Премини към съдържанието
h1per

Имам проблем с вируси [РЕШЕН]

    Препоръчан отговор


    Това лога от DDS

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 25.8.2010 г. 01:53:49
    System Uptime: 20.7.2011 г. 12:30:34 (0 hours ago)
    .
    Motherboard:          |  | 775V88+
    Processor:                 Intel(R) Celeron(R) CPU 2.80GHz | CPUSocket | 2683/133mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 49 GiB total, 40,456 GiB free.
    D: is FIXED (NTFS) - 105 GiB total, 52,985 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: RAID Controller
    Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_31491849&REV_80\3&267A616A&0&78
    Manufacturer: 
    Name: RAID Controller
    PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_31491849&REV_80\3&267A616A&0&78
    Service: 
    .
    ==== System Restore Points ===================
    .
    RP275: 20.7.2011 г. 01:16:26 - System Checkpoint
    RP276: 20.7.2011 г. 03:01:58 - Installed ESET NOD32 Antivirus
    RP277: 20.7.2011 г. 11:55:19 - Removed GOM Player + Ask Toolbar.
    .
    ==== Installed Programs ======================
    .
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    AMD APP SDK Runtime
    ATI Catalyst Install Manager
    ATI Control Panel
    ATI Display Driver
    BS.Player FREE
    BS_Player Toolbar
    C-Media 3D Audio
    CS 1.6
    ESET NOD32 Antivirus
    FlexType 2K
    Garena 2010
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB981793)
    KoralSoft - EuroDictXP
    Microsoft Office Access MUI (Bulgarian) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (Bulgarian) 2007
    Microsoft Office Groove MUI (Bulgarian) 2007
    Microsoft Office InfoPath MUI (Bulgarian) 2007
    Microsoft Office OneNote MUI (Bulgarian) 2007
    Microsoft Office Outlook MUI (Bulgarian) 2007
    Microsoft Office PowerPoint MUI (Bulgarian) 2007
    Microsoft Office Proof (Bulgarian) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Russian) 2007
    Microsoft Office Proofing (Bulgarian) 2007
    Microsoft Office Publisher MUI (Bulgarian) 2007
    Microsoft Office Shared MUI (Bulgarian) 2007
    Microsoft Office Word MUI (Bulgarian) 2007
    Microsoft Software Update for Web Folders  (Bulgarian) 12
    Microsoft Visual C++ 2005 Redistributable
    mIRC
    Mozilla Firefox 4.0 (x86 bg)
    Nero 6 Ultra Edition
    PokerStars
    RocketDock 1.3.5
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skype™ 4.2
    StarCraft II
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982664)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB971737)
    USB2.0 PC Camera (SN9C201&202)
    WebFldrs XP
    Winamp
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    World of Warcraft
    ррхёІ°тѕр WinRAR
    µTorrent
    .
    ==== Event Viewer Messages From Past Week ========
    .
    20.7.2011 і. 03:16:02, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service to connect.
    20.7.2011 і. 03:16:02, error: Service Control Manager [7000]  - The Eset Nod32 Boot service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    20.7.2011 і. 03:16:01, error: Service Control Manager [7000]  - The Eset Service service failed to start due to the following error:  The system cannot find the path specified.
    20.7.2011 і. 03:14:39, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    20.7.2011 і. 03:14:10, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    20.7.2011 і. 03:14:07, error: sptd [4]  - Driver detected an internal error in its data structures for .
    20.7.2011 і. 03:06:31, error: Service Control Manager [7000]  - The Eset Service service failed to start due to the following error:  The system cannot find the path specified.
    20.7.2011 і. 03:05:09, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    20.7.2011 і. 03:04:42, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    20.7.2011 і. 03:04:40, error: sptd [4]  - Driver detected an internal error in its data structures for .
    20.7.2011 і. 02:47:12, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    20.7.2011 і. 02:40:31, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    20.7.2011 і. 02:40:05, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    20.7.2011 і. 02:39:48, error: sptd [4]  - Driver detected an internal error in its data structures for .
    20.7.2011 і. 02:17:33, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    20.7.2011 і. 02:17:24, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    20.7.2011 і. 02:17:21, error: sptd [4]  - Driver detected an internal error in its data structures for .
    20.7.2011 і. 02:13:39, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    20.7.2011 і. 02:13:39, error: SideBySide [59]  - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. .
    20.7.2011 і. 02:13:39, error: SideBySide [32]  - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    20.7.2011 і. 02:10:55, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    20.7.2011 і. 02:10:55, error: SideBySide [59]  - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. .
    20.7.2011 і. 02:10:55, error: SideBySide [32]  - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    20.7.2011 і. 02:08:29, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    20.7.2011 і. 02:08:29, error: SideBySide [59]  - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. .
    20.7.2011 і. 02:08:29, error: SideBySide [32]  - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    20.7.2011 і. 02:06:06, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    20.7.2011 і. 02:06:06, error: SideBySide [59]  - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. .
    20.7.2011 і. 02:06:06, error: SideBySide [32]  - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    20.7.2011 і. 02:03:59, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    20.7.2011 і. 02:03:59, error: SideBySide [59]  - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. .
