Премини към съдържанието
Jmork

Вирус ли е ? [решен]

Препоръчан отговор

публикувано (редактирано)

Здравейте. Нов съм в този форум и мисля, че на компа ми има вирус или е от това, че вървят ~60 процеса на него :\ Проблемът е, че не мога да стартирам нищо. Смисъл сега мога, и процесорът не се използва на 100%, но когато примерно си пусна музика от мозилата + ЛоЛ, не мога да цъкна десен бутон на таскбара, дестопа, не мога да отворя файл. И не става само тогава, от около 4 дни става това. Не знам дали е защото, на брат ми му вървят 21 мБота или имам вирус. Преди не ставаше така, но също и ботовете бяха около 18. Не знам дали е, защото показва, че процесора се използва 100%...Иии ако не сте ме разбрали много добре(което обикновено става о.о) ви давам логовете. А и нямам диск на Уиндоус.

DDS:

DDS (Ver_2011-07-14.01) - NTFS_x86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22

Run by user at 3:56:34 on 2011-07-19

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2046.797 [GMT 3:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ================

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\System32\alg.exe

D:\Program Files\LOLReplay\LOLRecorder.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Documents and Settings\user\Desktop\party\bard\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\party\wizz1\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\party\wizz3\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\party\cleric\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\party\war\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\all linked with rsro\botev\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\party\war2\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\one more gb pt\bojidar03-wizz\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\all linked with rsro\SROOOOOOO\mbot hide\mBot_AC.exe

C:\Documents and Settings\user\Desktop\gbots\Ongi\Wizzard2\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\gbots\Ongi\Cleric\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\gbots\Ongi\Warrior\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\gbots\Ongi\Wizzard3\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\gbots\Ongi\Bard2\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\gbots\Ongi\Bard1\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\gbots\Ongi\Warlock\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\gbots\Ongi\Wizzard1\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\all linked with rsro\SROOOOOOO\bojo14\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\all linked with rsro\slavena\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\all linked with rsro\SROOOOOOO\bojo12\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\all linked with rsro\SROOOOOOO\mendeleev_1\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\all linked with rsro\SROOOOOOO\bojo\mBot_rSRO.exe

C:\Documents and Settings\user\Desktop\all linked with rsro\SROOOOOOO\bojo11\mBot_rSRO.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.bg/

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - d:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun

uRun: [sUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [unlockerAssistant] "d:\program files\unlocker\UnlockerAssistant.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lolrec~1.lnk - d:\program files\lolreplay\LOLRecorder.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: &D&ownload &with BitComet - d:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all with BitComet - d:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - d:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286905199406

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.sopcast.com/download/SOPCORE.CAB

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: NameServer = 217.18.242.74 217.18.242.146

TCP: Interfaces\{3FD69C30-DA83-442B-9EFB-8E7AC723A323} : DHCPNameServer = 217.18.242.74 217.18.242.146

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: ipp - <Clsid value has no data>

Handler: msdaipp - <Clsid value has no data>

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - d:\program files\superantispyware\SASSEH.DLL

mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

IFEO: Your Image File Name Here without a path - ntsd -d

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\q2gh4tdy.default\

FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q=

FF - prefs.js: browser.startup.homepage - hxxp://bg.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:bg:official

FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\q2gh4tdy.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: d:\program files\veetle\player\npvlc.dll

FF - plugin: d:\program files\veetle\plugins\npVeetle.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]

R1 MpKslabefddf2;MpKslabefddf2;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9fec5089-3e3f-45db-8cd1-cd59fcf59c57}\MpKslabefddf2.sys [2011-7-18 28752]

R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2010-10-12 101904]

S1 MpKsl033c3fb3;MpKsl033c3fb3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b28f4eda-109e-42c1-950a-d1aeda644351}\mpksl033c3fb3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b28f4eda-109e-42c1-950a-d1aeda644351}\MpKsl033c3fb3.sys [?]

S1 MpKsl17b57b02;MpKsl17b57b02;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0563c830-4554-4939-ad31-a226ef70ede1}\mpksl17b57b02.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0563c830-4554-4939-ad31-a226ef70ede1}\MpKsl17b57b02.sys [?]

S1 MpKsl48333926;MpKsl48333926;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{403b3bbd-9b12-4aaa-8c7c-029c0dc606a3}\mpksl48333926.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{403b3bbd-9b12-4aaa-8c7c-029c0dc606a3}\MpKsl48333926.sys [?]

S1 MpKsl51c4a38b;MpKsl51c4a38b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{de0e724a-f467-45f4-a4e7-e71cc0c9f7a6}\mpksl51c4a38b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{de0e724a-f467-45f4-a4e7-e71cc0c9f7a6}\MpKsl51c4a38b.sys [?]

S1 MpKsl6969e09a;MpKsl6969e09a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c82dca72-c033-44ce-a3b2-0b8cdf924e1f}\mpksl6969e09a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c82dca72-c033-44ce-a3b2-0b8cdf924e1f}\MpKsl6969e09a.sys [?]

S1 MpKsl792254f3;MpKsl792254f3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed4c6f61-3985-4d55-9ceb-c5672c51b9a6}\mpksl792254f3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed4c6f61-3985-4d55-9ceb-c5672c51b9a6}\MpKsl792254f3.sys [?]

S1 MpKsl7dc64bd6;MpKsl7dc64bd6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1c11e37b-5f96-41b4-b5cc-d59c0e4d311c}\mpksl7dc64bd6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1c11e37b-5f96-41b4-b5cc-d59c0e4d311c}\MpKsl7dc64bd6.sys [?]

S1 MpKsl9650fca1;MpKsl9650fca1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0563c830-4554-4939-ad31-a226ef70ede1}\mpksl9650fca1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0563c830-4554-4939-ad31-a226ef70ede1}\MpKsl9650fca1.sys [?]

S1 MpKsl9e846fa8;MpKsl9e846fa8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{403b3bbd-9b12-4aaa-8c7c-029c0dc606a3}\mpksl9e846fa8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{403b3bbd-9b12-4aaa-8c7c-029c0dc606a3}\MpKsl9e846fa8.sys [?]

S1 MpKslbc115a43;MpKslbc115a43;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21455996-0cfc-4bc9-92bc-cbe9c8a7a7e1}\mpkslbc115a43.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21455996-0cfc-4bc9-92bc-cbe9c8a7a7e1}\MpKslbc115a43.sys [?]

S1 MpKsld5cd3426;MpKsld5cd3426;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5e45395d-c321-4550-9661-5e11526cf53d}\mpksld5cd3426.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5e45395d-c321-4550-9661-5e11526cf53d}\MpKsld5cd3426.sys [?]

S1 MpKsldb6d272f;MpKsldb6d272f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{530647d6-6119-4937-b0e8-fa58540464ac}\mpksldb6d272f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{530647d6-6119-4937-b0e8-fa58540464ac}\MpKsldb6d272f.sys [?]

S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-5-25 1336712]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-10-12 1691480]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\locals~1\temp\xpf444.tmp --> c:\docume~1\user\locals~1\temp\XPF444.tmp [?]

S3 GGSAFERDriver;GGSAFER Driver;\??\d:\program files\garena\safedrv.sys --> d:\program files\garena\safedrv.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S4 Guard.Mail.ru;Guard.Mail.ru;"c:\program files\mail.ru\guard\guardmailru.exe" --> c:\program files\mail.ru\guard\GuardMailRu.exe [?]

S4 TunngleService;TunngleService;d:\program files\tunngle\tnglctrl.exe --> d:\program files\tunngle\TnglCtrl.exe [?]

.

=============== Created Last 30 ================

.

