Премини към съдържанието

    Препоръчан отговор


    Здравейте. Нов съм в този форум и мисля, че на компа ми има вирус или е от това, че вървят ~60 процеса на него :\ Проблемът е, че не мога да стартирам нищо. Смисъл сега мога, и процесорът не се използва на 100%, но когато примерно си пусна музика от мозилата + ЛоЛ, не мога да цъкна десен бутон на таскбара, дестопа, не мога да отворя файл. И не става само тогава, от около 4 дни става това. Не знам дали е защото, на брат ми му вървят 21 мБота или имам вирус. Преди не ставаше така, но също и ботовете бяха около 18. Не знам дали е, защото показва, че процесора се използва 100%...Иии ако не сте ме разбрали много добре(което обикновено става о.о) ви давам логовете. А и нямам диск на Уиндоус.

    DDS:

    DDS (Ver_2011-07-14.01) - NTFS_x86

    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22

    Run by user at 3:56:34 on 2011-07-19

    Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2046.797 [GMT 3:00]

    .

    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

    .

    ============== Running Processes ================

    .

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\Microsoft Security Client\msseces.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\WINDOWS\System32\alg.exe

    D:\Program Files\LOLReplay\LOLRecorder.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

    C:\Documents and Settings\user\Desktop\party\bard\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\party\wizz1\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\party\wizz3\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\party\cleric\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\party\war\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\all linked with rsro\botev\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\party\war2\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\one more gb pt\bojidar03-wizz\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\all linked with rsro\SROOOOOOO\mbot hide\mBot_AC.exe

    C:\Documents and Settings\user\Desktop\gbots\Ongi\Wizzard2\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\gbots\Ongi\Cleric\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\gbots\Ongi\Warrior\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\gbots\Ongi\Wizzard3\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\gbots\Ongi\Bard2\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\gbots\Ongi\Bard1\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\gbots\Ongi\Warlock\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\gbots\Ongi\Wizzard1\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\all linked with rsro\SROOOOOOO\bojo14\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\all linked with rsro\slavena\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\all linked with rsro\SROOOOOOO\bojo12\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\all linked with rsro\SROOOOOOO\mendeleev_1\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\all linked with rsro\SROOOOOOO\bojo\mBot_rSRO.exe

    C:\Documents and Settings\user\Desktop\all linked with rsro\SROOOOOOO\bojo11\mBot_rSRO.exe

    C:\Program Files\Mozilla Firefox\plugin-container.exe

    C:\WINDOWS\system32\taskmgr.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Mozilla Firefox\plugin-container.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

    C:\WINDOWS\system32\svchost.exe -k NetworkService

    C:\WINDOWS\system32\svchost.exe -k LocalService

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.google.bg/

    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - d:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll

    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

    BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun

    uRun: [sUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe

    mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

    mRun: [RTHDCPL] RTHDCPL.EXE

    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

    mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"

    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

    mRun: [unlockerAssistant] "d:\program files\unlocker\UnlockerAssistant.exe"

    mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

    dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32

    dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lolrec~1.lnk - d:\program files\lolreplay\LOLRecorder.exe

    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

    IE: &D&ownload &with BitComet - d:\program files\bitcomet\BitComet.exe/AddLink.htm

    IE: &D&ownload all with BitComet - d:\program files\bitcomet\BitComet.exe/AddAllLink.htm

    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - d:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286905199406

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

    DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.sopcast.com/download/SOPCORE.CAB

    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

    TCP: NameServer = 217.18.242.74 217.18.242.146

    TCP: Interfaces\{3FD69C30-DA83-442B-9EFB-8E7AC723A323} : DHCPNameServer = 217.18.242.74 217.18.242.146

    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

    Handler: ipp - <Clsid value has no data>

    Handler: msdaipp - <Clsid value has no data>

    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

    Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL

    Notify: AtiExtEvent - Ati2evxx.dll

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - d:\program files\superantispyware\SASSEH.DLL

    mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    IFEO: Your Image File Name Here without a path - ntsd -d

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\q2gh4tdy.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q=

    FF - prefs.js: browser.startup.homepage - hxxp://bg.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:bg:official

    FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q=

    FF - prefs.js: network.proxy.type - 0

    FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\q2gh4tdy.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

    FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll

    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

    FF - plugin: d:\program files\veetle\player\npvlc.dll

    FF - plugin: d:\program files\veetle\plugins\npVeetle.dll

    .

    ============= SERVICES / DRIVERS ===============

    .

    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]

    R1 MpKslabefddf2;MpKslabefddf2;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9fec5089-3e3f-45db-8cd1-cd59fcf59c57}\MpKslabefddf2.sys [2011-7-18 28752]

    R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

    R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2010-10-12 101904]

    S1 MpKsl033c3fb3;MpKsl033c3fb3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b28f4eda-109e-42c1-950a-d1aeda644351}\mpksl033c3fb3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b28f4eda-109e-42c1-950a-d1aeda644351}\MpKsl033c3fb3.sys [?]

    S1 MpKsl17b57b02;MpKsl17b57b02;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0563c830-4554-4939-ad31-a226ef70ede1}\mpksl17b57b02.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0563c830-4554-4939-ad31-a226ef70ede1}\MpKsl17b57b02.sys [?]

    S1 MpKsl48333926;MpKsl48333926;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{403b3bbd-9b12-4aaa-8c7c-029c0dc606a3}\mpksl48333926.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{403b3bbd-9b12-4aaa-8c7c-029c0dc606a3}\MpKsl48333926.sys [?]

    S1 MpKsl51c4a38b;MpKsl51c4a38b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{de0e724a-f467-45f4-a4e7-e71cc0c9f7a6}\mpksl51c4a38b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{de0e724a-f467-45f4-a4e7-e71cc0c9f7a6}\MpKsl51c4a38b.sys [?]

    S1 MpKsl6969e09a;MpKsl6969e09a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c82dca72-c033-44ce-a3b2-0b8cdf924e1f}\mpksl6969e09a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c82dca72-c033-44ce-a3b2-0b8cdf924e1f}\MpKsl6969e09a.sys [?]

    S1 MpKsl792254f3;MpKsl792254f3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed4c6f61-3985-4d55-9ceb-c5672c51b9a6}\mpksl792254f3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed4c6f61-3985-4d55-9ceb-c5672c51b9a6}\MpKsl792254f3.sys [?]

    S1 MpKsl7dc64bd6;MpKsl7dc64bd6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1c11e37b-5f96-41b4-b5cc-d59c0e4d311c}\mpksl7dc64bd6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1c11e37b-5f96-41b4-b5cc-d59c0e4d311c}\MpKsl7dc64bd6.sys [?]

    S1 MpKsl9650fca1;MpKsl9650fca1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0563c830-4554-4939-ad31-a226ef70ede1}\mpksl9650fca1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0563c830-4554-4939-ad31-a226ef70ede1}\MpKsl9650fca1.sys [?]

    S1 MpKsl9e846fa8;MpKsl9e846fa8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{403b3bbd-9b12-4aaa-8c7c-029c0dc606a3}\mpksl9e846fa8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{403b3bbd-9b12-4aaa-8c7c-029c0dc606a3}\MpKsl9e846fa8.sys [?]

    S1 MpKslbc115a43;MpKslbc115a43;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21455996-0cfc-4bc9-92bc-cbe9c8a7a7e1}\mpkslbc115a43.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21455996-0cfc-4bc9-92bc-cbe9c8a7a7e1}\MpKslbc115a43.sys [?]

    S1 MpKsld5cd3426;MpKsld5cd3426;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5e45395d-c321-4550-9661-5e11526cf53d}\mpksld5cd3426.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5e45395d-c321-4550-9661-5e11526cf53d}\MpKsld5cd3426.sys [?]

    S1 MpKsldb6d272f;MpKsldb6d272f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{530647d6-6119-4937-b0e8-fa58540464ac}\mpksldb6d272f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{530647d6-6119-4937-b0e8-fa58540464ac}\MpKsldb6d272f.sys [?]

    S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-5-25 1336712]

    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-10-12 1691480]

    S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\locals~1\temp\xpf444.tmp --> c:\docume~1\user\locals~1\temp\XPF444.tmp [?]

    S3 GGSAFERDriver;GGSAFER Driver;\??\d:\program files\garena\safedrv.sys --> d:\program files\garena\safedrv.sys [?]

    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

    S4 Guard.Mail.ru;Guard.Mail.ru;"c:\program files\mail.ru\guard\guardmailru.exe" --> c:\program files\mail.ru\guard\GuardMailRu.exe [?]

    S4 TunngleService;TunngleService;d:\program files\tunngle\tnglctrl.exe --> d:\program files\tunngle\TnglCtrl.exe [?]

    .

    =============== Created Last 30 ================

    .