    20.7.2011 і. 02:03:59, error: SideBySide [32]  - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    20.7.2011 і. 02:01:47, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    20.7.2011 і. 02:01:47, error: SideBySide [59]  - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. .
    20.7.2011 і. 02:01:47, error: SideBySide [32]  - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    20.7.2011 і. 01:59:35, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    20.7.2011 і. 01:59:35, error: SideBySide [59]  - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. .
    20.7.2011 і. 01:59:35, error: SideBySide [32]  - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    20.7.2011 і. 01:57:20, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    20.7.2011 і. 01:57:20, error: SideBySide [59]  - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. .
    20.7.2011 і. 01:57:20, error: SideBySide [32]  - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    20.7.2011 і. 01:55:03, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    20.7.2011 і. 01:55:03, error: SideBySide [59]  - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. .
    20.7.2011 і. 01:55:03, error: SideBySide [32]  - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    20.7.2011 і. 01:52:47, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    20.7.2011 і. 01:52:47, error: SideBySide [59]  - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. .
    20.7.2011 і. 01:52:47, error: SideBySide [32]  - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    20.7.2011 і. 01:50:30, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    20.7.2011 і. 01:50:30, error: SideBySide [59]  - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. .
    20.7.2011 і. 01:50:30, error: SideBySide [32]  - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    20.7.2011 і. 01:48:15, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    20.7.2011 і. 01:48:15, error: SideBySide [59]  - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. .
    20.7.2011 і. 01:48:15, error: SideBySide [32]  - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    20.7.2011 і. 01:45:53, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    20.7.2011 і. 01:45:53, error: SideBySide [59]  - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. .
    20.7.2011 і. 01:45:53, error: SideBySide [32]  - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    20.7.2011 і. 01:26:00, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    20.7.2011 і. 01:26:00, error: atapi [5]  - A parity error was detected on \Device\Ide\IdePort0.
    20.7.2011 і. 01:21:27, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    20.7.2011 і. 01:20:33, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    20.7.2011 і. 01:20:33, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    20.7.2011 і. 01:16:26, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    20.7.2011 і. 01:15:56, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    20.7.2011 і. 00:58:46, error: Service Control Manager [7034]  - The srvsysdriver32 service terminated unexpectedly.  It has done this 1 time(s).
    18.7.2011 і. 03:32:34, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    18.7.2011 і. 03:32:34, error: atapi [5]  - A parity error was detected on \Device\Ide\IdePort0.
    18.7.2011 і. 03:14:35, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    18.7.2011 і. 01:58:55, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    18.7.2011 і. 00:49:42, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    18.7.2011 і. 00:49:37, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    17.7.2011 і. 21:52:12, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    16.7.2011 і. 19:54:05, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    16.7.2011 і. 19:54:05, error: atapi [5]  - A parity error was detected on \Device\Ide\IdePort0.
    16.7.2011 і. 19:54:01, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    16.7.2011 і. 19:50:07, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    16.7.2011 і. 19:47:30, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    16.7.2011 і. 19:47:28, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    16.7.2011 і. 16:01:19, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    15.7.2011 і. 22:38:34, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    15.7.2011 і. 22:38:34, error: atapi [5]  - A parity error was detected on \Device\Ide\IdePort0.
    15.7.2011 і. 22:37:40, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    15.7.2011 і. 22:34:36, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    15.7.2011 і. 22:33:16, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    15.7.2011 і. 21:37:12, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    15.7.2011 і. 14:59:28, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    13.7.2011 і. 22:25:33, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    13.7.2011 і. 22:25:33, error: atapi [5]  - A parity error was detected on \Device\Ide\IdePort0.
    13.7.2011 і. 22:06:05, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    13.7.2011 і. 21:18:44, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    13.7.2011 і. 20:25:28, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    13.7.2011 і. 18:58:40, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    13.7.2011 і. 18:58:31, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    13.7.2011 і. 01:47:51, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    13.7.2011 і. 01:47:51, error: atapi [5]  - A parity error was detected on \Device\Ide\IdePort0.
    13.7.2011 і. 01:47:42, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    13.7.2011 і. 01:30:14, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
    .
    ==== End Of File ===========================
    