2011-07-18 11:26:40 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9fec5089-3e3f-45db-8cd1-cd59fcf59c57}\MpKslabefddf2.sys

2011-07-18 11:18:23 146432 ----a-w- c:\windows\regedit.com

2011-07-17 23:09:38 -------- d-----w- c:\documents and settings\user\application data\SUPERAntiSpyware.com

2011-07-17 23:09:38 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-07-17 23:01:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-17 23:01:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-07-17 23:01:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-17 22:17:52 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9fec5089-3e3f-45db-8cd1-cd59fcf59c57}\mpengine.dll

2011-07-17 13:50:15 -------- d-----w- c:\documents and settings\user\application data\QuickScan

2011-07-16 19:07:57 388096 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-07-16 19:05:54 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-07-16 18:50:55 -------- d-----w- c:\documents and settings\user\local settings\application data\LogMeIn Hamachi

2011-07-16 18:50:46 -------- d-----w- c:\program files\LogMeIn Hamachi

2011-07-08 02:41:25 -------- d-----w- c:\documents and settings\user\application data\.minecraft

2011-07-03 17:56:41 -------- d-----w- c:\documents and settings\user\application data\Ace

2011-07-02 05:45:26 -------- d-----w- c:\windows\Downloaded Installations

2011-06-29 17:57:24 -------- d-----w- c:\documents and settings\user\application data\GetRightToGo

2011-06-29 17:50:44 -------- d-----w- c:\program files\common files\PCSuite

2011-06-29 17:50:44 -------- d-----w- c:\program files\common files\Nokia

2011-06-24 17:50:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-24 03:38:14 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-06-24 03:38:14 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-06-23 08:49:15 -------- d-----w- c:\program files\Elite Silkroad Online

.

==================== Find3M ====================

.

2011-05-28 04:36:30 6904040 ----a-w- c:\windows\system32\SpoonUninstall.exe

2011-05-16 18:04:29 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-16 18:04:28 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-12 18:26:13 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

.

============= FINISH: 3:57:19,45 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-07-14.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12.10.2010 г. 19:49:07

System Uptime: 18.7.2011 г. 14:24:42 (13 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | EP35-DS3

Processor: Intel Pentium III Xeon processor | Socket 775 | 2500/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 23 GiB total, 3,423 GiB free.

D: is FIXED (NTFS) - 210 GiB total, 37,963 GiB free.

E: is CDROM (CDFS)

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Realtek PCIe GBE Family Controller

Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_01\4&345CAFAF&0&00E4

Manufacturer: Realtek Semiconductor Corp.

Name: Realtek PCIe GBE Family Controller

PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_01\4&345CAFAF&0&00E4

Service: RTLE8023xp

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

3DMark06

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.0)

Adobe Shockwave Player 11.5

Ant War

ATI AVIVO Codecs

ATI Catalyst Control Center

ATI Catalyst Install Manager

ATI Catalyst Registration

ATI Parental Control & Encoder

ATI Problem Report Wizard

BitComet 1.27

Bulgarian Keyboards XP by G. Atanasov

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

dBpoweramp Music Converter

Dead Space™

Diskeeper 2008 Pro Premier

DivX Setup

Elite Silkroad Online version 1.036

Eurobattle.net

Facemoods Toolbar

FlexType 2K

Garena 2010

Garena Messenger

Google Chrome

Guard.Mail.ru

High Definition Audio Driver Package - KB835221

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB976002-v5)

Java Auto Updater

Java™ 6 Update 22

JDownloader 0.9

K-Lite Codec Pack 6.4.0 (Full)

League of Legends

LIVE gaming on Windows Runtime Version 1.0.6027

LogMeIn Hamachi

Mail.Ru СїутЅёє 2.3.0.104

Mail.Ru ріµЅт 5.6 (с±ѕрє° 3397, ґ»я Ісµх їѕ»ь·ѕІ°тµ»µ№)

Malwarebytes' Anti-Malware version 1.51.1.1800

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office FrontPage 2003

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 5.0 (x86 bg)

Nokia Multimedia Player

Norton Security Scan

Pando Media Booster

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

Security Update for 2007 Microsoft Office System (KB951550)

Security Update for 2007 Microsoft Office System (KB951944)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Silkroad

SilkRoad Online

Skins

Skype 2.5

Skype Toolbars

Skype™ 5.3

SpeechRedist

SUPERAntiSpyware

System Requirements Lab CYRI

TeamSpeak 3 Client

TeamViewer 6

The Lord of the Rings FREE Trial

Timed Shutdown 0.51b

Unlocker 1.9.0

Update for 2007 Microsoft Office System (KB967642)

Update for Outlook 2007 Junk Email Filter (kb2410711)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB898461)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.4053

Veetle TV 0.9.18

WebFldrs XP

Winamp (remove only)

WinRAR archiver

у°рфё»ґ 2

Сорри, че не поствам целия лог от Attach-a, но казваше, че поста е прекалено дълъг...Дава 1 грешка много пъти и ето я

[7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Тва го дава от 12-ти насам и още 1 нещо, което само 3 пъти го е давало :

12.7.2011 і. 09:49:49, error: Service Control Manager [7000] - The TunngleService service failed to start due to the following error: The system cannot find the file specified.

Ще бъда благодарен, ако имам вирус някой да помогне или пък да ми каже, ако е от 'сро-то'(Silkroad), та да кажа на брат ми да им намали бройката.. http://www.kaldata.com/forums/public/style_emoticons/<#EMO_DIR#>/smile.gif

Едит - Забравих да кажа, че днеска изтрих троянец с SUPERAntiSpyware Free версията, поне така казва. Също така вчера откриваше 77 Cookie Adware, които не можех да изтрия, защото не можех да цъкна бутона, щото нали се беше 'бъгнало' пак и нищо не можех да правя.

Редактирано от nologo (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Привет, Jmork!

Изтеглете aswMBR и го запазете на вашия десктоп.

  • Стартирайте aswMBR.exe.
  • Изберете Scan, за да започне проверката.
  • Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му с Copy/ Paste в следващия си коментар.
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не ми казахте дали да си изтегля Аваст и тогава да сканирам или дали "Trace disk IO calls" да има тикче(аз го оставих с тикче, както си беше) ии това е лога: aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software Run date: 2011-07-20 03:10:07 ----------------------------- 03:10:07.421 OS Version: Windows 5.1.2600 Service Pack 3 03:10:07.421 Number of processors: 2 586 0x1706 03:10:07.421 ComputerName: NONAME UserName: user 03:10:07.906 Initialize success 03:10:25.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-e 03:10:25.843 Disk 0 Vendor: ST3250620AS 3.AAE Size: 238475MB BusType: 3 03:10:25.859 Disk 0 MBR read successfully 03:10:25.859 Disk 0 MBR scan 03:10:25.859 Disk 0 Windows XP default MBR code 03:10:25.859 Disk 0 scanning sectors +488392065 03:10:25.921 Disk 0 scanning C:\WINDOWS\system32\drivers 03:10:31.125 Service scanning 03:10:32.109 Disk 0 trace - called modules: 03:10:32.125 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spqv.sys >>UNKNOWN [0x89bc0938]<< 03:10:32.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89abaab8] 03:10:32.125 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000078[0x89b4e2b8] 03:10:32.125 5 ACPI.sys[f7496620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-e[0x89abed98] 03:10:32.125 Scan finished successfully 03:10:59.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat" 03:10:59.234 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сега изтеглете ComboFix от: тук

ВАЖНО: Запазете ComboFix.exe на вашия десктоп!

  • Прекратете временно работата на антивирусната програма и на други програми за сигурност, ако има такива. Ако не можете спрете антивирусната програма или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs. За MICROSOFT SECURITY ESSENTIALS - отворете MSE -> Settings -> Real Time Protection -> демаркирайте Turn on real time protection -> излезте oт MSE (Exit), като приключите.