    2011-07-18 11:26:40 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9fec5089-3e3f-45db-8cd1-cd59fcf59c57}\MpKslabefddf2.sys

    2011-07-18 11:18:23 146432 ----a-w- c:\windows\regedit.com

    2011-07-17 23:09:38 -------- d-----w- c:\documents and settings\user\application data\SUPERAntiSpyware.com

    2011-07-17 23:09:38 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

    2011-07-17 23:01:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2011-07-17 23:01:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

    2011-07-17 23:01:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

    2011-07-17 22:17:52 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9fec5089-3e3f-45db-8cd1-cd59fcf59c57}\mpengine.dll

    2011-07-17 13:50:15 -------- d-----w- c:\documents and settings\user\application data\QuickScan

    2011-07-16 19:07:57 388096 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

    2011-07-16 19:05:54 -------- d--h--w- c:\windows\system32\GroupPolicy

    2011-07-16 18:50:55 -------- d-----w- c:\documents and settings\user\local settings\application data\LogMeIn Hamachi

    2011-07-16 18:50:46 -------- d-----w- c:\program files\LogMeIn Hamachi

    2011-07-08 02:41:25 -------- d-----w- c:\documents and settings\user\application data\.minecraft

    2011-07-03 17:56:41 -------- d-----w- c:\documents and settings\user\application data\Ace

    2011-07-02 05:45:26 -------- d-----w- c:\windows\Downloaded Installations

    2011-06-29 17:57:24 -------- d-----w- c:\documents and settings\user\application data\GetRightToGo

    2011-06-29 17:50:44 -------- d-----w- c:\program files\common files\PCSuite

    2011-06-29 17:50:44 -------- d-----w- c:\program files\common files\Nokia

    2011-06-24 17:50:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2011-06-24 03:38:14 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

    2011-06-24 03:38:14 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

    2011-06-23 08:49:15 -------- d-----w- c:\program files\Elite Silkroad Online

    .

    ==================== Find3M ====================

    .

    2011-05-28 04:36:30 6904040 ----a-w- c:\windows\system32\SpoonUninstall.exe

    2011-05-16 18:04:29 73728 ----a-w- c:\windows\system32\javacpl.cpl

    2011-05-16 18:04:28 472808 ----a-w- c:\windows\system32\deployJava1.dll

    2011-05-12 18:26:13 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

    .

    ============= FINISH: 3:57:19,45 ===============

    Attach:

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2011-07-14.01)

    .

    Microsoft Windows XP Professional

    Boot Device: \Device\HarddiskVolume1

    Install Date: 12.10.2010 г. 19:49:07

    System Uptime: 18.7.2011 г. 14:24:42 (13 hours ago)

    .

    Motherboard: Gigabyte Technology Co., Ltd. | | EP35-DS3

    Processor: Intel Pentium III Xeon processor | Socket 775 | 2500/200mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 23 GiB total, 3,423 GiB free.

    D: is FIXED (NTFS) - 210 GiB total, 37,963 GiB free.

    E: is CDROM (CDFS)

    F: is CDROM ()

    .

    ==== Disabled Device Manager Items =============

    .

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

    Description: Realtek PCIe GBE Family Controller

    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_01\4&345CAFAF&0&00E4

    Manufacturer: Realtek Semiconductor Corp.

    Name: Realtek PCIe GBE Family Controller

    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_01\4&345CAFAF&0&00E4

    Service: RTLE8023xp

    .

    ==== System Restore Points ===================

    .

    No restore point in system.

    .

    ==== Installed Programs ======================

    .

    3DMark06

    Adobe AIR

    Adobe Flash Player 10 ActiveX

    Adobe Flash Player 10 Plugin

    Adobe Reader X (10.1.0)

    Adobe Shockwave Player 11.5

    Ant War

    ATI AVIVO Codecs

    ATI Catalyst Control Center

    ATI Catalyst Install Manager

    ATI Catalyst Registration

    ATI Parental Control & Encoder

    ATI Problem Report Wizard

    BitComet 1.27

    Bulgarian Keyboards XP by G. Atanasov

    Catalyst Control Center - Branding

    Catalyst Control Center Core Implementation

    Catalyst Control Center Graphics Full Existing

    Catalyst Control Center Graphics Full New

    Catalyst Control Center Graphics Light

    Catalyst Control Center Graphics Previews Common

    Catalyst Control Center InstallProxy

    Catalyst Control Center Localization All

    Catalyst Control Center Localization Chinese Standard

    Catalyst Control Center Localization Chinese Traditional

    Catalyst Control Center Localization Czech

    Catalyst Control Center Localization Danish

    Catalyst Control Center Localization Dutch

    Catalyst Control Center Localization Finnish

    Catalyst Control Center Localization French

    Catalyst Control Center Localization German

    Catalyst Control Center Localization Greek

    Catalyst Control Center Localization Hungarian

    Catalyst Control Center Localization Italian

    Catalyst Control Center Localization Japanese

    Catalyst Control Center Localization Korean

    Catalyst Control Center Localization Norwegian

    Catalyst Control Center Localization Polish

    Catalyst Control Center Localization Portuguese

    Catalyst Control Center Localization Russian

    Catalyst Control Center Localization Spanish

    Catalyst Control Center Localization Swedish

    Catalyst Control Center Localization Thai

    Catalyst Control Center Localization Turkish

    ccc-core-preinstall

    ccc-core-static

    ccc-utility

    CCC Help Chinese Standard

    CCC Help Chinese Traditional

    CCC Help Czech

    CCC Help Danish

    CCC Help Dutch

    CCC Help English

    CCC Help Finnish

    CCC Help French

    CCC Help German

    CCC Help Greek

    CCC Help Hungarian

    CCC Help Italian

    CCC Help Japanese

    CCC Help Korean

    CCC Help Norwegian

    CCC Help Polish

    CCC Help Portuguese

    CCC Help Russian

    CCC Help Spanish

    CCC Help Swedish

    CCC Help Thai

    CCC Help Turkish

    dBpoweramp Music Converter

    Dead Space™

    Diskeeper 2008 Pro Premier

    DivX Setup

    Elite Silkroad Online version 1.036

    Eurobattle.net

    Facemoods Toolbar

    FlexType 2K

    Garena 2010

    Garena Messenger

    Google Chrome

    Guard.Mail.ru

    High Definition Audio Driver Package - KB835221

    HiJackThis

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Windows Media Format 11 SDK (KB929399)

    Hotfix for Windows Media Player 11 (KB939683)

    Hotfix for Windows XP (KB2158563)

    Hotfix for Windows XP (KB952287)

    Hotfix for Windows XP (KB954550-v5)

    Hotfix for Windows XP (KB976002-v5)

    Java Auto Updater

    Java™ 6 Update 22

    JDownloader 0.9

    K-Lite Codec Pack 6.4.0 (Full)

    League of Legends

    LIVE gaming on Windows Runtime Version 1.0.6027

    LogMeIn Hamachi

    Mail.Ru СїутЅёє 2.3.0.104

    Mail.Ru ріµЅт 5.6 (с±ѕрє° 3397, ґ»я Ісµх їѕ»ь·ѕІ°тµ»µ№)

    Malwarebytes' Anti-Malware version 1.51.1.1800

    Microsoft .NET Framework 2.0 Service Pack 2

    Microsoft .NET Framework 3.0 Service Pack 2

    Microsoft .NET Framework 3.5 SP1

    Microsoft Antimalware

    Microsoft Application Error Reporting

    Microsoft Office 2007 Service Pack 2 (SP2)

    Microsoft Office Access MUI (English) 2007

    Microsoft Office Access Setup Metadata MUI (English) 2007

    Microsoft Office Enterprise 2007

    Microsoft Office Excel MUI (English) 2007

    Microsoft Office FrontPage 2003

    Microsoft Office Groove MUI (English) 2007

    Microsoft Office Groove Setup Metadata MUI (English) 2007

    Microsoft Office InfoPath MUI (English) 2007

    Microsoft Office OneNote MUI (English) 2007

    Microsoft Office Outlook MUI (English) 2007

    Microsoft Office PowerPoint MUI (English) 2007

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (French) 2007

    Microsoft Office Proof (Spanish) 2007

    Microsoft Office Proofing (English) 2007

    Microsoft Office Publisher MUI (English) 2007

    Microsoft Office Shared MUI (English) 2007

    Microsoft Office Shared Setup Metadata MUI (English) 2007

    Microsoft Office Word MUI (English) 2007

    Microsoft Security Client

    Microsoft Security Essentials

    Microsoft Silverlight

    Microsoft Software Update for Web Folders (English) 12

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

    Mozilla Firefox 5.0 (x86 bg)

    Nokia Multimedia Player

    Norton Security Scan

    Pando Media Booster

    REALTEK GbE & FE Ethernet PCI-E NIC Driver

    Realtek High Definition Audio Driver

    Security Update for 2007 Microsoft Office System (KB951550)

    Security Update for 2007 Microsoft Office System (KB951944)

    Security Update for Windows Internet Explorer 7 (KB2360131)

    Security Update for Windows Internet Explorer 7 (KB938127-v2)

    Security Update for Windows Internet Explorer 7 (KB950759)