    .
    DDS (Ver_11-05-19.01) - NTFSx86 
    Internet Explorer: 8.0.6001.18702
    Run by Vasil at 12:43:26 on 2011-07-20
    Microsoft Windows XP Professional  5.1.2600.3.1251.359.1033.18.1535.1043 [GMT 3:00]
    .
    AV: ESET NOD32 Antivirus 3.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\FixCamera.exe
    "C:\WINDOWS\update.tray-9-0\svchost.exe" 
    "C:\WINDOWS\update.tray-2-0\svchost.exe" 
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Datecs\FlexType 2K\FType2K.exe
    svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\update.5.0\svchost.exe srv
    C:\WINDOWS\update.2\svchost.exe srv
    "C:\WINDOWS\update.5.0\svchost.exe" stand
    C:\WINDOWS\sysdriver32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\update.1\svchost.exe srv
    "C:\WINDOWS\update.2\svchost.exe" stand
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\Vasil\Desktop\dds.scr
    C:\WINDOWS\system32\WSCRIPT.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
    uURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\prxtbBS_0.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\prxtbBS_0.dll
    TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\prxtbBS_0.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [FixCamera] c:\windows\FixCamera.exe
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [wxpdrv] c:\windows\services32.exe
    mRun: [tray_ico] 
    mRun: [tray_ico0] c:\windows\update.tray-9-0\svchost.exe
    mRun: [tray_ico1] c:\windows\update.tray-2-0\svchost.exe
    mRun: [tray_ico2] 
    mRun: [tray_ico3] 
    mRun: [tray_ico4] 
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flexty~1.lnk - c:\program files\datecs\flextype 2k\FType2K.exe
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\vasil\application data\mozilla\firefox\profiles\tjh06hjj.default\
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
    R2 srvbtcclient;srvbtcclient;c:\windows\update.5.0\svchost.exe srv --> c:\windows\update.5.0\svchost.exe srv [?]
    R2 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?]
    R2 srvsysdriver32;srvsysdriver32;c:\windows\sysdriver32.exe srv --> c:\windows\sysdriver32.exe srv [?]
    R2 wxpdrivers;wxpdrivers;c:\windows\update.1\svchost.exe srv --> c:\windows\update.1\svchost.exe srv [?]
    S2 ekrn;Eset Service;"c:\program files\eset\eset nod32 antivirus\ekrn.exe" --> c:\program files\eset\eset nod32 antivirus\ekrn.exe [?]
    S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2008-4-14 3584]
    S2 ScanQuery Service;ScanQuery Service;"c:\documents and settings\all users\application data\scanquery\scanquery131.exe" "c:\program files\scanquery\scanquery.dll" izinogixi kidekiweh --> c:\documents and settings\all users\application data\scanquery\scanquery131.exe [?]
    S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\vasil\locals~1\temp\dsxa7.tmp --> c:\docume~1\vasil\locals~1\temp\DSXA7.tmp [?]
    S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]
    S3 McComponentHostService;McComponentHostService; [x]
    .
    =============== Created Last 30 ================
    .
    2011-07-20 00:08:54	5702	---ha-w-	c:\windows\nod32restoretemdono.reg
    2011-07-20 00:08:54	568	---ha-w-	c:\windows\nod32fixtemdono.reg
    2011-07-20 00:04:52	--------	d--h--w-	c:\windows\update.tray-2-0-lnk
    2011-07-20 00:04:52	--------	d--h--w-	c:\windows\update.tray-2-0
    2011-07-19 23:41:34	--------	d-----w-	c:\windows\av_ico
    2011-07-19 23:17:30	--------	d--h--w-	c:\windows\update.tray-9-0-lnk
    2011-07-19 23:17:30	--------	d--h--w-	c:\windows\update.tray-9-0
    2011-07-19 23:15:20	--------	d-----w-	c:\documents and settings\vasil\local settings\application data\Solid State Networks
    2011-07-19 22:55:49	--------	d-----w-	c:\documents and settings\vasil\local settings\application data\ConduitEngine
    2011-07-19 22:55:48	0	----a-w-	c:\windows\system32\ConduitEngine.tmp
    2011-07-19 22:31:57	--------	d-----w-	c:\program files\ATI
    2011-07-19 22:21:19	--------	d-----w-	C:\ATI
    2011-07-19 22:16:07	110592	----a-w-	c:\windows\l1rezerv.exe
    2011-07-19 22:16:04	114176	----a-w-	c:\windows\systemup.exe
    2011-07-19 22:00:13	--------	d-----w-	c:\windows\ufa
    2011-07-19 22:00:13	--------	d-----w-	c:\windows\rpcminer
    2011-07-19 22:00:13	--------	d-----w-	c:\windows\phoenix
    2011-07-19 22:00:12	246272	----a-w-	c:\windows\unrar.exe
    2011-07-19 21:59:41	--------	d--h--w-	c:\windows\update.2
    2011-07-19 21:59:22	--------	d--h--w-	c:\windows\update.5.0
    2011-07-19 21:59:13	1147392	----a-w-	c:\windows\services32.exe
    2011-07-19 21:58:51	232960	----a-w-	c:\windows\sysdriver32_.exe
    2011-07-19 21:58:32	232960	----a-w-	c:\windows\sysdriver32.exe
    2011-07-19 21:57:57	--------	d--h--w-	c:\windows\update.1
    2011-07-18 00:15:42	--------	d-----w-	c:\documents and settings\vasil\application data\Acreon
    2011-07-18 00:15:40	--------	d-----w-	c:\documents and settings\vasil\local settings\application data\._Revolution_
    2011-07-12 17:42:00	--------	d-----w-	c:\windows\pss
    2011-07-12 16:53:22	--------	d-----w-	c:\windows\XSxS
    2011-07-12 16:53:22	--------	d-----w-	c:\program files\Xenocode
    .
    ==================== Find3M  ====================
    .
    2011-05-24 20:44:26	59904	----a-w-	c:\windows\system32\OVDecode.dll
    2011-05-24 20:44:10	51712	----a-w-	c:\windows\system32\OpenCL.dll
    2011-05-24 20:43:50	12798976	----a-w-	c:\windows\system32\amdocl.dll
    .
    ============= FINISH: 12:43:53,59 ===============
    