  • Стартирайте Combofix.exe и следвайте инструкциите.

Забележка:

  • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
  • ComboFix ще нулира всички настройки на Internet Explorer (IE), включително да направи IE браузър по подразбиране.
  • ComboFix ще изключи autorun функцията на всички CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и защити системата от бъдещи вируси/заплахи, които поразяват посредством autorun. Ако това е проблем за вас - моля, уведомете ме.
  • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той също ще изключи интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
  • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

Работата на ComboFix може да отнеме до 20-30 минути. Затова имайте търпение. Когато процесът приключи успешно, ComboFix ще създаде лог файл. Моля, копирайте съдържанието на C:\ComboFix.txt и го поставете в следващия си коментар в тази тема.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Без да искам мръднах мишката и нищо не стана, и друго - за около 5 минути стана :cool: Ето го лога: ComboFix 11-07-20.02 - user 07.2011 г. 15:49:18.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2046.1126 [GMT 3:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\user\Application Data\edxLabs c:\documents and settings\user\Application Data\edxLabs\edxSilkroadLoader\edxSilkroadLoader.ini c:\documents and settings\user\Application Data\edxLabs\edxSilkroadLoader\ISRO.ini c:\documents and settings\user\Application Data\edxLabs\edxSilkroadLoader5\edxSilkroadLoader5.ini c:\documents and settings\user\Application Data\Microsoft\Internet Explorer\Desktop.htt c:\windows\regedit.com D:\install.exe . . ((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 ))))))))))))))))))))))))))))))) . . 2011-07-19 23:56 . 2011-07-19 23:56 -------- d-----w- c:\windows\LastGood 2011-07-19 23:56 . 2011-07-19 23:56 -------- d-----w- c:\program files\Microsoft XNA 2011-07-19 17:44 . 2011-07-19 17:44 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{34AA2D9E-ED06-4575-ABB8-CBA5EB1BE1B2}\MpKsl334fcff9.sys 2011-07-19 11:34 . 2011-07-19 11:34 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{34AA2D9E-ED06-4575-ABB8-CBA5EB1BE1B2}\MpKslae16aa1d.sys 2011-07-19 11:33 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{34AA2D9E-ED06-4575-ABB8-CBA5EB1BE1B2}\mpengine.dll 2011-07-19 01:37 . 2011-07-19 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2011-07-17 23:09 . 2011-07-17 23:09 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com 2011-07-17 23:09 . 2011-07-17 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-07-17 23:01 . 2011-07-06 16:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-17 23:01 . 2011-07-17 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-07-17 23:01 . 2011-07-06 16:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\documents and settings\user\Application Data\QuickScan 2011-07-16 19:07 . 2011-07-16 19:07 388096 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-16 19:05 . 2011-07-16 19:05 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-07-16 18:50 . 2011-07-16 22:59 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\LogMeIn Hamachi 2011-07-16 18:50 . 2011-07-19 17:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi 2011-07-16 18:50 . 2011-07-16 18:50 -------- d-----w- c:\program files\LogMeIn Hamachi 2011-07-08 02:41 . 2011-07-08 23:43 -------- d-----w- c:\documents and settings\user\Application Data\.minecraft 2011-07-03 17:56 . 2011-07-03 17:56 -------- d-----w- c:\documents and settings\user\Application Data\Ace 2011-07-02 05:45 . 2011-07-02 05:45 -------- d-----w- c:\windows\Downloaded Installations 2011-06-29 17:59 . 2011-06-29 17:59 -------- d-----w- c:\documents and settings\user\Application Data\Nokia Multimedia Player 2011-06-29 17:57 . 2011-06-29 17:58 -------- d-----w- c:\documents and settings\user\Application Data\GetRightToGo 2011-06-29 17:50 . 2011-06-29 17:50 -------- d-----w- c:\program files\Common Files\PCSuite 2011-06-29 17:50 . 2011-06-29 17:50 -------- d-----w- c:\program files\Common Files\Nokia 2011-06-24 17:50 . 2011-06-24 17:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-24 03:38 . 2011-06-24 03:38 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-24 03:38 . 2011-06-24 03:38 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-23 08:49 . 2011-06-25 01:38 -------- d-----w- c:\program files\Elite Silkroad Online . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-07 15:55 . 2010-10-15 05:38 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-05-28 04:36 . 2011-05-28 04:38 6904040 ----a-w- c:\windows\system32\SpoonUninstall.exe 2011-05-16 18:04 . 2011-05-16 18:04 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-16 18:04 . 2011-05-16 18:04 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-12 18:26 . 2011-05-12 18:26 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2011-06-24 03:38 . 2011-05-08 21:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-04-14 . BA3D691CBA9DFDB3D50C16F6AA62F18B . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "UnlockerAssistant"="d:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "_nltide_3"="advpack.dll" [2010-09-09 124928] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ LOLRecorder.lnk - d:\program files\LOLReplay\LOLRecorder.exe [2011-6-3 204800] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D:\Program Files HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d:\program files\Free Video Zilla . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-12 17:22 136176 ----atw- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui] 2011-05-25 14:29 1951112 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-06-15 12:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "d:\\Riot Games\\League of Legends\\lol.launcher.exe"= "d:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo12\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo14\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\one more gb pt\\bojidar03-wizz\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\wizz1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\wizz3\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\war2\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\war\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\bard\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\cleric\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\botev\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Wizzard2\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Cleric\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Warrior\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Wizzard3\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Wizzard1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Bard1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Bard2\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Warlock\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\slavena\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\mendeleev_1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo11\\mBot_rSRO.exe"= "d:\\Program Files\\Counter-Strike\\hl.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56885:TCP"= 56885:TCP:Pando Media Booster "56885:UDP"= 56885:UDP:Pando Media Booster "8396:TCP"= 8396:TCP:League of Legends Launcher "8396:UDP"= 8396:UDP:League of Legends Launcher "6897:TCP"= 6897:TCP:League of Legends Launcher "6897:UDP"= 6897:UDP:League of Legends Launcher "1:TCP"= 1:TCP:BitComet 1 TCP "1:UDP"= 1:UDP:BitComet 1 UDP "6977:TCP"= 6977:TCP:League of Legends Launcher "6977:UDP"= 6977:UDP:League of Legends Launcher "6994:TCP"= 6994:TCP:League of Legends Launcher "6994:UDP"= 6994:UDP:League of Legends Launcher "8397:TCP"= 8397:TCP:League of Legends Launcher "8397:UDP"= 8397:UDP:League of Legends Launcher "6909:TCP"= 6909:TCP:League of Legends Launcher "6909:UDP"= 6909:UDP:League of Legends Launcher "6924:TCP"= 6924:TCP:League of Legends Launcher "6924:UDP"= 6924:UDP:League of Legends Launcher "6891:TCP"= 6891:TCP:League of Legends Launcher "6891:UDP"= 6891:UDP:League of Legends Launcher "6967:TCP"= 6967:TCP:League of Legends Launcher "6967:UDP"= 6967:UDP:League of Legends Launcher "6969:TCP"= 6969:TCP:League of Legends Launcher "6969:UDP"= 6969:UDP:League of Legends Launcher "8398:TCP"= 8398:TCP:League of Legends Launcher "8398:UDP"= 8398:UDP:League of Legends Launcher "8393:TCP"= 8393:TCP:League of Legends Lobby "8393:UDP"= 8393:UDP:League of Legends Lobby "8390:TCP"= 8390:TCP:League of Legends Game Client "8390:UDP"= 8390:UDP:League of Legends Game Client . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.10.2010 і. 21:02 717296] R1 MpKsl334fcff9;MpKsl334fcff9;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{34AA2D9E-ED06-4575-ABB8-CBA5EB1BE1B2}\MpKsl334fcff9.sys [19.7.2011 і. 20:44 28752] R1 MpKslae16aa1d;MpKslae16aa1d;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{34AA2D9E-ED06-4575-ABB8-CBA5EB1BE1B2}\MpKslae16aa1d.sys [19.7.2011 і. 14:34 28752] R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 і. 21:25 12872] R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 і. 21:41 67656] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [25.5.2011 і. 17:29 1336712] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [12.10.2010 і. 23:30 101904] S1 MpKsl033c3fb3;MpKsl033c3fb3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B28F4EDA-109E-42C1-950A-D1AEDA644351}\MpKsl033c3fb3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B28F4EDA-109E-42C1-950A-D1AEDA644351}\MpKsl033c3fb3.sys [?] S1 MpKsl17b57b02;MpKsl17b57b02;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0563C830-4554-4939-AD31-A226EF70EDE1}\MpKsl17b57b02.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0563C830-4554-4939-AD31-A226EF70EDE1}\MpKsl17b57b02.sys [?] S1 MpKsl48333926;MpKsl48333926;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403B3BBD-9B12-4AAA-8C7C-029C0DC606A3}\MpKsl48333926.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403B3BBD-9B12-4AAA-8C7C-029C0DC606A3}\MpKsl48333926.sys [?] S1 MpKsl51c4a38b;MpKsl51c4a38b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE0E724A-F467-45F4-A4E7-E71CC0C9F7A6}\MpKsl51c4a38b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE0E724A-F467-45F4-A4E7-E71CC0C9F7A6}\MpKsl51c4a38b.sys [?] S1 MpKsl6969e09a;MpKsl6969e09a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C82DCA72-C033-44CE-A3B2-0B8CDF924E1F}\MpKsl6969e09a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C82DCA72-C033-44CE-A3B2-0B8CDF924E1F}\MpKsl6969e09a.sys [?] S1 MpKsl792254f3;MpKsl792254f3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED4C6F61-3985-4D55-9CEB-C5672C51B9A6}\MpKsl792254f3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED4C6F61-3985-4D55-9CEB-C5672C51B9A6}\MpKsl792254f3.sys [?] S1 MpKsl7dc64bd6;MpKsl7dc64bd6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C11E37B-5F96-41B4-B5CC-D59C0E4D311C}\MpKsl7dc64bd6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C11E37B-5F96-41B4-B5CC-D59C0E4D311C}\MpKsl7dc64bd6.sys [?] S1 MpKsl9650fca1;MpKsl9650fca1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0563C830-4554-4939-AD31-A226EF70EDE1}\MpKsl9650fca1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0563C830-4554-4939-AD31-A226EF70EDE1}\MpKsl9650fca1.sys [?] S1 MpKsl9e846fa8;MpKsl9e846fa8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403B3BBD-9B12-4AAA-8C7C-029C0DC606A3}\MpKsl9e846fa8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403B3BBD-9B12-4AAA-8C7C-029C0DC606A3}\MpKsl9e846fa8.sys [?] S1 MpKslbc115a43;MpKslbc115a43;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21455996-0CFC-4BC9-92BC-CBE9C8A7A7E1}\MpKslbc115a43.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21455996-0CFC-4BC9-92BC-CBE9C8A7A7E1}\MpKslbc115a43.sys [?] S1 MpKsld5cd3426;MpKsld5cd3426;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5E45395D-C321-4550-9661-5E11526CF53D}\MpKsld5cd3426.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5E45395D-C321-4550-9661-5E11526CF53D}\MpKsld5cd3426.sys [?] S1 MpKsldb6d272f;MpKsldb6d272f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{530647D6-6119-4937-B0E8-FA58540464AC}\MpKsldb6d272f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{530647D6-6119-4937-B0E8-FA58540464AC}\MpKsldb6d272f.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 і. 13:16 130384] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.10.2010 і. 20:38 1691480] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\LOCALS~1\Temp\XPF444.tmp --> c:\docume~1\user\LOCALS~1\Temp\XPF444.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\d:\program files\Garena\safedrv.sys --> d:\program files\Garena\safedrv.sys [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 і. 13:16 753504] S4 Guard.Mail.ru;Guard.Mail.ru;"c:\program files\Mail.Ru\Guard\GuardMailRu.exe" --> c:\program files\Mail.Ru\Guard\GuardMailRu.exe [?] S4 TunngleService;TunngleService;d:\program files\Tunngle\TnglCtrl.exe --> d:\program files\Tunngle\TnglCtrl.exe [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWMBR *NewlyCreated* - CLR_OPTIMIZATION_V4.0.30319_32 *NewlyCreated* - MPKSL334FCFF9 *Deregistered* - aswMBR . Contents of the 'Scheduled Tasks' folder . 2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1647877149-1801674531-1003Core.job - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-12 17:22] . 2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1647877149-1801674531-1003UA.job - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-12 17:22] . 2011-07-20 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.bg/ IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 217.18.242.74 217.18.242.146 FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\q2gh4tdy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q= FF - prefs.js: browser.startup.homepage - hxxp://bg.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:bg:official FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe MSConfigStartUp-Guard.Mail.ru - c:\program files\Mail.Ru\Guard\GuardMailRu.exe MSConfigStartUp-MAgent - c:\program files\Mail.Ru\Agent\MAgent.exe AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe AddRemove-Guard.Mail.ru - c:\program files\Mail.Ru\Guard\GuardMailRu.exe AddRemove-MailRuSputnik - c:\program files\mail.ru\sputnik\SputnikInstaller.exe AddRemove-MRA - c:\program files\Mail.Ru\Agent\magentsetup.exe AddRemove-NSS - c:\program files\Norton Security Scan\Engine\3.0.0.103\InstWrap.exe AddRemove-{10B75CF6-5A54-4D7B-9169-70AD17181DE1}_is1 - d:\program files\Oxin's Style!\3D Sexvilla 2\Binaries\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-20 15:55 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\user\LOCALS~1\Temp\XPF444.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-583907252-1647877149-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{44189A32-547F-6733-9024-64A6AB38EF12}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(460) d:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . Completion time: 2011-07-20 15:56:57 ComboFix-quarantined-files.txt 2011-07-20 12:56 . Pre-Run: 2 110 263 296 bytes free Post-Run: 2 310 569 984 bytes free . - - End Of File - - 11B71B8EC8EAA99007A49D10A273FDE8