    Security Update for Windows Media Player (KB2378111)

    Security Update for Windows Media Player (KB952069)

    Security Update for Windows Media Player (KB954155)

    Security Update for Windows Media Player (KB973540)

    Security Update for Windows Media Player (KB975558)

    Security Update for Windows Media Player (KB978695)

    Security Update for Windows Media Player 11 (KB954154)

    Security Update for Windows XP (KB2079403)

    Security Update for Windows XP (KB2115168)

    Security Update for Windows XP (KB2121546)

    Security Update for Windows XP (KB2229593)

    Security Update for Windows XP (KB2259922)

    Security Update for Windows XP (KB2279986)

    Security Update for Windows XP (KB2286198)

    Security Update for Windows XP (KB2296011)

    Security Update for Windows XP (KB2347290)

    Security Update for Windows XP (KB2360937)

    Security Update for Windows XP (KB2387149)

    Security Update for Windows XP (KB923561)

    Security Update for Windows XP (KB923789)

    Security Update for Windows XP (KB941569)

    Security Update for Windows XP (KB946648)

    Security Update for Windows XP (KB950760)

    Security Update for Windows XP (KB950974)

    Security Update for Windows XP (KB952004)

    Security Update for Windows XP (KB952954)

    Security Update for Windows XP (KB954459)

    Security Update for Windows XP (KB956572)

    Security Update for Windows XP (KB956744)

    Security Update for Windows XP (KB956802)

    Security Update for Windows XP (KB956803)

    Security Update for Windows XP (KB956844)

    Security Update for Windows XP (KB958644)

    Security Update for Windows XP (KB958869)

    Security Update for Windows XP (KB959426)

    Security Update for Windows XP (KB960803)

    Security Update for Windows XP (KB960859)

    Security Update for Windows XP (KB961501)

    Security Update for Windows XP (KB969059)

    Security Update for Windows XP (KB970430)

    Security Update for Windows XP (KB971657)

    Security Update for Windows XP (KB971961)

    Security Update for Windows XP (KB972270)

    Security Update for Windows XP (KB973507)

    Security Update for Windows XP (KB973869)

    Security Update for Windows XP (KB973904)

    Security Update for Windows XP (KB974112)

    Security Update for Windows XP (KB974318)

    Security Update for Windows XP (KB974392)

    Security Update for Windows XP (KB974571)

    Security Update for Windows XP (KB975025)

    Security Update for Windows XP (KB975467)

    Security Update for Windows XP (KB975560)

    Security Update for Windows XP (KB975562)

    Security Update for Windows XP (KB975713)

    Security Update for Windows XP (KB977816)

    Security Update for Windows XP (KB977914)

    Security Update for Windows XP (KB978037)

    Security Update for Windows XP (KB978338)

    Security Update for Windows XP (KB978542)

    Security Update for Windows XP (KB978601)

    Security Update for Windows XP (KB978706)

    Security Update for Windows XP (KB979309)

    Security Update for Windows XP (KB979482)

    Security Update for Windows XP (KB979687)

    Security Update for Windows XP (KB980195)

    Security Update for Windows XP (KB980232)

    Security Update for Windows XP (KB980436)

    Security Update for Windows XP (KB981322)

    Security Update for Windows XP (KB981349)

    Security Update for Windows XP (KB981852)

    Security Update for Windows XP (KB981957)

    Security Update for Windows XP (KB981997)

    Security Update for Windows XP (KB982132)

    Security Update for Windows XP (KB982214)

    Security Update for Windows XP (KB982665)

    Silkroad

    SilkRoad Online

    Skins

    Skype 2.5

    Skype Toolbars

    Skype™ 5.3

    SpeechRedist

    SUPERAntiSpyware

    System Requirements Lab CYRI

    TeamSpeak 3 Client

    TeamViewer 6

    The Lord of the Rings FREE Trial

    Timed Shutdown 0.51b

    Unlocker 1.9.0

    Update for 2007 Microsoft Office System (KB967642)

    Update for Outlook 2007 Junk Email Filter (kb2410711)

    Update for Windows XP (KB2141007)

    Update for Windows XP (KB2345886)

    Update for Windows XP (KB898461)

    Update for Windows XP (KB955759)

    Update for Windows XP (KB967715)

    Update for Windows XP (KB968389)

    Update for Windows XP (KB971737)

    Update for Windows XP (KB973815)

    VC80CRTRedist - 8.0.50727.4053

    Veetle TV 0.9.18

    WebFldrs XP

    Winamp (remove only)

    WinRAR archiver

    у°рфё»ґ 2

    Сорри, че не поствам целия лог от Attach-a, но казваше, че поста е прекалено дълъг...Дава 1 грешка много пъти и ето я

    [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Тва го дава от 12-ти насам и още 1 нещо, което само 3 пъти го е давало :

    12.7.2011 і. 09:49:49, error: Service Control Manager [7000] - The TunngleService service failed to start due to the following error: The system cannot find the file specified.

    Ще бъда благодарен, ако имам вирус някой да помогне или пък да ми каже, ако е от 'сро-то'(Silkroad), та да кажа на брат ми да им намали бройката.. http://www.kaldata.com/forums/public/style_emoticons/<#EMO_DIR#>/smile.gif

    Едит - Забравих да кажа, че днеска изтрих троянец с SUPERAntiSpyware Free версията, поне така казва. Също така вчера откриваше 77 Cookie Adware, които не можех да изтрия, защото не можех да цъкна бутона, щото нали се беше 'бъгнало' пак и нищо не можех да правя.

    Редактирано от nologo (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Привет, Jmork!

    Изтеглете aswMBR и го запазете на вашия десктоп.

    • Стартирайте aswMBR.exe.
    • Изберете Scan, за да започне проверката.
    • Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му с Copy/ Paste в следващия си коментар.
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Не ми казахте дали да си изтегля Аваст и тогава да сканирам или дали "Trace disk IO calls" да има тикче(аз го оставих с тикче, както си беше) ии това е лога: aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software Run date: 2011-07-20 03:10:07 ----------------------------- 03:10:07.421 OS Version: Windows 5.1.2600 Service Pack 3 03:10:07.421 Number of processors: 2 586 0x1706 03:10:07.421 ComputerName: NONAME UserName: user 03:10:07.906 Initialize success 03:10:25.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-e 03:10:25.843 Disk 0 Vendor: ST3250620AS 3.AAE Size: 238475MB BusType: 3 03:10:25.859 Disk 0 MBR read successfully 03:10:25.859 Disk 0 MBR scan 03:10:25.859 Disk 0 Windows XP default MBR code 03:10:25.859 Disk 0 scanning sectors +488392065 03:10:25.921 Disk 0 scanning C:\WINDOWS\system32\drivers 03:10:31.125 Service scanning 03:10:32.109 Disk 0 trace - called modules: 03:10:32.125 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spqv.sys >>UNKNOWN [0x89bc0938]<< 03:10:32.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89abaab8] 03:10:32.125 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000078[0x89b4e2b8] 03:10:32.125 5 ACPI.sys[f7496620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-e[0x89abed98] 03:10:32.125 Scan finished successfully 03:10:59.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat" 03:10:59.234 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Сега изтеглете ComboFix от: тук

    ВАЖНО: Запазете ComboFix.exe на вашия десктоп!

    • Прекратете временно работата на антивирусната програма и на други програми за сигурност, ако има такива. Ако не можете спрете антивирусната програма или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs. За MICROSOFT SECURITY ESSENTIALS - отворете MSE -> Settings -> Real Time Protection -> демаркирайте Turn on real time protection -> излезте oт MSE (Exit), като приключите.

    • Стартирайте Combofix.exe и следвайте инструкциите.