    mbam-log-2011-07-20 (13-06-23).txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

    1. Изтеглете ComboFix от BleepingComputer

    и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:

    Публикувано изображение

    След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:

    Публикувано изображение

    2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива. За целта може да прегледате информацията от този линк: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs.

    3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.

    4. ComboFix ще провери дали Windows Recovery Console e инсталиранa.

    *Ако Windows Recovery Console е инсталирана, ComboFix ще продължи работата си.

    *Ако Windows Recovery Console не е инсталирана, ще е необходимо да използвате YES за инсталация на Windows Recovery Console Публикувано изображение

    Забележка: Необходимо е да сте свързани към Интернет за да може Windows Recovery Console да се изтегли.

    След инсталация на Windows Recovery Console потвърдете с YES, за да продължите напред. Снимка:

    Публикувано изображение

    5. ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на Combofix, моля да прочетете това: Manually restoring the Internet connection section.

    Забележка: При проблеми с ComboFix копирайте с (Copy) и поставете с (Paste) съдържанието на C:\BUG.txt в следващия си коментар.

    6. Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:

    Публикувано изображение

    Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

    • Харесва ми 3

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ComboFix 11-07-20.02 - Vasil 07.2011 г. 14:31:21.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.1535.1167 [GMT 3:00] Running from: c:\documents and settings\Vasil\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Vasil\Application Data\Microsoft\Internet Explorer\Desktop.htt c:\documents and settings\Vasil\WINDOWS c:\windows\btc_client_iplist.txt c:\windows\ddh_iplist.txt c:\windows\front_ip_list.txt c:\windows\iecheck_iplist.txt c:\windows\info1 c:\windows\iplist.txt c:\windows\loader2.exe_ok c:\windows\phoenix.rar c:\windows\rpcminer.rar c:\windows\system32\drivers\etc\HSTS~1 c:\windows\system32\drivers\etc\hѕsts c:\windows\ufa.rar c:\windows\update.1 c:\windows\update.2 c:\windows\update.5.0 c:\windows\winlog-dirs.txt c:\windows\winlog-ids.txt c:\windows\XSxS . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SRVIECHECK -------\Legacy_WXPDRIVERS . . ((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 ))))))))))))))))))))))))))))))) . . 2011-07-20 11:09 . 2011-07-20 11:09 -------- d-----w- c:\program files\CCleaner 2011-07-20 10:47 . 2011-07-20 10:47 -------- d-----w- c:\documents and settings\Vasil\Application Data\go 2011-07-20 10:40 . 2011-07-20 11:03 -------- d-----w- c:\program files\MSECACHE 2011-07-20 09:49 . 2011-07-20 09:49 -------- d-----w- c:\documents and settings\Vasil\Application Data\Malwarebytes 2011-07-20 09:49 . 2011-07-06 16:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-20 09:49 . 2011-07-20 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-07-20 09:49 . 2011-07-20 09:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-20 09:49 . 2011-07-06 16:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-20 00:08 . 2008-03-03 15:21 568 ---ha-w- c:\windows\nod32fixtemdono.reg 2011-07-20 00:08 . 2008-03-03 11:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg 2011-07-20 00:04 . 2011-07-20 10:06 -------- d--h--w- c:\windows\update.tray-2-0 2011-07-20 00:04 . 2011-07-20 10:06 -------- d--h--w- c:\windows\update.tray-2-0-lnk 2011-07-19 23:41 . 2011-07-20 00:06 -------- d-----w- c:\windows\av_ico 2011-07-19 23:17 . 2011-07-20 10:06 -------- d--h--w- c:\windows\update.tray-9-0 2011-07-19 23:17 . 2011-07-20 10:06 -------- d--h--w- c:\windows\update.tray-9-0-lnk 2011-07-19 23:15 . 