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Следва:

1. Изтеглете следния файл: Windows XP Service Pack 3 Network Installation Package и го запазете на десктопа.

2. След това изтеглете и разархивирайте следния файл:

Стартирайте fix.bat

3. След като стартирате BAT файла, изтеглете SystemLook и запазете програмата на десктопа.

  • Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
  • Копирайте съдържанието от цитата по-долу в текстовото поле на програмата:

    :filefind

    sfcfiles.dll

  • Кликнете на бутона Look, за да започне сканирането.
  • Когато сканирането завърши ще се отвори Notepad с резултата от сканирането. После публикувайте лог файла в следващия си коментар.
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ето го: SystemLook 04.09.10 by jpshortstuff Log created at 10:06 on 21/07/2011 by user Administrator - Elevation successful ========== filefind ========== Searching for "sfcfiles.dll" C:\WINDOWS\system32\sfcfiles.dll --a---- 1614848 bytes [17:15 14/04/2009] [17:15 14/04/2009] BA3D691CBA9DFDB3D50C16F6AA62F18B -= EOF =-

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не се получава. Имате пачнат системен файл: sfcfiles.dll

Сега изтеглете файла sfcfiles.zip от: тук на десктопа. Разархивирайте го -> на десктопа. Отново стартирайте SystemLook с инструкцията, която дадох в коментар 6 от тази тема. След това публикувайте лог файла в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

SystemLook 04.09.10 by jpshortstuff Log created at 16:09 on 21/07/2011 by user Administrator - Elevation successful ========== filefind ========== Searching for "sfcfiles.dll" C:\Documents and Settings\user\Desktop\sfcfiles.dll --a---- 1614848 bytes [13:08 21/07/2011] [02:42 14/04/2008] 9DD07AF82244867CA36681EA2D29CE79 C:\WINDOWS\system32\sfcfiles.dll --a---- 1614848 bytes [17:15 14/04/2009] [17:15 14/04/2009] BA3D691CBA9DFDB3D50C16F6AA62F18B -= EOF =- Ииии друго...Ц-то ми става по 2 мб или нещо от род и става пак на 2 гб(което си е нормал) :\

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ще заменим пачнатият файл с оригинален. Ето как:

Отворете notepad.exe и с copy/paste въведете следната информация:

FCopy::

C:\Documents and Settings\user\Desktop\sfcfiles.dll | C:\WINDOWS\system32\sfcfiles.dll

Запазете файла с име CFScript и го провлачете и пуснете в Combofix, както е показано на снимката:

Публикувано изображение

Забележка: По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !

Публикувайте лог файла, който ще се създаде след рестарта на компютъра в следващия си коментар.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Съжалявам за бавния отговор, не можах по-рано :\ Ето го: ComboFix 11-07-20.02 - user 07.2011 г. 3:03.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2046.1222 [GMT 3:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\user\Application Data\edxLabs c:\documents and settings\user\Application Data\edxLabs\edxSilkroadLoader\edxSilkroadLoader.ini c:\documents and settings\user\Application Data\Microsoft\Internet Explorer\Desktop.htt . . --------------- FCopy --------------- . c:\documents and settings\user\Desktop\sfcfiles.dll --> c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 ))))))))))))))))))))))))))))))) . . 2011-07-23 00:00 . 2011-07-23 00:00 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27C755B0-D3C0-4BA2-A964-410142246708}\MpKsl945f53c8.sys 2011-07-22 23:59 . 2011-07-22 23:59 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27C755B0-D3C0-4BA2-A964-410142246708}\MpKsl8e945936.sys 2011-07-22 12:52 . 2011-07-22 12:52 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27C755B0-D3C0-4BA2-A964-410142246708}\MpKsl68361bb7.sys 2011-07-22 12:52 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27C755B0-D3C0-4BA2-A964-410142246708}\mpengine.dll 2011-07-21 07:05 . 2011-07-21 07:05 -------- d-----w- C:\SP3 2011-07-19 23:56 . 2011-07-19 23:56 -------- d-----w- c:\windows\LastGood 2011-07-19 23:56 . 2011-07-19 23:56 -------- d-----w- c:\program files\Microsoft XNA 2011-07-19 01:37 . 2011-07-19 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2011-07-17 23:09 . 2011-07-17 23:09 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com 2011-07-17 23:09 . 2011-07-17 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-07-17 23:01 . 2011-07-06 16:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-17 23:01 . 2011-07-17 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-07-17 23:01 . 2011-07-06 16:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\documents and settings\user\Application Data\QuickScan 2011-07-16 19:07 . 2011-07-16 19:07 388096 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-16 19:05 . 2011-07-16 19:05 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-07-16 18:50 . 2011-07-20 17:33 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\LogMeIn Hamachi 2011-07-16 18:50 . 2011-07-20 17:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi 2011-07-16 18:50 . 2011-07-16 18:50 -------- d-----w- c:\program files\LogMeIn Hamachi 2011-07-08 02:41 . 2011-07-08 23:43 -------- d-----w- c:\documents and settings\user\Application Data\.minecraft 2011-07-03 17:56 . 2011-07-03 17:56 -------- d-----w- c:\documents and settings\user\Application Data\Ace 2011-07-02 05:45 . 2011-07-02 05:45 -------- d-----w- c:\windows\Downloaded Installations 2011-06-29 17:59 . 2011-06-29 17:59 -------- d-----w- c:\documents and settings\user\Application Data\Nokia Multimedia Player 2011-06-29 17:57 . 2011-06-29 17:58 -------- d-----w- c:\documents and settings\user\Application Data\GetRightToGo 2011-06-29 17:50 . 2011-06-29 17:50 -------- d-----w- c:\program files\Common Files\PCSuite 2011-06-29 17:50 . 2011-06-29 17:50 -------- d-----w- c:\program files\Common Files\Nokia 2011-06-24 17:50 . 2011-06-24 17:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-24 03:38 . 2011-06-24 03:38 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-24 03:38 . 2011-06-24 03:38 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-23 08:49 . 2011-06-25 01:38 -------- d-----w- c:\program files\Elite Silkroad Online . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-13 03:39 . 2010-10-15 05:38 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-05-28 04:36 . 2011-05-28 04:38 6904040 ----a-w- c:\windows\system32\SpoonUninstall.exe 2011-05-16 18:04 . 2011-05-16 18:04 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-16 18:04 . 2011-05-16 18:04 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-12 18:26 . 2011-05-12 18:26 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2011-06-24 03:38 . 2011-05-08 21:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-07-20_12.55.28 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-21 07:29 . 2011-07-21 07:29 371272 c:\windows\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe - 2011-07-17 13:08 . 2011-07-17 13:08 371272 c:\windows\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "UnlockerAssistant"="d:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "_nltide_3"="advpack.dll" [2010-09-09 124928] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ LOLRecorder.lnk - d:\program files\LOLReplay\LOLRecorder.exe [2011-6-3 204800] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-12 17:22 136176 ----atw- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui] 2011-05-25 14:29 1951112 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-06-15 12:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "d:\\Riot Games\\League of Legends\\lol.launcher.exe"= "d:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo12\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo14\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\one more gb pt\\bojidar03-wizz\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\wizz1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\wizz3\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\war2\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\war\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\bard\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\cleric\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\botev\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Wizzard2\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Cleric\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Warrior\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Wizzard3\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Wizzard1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Bard1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Bard2\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Warlock\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\slavena\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\mendeleev_1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo11\\mBot_rSRO.exe"= "d:\\Program Files\\Counter-Strike\\hl.exe"= "d:\\Program Files\\Terraria\\Terraria.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56885:TCP"= 56885:TCP:Pando Media Booster "56885:UDP"= 56885:UDP:Pando Media Booster "8396:TCP"= 8396:TCP:League of Legends Launcher "8396:UDP"= 8396:UDP:League of Legends Launcher "6897:TCP"= 6897:TCP:League of Legends Launcher "6897:UDP"= 6897:UDP:League of Legends Launcher "1:TCP"= 1:TCP:BitComet 1 TCP "1:UDP"= 1:UDP:BitComet 1 UDP "6977:TCP"= 6977:TCP:League of Legends Launcher "6977:UDP"= 6977:UDP:League of Legends Launcher "6994:TCP"= 6994:TCP:League of Legends Launcher "6994:UDP"= 6994:UDP:League of Legends Launcher "8397:TCP"= 8397:TCP:League of Legends Launcher "8397:UDP"= 8397:UDP:League of Legends Launcher "6909:TCP"= 6909:TCP:League of Legends Launcher "6909:UDP"= 6909:UDP:League of Legends Launcher "6924:TCP"= 6924:TCP:League of Legends Launcher "6924:UDP"= 6924:UDP:League of Legends Launcher "6891:TCP"= 6891:TCP:League of Legends Launcher "6891:UDP"= 6891:UDP:League of Legends Launcher "6967:TCP"= 6967:TCP:League of Legends Launcher "6967:UDP"= 6967:UDP:League of Legends Launcher "6969:TCP"= 6969:TCP:League of Legends Launcher "6969:UDP"= 6969:UDP:League of Legends Launcher "8398:TCP"= 8398:TCP:League of Legends Launcher "8398:UDP"= 8398:UDP:League of Legends Launcher "8393:TCP"= 8393:TCP:League of Legends Lobby "8393:UDP"= 8393:UDP:League of Legends Lobby "8390:TCP"= 8390:TCP:League of Legends Game Client "8390:UDP"= 8390:UDP:League of Legends Game Client . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.10.2010 і. 21:02 717296] R1 MpKsl334fcff9;MpKsl334fcff9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{34AA2D9E-ED06-4575-ABB8-CBA5EB1BE1B2}\MpKsl334fcff9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{34AA2D9E-ED06-4575-ABB8-CBA5EB1BE1B2}\MpKsl334fcff9.sys [?] R1 MpKsl68361bb7;MpKsl68361bb7;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27C755B0-D3C0-4BA2-A964-410142246708}\MpKsl68361bb7.sys [22.7.2011 і. 15:52 28752] R1 MpKsl8e945936;MpKsl8e945936;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27C755B0-D3C0-4BA2-A964-410142246708}\MpKsl8e945936.sys [23.7.2011 і. 02:59 28752] R1 MpKsl945f53c8;MpKsl945f53c8;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27C755B0-D3C0-4BA2-A964-410142246708}\MpKsl945f53c8.sys [23.7.2011 і. 03:00 28752] R1 MpKslae16aa1d;MpKslae16aa1d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{34AA2D9E-ED06-4575-ABB8-CBA5EB1BE1B2}\MpKslae16aa1d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{34AA2D9E-ED06-4575-ABB8-CBA5EB1BE1B2}\MpKslae16aa1d.sys [?] R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 і. 21:25 12872] R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 і. 21:41 67656] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [12.10.2010 і. 23:30 101904] S1 MpKsl033c3fb3;MpKsl033c3fb3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B28F4EDA-109E-42C1-950A-D1AEDA644351}\MpKsl033c3fb3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B28F4EDA-109E-42C1-950A-D1AEDA644351}\MpKsl033c3fb3.sys [?] S1 MpKsl17b57b02;MpKsl17b57b02;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0563C830-4554-4939-AD31-A226EF70EDE1}\MpKsl17b57b02.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0563C830-4554-4939-AD31-A226EF70EDE1}\MpKsl17b57b02.sys [?] S1 MpKsl48333926;MpKsl48333926;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403B3BBD-9B12-4AAA-8C7C-029C0DC606A3}\MpKsl48333926.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403B3BBD-9B12-4AAA-8C7C-029C0DC606A3}\MpKsl48333926.sys [?] S1 MpKsl51c4a38b;MpKsl51c4a38b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE0E724A-F467-45F4-A4E7-E71CC0C9F7A6}\MpKsl51c4a38b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE0E724A-F467-45F4-A4E7-E71CC0C9F7A6}\MpKsl51c4a38b.sys [?] S1 MpKsl6969e09a;MpKsl6969e09a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C82DCA72-C033-44CE-A3B2-0B8CDF924E1F}\MpKsl6969e09a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C82DCA72-C033-44CE-A3B2-0B8CDF924E1F}\MpKsl6969e09a.sys [?] S1 MpKsl792254f3;MpKsl792254f3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED4C6F61-3985-4D55-9CEB-C5672C51B9A6}\MpKsl792254f3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED4C6F61-3985-4D55-9CEB-C5672C51B9A6}\MpKsl792254f3.sys [?] S1 MpKsl7dc64bd6;MpKsl7dc64bd6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C11E37B-5F96-41B4-B5CC-D59C0E4D311C}\MpKsl7dc64bd6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C11E37B-5F96-41B4-B5CC-D59C0E4D311C}\MpKsl7dc64bd6.sys [?] S1 MpKsl9650fca1;MpKsl9650fca1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0563C830-4554-4939-AD31-A226EF70EDE1}\MpKsl9650fca1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0563C830-4554-4939-AD31-A226EF70EDE1}\MpKsl9650fca1.sys [?] S1 MpKsl9e846fa8;MpKsl9e846fa8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403B3BBD-9B12-4AAA-8C7C-029C0DC606A3}\MpKsl9e846fa8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403B3BBD-9B12-4AAA-8C7C-029C0DC606A3}\MpKsl9e846fa8.sys [?] S1 MpKslbc115a43;MpKslbc115a43;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21455996-0CFC-4BC9-92BC-CBE9C8A7A7E1}\MpKslbc115a43.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21455996-0CFC-4BC9-92BC-CBE9C8A7A7E1}\MpKslbc115a43.sys [?] S1 MpKsld5cd3426;MpKsld5cd3426;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5E45395D-C321-4550-9661-5E11526CF53D}\MpKsld5cd3426.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5E45395D-C321-4550-9661-5E11526CF53D}\MpKsld5cd3426.sys [?] S1 MpKsldb6d272f;MpKsldb6d272f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{530647D6-6119-4937-B0E8-FA58540464AC}\MpKsldb6d272f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{530647D6-6119-4937-B0E8-FA58540464AC}\MpKsldb6d272f.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 і. 13:16 130384] S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [25.5.2011 і. 17:29 1336712] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.10.2010 і. 20:38 1691480] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\LOCALS~1\Temp\XPF444.tmp --> c:\docume~1\user\LOCALS~1\Temp\XPF444.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\d:\program files\Garena\safedrv.sys --> d:\program files\Garena\safedrv.sys [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 і. 13:16 753504] S4 Guard.Mail.ru;Guard.Mail.ru;"c:\program files\Mail.Ru\Guard\GuardMailRu.exe" --> c:\program files\Mail.Ru\Guard\GuardMailRu.exe [?] S4 TunngleService;TunngleService;d:\program files\Tunngle\TnglCtrl.exe --> d:\program files\Tunngle\TnglCtrl.exe [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWMBR *NewlyCreated* - CLR_OPTIMIZATION_V4.0.30319_32 *NewlyCreated* - MPKSL1E91E7FE *NewlyCreated* - MPKSL334FCFF9 *NewlyCreated* - MPKSL68361BB7 *NewlyCreated* - MPKSL8E945936 *NewlyCreated* - MPKSL945F53C8 *Deregistered* - aswMBR *Deregistered* - MpKsl1e91e7fe . Contents of the 'Scheduled Tasks' folder . 2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1647877149-1801674531-1003Core.job - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-12 17:22] . 2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1647877149-1801674531-1003UA.job - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-12 17:22] . 2011-07-20 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.bg/ IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 217.18.242.74 217.18.242.146 FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\q2gh4tdy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q= FF - prefs.js: browser.startup.homepage - hxxp://bg.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:bg:official FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q= FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-23 03:08 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\user\LOCALS~1\Temp\XPF444.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-583907252-1647877149-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{44189A32-547F-6733-9024-64A6AB38EF12}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(460) d:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . Completion time: 2011-07-23 03:10:04 ComboFix-quarantined-files.txt 2011-07-23 00:09 ComboFix2.txt 2011-07-20 12:56 . Pre-Run: 2 142 339 072 bytes free Post-Run: 2 134 654 976 bytes free . - - End Of File - - 2651697DCC4D341A9E94A7AB38412018

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Заместихме файла. Има още малко за чистене, затова отворете notepad.exe и с copy/paste въведете следната информация:

KILLALL::

Driver::

MpKsl334fcff9

MpKsl68361bb7

MpKsl8e945936

MpKsl945f53c8

MpKslae16aa1d

MpKsl033c3fb3

MpKsl17b57b02

MpKsl48333926

MpKsl51c4a38b

MpKsl6969e09a

MpKsl792254f3

MpKsl7dc64bd6

MpKsl9650fca1

MpKsl9e846fa8

MpKslbc115a43

MpKsld5cd3426

MpKsldb6d272f

Guard.Mail.ru

File::

c:\program files\Mail.Ru\Guard\GuardMailRu.exe

Folder::

c:\program files\Mail.Ru\Guard

C:\SP3

RegLock::

[HKEY_USERS\S-1-5-21-583907252-1647877149-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{44189A32-547F-6733-9024-64A6AB38EF12}*]

Запазете файла с име CFScript и го провлачете и пуснете в Combofix, както е показано на снимката:

Публикувано изображение

Забележка: По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !

Публикувайте лог файла, който ще се създаде след рестарта на компютъра в следващия си коментар.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ето: ComboFix 11-07-20.02 - user 07.2011 г. 11:14:56.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2046.943 [GMT 3:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} * Created a new restore point . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . FILE :: "c:\program files\Mail.Ru\Guard\GuardMailRu.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\user\Application Data\edxLabs c:\documents and settings\user\Application Data\edxLabs\edxSilkroadLoader\edxSilkroadLoader.ini C:\SP3 . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_GUARD.MAIL.RU -------\Legacy_MPKSL033C3FB3 -------\Legacy_MPKSL334FCFF9 -------\Legacy_MPKSL48333926 -------\Legacy_MPKSL51C4A38B -------\Legacy_MPKSL68361BB7 -------\Legacy_MPKSL6969E09A -------\Legacy_MPKSL792254F3 -------\Legacy_MPKSL7DC64BD6 -------\Legacy_MPKSL8E945936 -------\Legacy_MPKSL945F53C8 -------\Legacy_MPKSL9650FCA1 -------\Legacy_MPKSL9E846FA8 -------\Legacy_MPKSLAE16AA1D -------\Legacy_MPKSLBC115A43 -------\Legacy_MPKSLD5CD3426 -------\Legacy_MPKSLDB6D272F -------\Service_Guard.Mail.ru -------\Service_MpKsl033c3fb3 -------\Service_MpKsl17b57b02 -------\Service_MpKsl334fcff9 -------\Service_MpKsl48333926 -------\Service_MpKsl51c4a38b -------\Service_MpKsl68361bb7 -------\Service_MpKsl6969e09a -------\Service_MpKsl792254f3 -------\Service_MpKsl7dc64bd6 -------\Service_MpKsl8e945936 -------\Service_MpKsl945f53c8 -------\Service_MpKsl9650fca1 -------\Service_MpKsl9e846fa8 -------\Service_MpKslae16aa1d -------\Service_MpKslbc115a43 -------\Service_MpKsld5cd3426 -------\Service_MpKsldb6d272f . . ((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 ))))))))))))))))))))))))))))))) . . 2011-07-25 08:22 . 2011-07-25 08:22 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{698B0732-30BD-45DD-9B9D-34ABDC63544A}\MpKsl9b43981f.sys 2011-07-25 08:02 . 2011-07-25 08:02 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{698B0732-30BD-45DD-9B9D-34ABDC63544A}\MpKslea7fee3f.sys 2011-07-25 00:19 . 2011-07-25 00:19 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{698B0732-30BD-45DD-9B9D-34ABDC63544A}\MpKsl84ad62d5.sys 2011-07-25 00:18 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{698B0732-30BD-45DD-9B9D-34ABDC63544A}\mpengine.dll 2011-07-24 22:55 . 2011-07-24 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2011-07-24 22:54 . 2011-07-24 22:54 -------- d-----w- c:\program files\Common Files\Apple 2011-07-24 22:54 . 2011-07-24 22:54 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple 2011-07-24 22:54 . 2011-07-24 22:54 -------- d-----w- c:\program files\Apple Software Update 2011-07-24 22:54 . 2011-07-24 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2011-07-24 22:54 . 2011-07-24 22:54 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple Computer 2011-07-19 23:56 . 2011-07-19 23:56 -------- d-----w- c:\program files\Microsoft XNA 2011-07-19 01:37 . 2011-07-19 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2011-07-17 23:09 . 2011-07-17 23:09 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com 2011-07-17 23:09 . 2011-07-17 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-07-17 23:01 . 2011-07-06 16:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-17 23:01 . 2011-07-17 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-07-17 23:01 . 2011-07-06 16:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\documents and settings\user\Application Data\QuickScan 2011-07-16 19:07 . 2011-07-16 19:07 388096 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-16 19:05 . 2011-07-16 19:05 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-07-16 18:50 . 2011-07-20 17:33 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\LogMeIn Hamachi 2011-07-16 18:50 . 2011-07-25 08:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi 2011-07-16 18:50 . 2011-07-16 18:50 -------- d-----w- c:\program files\LogMeIn Hamachi 2011-07-08 02:41 . 2011-07-08 23:43 -------- d-----w- c:\documents and settings\user\Application Data\.minecraft 2011-07-03 17:56 . 2011-07-03 17:56 -------- d-----w- c:\documents and settings\user\Application Data\Ace 2011-07-02 05:45 . 2011-07-02 05:45 -------- d-----w- c:\windows\Downloaded Installations 2011-06-29 17:59 . 2011-06-29 17:59 -------- d-----w- c:\documents and settings\user\Application Data\Nokia Multimedia Player 2011-06-29 17:57 . 2011-06-29 17:58 -------- d-----w- c:\documents and settings\user\Application Data\GetRightToGo 2011-06-29 17:50 . 2011-06-29 17:50 -------- d-----w- c:\program files\Common Files\PCSuite 2011-06-29 17:50 . 2011-06-29 17:50 -------- d-----w- c:\program files\Common Files\Nokia . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-13 03:39 . 2010-10-15 05:38 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-06-24 17:50 . 2011-06-24 17:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-28 04:36 . 2011-05-28 04:38 6904040 ----a-w- c:\windows\system32\SpoonUninstall.exe 2011-05-16 18:04 . 2011-05-16 18:04 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-16 18:04 . 2011-05-16 18:04 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-12 18:26 . 2011-05-12 18:26 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2011-06-24 03:38 . 2011-05-08 21:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-07-20_12.55.28 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-25 08:22 . 2011-07-25 08:22 16384 c:\windows\temp\Perflib_Perfdata_634.dat + 2011-07-25 08:22 . 2011-07-25 08:22 16384 c:\windows\temp\Perflib_Perfdata_528.dat + 2011-07-24 22:54 . 2011-07-24 22:54 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe + 2011-07-24 22:55 . 2011-07-24 22:55 811008 c:\windows\Installer\1adcc143.msi - 2011-07-17 13:08 . 2011-07-17 13:08 371272 c:\windows\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe + 2011-07-21 07:29 . 2011-07-21 07:29 371272 c:\windows\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe + 2009-04-14 17:15 . 2008-04-14 02:42 1614848 c:\windows\system32\sfcfiles.dll - 2009-04-14 17:15 . 2009-04-14 17:15 1614848 c:\windows\system32\sfcfiles.dll + 2011-07-24 22:55 . 2011-07-24 22:55 9472000 c:\windows\Installer\1adcc147.msi + 2011-07-24 22:54 . 2011-07-24 22:54 1549312 c:\windows\Installer\1adcc13d.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "UnlockerAssistant"="d:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "_nltide_3"="advpack.dll" [2010-09-09 124928] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ LOLRecorder.lnk - d:\program files\LOLReplay\LOLRecorder.exe [2011-6-3 204800] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-12 17:22 136176 ----atw- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui] 2011-05-25 14:29 1951112 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-06-15 12:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "d:\\Riot Games\\League of Legends\\lol.launcher.exe"= "d:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo12\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo14\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\one more gb pt\\bojidar03-wizz\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\wizz1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\wizz3\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\war2\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\war\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\bard\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\cleric\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\botev\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Wizzard2\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Cleric\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Warrior\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Wizzard3\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Wizzard1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Bard1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Bard2\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Warlock\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\slavena\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\mendeleev_1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo11\\mBot_rSRO.exe"= "d:\\Program Files\\Counter-Strike\\hl.exe"= "d:\\Program Files\\Terraria\\Terraria.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56885:TCP"= 56885:TCP:Pando Media Booster "56885:UDP"= 56885:UDP:Pando Media Booster "8396:TCP"= 8396:TCP:League of Legends Launcher "8396:UDP"= 8396:UDP:League of Legends Launcher "6897:TCP"= 6897:TCP:League of Legends Launcher "6897:UDP"= 6897:UDP:League of Legends Launcher "1:TCP"= 1:TCP:BitComet 1 TCP "1:UDP"= 1:UDP:BitComet 1 UDP "6977:TCP"= 6977:TCP:League of Legends Launcher "6977:UDP"= 6977:UDP:League of Legends Launcher "6994:TCP"= 6994:TCP:League of Legends Launcher "6994:UDP"= 6994:UDP:League of Legends Launcher "8397:TCP"= 8397:TCP:League of Legends Launcher "8397:UDP"= 8397:UDP:League of Legends Launcher "6909:TCP"= 6909:TCP:League of Legends Launcher "6909:UDP"= 6909:UDP:League of Legends Launcher "6924:TCP"= 6924:TCP:League of Legends Launcher "6924:UDP"= 6924:UDP:League of Legends Launcher "6891:TCP"= 6891:TCP:League of Legends Launcher "6891:UDP"= 6891:UDP:League of Legends Launcher "6967:TCP"= 6967:TCP:League of Legends Launcher "6967:UDP"= 6967:UDP:League of Legends Launcher "6969:TCP"= 6969:TCP:League of Legends Launcher "6969:UDP"= 6969:UDP:League of Legends Launcher "8398:TCP"= 8398:TCP:League of Legends Launcher "8398:UDP"= 8398:UDP:League of Legends Launcher "8393:TCP"= 8393:TCP:League of Legends Lobby "8393:UDP"= 8393:UDP:League of Legends Lobby "8390:TCP"= 8390:TCP:League of Legends Game Client "8390:UDP"= 8390:UDP:League of Legends Game Client . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.10.2010 і. 21:02 717296] R1 MpKsl84ad62d5;MpKsl84ad62d5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{698B0732-30BD-45DD-9B9D-34ABDC63544A}\MpKsl84ad62d5.sys [25.7.2011 і. 03:19 28752] R1 MpKsl9b43981f;MpKsl9b43981f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{698B0732-30BD-45DD-9B9D-34ABDC63544A}\MpKsl9b43981f.sys [25.7.2011 і. 11:22 28752] R1 MpKslea7fee3f;MpKslea7fee3f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{698B0732-30BD-45DD-9B9D-34ABDC63544A}\MpKslea7fee3f.sys [25.7.2011 і. 11:02 28752] R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 і. 21:25 12872] R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 і. 21:41 67656] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [25.5.2011 і. 17:29 1336712] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [12.10.2010 і. 23:30 101904] S1 MpKsl345c7aba;MpKsl345c7aba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{698B0732-30BD-45DD-9B9D-34ABDC63544A}\MpKsl345c7aba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{698B0732-30BD-45DD-9B9D-34ABDC63544A}\MpKsl345c7aba.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 і. 13:16 130384] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.10.2010 і. 20:38 1691480] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\LOCALS~1\Temp\XPF444.tmp --> c:\docume~1\user\LOCALS~1\Temp\XPF444.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\d:\program files\Garena\safedrv.sys --> d:\program files\Garena\safedrv.sys [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 і. 13:16 753504] S4 TunngleService;TunngleService;d:\program files\Tunngle\TnglCtrl.exe --> d:\program files\Tunngle\TnglCtrl.exe [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL9B43981F . Contents of the 'Scheduled Tasks' folder . 2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1647877149-1801674531-1003Core.job - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-12 17:22] . 2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1647877149-1801674531-1003UA.job - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-12 17:22] . 2011-07-25 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.bg/ IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 217.18.242.74 217.18.242.146 TCP: Interfaces\{3FD69C30-DA83-442B-9EFB-8E7AC723A323}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\q2gh4tdy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q= FF - prefs.js: browser.startup.homepage - hxxp://bg.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:bg:official FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q= FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-25 11:22 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\user\LOCALS~1\Temp\XPF444.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-583907252-1647877149-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{44189A32-547F-6733-9024-64A6AB38EF12}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(464) d:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . - - - - - - - > 'explorer.exe'(2800) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\windows\system32\Ati2evxx.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\RTHDCPL.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Completion time: 2011-07-25 11:26:47 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-25 08:26 ComboFix2.txt 2011-07-23 00:10 ComboFix3.txt 2011-07-20 12:56 . Pre-Run: 1 886 400 512 bytes free Post-Run: 1 804 734 464 bytes free . - - End Of File - - 8F5C9553C440D67AAF2A0DDAA1C956DE