    Забележка:

    • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
    • ComboFix ще нулира всички настройки на Internet Explorer (IE), включително да направи IE браузър по подразбиране.
    • ComboFix ще изключи autorun функцията на всички CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и защити системата от бъдещи вируси/заплахи, които поразяват посредством autorun. Ако това е проблем за вас - моля, уведомете ме.
    • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той също ще изключи интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
    • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

    Работата на ComboFix може да отнеме до 20-30 минути. Затова имайте търпение. Когато процесът приключи успешно, ComboFix ще създаде лог файл. Моля, копирайте съдържанието на C:\ComboFix.txt и го поставете в следващия си коментар в тази тема.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Без да искам мръднах мишката и нищо не стана, и друго - за около 5 минути стана :cool: Ето го лога: ComboFix 11-07-20.02 - user 07.2011 г. 15:49:18.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2046.1126 [GMT 3:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\user\Application Data\edxLabs c:\documents and settings\user\Application Data\edxLabs\edxSilkroadLoader\edxSilkroadLoader.ini c:\documents and settings\user\Application Data\edxLabs\edxSilkroadLoader\ISRO.ini c:\documents and settings\user\Application Data\edxLabs\edxSilkroadLoader5\edxSilkroadLoader5.ini c:\documents and settings\user\Application Data\Microsoft\Internet Explorer\Desktop.htt c:\windows\regedit.com D:\install.exe . . ((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 ))))))))))))))))))))))))))))))) . . 2011-07-19 23:56 . 2011-07-19 23:56 -------- d-----w- c:\windows\LastGood 2011-07-19 23:56 . 2011-07-19 23:56 -------- d-----w- c:\program files\Microsoft XNA 2011-07-19 17:44 . 2011-07-19 17:44 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{34AA2D9E-ED06-4575-ABB8-CBA5EB1BE1B2}\MpKsl334fcff9.sys 2011-07-19 11:34 . 2011-07-19 11:34 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{34AA2D9E-ED06-4575-ABB8-CBA5EB1BE1B2}\MpKslae16aa1d.sys 2011-07-19 11:33 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{34AA2D9E-ED06-4575-ABB8-CBA5EB1BE1B2}\mpengine.dll 2011-07-19 01:37 . 2011-07-19 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2011-07-17 23:09 . 2011-07-17 23:09 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com 2011-07-17 23:09 . 2011-07-17 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-07-17 23:01 . 2011-07-06 16:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-17 23:01 . 2011-07-17 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-07-17 23:01 . 2011-07-06 16:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\documents and settings\user\Application Data\QuickScan 2011-07-16 19:07 . 2011-07-16 19:07 388096 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-16 19:05 . 2011-07-16 19:05 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-07-16 18:50 . 2011-07-16 22:59 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\LogMeIn Hamachi 2011-07-16 18:50 . 2011-07-19 17:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi 2011-07-16 18:50 . 2011-07-16 18:50 -------- d-----w- c:\program files\LogMeIn Hamachi 2011-07-08 02:41 . 2011-07-08 23:43 -------- d-----w- c:\documents and settings\user\Application Data\.minecraft 2011-07-03 17:56 . 2011-07-03 17:56 -------- d-----w- c:\documents and settings\user\Application Data\Ace 2011-07-02 05:45 . 2011-07-02 05:45 -------- d-----w- c:\windows\Downloaded Installations 2011-06-29 17:59 . 2011-06-29 17:59 -------- d-----w- c:\documents and settings\user\Application Data\Nokia Multimedia Player 2011-06-29 17:57 . 2011-06-29 17:58 -------- d-----w- c:\documents and settings\user\Application Data\GetRightToGo 2011-06-29 17:50 . 2011-06-29 17:50 -------- d-----w- c:\program files\Common Files\PCSuite 2011-06-29 17:50 . 2011-06-29 17:50 -------- d-----w- c:\program files\Common Files\Nokia 2011-06-24 17:50 . 2011-06-24 17:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-24 03:38 . 2011-06-24 03:38 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-24 03:38 . 2011-06-24 03:38 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-23 08:49 . 2011-06-25 01:38 -------- d-----w- c:\program files\Elite Silkroad Online . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-07 15:55 . 2010-10-15 05:38 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-05-28 04:36 . 2011-05-28 04:38 6904040 ----a-w- c:\windows\system32\SpoonUninstall.exe 2011-05-16 18:04 . 2011-05-16 18:04 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-16 18:04 . 2011-05-16 18:04 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-12 18:26 . 2011-05-12 18:26 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2011-06-24 03:38 . 2011-05-08 21:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-04-14 . BA3D691CBA9DFDB3D50C16F6AA62F18B . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "UnlockerAssistant"="d:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "_nltide_3"="advpack.dll" [2010-09-09 124928] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ LOLRecorder.lnk - d:\program files\LOLReplay\LOLRecorder.exe [2011-6-3 204800] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D:\Program Files HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d:\program files\Free Video Zilla . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-12 17:22 136176 ----atw- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui] 2011-05-25 14:29 1951112 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-06-15 12:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "d:\\Riot Games\\League of Legends\\lol.launcher.exe"= "d:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo12\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo14\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\one more gb pt\\bojidar03-wizz\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\wizz1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\wizz3\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\war2\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\war\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\bard\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\cleric\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\botev\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Wizzard2\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Cleric\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Warrior\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Wizzard3\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Wizzard1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Bard1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Bard2\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Warlock\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\slavena\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\mendeleev_1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo11\\mBot_rSRO.exe"= "d:\\Program Files\\Counter-Strike\\hl.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56885:TCP"= 56885:TCP:Pando Media Booster "56885:UDP"= 56885:UDP:Pando Media Booster "8396:TCP"= 8396:TCP:League of Legends Launcher "8396:UDP"= 8396:UDP:League of Legends Launcher "6897:TCP"= 6897:TCP:League of Legends Launcher "6897:UDP"= 6897:UDP:League of Legends Launcher "1:TCP"= 1:TCP:BitComet 1 TCP "1:UDP"= 1:UDP:BitComet 1 UDP "6977:TCP"= 6977:TCP:League of Legends Launcher "6977:UDP"= 6977:UDP:League of Legends Launcher "6994:TCP"= 6994:TCP:League of Legends Launcher "6994:UDP"= 6994:UDP:League of Legends Launcher "8397:TCP"= 8397:TCP:League of Legends Launcher "8397:UDP"= 8397:UDP:League of Legends Launcher "6909:TCP"= 6909:TCP:League of Legends Launcher "6909:UDP"= 6909:UDP:League of Legends Launcher "6924:TCP"= 6924:TCP:League of Legends Launcher "6924:UDP"= 6924:UDP:League of Legends Launcher "6891:TCP"= 6891:TCP:League of Legends Launcher "6891:UDP"= 6891:UDP:League of Legends Launcher "6967:TCP"= 6967:TCP:League of Legends Launcher "6967:UDP"= 6967:UDP:League of Legends Launcher "6969:TCP"= 6969:TCP:League of Legends Launcher "6969:UDP"= 6969:UDP:League of Legends Launcher "8398:TCP"= 8398:TCP:League of Legends Launcher "8398:UDP"= 8398:UDP:League of Legends Launcher "8393:TCP"= 8393:TCP:League of Legends Lobby "8393:UDP"= 8393:UDP:League of Legends Lobby "8390:TCP"= 8390:TCP:League of Legends Game Client "8390:UDP"= 8390:UDP:League of Legends Game Client . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.10.2010 і. 21:02 717296] R1 MpKsl334fcff9;MpKsl334fcff9;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{34AA2D9E-ED06-4575-ABB8-CBA5EB1BE1B2}\MpKsl334fcff9.sys [19.7.2011 і. 20:44 28752] R1 MpKslae16aa1d;MpKslae16aa1d;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{34AA2D9E-ED06-4575-ABB8-CBA5EB1BE1B2}\MpKslae16aa1d.sys [19.7.2011 і. 14:34 28752] R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 і. 21:25 12872] R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 і. 21:41 67656] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [25.5.2011 і. 17:29 1336712] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [12.10.2010 і. 23:30 101904] S1 MpKsl033c3fb3;MpKsl033c3fb3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B28F4EDA-109E-42C1-950A-D1AEDA644351}\MpKsl033c3fb3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B28F4EDA-109E-42C1-950A-D1AEDA644351}\MpKsl033c3fb3.sys [?] S1 MpKsl17b57b02;MpKsl17b57b02;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0563C830-4554-4939-AD31-A226EF70EDE1}\MpKsl17b57b02.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0563C830-4554-4939-AD31-A226EF70EDE1}\MpKsl17b57b02.sys [?] S1 MpKsl48333926;MpKsl48333926;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403B3BBD-9B12-4AAA-8C7C-029C0DC606A3}\MpKsl48333926.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403B3BBD-9B12-4AAA-8C7C-029C0DC606A3}\MpKsl48333926.sys [?] S1 MpKsl51c4a38b;MpKsl51c4a38b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE0E724A-F467-45F4-A4E7-E71CC0C9F7A6}\MpKsl51c4a38b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE0E724A-F467-45F4-A4E7-E71CC0C9F7A6}\MpKsl51c4a38b.sys [?] S1 MpKsl6969e09a;MpKsl6969e09a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C82DCA72-C033-44CE-A3B2-0B8CDF924E1F}\MpKsl6969e09a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C82DCA72-C033-44CE-A3B2-0B8CDF924E1F}\MpKsl6969e09a.sys [?] S1 MpKsl792254f3;MpKsl792254f3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED4C6F61-3985-4D55-9CEB-C5672C51B9A6}\MpKsl792254f3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED4C6F61-3985-4D55-9CEB-C5672C51B9A6}\MpKsl792254f3.sys [?] S1 MpKsl7dc64bd6;MpKsl7dc64bd6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C11E37B-5F96-41B4-B5CC-D59C0E4D311C}\MpKsl7dc64bd6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C11E37B-5F96-41B4-B5CC-D59C0E4D311C}\MpKsl7dc64bd6.sys [?] S1 MpKsl9650fca1;MpKsl9650fca1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0563C830-4554-4939-AD31-A226EF70EDE1}\MpKsl9650fca1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0563C830-4554-4939-AD31-A226EF70EDE1}\MpKsl9650fca1.sys [?] S1 MpKsl9e846fa8;MpKsl9e846fa8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403B3BBD-9B12-4AAA-8C7C-029C0DC606A3}\MpKsl9e846fa8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403B3BBD-9B12-4AAA-8C7C-029C0DC606A3}\MpKsl9e846fa8.sys [?] S1 MpKslbc115a43;MpKslbc115a43;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21455996-0CFC-4BC9-92BC-CBE9C8A7A7E1}\MpKslbc115a43.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21455996-0CFC-4BC9-92BC-CBE9C8A7A7E1}\MpKslbc115a43.sys [?] S1 MpKsld5cd3426;MpKsld5cd3426;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5E45395D-C321-4550-9661-5E11526CF53D}\MpKsld5cd3426.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5E45395D-C321-4550-9661-5E11526CF53D}\MpKsld5cd3426.sys [?] S1 MpKsldb6d272f;MpKsldb6d272f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{530647D6-6119-4937-B0E8-FA58540464AC}\MpKsldb6d272f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{530647D6-6119-4937-B0E8-FA58540464AC}\MpKsldb6d272f.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 і. 13:16 130384] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.10.2010 і. 20:38 1691480] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\LOCALS~1\Temp\XPF444.tmp --> c:\docume~1\user\LOCALS~1\Temp\XPF444.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\d:\program files\Garena\safedrv.sys --> d:\program files\Garena\safedrv.sys [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 і. 13:16 753504] S4 Guard.Mail.ru;Guard.Mail.ru;"c:\program files\Mail.Ru\Guard\GuardMailRu.exe" --> c:\program files\Mail.Ru\Guard\GuardMailRu.exe [?] S4 TunngleService;TunngleService;d:\program files\Tunngle\TnglCtrl.exe --> d:\program files\Tunngle\TnglCtrl.exe [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWMBR *NewlyCreated* - CLR_OPTIMIZATION_V4.0.30319_32 *NewlyCreated* - MPKSL334FCFF9 *Deregistered* - aswMBR . Contents of the 'Scheduled Tasks' folder . 2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1647877149-1801674531-1003Core.job - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-12 17:22] . 2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1647877149-1801674531-1003UA.job - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-12 17:22] . 2011-07-20 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.bg/ IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 217.18.242.74 217.18.242.146 FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\q2gh4tdy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q= FF - prefs.js: browser.startup.homepage - hxxp://bg.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:bg:official FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe MSConfigStartUp-Guard.Mail.ru - c:\program files\Mail.Ru\Guard\GuardMailRu.exe MSConfigStartUp-MAgent - c:\program files\Mail.Ru\Agent\MAgent.exe AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe AddRemove-Guard.Mail.ru - c:\program files\Mail.Ru\Guard\GuardMailRu.exe AddRemove-MailRuSputnik - c:\program files\mail.ru\sputnik\SputnikInstaller.exe AddRemove-MRA - c:\program files\Mail.Ru\Agent\magentsetup.exe AddRemove-NSS - c:\program files\Norton Security Scan\Engine\3.0.0.103\InstWrap.exe AddRemove-{10B75CF6-5A54-4D7B-9169-70AD17181DE1}_is1 - d:\program files\Oxin's Style!\3D Sexvilla 2\Binaries\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-20 15:55 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\user\LOCALS~1\Temp\XPF444.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-583907252-1647877149-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{44189A32-547F-6733-9024-64A6AB38EF12}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(460) d:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . Completion time: 2011-07-20 15:56:57 ComboFix-quarantined-files.txt 2011-07-20 12:56 . Pre-Run: 2 110 263 296 bytes free Post-Run: 2 310 569 984 bytes free . - - End Of File - - 11B71B8EC8EAA99007A49D10A273FDE8