2011-07-19 23:15 -------- d-----w- c:\documents and settings\Vasil\Local Settings\Application Data\Solid State Networks 2011-07-19 23:02 . 2011-07-19 23:02 -------- d-----w- c:\documents and settings\Vasil\Local Settings\Application Data\Mozilla 2011-07-19 22:55 . 2011-07-19 22:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-07-19 22:31 . 2011-07-19 22:31 -------- d-----w- c:\program files\ATI 2011-07-19 22:21 . 2011-07-19 22:21 -------- d-----w- C:\ATI 2011-07-19 22:00 . 2011-07-19 22:00 -------- d-----w- c:\windows\phoenix 2011-07-19 22:00 . 2011-07-19 22:00 -------- d-----w- c:\windows\ufa 2011-07-19 22:00 . 2011-07-19 22:15 246272 ----a-w- c:\windows\unrar.exe 2011-07-18 00:15 . 2011-07-18 00:15 -------- d-----w- c:\documents and settings\Vasil\Local Settings\Application Data\._Revolution_ 2011-07-12 16:53 . 2011-07-12 16:53 -------- d-----w- c:\program files\Xenocode . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-24 20:44 . 2011-05-24 20:44 59904 ----a-w- c:\windows\system32\OVDecode.dll 2011-05-24 20:44 . 2011-05-24 20:44 51712 ----a-w- c:\windows\system32\OpenCL.dll 2011-05-24 20:43 . 2011-05-24 20:43 12798976 ----a-w- c:\windows\system32\amdocl.dll 2011-07-08 07:27 . 2011-07-20 11:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-07 26211624] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2010-10-14 95232] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "d:\\H1peR\\GJ\\mirc.exe"= "c:\\Program Files\\Garena\\Garena.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.9.2010 і. 12:15 691696] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20.2.2008 і. 11:11 33800] S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [14.4.2008 і. 12:00 3584] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Vasil\LOCALS~1\Temp\DSXA7.tmp --> c:\docume~1\Vasil\LOCALS~1\Temp\DSXA7.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?] S3 McComponentHostService;McComponentHostService; [x] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.bg/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Vasil\Application Data\Mozilla\Firefox\Profiles\8lb6pugm.default\ FF - prefs.js: browser.startup.homepage - google.bg . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-20 14:36 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\Vasil\LOCALS~1\Temp\DSXA7.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(1284) c:\windows\system32\WININET.dll c:\windows\system32\newdll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\program files\Microsoft Office\Office12\1026\GrooveIntlResource.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\wscntfy.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2011-07-20 14:38:26 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-20 11:38 . Pre-Run: 43 336 540 160 bytes free Post-Run: 43 233 628 160 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect . - - End Of File - - FC77DBA555891E6CFCA07ECEE3E8AD3F

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Деинсталирайте от Control Panel => ADD or Remove Programs => следните програми:

    ESET NOD32 Antivirus 3.0

    NOD32FiXTemDono

    След това:

    *. Отворете notepad.exe и с copy/paste въведете следната информация:

    KILLALL::
    Driver::
    epfwtdir
    NOD32FiXTemDono
    McComponentHostService
    File::
    c:\windows\nod32fixtemdono.reg
    c:\windows\nod32restoretemdono.reg
    c:\windows\system32\ConduitEngine.tmp
    c:\windows\system32\drivers\epfwtdir.sys
    Folder::
    c:\windows\update.tray-2-0
    c:\windows\update.tray-2-0-lnk
    c:\windows\av_ico
    c:\windows\update.tray-9-0
    c:\windows\update.tray-9-0-lnk
    c:\windows\ufa
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000000
    "FirewallOverride"=dword:00000000
    "DisableThumbnailCache"=dword:00000000
    

    Запазете файла с име CFScript и го провлачете и пуснете в Combofix (както е показано на картинката отдолу).

    Публикувано изображение

    *. По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !

