Премини към съдържанието

    Препоръчан отговор


    Здравейте, вчера отворих линк за клип който ми пратиха по фейсбук чата и на страницата на линка пишеше да изтегля флаш плеър. Изтеглих го въпреки че имам :@ и осъзнах че имам вирус.Компютърът ми се забави много, вече не мога да вляза във фейсбук и антивирусната ми програма сякаш се блокира неиска да сканира и даже не се отваря. Моля за помощ :whist: Нямам диск на уиндоус DDS . DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22 Run by BOBCAT at 16:54:23 on 2011-07-21 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.3071.2363 [GMT 3:00] . AV: avast! antivirus 4.8.1368 [VPS 110720-0] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE "C:\WINDOWS\update.tray-9-0\svchost.exe" "C:\WINDOWS\update.tray-7-0\svchost.exe" C:\WINDOWS\l1rezerv.exe C:\WINDOWS\systemup.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\Datecs\Flex2K.exe svchost.exe C:\Program Files\BurnAware Pro Retail by minimaL\nmsaccessu.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\update.2\svchost.exe srv C:\WINDOWS\sysdriver32.exe C:\WINDOWS\update.1\svchost.exe srv "C:\WINDOWS\update.2\svchost.exe" stand C:\WINDOWS\System32\svchost.exe -k HTTPFilter "C:\WINDOWS\update.tray-7-0-lnk\svchost.exe" tray 7-0 1 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\MYFUNC~2\bar\2.bin\79medint.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\update.5.0\svchost.exe srv "C:\WINDOWS\update.5.0\svchost.exe" stand C:\Documents and Settings\BOBCAT\Desktop\dds.scr C:\WINDOWS\system32\WSCRIPT.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.bearshare.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=2&q={searchTerms} uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=2&q={searchTerms} uURLSearchHooks: H - No File uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\datamngr\toolbar\bsdtxmltbpi.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {7c5c0f58-e061-457d-9033-77307f5ed00c} - No File TB: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File TB: {51a86bb3-6602-4c85-92a5-130ee4864f13} - No File TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\datamngr\toolbar\bsdtxmltbpi.dll uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033 uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [MyFunCards] rundll32 c:\progra~1\myfunc~2\bar\2.bin\79bar.dll,S mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [DATAMNGR] c:\progra~1\bearsh~1\mediabar\datamngr\DATAMN~1.EXE mRun: [wxpdrv] c:\windows\services32.exe mRun: [tray_ico] mRun: [tray_ico0] c:\windows\update.tray-9-0\svchost.exe mRun: [tray_ico1] c:\windows\update.tray-7-0\svchost.exe mRun: [tray_ico2] mRun: [tray_ico3] mRun: [tray_ico4] mRun: [7252458.exe] "c:\docume~1\bobcat\locals~1\temp\7252458.exe" mRun: [sysdriver32.exe] "c:\windows\sysdriver32.exe" rezerv mRun: [sysdriver32_.exe] "c:\windows\sysdriver32_.exe" rezerv mRun: [8623026.exe] "c:\docume~1\bobcat\locals~1\temp\8623026.exe" mRun: [2495252.exe] "c:\docume~1\bobcat\locals~1\temp\2495252.exe" mRun: [2276791.exe] "c:\windows\temp\2276791.exe" mRun: [1408734.exe] "c:\windows\temp\1408734.exe" mRun: [3073894.exe] "c:\windows\temp\3073894.exe" mRun: [l1rezerv.exe] "c:\windows\l1rezerv.exe" mRun: [systemup] "c:\windows\systemup.exe" stand dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\bobcat\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flexty~1.lnk - c:\windows\datecs\Flex2K.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableSecureUIAPaths = 0 (0x0) IE: &Search - http://tbedits.myfuncards.com/one-toolbaredits/menusearch.jhtml?s=100000426&p=ZUxdm901YYbg&si=xBG&a=9D732B02-71E6-4475-A9C2-300693F4EB70&n=2011021515 IE: Е&кспортирай в Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\bobcat\application data\mozilla\firefox\profiles\w1h98st9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/ FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm901YYbg&ptb=9D732B02-71E6-4475-A9C2-300693F4EB70&psa=&ind=2011021515&ptnrS=ZUxdm901YYbg&si=xBG&st=kwd&n=77ddc0cb&searchfor= FF - component: c:\documents and settings\bobcat\application data\mozilla\firefox\profiles\w1h98st9.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\FFExternalAlert.dll FF - component: c:\documents and settings\bobcat\application data\mozilla\firefox\profiles\w1h98st9.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCore.dll FF - plugin: c:\documents and settings\bobcat\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\ganymede\plugins\makaov2\NPMAKAOV2.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\myfuncardsbar\bar\2.bin\NP79Stub.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: BrotherSoft Extreme Community Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - %profile%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} FF - Ext: MediaBar: {E84D42CA-64EB-11DE-A65F-8C3656D89593} - %profile%\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} FF - Ext: MyFunCards: 79ffxtbr@MyFunCardsbar.com - c:\program files\myfuncardsbar\bar\2.bin . ============= SERVICES / DRIVERS =============== . R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-1-19 277544] R2 srvbtcclient;srvbtcclient;c:\windows\update.5.0\svchost.exe srv --> c:\windows\update.5.0\svchost.exe srv [?] R2 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?] R2 srvsysdriver32;srvsysdriver32;c:\windows\sysdriver32.exe srv --> c:\windows\sysdriver32.exe srv [?] R2 wxpdrivers;wxpdrivers;c:\windows\update.1\svchost.exe srv --> c:\windows\update.1\svchost.exe srv [?] S2 cgafwr;Network Boot;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 gupdate1ca04856b19e0e0;Услуга Google Update (gupdate1ca04856b19e0e0);c:\program files\google\update\GoogleUpdate.exe [2009-7-14 133104] S2 MyFunCardsbarService;MyFunCards Service;c:\progra~1\myfunc~2\bar\2.bin\79barsvc.exe [2011-3-27 36864] S2 ypsrsiaaa;System Support;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 zyvhrrtw;Helper Config;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-14 133104] S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] S3 udwkojqv;udwkojqv;\??