    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Следва:

    1. Изтеглете следния файл: Windows XP Service Pack 3 Network Installation Package и го запазете на десктопа.

    2. След това изтеглете и разархивирайте следния файл:

    Стартирайте fix.bat

    3. След като стартирате BAT файла, изтеглете SystemLook и запазете програмата на десктопа.

    • Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
    • Копирайте съдържанието от цитата по-долу в текстовото поле на програмата:

      :filefind

      sfcfiles.dll

    • Кликнете на бутона Look, за да започне сканирането.
    • Когато сканирането завърши ще се отвори Notepad с резултата от сканирането. После публикувайте лог файла в следващия си коментар.
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ето го: SystemLook 04.09.10 by jpshortstuff Log created at 10:06 on 21/07/2011 by user Administrator - Elevation successful ========== filefind ========== Searching for "sfcfiles.dll" C:\WINDOWS\system32\sfcfiles.dll --a---- 1614848 bytes [17:15 14/04/2009] [17:15 14/04/2009] BA3D691CBA9DFDB3D50C16F6AA62F18B -= EOF =-

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Не се получава. Имате пачнат системен файл: sfcfiles.dll

    Сега изтеглете файла sfcfiles.zip от: тук на десктопа. Разархивирайте го -> на десктопа. Отново стартирайте SystemLook с инструкцията, която дадох в коментар 6 от тази тема. След това публикувайте лог файла в следващия си коментар.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    SystemLook 04.09.10 by jpshortstuff Log created at 16:09 on 21/07/2011 by user Administrator - Elevation successful ========== filefind ========== Searching for "sfcfiles.dll" C:\Documents and Settings\user\Desktop\sfcfiles.dll --a---- 1614848 bytes [13:08 21/07/2011] [02:42 14/04/2008] 9DD07AF82244867CA36681EA2D29CE79 C:\WINDOWS\system32\sfcfiles.dll --a---- 1614848 bytes [17:15 14/04/2009] [17:15 14/04/2009] BA3D691CBA9DFDB3D50C16F6AA62F18B -= EOF =- Ииии друго...Ц-то ми става по 2 мб или нещо от род и става пак на 2 гб(което си е нормал) :\

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ще заменим пачнатият файл с оригинален. Ето как:

    Отворете notepad.exe и с copy/paste въведете следната информация:

    FCopy::

    C:\Documents and Settings\user\Desktop\sfcfiles.dll | C:\WINDOWS\system32\sfcfiles.dll

    Запазете файла с име CFScript и го провлачете и пуснете в Combofix, както е показано на снимката:

    Публикувано изображение

    Забележка: По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !

    Публикувайте лог файла, който ще се създаде след рестарта на компютъра в следващия си коментар.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Съжалявам за бавния отговор, не можах по-рано :\ Ето го: ComboFix 11-07-20.02 - user 07.2011 г. 3:03.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2046.1222 [GMT 3:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\user\Application Data\edxLabs c:\documents and settings\user\Application Data\edxLabs\edxSilkroadLoader\edxSilkroadLoader.ini c:\documents and settings\user\Application Data\Microsoft\Internet Explorer\Desktop.htt . . --------------- FCopy --------------- . c:\documents and settings\user\Desktop\sfcfiles.dll --> c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 ))))))))))))))))))))))))))))))) . . 2011-07-23 00:00 . 2011-07-23 00:00 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27C755B0-D3C0-4BA2-A964-410142246708}\MpKsl945f53c8.sys 2011-07-22 23:59 . 2011-07-22 23:59 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27C755B0-D3C0-4BA2-A964-410142246708}\MpKsl8e945936.sys 2011-07-22 12:52 . 2011-07-22 12:52 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27C755B0-D3C0-4BA2-A964-410142246708}\MpKsl68361bb7.sys 2011-07-22 12:52 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27C755B0-D3C0-4BA2-A964-410142246708}\mpengine.dll 2011-07-21 07:05 . 2011-07-21 07:05 -------- d-----w- C:\SP3 2011-07-19 23:56 . 2011-07-19 23:56 -------- d-----w- c:\windows\LastGood 2011-07-19 23:56 . 2011-07-19 23:56 -------- d-----w- c:\program files\Microsoft XNA 2011-07-19 01:37 . 2011-07-19 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2011-07-17 23:09 . 2011-07-17 23:09 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com 2011-07-17 23:09 . 2011-07-17 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-07-17 23:01 . 2011-07-06 16:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-17 23:01 . 2011-07-17 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-07-17 23:01 . 2011-07-06 16:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\documents and settings\user\Application Data\QuickScan 2011-07-16 19:07 . 2011-07-16 19:07 388096 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-16 19:05 . 2011-07-16 19:05 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-07-16 18:50 . 2011-07-20 17:33 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\LogMeIn Hamachi 2011-07-16 18:50 . 2011-07-20 17:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi 2011-07-16 18:50 . 2011-07-16 18:50 -------- d-----w- c:\program files\LogMeIn Hamachi 2011-07-08 02:41 . 2011-07-08 23:43 -------- d-----w- c:\documents and settings\user\Application Data\.minecraft 2011-07-03 17:56 . 2011-07-03 17:56 -------- d-----w- c:\documents and settings\user\Application Data\Ace 2011-07-02 05:45 . 2011-07-02 05:45 -------- d-----w- c:\windows\Downloaded Installations 2011-06-29 17:59 . 2011-06-29 17:59 -------- d-----w- c:\documents and settings\user\Application Data\Nokia Multimedia Player 2011-06-29 17:57 . 2011-06-29 17:58 -------- d-----w- c:\documents and settings\user\Application Data\GetRightToGo 2011-06-29 17:50 . 2011-06-29 17:50 -------- d-----w- c:\program files\Common Files\PCSuite 2011-06-29 17:50 . 2011-06-29 17:50 -------- d-----w- c:\program files\Common Files\Nokia 2011-06-24 17:50 . 2011-06-24 17:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-24 03:38 . 2011-06-24 03:38 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-24 03:38 . 2011-06-24 03:38 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-23 08:49 . 2011-06-25 01:38 -------- d-----w- c:\program files\Elite Silkroad Online . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-13 03:39 . 2010-10-15 05:38 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-05-28 04:36 . 2011-05-28 04:38 6904040 ----a-w- c:\windows\system32\SpoonUninstall.exe 2011-05-16 18:04 . 2011-05-16 18:04 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-16 18:04 . 2011-05-16 18:04 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-12 18:26 . 2011-05-12 18:26 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2011-06-24 03:38 . 2011-05-08 21:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-07-20_12.55.28 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-21 07:29 . 2011-07-21 07:29 371272 c:\windows\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe - 2011-07-17 13:08 . 2011-07-17 13:08 371272 c:\windows\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "UnlockerAssistant"="d:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "_nltide_3"="advpack.dll" [2010-09-09 124928] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ LOLRecorder.lnk - d:\program files\LOLReplay\LOLRecorder.exe [2011-6-3 204800] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-12 17:22 136176 ----atw- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui] 2011-05-25 14:29 1951112 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-06-15 12:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "d:\\Riot Games\\League of Legends\\lol.launcher.exe"= "d:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo12\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo14\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\one more gb pt\\bojidar03-wizz\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\wizz1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\wizz3\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\war2\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\war\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\bard\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\cleric\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\botev\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Wizzard2\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Cleric\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Warrior\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Wizzard3\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Wizzard1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Bard1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Bard2\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Warlock\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\slavena\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\mendeleev_1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo11\\mBot_rSRO.exe"= "d:\\Program Files\\Counter-Strike\\hl.exe"= "d:\\Program Files\\Terraria\\Terraria.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56885:TCP"= 56885:TCP:Pando Media Booster "56885:UDP"= 56885:UDP:Pando Media Booster "8396:TCP"= 8396:TCP:League of Legends Launcher "8396:UDP"= 8396:UDP:League of Legends Launcher "6897:TCP"= 6897:TCP:League of Legends Launcher "6897:UDP"= 6897:UDP:League of Legends Launcher "1:TCP"= 1:TCP:BitComet 1 TCP "1:UDP"= 1:UDP:BitComet 1 UDP "6977:TCP"= 6977:TCP:League of Legends Launcher "6977:UDP"= 6977:UDP:League of Legends Launcher "6994:TCP"= 6994:TCP:League of Legends Launcher "6994:UDP"= 6994:UDP:League of Legends Launcher "8397:TCP"= 8397:TCP:League of Legends Launcher "8397:UDP"= 8397:UDP:League of Legends Launcher "6909:TCP"= 6909:TCP:League of Legends Launcher "6909:UDP"= 6909:UDP:League of Legends Launcher "6924:TCP"= 6924:TCP:League of Legends Launcher "6924:UDP"= 6924:UDP:League of Legends Launcher "6891:TCP"= 6891:TCP:League of Legends Launcher "6891:UDP"= 6891:UDP:League of Legends Launcher "6967:TCP"= 6967:TCP:League of Legends Launcher "6967:UDP"= 6967:UDP:League of Legends Launcher "6969:TCP"= 6969:TCP:League of Legends Launcher "6969:UDP"= 6969:UDP:League of Legends Launcher "8398:TCP"= 8398:TCP:League of Legends Launcher "8398:UDP"= 8398:UDP:League of Legends Launcher "8393:TCP"= 8393:TCP:League of Legends Lobby "8393:UDP"= 8393:UDP:League of Legends Lobby "8390:TCP"= 8390:TCP:League of Legends Game Client "8390:UDP"= 8390:UDP:League of Legends Game Client . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.10.2010 і. 21:02 717296] R1 MpKsl334fcff9;MpKsl334fcff9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{34AA2D9E-ED06-4575-ABB8-CBA5EB1BE1B2}\MpKsl334fcff9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{34AA2D9E-ED06-4575-ABB8-CBA5EB1BE1B2}\MpKsl334fcff9.sys [?] R1 MpKsl68361bb7;MpKsl68361bb7;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27C755B0-D3C0-4BA2-A964-410142246708}\MpKsl68361bb7.sys [22.7.2011 і. 15:52 28752] R1 MpKsl8e945936;MpKsl8e945936;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27C755B0-D3C0-4BA2-A964-410142246708}\MpKsl8e945936.sys [23.7.2011 і. 02:59 28752] R1 MpKsl945f53c8;MpKsl945f53c8;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27C755B0-D3C0-4BA2-A964-410142246708}\MpKsl945f53c8.sys [23.7.2011 і. 03:00 28752] R1 MpKslae16aa1d;MpKslae16aa1d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{34AA2D9E-ED06-4575-ABB8-CBA5EB1BE1B2}\MpKslae16aa1d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{34AA2D9E-ED06-4575-ABB8-CBA5EB1BE1B2}\MpKslae16aa1d.sys [?] R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 і. 21:25 12872] R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 і. 21:41 67656] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [12.10.2010 і. 23:30 101904] S1 MpKsl033c3fb3;MpKsl033c3fb3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B28F4EDA-109E-42C1-950A-D1AEDA644351}\MpKsl033c3fb3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B28F4EDA-109E-42C1-950A-D1AEDA644351}\MpKsl033c3fb3.sys [?] S1 MpKsl17b57b02;MpKsl17b57b02;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0563C830-4554-4939-AD31-A226EF70EDE1}\MpKsl17b57b02.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0563C830-4554-4939-AD31-A226EF70EDE1}\MpKsl17b57b02.sys [?] S1 MpKsl48333926;MpKsl48333926;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403B3BBD-9B12-4AAA-8C7C-029C0DC606A3}\MpKsl48333926.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403B3BBD-9B12-4AAA-8C7C-029C0DC606A3}\MpKsl48333926.sys [?] S1 MpKsl51c4a38b;MpKsl51c4a38b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE0E724A-F467-45F4-A4E7-E71CC0C9F7A6}\MpKsl51c4a38b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE0E724A-F467-45F4-A4E7-E71CC0C9F7A6}\MpKsl51c4a38b.sys [?] S1 MpKsl6969e09a;MpKsl6969e09a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C82DCA72-C033-44CE-A3B2-0B8CDF924E1F}\MpKsl6969e09a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C82DCA72-C033-44CE-A3B2-0B8CDF924E1F}\MpKsl6969e09a.sys [?] S1 MpKsl792254f3;MpKsl792254f3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED4C6F61-3985-4D55-9CEB-C5672C51B9A6}\MpKsl792254f3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED4C6F61-3985-4D55-9CEB-C5672C51B9A6}\MpKsl792254f3.sys [?] S1 MpKsl7dc64bd6;MpKsl7dc64bd6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C11E37B-5F96-41B4-B5CC-D59C0E4D311C}\MpKsl7dc64bd6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C11E37B-5F96-41B4-B5CC-D59C0E4D311C}\MpKsl7dc64bd6.sys [?] S1 MpKsl9650fca1;MpKsl9650fca1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0563C830-4554-4939-AD31-A226EF70EDE1}\MpKsl9650fca1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0563C830-4554-4939-AD31-A226EF70EDE1}\MpKsl9650fca1.sys [?] S1 MpKsl9e846fa8;MpKsl9e846fa8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403B3BBD-9B12-4AAA-8C7C-029C0DC606A3}\MpKsl9e846fa8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403B3BBD-9B12-4AAA-8C7C-029C0DC606A3}\MpKsl9e846fa8.sys [?] S1 MpKslbc115a43;MpKslbc115a43;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21455996-0CFC-4BC9-92BC-CBE9C8A7A7E1}\MpKslbc115a43.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21455996-0CFC-4BC9-92BC-CBE9C8A7A7E1}\MpKslbc115a43.sys [?] S1 MpKsld5cd3426;MpKsld5cd3426;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5E45395D-C321-4550-9661-5E11526CF53D}\MpKsld5cd3426.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5E45395D-C321-4550-9661-5E11526CF53D}\MpKsld5cd3426.sys [?] S1 MpKsldb6d272f;MpKsldb6d272f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{530647D6-6119-4937-B0E8-FA58540464AC}\MpKsldb6d272f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{530647D6-6119-4937-B0E8-FA58540464AC}\MpKsldb6d272f.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 і. 13:16 130384] S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [25.5.2011 і. 17:29 1336712] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.10.2010 і. 20:38 1691480] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\LOCALS~1\Temp\XPF444.tmp --> c:\docume~1\user\LOCALS~1\Temp\XPF444.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\d:\program files\Garena\safedrv.sys --> d:\program files\Garena\safedrv.sys [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 і. 13:16 753504] S4 Guard.Mail.ru;Guard.Mail.ru;"c:\program files\Mail.Ru\Guard\GuardMailRu.exe" --> c:\program files\Mail.Ru\Guard\GuardMailRu.exe [?] S4 TunngleService;TunngleService;d:\program files\Tunngle\TnglCtrl.exe --> d:\program files\Tunngle\TnglCtrl.exe [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWMBR *NewlyCreated* - CLR_OPTIMIZATION_V4.0.30319_32 *NewlyCreated* - MPKSL1E91E7FE *NewlyCreated* - MPKSL334FCFF9 *NewlyCreated* - MPKSL68361BB7 *NewlyCreated* - MPKSL8E945936 *NewlyCreated* - MPKSL945F53C8 *Deregistered* - aswMBR *Deregistered* - MpKsl1e91e7fe . Contents of the 'Scheduled Tasks' folder . 2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1647877149-1801674531-1003Core.job - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-12 17:22] . 2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1647877149-1801674531-1003UA.job - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-12 17:22] . 2011-07-20 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.bg/ IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 217.18.242.74 217.18.242.146 FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\q2gh4tdy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q= FF - prefs.js: browser.startup.homepage - hxxp://bg.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:bg:official FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q= FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-23 03:08 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\user\LOCALS~1\Temp\XPF444.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-583907252-1647877149-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{44189A32-547F-6733-9024-64A6AB38EF12}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(460) d:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . Completion time: 2011-07-23 03:10:04 ComboFix-quarantined-files.txt 2011-07-23 00:09 ComboFix2.txt 2011-07-20 12:56 . Pre-Run: 2 142 339 072 bytes free Post-Run: 2 134 654 976 bytes free . - - End Of File - - 2651697DCC4D341A9E94A7AB38412018

