found in sector at 0x0BA50E5A ! ~~ Checking for termsrv32.dll ~~ termsrv32.dll not found HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll ~~ Checking profile list ~~ No HelpAssistant profile in registry ~~ Checking for HelpAssistant directories ~~ none found ~~ Checking firewall ports ~~ [HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] ~~ EOF ~~

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте..!;)

    Необходимо е да обновите с новите версии:

    • Java™ -обновете с последна версия Version 6 Update 24 ,като преди инсталирането и, изтриете всички стари версии с JavaRA" - (разархивирате,стартирате и избирате Remove Older Versions")
    • Adobe Reader -обновете с последната версия Adobe Reader X (10.0.1)
    • Mozilla Firefox - с актуална версия

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Прекрасно..!Добра работа..!Това е от мен ..имахте Mebroot/Help Assistant инфекция.Сега вече всичко е наред..!Пожелавам ви лек ден..!:cool:

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Безценна помощ, г-н Тонев, благодаря много!

    Results of screen317's Security Check version 0.99.10

    Windows XP Service Pack 3

    Internet Explorer 8

    ``````````````````````````````

    Antivirus/Firewall Check:

    Windows Firewall Enabled!

    ESET NOD32 Antivirus

    Antivirus up to date!

    ```````````````````````````````

    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware

    CCleaner

    Java 6 Update 24

    Adobe Flash Player 10.1.82.76

    Mozilla Firefox (x86 bg..)

    ````````````````````````````````

    Process Check:

    objlist.exe by Laurent

    ``````````End of Log````````````

    Редактирано от prawler (преглед на промените)
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.