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Деинсталирайте Combofix: Start -> Run -> въведете с Copy/ Paste следния текст, маркиран в синьо:

Combofix /Uninstall

Натиснете Enter.

Може да изтриете останалите инструменти, които използвахме в темата: DDS, aswMBR, SystemLook, както и логовете им.

Има ли някакво подобрение, следа като почистихме?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
публикувано (редактирано)

Еми натоварих го пак с 3 игри, мозила, хром и ИЕ и пак не може да се цъка десен бутон, нито да се пусне нищо. Иначе процесора не е на 100%...Ако не ги пускам иначе си е ок де... ЕДИТ - Забравих да кажа, че вчера при ЛоЛ, браузър и скайп не можеше да се цъкне, така че май има подобрение :cheers:

Редактирано от Jmork (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Този Windows е самоделка, кастрен е с nlite, справка:

dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

Може да пооправим малко нещата без преинсталация, като инсталираме наново Service Pack 3. Ето как:

1. Изтеглете следния файл: Windows XP Service Pack 3 Network Installation Package и го запазете на десктопа.

2. Временно спрете антивирусната програма и Интернет.

3. Стартирайте файла WindowsXP-KB936929-SP3-x86-ENU.exe и изчакайте да се инсталира. След това рестартирайте. Проверете дали има Интернет и дали антивирусът работи.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
публикувано (редактирано)

Май вече е ок :) 67 процеса, процесорът показва, че не се използва на макс и пак могат да се пускат програми и да се цъка десния бутон(и лагва много естествено де ;D). Благодаря за помощта, и ако мислите, че има друго какво да се прави казвайте ;)

Редактирано от Jmork (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Повече няма какво да се прави. След като няма оплаквания от WIndows, маркирам проблема като решен. Приятен ден и успех!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
публикувано (редактирано)

Хммм...За жалост пак нещо му става :\ В момента съм с 63 процеса и пак не може да се цъка, нито да се отваря нещо. И доло на таскбара са 9 неща отворени, махам едно и пак мога да пусна нещо. Процесът не е на 100%.. И Ц-то пак ми стана 2-3 мб и пак се оправи. :| ЕДИТ - Не че аз седя с толкова де, обаче ся и при 4 ми е така. И искам да попитам виртуалната памет колко трябва да я настроя като съм с 2гб рам. Смисъл Initial size и Maximum.

Редактирано от Jmork (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.