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Заместихме файла. Има още малко за чистене, затова отворете notepad.exe и с copy/paste въведете следната информация:

    KILLALL::

    Driver::

    MpKsl334fcff9

    MpKsl68361bb7

    MpKsl8e945936

    MpKsl945f53c8

    MpKslae16aa1d

    MpKsl033c3fb3

    MpKsl17b57b02

    MpKsl48333926

    MpKsl51c4a38b

    MpKsl6969e09a

    MpKsl792254f3

    MpKsl7dc64bd6

    MpKsl9650fca1

    MpKsl9e846fa8

    MpKslbc115a43

    MpKsld5cd3426

    MpKsldb6d272f

    Guard.Mail.ru

    File::

    c:\program files\Mail.Ru\Guard\GuardMailRu.exe

    Folder::

    c:\program files\Mail.Ru\Guard

    C:\SP3

    RegLock::

    [HKEY_USERS\S-1-5-21-583907252-1647877149-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{44189A32-547F-6733-9024-64A6AB38EF12}*]

    Запазете файла с име CFScript и го провлачете и пуснете в Combofix, както е показано на снимката:

    Публикувано изображение

    Забележка: По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !

    Публикувайте лог файла, който ще се създаде след рестарта на компютъра в следващия си коментар.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ето: ComboFix 11-07-20.02 - user 07.2011 г. 11:14:56.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2046.943 [GMT 3:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} * Created a new restore point . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . FILE :: "c:\program files\Mail.Ru\Guard\GuardMailRu.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\user\Application Data\edxLabs c:\documents and settings\user\Application Data\edxLabs\edxSilkroadLoader\edxSilkroadLoader.ini C:\SP3 . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_GUARD.MAIL.RU -------\Legacy_MPKSL033C3FB3 -------\Legacy_MPKSL334FCFF9 -------\Legacy_MPKSL48333926 -------\Legacy_MPKSL51C4A38B -------\Legacy_MPKSL68361BB7 -------\Legacy_MPKSL6969E09A -------\Legacy_MPKSL792254F3 -------\Legacy_MPKSL7DC64BD6 -------\Legacy_MPKSL8E945936 -------\Legacy_MPKSL945F53C8 -------\Legacy_MPKSL9650FCA1 -------\Legacy_MPKSL9E846FA8 -------\Legacy_MPKSLAE16AA1D -------\Legacy_MPKSLBC115A43 -------\Legacy_MPKSLD5CD3426 -------\Legacy_MPKSLDB6D272F -------\Service_Guard.Mail.ru -------\Service_MpKsl033c3fb3 -------\Service_MpKsl17b57b02 -------\Service_MpKsl334fcff9 -------\Service_MpKsl48333926 -------\Service_MpKsl51c4a38b -------\Service_MpKsl68361bb7 -------\Service_MpKsl6969e09a -------\Service_MpKsl792254f3 -------\Service_MpKsl7dc64bd6 -------\Service_MpKsl8e945936 -------\Service_MpKsl945f53c8 -------\Service_MpKsl9650fca1 -------\Service_MpKsl9e846fa8 -------\Service_MpKslae16aa1d -------\Service_MpKslbc115a43 -------\Service_MpKsld5cd3426 -------\Service_MpKsldb6d272f . . ((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 ))))))))))))))))))))))))))))))) . . 2011-07-25 08:22 . 2011-07-25 08:22 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{698B0732-30BD-45DD-9B9D-34ABDC63544A}\MpKsl9b43981f.sys 2011-07-25 08:02 . 2011-07-25 08:02 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{698B0732-30BD-45DD-9B9D-34ABDC63544A}\MpKslea7fee3f.sys 2011-07-25 00:19 . 2011-07-25 00:19 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{698B0732-30BD-45DD-9B9D-34ABDC63544A}\MpKsl84ad62d5.sys 2011-07-25 00:18 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{698B0732-30BD-45DD-9B9D-34ABDC63544A}\mpengine.dll 2011-07-24 22:55 . 2011-07-24 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2011-07-24 22:54 . 2011-07-24 22:54 -------- d-----w- c:\program files\Common Files\Apple 2011-07-24 22:54 . 2011-07-24 22:54 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple 2011-07-24 22:54 . 2011-07-24 22:54 -------- d-----w- c:\program files\Apple Software Update 2011-07-24 22:54 . 2011-07-24 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2011-07-24 22:54 . 2011-07-24 22:54 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple Computer 2011-07-19 23:56 . 2011-07-19 23:56 -------- d-----w- c:\program files\Microsoft XNA 2011-07-19 01:37 . 2011-07-19 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2011-07-17 23:09 . 2011-07-17 23:09 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com 2011-07-17 23:09 . 2011-07-17 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-07-17 23:01 . 2011-07-06 16:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-17 23:01 . 2011-07-17 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-07-17 23:01 . 2011-07-06 16:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\documents and settings\user\Application Data\QuickScan 2011-07-16 19:07 . 2011-07-16 19:07 388096 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-16 19:05 . 2011-07-16 19:05 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-07-16 18:50 . 2011-07-20 17:33 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\LogMeIn Hamachi 2011-07-16 18:50 . 2011-07-25 08:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi 2011-07-16 18:50 . 2011-07-16 18:50 -------- d-----w- c:\program files\LogMeIn Hamachi 2011-07-08 02:41 . 2011-07-08 23:43 -------- d-----w- c:\documents and settings\user\Application Data\.minecraft 2011-07-03 17:56 . 2011-07-03 17:56 -------- d-----w- c:\documents and settings\user\Application Data\Ace 2011-07-02 05:45 . 2011-07-02 05:45 -------- d-----w- c:\windows\Downloaded Installations 2011-06-29 17:59 . 2011-06-29 17:59 -------- d-----w- c:\documents and settings\user\Application Data\Nokia Multimedia Player 2011-06-29 17:57 . 2011-06-29 17:58 -------- d-----w- c:\documents and settings\user\Application Data\GetRightToGo 2011-06-29 17:50 . 2011-06-29 17:50 -------- d-----w- c:\program files\Common Files\PCSuite 2011-06-29 17:50 . 2011-06-29 17:50 -------- d-----w- c:\program files\Common Files\Nokia . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-13 03:39 . 2010-10-15 05:38 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-06-24 17:50 . 2011-06-24 17:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-28 04:36 . 2011-05-28 04:38 6904040 ----a-w- c:\windows\system32\SpoonUninstall.exe 2011-05-16 18:04 . 2011-05-16 18:04 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-16 18:04 . 2011-05-16 18:04 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-12 18:26 . 2011-05-12 18:26 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2011-06-24 03:38 . 2011-05-08 21:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-07-20_12.55.28 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-25 08:22 . 2011-07-25 08:22 16384 c:\windows\temp\Perflib_Perfdata_634.dat + 2011-07-25 08:22 . 2011-07-25 08:22 16384 c:\windows\temp\Perflib_Perfdata_528.dat + 2011-07-24 22:54 . 2011-07-24 22:54 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe + 2011-07-24 22:55 . 2011-07-24 22:55 811008 c:\windows\Installer\1adcc143.msi - 2011-07-17 13:08 . 2011-07-17 13:08 371272 c:\windows\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe + 2011-07-21 07:29 . 2011-07-21 07:29 371272 c:\windows\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe + 2009-04-14 17:15 . 2008-04-14 02:42 1614848 c:\windows\system32\sfcfiles.dll - 2009-04-14 17:15 . 2009-04-14 17:15 1614848 c:\windows\system32\sfcfiles.dll + 2011-07-24 22:55 . 2011-07-24 22:55 9472000 c:\windows\Installer\1adcc147.msi + 2011-07-24 22:54 . 2011-07-24 22:54 1549312 c:\windows\Installer\1adcc13d.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "UnlockerAssistant"="d:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "_nltide_3"="advpack.dll" [2010-09-09 124928] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ LOLRecorder.lnk - d:\program files\LOLReplay\LOLRecorder.exe [2011-6-3 204800] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-12 17:22 136176 ----atw- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui] 2011-05-25 14:29 1951112 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-06-15 12:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "d:\\Riot Games\\League of Legends\\lol.launcher.exe"= "d:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo12\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo14\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\one more gb pt\\bojidar03-wizz\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\wizz1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\wizz3\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\war2\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\war\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\bard\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\party\\cleric\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\botev\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Wizzard2\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Cleric\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Warrior\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Wizzard3\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Wizzard1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Bard1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Bard2\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\gbots\\Ongi\\Warlock\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\slavena\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\mendeleev_1\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo\\mBot_rSRO.exe"= "c:\\Documents and Settings\\user\\Desktop\\all linked with rsro\\SROOOOOOO\\bojo11\\mBot_rSRO.exe"= "d:\\Program Files\\Counter-Strike\\hl.exe"= "d:\\Program Files\\Terraria\\Terraria.