    *. Когато Combofix приключи ще създаде лог файла. Моля, публикувайте този файл в следващия си пост.

    • Харесва ми 4

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ComboFix 11-07-20.02 - Vasil 07.2011 г. 15:10:52.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.1535.1185 [GMT 3:00] Running from: c:\documents and settings\Vasil\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Vasil\Desktop\CFScript.txt . FILE :: "c:\windows\nod32fixtemdono.reg" "c:\windows\nod32restoretemdono.reg" "c:\windows\system32\ConduitEngine.tmp" "c:\windows\system32\drivers\epfwtdir.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\av_ico c:\windows\av_ico\ico_mcafee_start.ico c:\windows\av_ico\ico_NOD_AV_START.ico c:\windows\av_ico\ico_NOD_SYSINSP.ico c:\windows\av_ico\ico_NOD_SYSRESC.ico c:\windows\av_ico\ico_NOD_TXT.ico c:\windows\av_ico\ico_NOD_UNINSTALL.ico c:\windows\nod32fixtemdono.reg c:\windows\nod32restoretemdono.reg c:\windows\system32\ConduitEngine.tmp c:\windows\system32\drivers\epfwtdir.sys c:\windows\ufa c:\windows\ufa\ufa.exe c:\windows\update.tray-2-0-lnk c:\windows\update.tray-2-0 c:\windows\update.tray-9-0-lnk c:\windows\update.tray-9-0 . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_EPFWTDIR -------\Legacy_MCCOMPONENTHOSTSERVICE -------\Service_epfwtdir -------\Service_McComponentHostService -------\Service_NOD32FiXTemDono . . ((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 ))))))))))))))))))))))))))))))) . . 2011-07-20 11:14 . 2011-07-20 11:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-20 11:09 . 2011-07-20 11:09 -------- d-----w- c:\program files\CCleaner 2011-07-20 10:47 . 2011-07-20 10:47 -------- d-----w- c:\documents and settings\Vasil\Application Data\go 2011-07-20 10:40 . 2011-07-20 11:03 -------- d-----w- c:\program files\MSECACHE 2011-07-20 09:49 . 2011-07-20 09:49 -------- d-----w- c:\documents and settings\Vasil\Application Data\Malwarebytes 2011-07-20 09:49 . 2011-07-06 16:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-20 09:49 . 2011-07-20 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-07-20 09:49 . 2011-07-20 09:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-20 09:49 . 2011-07-06 16:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-19 23:15 . 2011-07-19 23:15 -------- d-----w- c:\documents and settings\Vasil\Local Settings\Application Data\Solid State Networks 2011-07-19 23:02 . 2011-07-19 23:02 -------- d-----w- c:\documents and settings\Vasil\Local Settings\Application Data\Mozilla 2011-07-19 22:31 . 2011-07-19 22:31 -------- d-----w- c:\program files\ATI 2011-07-19 22:21 . 2011-07-19 22:21 -------- d-----w- C:\ATI 2011-07-19 22:00 . 2011-07-19 22:00 -------- d-----w- c:\windows\phoenix 2011-07-19 22:00 . 2011-07-19 22:15 246272 ----a-w- c:\windows\unrar.exe 2011-07-18 00:15 . 2011-07-18 00:15 -------- d-----w- c:\documents and settings\Vasil\Local Settings\Application Data\._Revolution_ 2011-07-12 16:53 . 2011-07-12 16:53 -------- d-----w- c:\program files\Xenocode . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-20 12:05 . 2010-10-14 16:27 8992 ----a-w- c:\windows\system32\KBDBPH.dLL 2011-05-24 20:44 . 2011-05-24 20:44 59904 ----a-w- c:\windows\system32\OVDecode.dll 2011-05-24 20:44 . 2011-05-24 20:44 51712 ----a-w- c:\windows\system32\OpenCL.dll 2011-05-24 20:43 . 2011-05-24 20:43 12798976 ----a-w- c:\windows\system32\amdocl.dll 2011-07-08 07:27 . 2011-07-20 11:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-07-20_11.36.01 ))))))))))))))))))))))))))))))))))))))))) . + 2010-08-25 01:36 . 2011-07-20 12:15 272576 c:\windows\system32\FNTCACHE.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-07 26211624] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "d:\\H1peR\\GJ\\mirc.exe"= "c:\\Program Files\\Garena\\Garena.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.9.2010 г. 12:15 691696] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Vasil\LOCALS~1\Temp\DSXA7.tmp --> c:\docume~1\Vasil\LOCALS~1\Temp\DSXA7.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.bg/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Vasil\Application Data\Mozilla\Firefox\Profiles\8lb6pugm.default\ FF - prefs.js: browser.startup.homepage - google.bg . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-20 15:16 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\Vasil\LOCALS~1\Temp\DSXA7.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(656) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(4068) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\wscntfy.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2011-07-20 15:18:05 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-20 12:18 ComboFix2.txt 2011-07-20 11:38 . Pre-Run: 43 217 969 152 bytes free Post-Run: 43 207 434 240 bytes free . - - End Of File - - D282E3FFBC32AA7B89AD9466739FEBA2


    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Да направим още малко проверки:

    СТЪПКА 1

    Моля, изтеглете aswMBR и го запазете на вашия десктоп.