\c:\windows\system32\drivers\udwkojqv.sys --> c:\windows\system32\drivers\udwkojqv.sys [?] S3 yehluizc;yehluizc;\??\c:\windows\system32\drivers\yehluizc.sys --> c:\windows\system32\drivers\yehluizc.sys [?] . =============== File Associations =============== . regfile="regedit.exe" "%1" . =============== Created Last 30 ================ . 2011-07-21 10:18:02 -------- d-----w- c:\windows\ufa 2011-07-21 10:18:02 -------- d-----w- c:\windows\rpcminer 2011-07-21 10:18:02 -------- d-----w- c:\windows\phoenix 2011-07-21 10:11:40 114176 ----a-w- c:\windows\systemup.exe 2011-07-21 10:11:39 110592 ----a-w- c:\windows\l1rezerv.exe 2011-07-21 10:11:35 246272 ----a-w- c:\windows\unrar.exe 2011-07-21 10:11:25 -------- d--h--w- c:\windows\update.2 2011-07-21 10:11:20 -------- d--h--w- c:\windows\update.5.0 2011-07-21 10:09:50 232960 ----a-w- c:\windows\sysdriver32_.exe 2011-07-21 10:09:36 232960 ----a-w- c:\windows\sysdriver32.exe 2011-07-20 16:31:25 -------- d-----w- c:\windows\av_ico 2011-07-20 16:30:31 -------- d--h--w- c:\windows\update.1 2011-07-20 16:30:26 -------- d--h--w- c:\windows\update.tray-9-0-lnk 2011-07-20 16:30:26 -------- d--h--w- c:\windows\update.tray-9-0 2011-07-20 16:30:25 -------- d--h--w- c:\windows\update.tray-7-0-lnk 2011-07-20 16:30:25 -------- d--h--w- c:\windows\update.tray-7-0 2011-07-20 16:20:06 1147392 ----a-w- c:\windows\services32.exe 2011-07-06 20:49:30 -------- d-----w- c:\documents and settings\all users\application data\DivX 2011-07-06 19:44:04 -------- d-----w- c:\documents and settings\bobcat\application data\mediabarbs 2011-07-06 19:43:58 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess 2011-07-06 19:04:45 221184 ----a-w- c:\windows\system32\wmpns.dll 2011-06-25 08:45:56 4 ----a-w- c:\windows\system32\proc1794749374.bin 2011-06-25 08:45:56 -------- d-----w- c:\documents and settings\bobcat\application data\GanymedeNet 2011-06-25 08:45:54 685552 ----a-w- c:\program files\mozilla firefox\plugins\NPMAKAOV2.dll 2011-06-25 08:45:52 -------- d-----w- c:\program files\Ganymede . ==================== Find3M ==================== . 2011-06-02 14:02:05 1858944 ------w- c:\windows\system32\win32k.sys 2011-05-02 15:31:52 692736 ------w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 11:07:50 33280 ------w- c:\windows\system32\csrsrv.dll 2011-04-26 11:07:50 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-04-25 14:47:19 81920 ------w- c:\windows\system32\ieencode.dll 2011-04-25 14:47:19 667136 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 14:47:19 61952 ------w- c:\windows\system32\tdc.ocx 2011-04-25 12:56:44 369664 ------w- c:\windows\system32\html.iec 2010-10-29 12:27:40 8402048 ----a-w- c:\program files\Firefox Setup 3.6.12.exe 2009-03-10 17:38:58 7341888 ----a-w- c:\program files\Mozilla Firefox 3.0.4 bg.exe 2009-03-10 17:36:09 1362977 ----a-w- c:\program files\BitLord_1.1.exe . ============= FINISH: 16:54:50,85 =============== attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-05-19.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 07.3.2009 г. 16:58:27 System Uptime: 21.7.2011 г. 14:16:51 (2 hours ago) . Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | G31TM-P21 (MS-7529) Processor: Intel® Pentium® Dual CPU E2200 @ 2.20GHz | CPU1 | 2199/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 39 GiB total, 19,338 GiB free. D: is FIXED (NTFS) - 427 GiB total, 400,767 GiB free. E: is CDROM () G: is CDROM () H: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP470: 21.7.2011 г. 13:12:07 - Контролна точка на системата . ==== Installed Programs ====================== . Артур и месть Урдалака Архиватор WinRAR Фаворит µTorrent Свен Всемогущий Свен. Дьявол хочет стадо Свен. Миссия выполнена Пакет за езиков интерфейс на Windows 3 Days Zoo Mystery 1.00 3D Driving-School Acrobat.com Adobe AIR Adobe Audition 1.5 Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Reader 9.4.1 Adobe Shockwave Player 11.5 Adobe Stock Photos 1.0 Advanced Archive Password Recovery American Adventure ASIO4ALL avast! Antivirus Barbie Explorer BrotherSoft Extreme Toolbar BS.player Bultra 2.0 BurnAware Pro 2.3.2 Retail by minimaL Card Games 2011 Chicken Invaders 2 v2.40 Chicken Invaders 3 Chicken Invaders v1.30 Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20 Collab Conduit Engine Crazy Chicken - Jewel of Darkness Doors Of The Mind 1.00 Dream Aquarium Dream Sleuth 1.00 EasyBits GO Echoes of the Past Royal House of Stone 1.00 EclipseCrossword Facebook Plug-In Favorite-Games 5.16 FL Studio 8 FlexType 2K GameDesire-GameDesire Makao Google Земя Google Chrome Google Update Helper High Definition Audio Driver Package - KB888111 Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB981793) Ice Age 3 Icy Tower v1.2 (44kHz) Icy Tower v1.3.1 IL Download Manager Incomedia WebSite X5 v8 - Smart Jackpot City Online Casino Java Auto Updater Java 6 Update 22 K-Lite Codec Pack 3.6.5 Full Lucky Nugget Casino Mario Forever Microsoft Office XP