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56885:TCP"= 56885:TCP:Pando Media Booster "56885:UDP"= 56885:UDP:Pando Media Booster "8396:TCP"= 8396:TCP:League of Legends Launcher "8396:UDP"= 8396:UDP:League of Legends Launcher "6897:TCP"= 6897:TCP:League of Legends Launcher "6897:UDP"= 6897:UDP:League of Legends Launcher "1:TCP"= 1:TCP:BitComet 1 TCP "1:UDP"= 1:UDP:BitComet 1 UDP "6977:TCP"= 6977:TCP:League of Legends Launcher "6977:UDP"= 6977:UDP:League of Legends Launcher "6994:TCP"= 6994:TCP:League of Legends Launcher "6994:UDP"= 6994:UDP:League of Legends Launcher "8397:TCP"= 8397:TCP:League of Legends Launcher "8397:UDP"= 8397:UDP:League of Legends Launcher "6909:TCP"= 6909:TCP:League of Legends Launcher "6909:UDP"= 6909:UDP:League of Legends Launcher "6924:TCP"= 6924:TCP:League of Legends Launcher "6924:UDP"= 6924:UDP:League of Legends Launcher "6891:TCP"= 6891:TCP:League of Legends Launcher "6891:UDP"= 6891:UDP:League of Legends Launcher "6967:TCP"= 6967:TCP:League of Legends Launcher "6967:UDP"= 6967:UDP:League of Legends Launcher "6969:TCP"= 6969:TCP:League of Legends Launcher "6969:UDP"= 6969:UDP:League of Legends Launcher "8398:TCP"= 8398:TCP:League of Legends Launcher "8398:UDP"= 8398:UDP:League of Legends Launcher "8393:TCP"= 8393:TCP:League of Legends Lobby "8393:UDP"= 8393:UDP:League of Legends Lobby "8390:TCP"= 8390:TCP:League of Legends Game Client "8390:UDP"= 8390:UDP:League of Legends Game Client . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.10.2010 і. 21:02 717296] R1 MpKsl84ad62d5;MpKsl84ad62d5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{698B0732-30BD-45DD-9B9D-34ABDC63544A}\MpKsl84ad62d5.sys [25.7.2011 і. 03:19 28752] R1 MpKsl9b43981f;MpKsl9b43981f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{698B0732-30BD-45DD-9B9D-34ABDC63544A}\MpKsl9b43981f.sys [25.7.2011 і. 11:22 28752] R1 MpKslea7fee3f;MpKslea7fee3f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{698B0732-30BD-45DD-9B9D-34ABDC63544A}\MpKslea7fee3f.sys [25.7.2011 і. 11:02 28752] R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 і. 21:25 12872] R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 і. 21:41 67656] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [25.5.2011 і. 17:29 1336712] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [12.10.2010 і. 23:30 101904] S1 MpKsl345c7aba;MpKsl345c7aba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{698B0732-30BD-45DD-9B9D-34ABDC63544A}\MpKsl345c7aba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{698B0732-30BD-45DD-9B9D-34ABDC63544A}\MpKsl345c7aba.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 і. 13:16 130384] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.10.2010 і. 20:38 1691480] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\LOCALS~1\Temp\XPF444.tmp --> c:\docume~1\user\LOCALS~1\Temp\XPF444.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\d:\program files\Garena\safedrv.sys --> d:\program files\Garena\safedrv.sys [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 і. 13:16 753504] S4 TunngleService;TunngleService;d:\program files\Tunngle\TnglCtrl.exe --> d:\program files\Tunngle\TnglCtrl.exe [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL9B43981F . Contents of the 'Scheduled Tasks' folder . 2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1647877149-1801674531-1003Core.job - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-12 17:22] . 2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1647877149-1801674531-1003UA.job - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-12 17:22] . 2011-07-25 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.bg/ IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 217.18.242.74 217.18.242.146 TCP: Interfaces\{3FD69C30-DA83-442B-9EFB-8E7AC723A323}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\q2gh4tdy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q= FF - prefs.js: browser.startup.homepage - hxxp://bg.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:bg:official FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q= FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-25 11:22 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\user\LOCALS~1\Temp\XPF444.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-583907252-1647877149-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{44189A32-547F-6733-9024-64A6AB38EF12}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(464) d:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . - - - - - - - > 'explorer.exe'(2800) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\windows\system32\Ati2evxx.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\RTHDCPL.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Completion time: 2011-07-25 11:26:47 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-25 08:26 ComboFix2.txt 2011-07-23 00:10 ComboFix3.txt 2011-07-20 12:56 . Pre-Run: 1 886 400 512 bytes free Post-Run: 1 804 734 464 bytes free . - - End Of File - - 8F5C9553C440D67AAF2A0DDAA1C956DE

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Деинсталирайте Combofix: Start -> Run -> въведете с Copy/ Paste следния текст, маркиран в синьо:

    Combofix /Uninstall

    Натиснете Enter.

    Може да изтриете останалите инструменти, които използвахме в темата: DDS, aswMBR, SystemLook, както и логовете им.

    Има ли някакво подобрение, следа като почистихме?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Еми натоварих го пак с 3 игри, мозила, хром и ИЕ и пак не може да се цъка десен бутон, нито да се пусне нищо. Иначе процесора не е на 100%...Ако не ги пускам иначе си е ок де... ЕДИТ - Забравих да кажа, че вчера при ЛоЛ, браузър и скайп не можеше да се цъкне, така че май има подобрение :cheers:

    Редактирано от Jmork (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Този Windows е самоделка, кастрен е с nlite, справка:

    dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32

    dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

    Може да пооправим малко нещата без преинсталация, като инсталираме наново Service Pack 3. Ето как:

    1. Изтеглете следния файл: Windows XP Service Pack 3 Network Installation Package и го запазете на десктопа.

    2. Временно спрете антивирусната програма и Интернет.

    3. Стартирайте файла WindowsXP-KB936929-SP3-x86-ENU.exe и изчакайте да се инсталира. След това рестартирайте. Проверете дали има Интернет и дали антивирусът работи.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Май вече е ок :) 67 процеса, процесорът показва, че не се използва на макс и пак могат да се пускат програми и да се цъка десния бутон(и лагва много естествено де ;D). Благодаря за помощта, и ако мислите, че има друго какво да се прави казвайте ;)

    Редактирано от Jmork (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Повече няма какво да се прави. След като няма оплаквания от WIndows, маркирам проблема като решен. Приятен ден и успех!

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Хммм...За жалост пак нещо му става :\ В момента съм с 63 процеса и пак не може да се цъка, нито да се отваря нещо. И доло на таскбара са 9 неща отворени, махам едно и пак мога да пусна нещо. Процесът не е на 100%.. И Ц-то пак ми стана 2-3 мб и пак се оправи. :| ЕДИТ - Не че аз седя с толкова де, обаче ся и при 4 ми е така. И искам да попитам виртуалната памет колко трябва да я настроя като съм с 2гб рам. Смисъл Initial size и Maximum.

    Редактирано от Jmork (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.