    • Кликнете с двоен клин на мишката върху файла aswMBR.exe за да го стартирате.
    • Изберете Scan бутона, за да започне проверката.
    • Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му в следващия си коментар.

    СТЪПКА 2

    • Изтеглете OTL.exe и го запазете на десктопа.
    • Стартирайте файла Публикувано изображение с двукратен клик на мишката.
    • Сложете отметка пред Scan All Users Публикувано изображение
    • Под менюто File Age => изберете 90 days
    • Под менюто Standard Registry => променете на ALL
    • Сложете отметки пред LOP и Purity Check

    • Под Публикувано изображение с Copy/ Paste въведете следната текстова информация:
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\Application Data\*.*
    %USERPROFILE%\Local Settings\Application Data\*.*
    %AllUsersProfile%\*.*
    %AllUsersProfile%\Application Data\*.*
    %USERPROFILE%\My Documents\*.*
    %CommonProgramFiles%\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    /md5start
    hlp.dat
    winlogon.exe
    wininit.exe
    userinit.exe
    explorer.exe
    svchost.exe
    volsnap.sys
    /md5stop
    
    • Натиснете маркираният в синьо бутон: Публикувано изображение.
    • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt.
    • Публикувайте съдържанието на лог файловете в следващия си коментар.

    PS: Налага се да отивам на работа, ще продължим надвечер.

    Лек ден !

    • Харесва ми 3

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Мисля, че го поизчистихме. Останали са само остатъци от ESET. Да опитаме по почистим и тях преди да пристъпим към инсталирането на читава и безплатна антивирусна и финалните ми препоръки. Мернах че сте свалили и Avira от торент сайт. Изтрийте тази версия и занапред избягвайте да сваляте антивирусни програми от сайтове различни от официалните им такива.

    СТЪПКА 1

    Cтартирайте пак OTL и с Copy/ Paste под колонката Custom Scans/Fixes въведете скриптовия текст от текстовото поле по-долу, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта!

    :OTL
    DRV - [2008.02.20 11:02:22 | 000,029,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
    DRV - [2008.02.20 11:01:30 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -  File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -  File not found
    :commands
    [emptytemp]
    [reboot]
    
    След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Публикувано изображение

    Ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

    PS: Ако не се появи лог файл, отворете папката C:\_OTL\MovedFiles отворете лог файла и публикувайте съдържанието му в следващия си пост.

    СТЪПКА 2

    Направете една проверка с Kaspersky Virus Removal Tool 2011

    След като стартирате инструмента, отидете до Settings (Иконата, която прилича на звездичка) сложете отметка пред My Computer.

    Публикувано изображение

    От опциите за почистване изберете Disinfect => но не избирайте delete if disinfection fails.

    Публикувано изображение

    Върнете се до Automatic Scan и натиснете Start Scanning.

    Публикувано изображение

    Ако по време на сканирането ви попита за дадено действие изберете skip.

    След като приключи проверката изберете Report, Иконата която прилича на листче, => Detected Threats изберете SAVE и запазете документа на десктопа.

    Публикувано изображение

    Kопирайте съдържанието му в следващия си пост.

    Затворете инструмента - това ше до деинсталира автоматично.

    • Харесва ми 3

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Лога от ОТL

    All processes killed
    ========== OTL ==========
    Service easdrv stopped successfully!
    Service easdrv deleted successfully!
    C:\WINDOWS\system32\drivers\easdrv.sys moved successfully.
    Service eamon stopped successfully!
    Service eamon deleted successfully!
    C:\WINDOWS\system32\drivers\eamon.sys moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
    ========== COMMANDS ==========
     
    [EMPTYTEMP]
     
    User: All Users
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
     
    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
     
    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
     
    User: Vasil
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->FireFox cache emptied: 50851626 bytes
    ->Google Chrome cache emptied: 378058593 bytes
    ->Flash cache emptied: 99223 bytes
     
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2402044 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 505 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes
     
    Total Files Cleaned = 412,00 mb
     
     
    OTL by OldTimer - Version 3.2.26.1 log created on 07212011_142922
    
    Files\Folders moved on Reboot...
    
    Registry entries deleted on Reboot...
    

    Лога от Kaspersky

    Status: Absent   (events: 7)	
    21.7.2011 г. 19:40:13	Not found	Trojan program Packed.Win32.Krap.hc	C:\System Volume Information\_restore{95B23B1A-392F-4419-BAFC-E75C01A1F8FF}\RP277\A0193867.exe	High	
    21.7.2011 г. 19:40:13	Not found	Trojan program Packed.Win32.Krap.hc	C:\System Volume Information\_restore{95B23B1A-392F-4419-BAFC-E75C01A1F8FF}\RP277\A0193868.exe	High	
    21.7.2011 г. 19:40:13	Not found	Trojan program Packed.Win32.Krap.hc	C:\System Volume Information\_restore{95B23B1A-392F-4419-BAFC-E75C01A1F8FF}\RP277\A0193872.exe	High	
    21.7.2011 г. 19:40:13	Not found	Trojan program Packed.Win32.Krap.hc	C:\System Volume Information\_restore{95B23B1A-392F-4419-BAFC-E75C01A1F8FF}\RP277\A0193873.exe	High	
    21.7.2011 г. 19:40:13	Not found	Trojan program Packed.Win32.Krap.hc	C:\System Volume Information\_restore{95B23B1A-392F-4419-BAFC-E75C01A1F8FF}\RP277\A0193874.exe	High	
    21.7.2011 г. 19:40:13	Not found	Trojan program Packed.Win32.Krap.hc	C:\System Volume Information\_restore{95B23B1A-392F-4419-BAFC-E75C01A1F8FF}\RP277\A0193878.exe	High	
    21.7.2011 г. 19:40:13	Not found	Trojan program Packed.Win32.Krap.hc	C:\System Volume Information\_restore{95B23B1A-392F-4419-BAFC-E75C01A1F8FF}\RP277\A0193881.dll	High	
    Status: Quarantined   (events: 1)	
    21.7.2011 г. 15:51:26	Quarantined	unknown threat UDS:DangerousObject.Multi.Generic	C:\WINDOWS\PEV.exe	High	
    

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Как е сега положението ?

    Временно спрете System Restore:

    Десен бутон на My Computer => Properties => System Restore => Сложете отметка пред "Turn off system on all drives" => натиснете Apply

    Публикувано изображение

    После по-обратния път махнете отметката.

    1. Деинсталирайте Combofix => Start => Run => въведете Combofix /Uninstall => (има празно място между Combofix и /Uninstall) => Enter => това ще стартира и ще деинсталира Combofix. Ще затрие и файловете асоциирани с този инструмент, както и папката C:\Qoobox - карантината на Combofix.

    2. Стартирайте OTL още веднъж и натиснете бутона CleanUp.

    Публикувано изображение

    Ако бъдете подканени да рестартирате, се съгласете.

    Изтрийте всички инструменти и логове на инструментите които сме използвали (и не са се изтрили след изпълнените досега процедури).

    Вече можете да инсталирате безплатна антивирусна по-избор. Например avast! 6.0.1203 Final или Avira AntiVir Personal 10.0.0.650

    Съветвам ви да обновите Internet Explorer до версия 9 и Mozilla Firefox до версия 5.0.1

    Относно грешките в логовете:

    SideBySide => Инсталирайте следното приложение => Microsoft Visual C++ 2008 Redistributable Package (x86)

    Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.

    atapi [5] - A parity error was detected on \Device\Ide\IdePort0.

    Вижте тези теми:

    http://www.kaldata.com/forums/index.php?showtopic=180732
    http://www.kaldata.com/forums/index.php?showtopic=96057

    Успех и безопасно сърфиране ! :rolleyes:

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Само да спомена, че съм забравил да изтрия една папка и един файл...за да ги изтриете направете следното:

    Отворете notepad и копирайте следния текст вътре:

    @echo off
    if exist "%temp%\log.txt" del "%temp%\log.txt"
    
    for %%g in (
    
    "c:\windows\unrar.exe"
    
    ) do (
    del /a/f/q %%g >nul 2>&1
    if exist %%g echo.%%~g>>"%temp%\log.txt"
    )
    for %%g in (
    "c:\windows\phoenix"
    ) do (
    rd /s/q %%g >nul 2>&1
    if exist %%g echo.%%~g>>"%temp%\log.txt"
    )
    if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
    ) else echo.Deleted Successfully !!
    pause
    del %0
    

    Запазете файла с името delete.bat и го стартирайте.

    След като приключи, ще се изпише съобщението Deleted Successfully.

    Натиснете OK за да се затвори документа.

    Той автоматично ще се изтрие след това.

    Поздрави !

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.