Professional Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable MOP Mozilla Firefox (3.6.18) MP3 To Ringtone Gold 8.7 MSN MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mummys Gold Casino MyFunCards NVIDIA Drivers oggcodecs 0.71.0946 PoiZone Princess Isabella A Witch's Curse 1.00 ProtectDisc Driver, Version 11 Realtek High Definition Audio Driver SAMSUNG Mobile Modem Driver Set Samsung Mobile phone USB driver Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung PC Studio 3 Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2416400) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2482017) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2497640) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2530548) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544521) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) Skype Toolbars Skype™ 4.2 SMS version 3.0.1.0 Spin Palace Casino Sven Bomwollen The KMPlayer (remove only) The Unblock Facebook Proxy Application (a freeware Facebook Pro TorrentMan Toolbar Toxic Biohazard Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WebFldrs XP Winamp Windows Genuine Advantage Notifications (KB905474) Windows XP Service Pack 3 Xilisoft Video Converter 3 Xilisoft Video Converter Ultimate Zuma Deluxe 1.0 . ==== Event Viewer Messages From Past Week ======== . 21.7.2011 г. 16:52:54, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 16:52:54, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 16:52:54, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 16:50:50, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 16:50:50, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 16:50:50, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 16:48:46, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 16:48:46, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 16:48:46, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 16:46:42, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 16:46:42, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 16:46:42, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 16:44:39, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 16:44:39, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 16:44:39, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 16:42:35, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 16:42:35, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 16:42:35, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 16:40:31, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 16:40:31, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 16:40:31, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 16:38:27, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 16:38:27, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 16:38:27, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 16:36:23, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 16:36:23, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 16:36:23, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 16:34:19, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 16:34:19, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 16:34:19, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 16:32:16, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 16:32:16, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 16:32:16, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 16:30:12, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 16:30:12, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 16:30:12, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 16:28:08, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 16:28:08, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 16:28:08, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 16:26:04, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 16:26:04, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 16:26:04, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 16:24:00, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 16:24:00, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 16:24:00, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 16:21:56, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 16:21:56, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 16:21:56, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 16:19:52, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 16:19:52, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 16:19:52, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 16:17:49, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 16:17:49, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 16:17:49, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 16:12:35, error: Service Control Manager [7034] - The srvbtcclient service terminated unexpectedly. It has done this 1 time(s). 21.7.2011 г. 14:17:32, error: Service Control Manager [7023] - The System Support service terminated with the following error: The specified module could not be found. 21.7.2011 г. 14:17:32, error: Service Control Manager [7023] - The Network Boot service terminated with the following error: The specified module could not be found. 21.7.2011 г. 14:17:32, error: Service Control Manager [7023] - The Helper Config service terminated with the following error: The specified module could not be found. 21.7.2011 г. 14:17:32, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified. 21.7.2011 г. 14:14:43, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 14:14:43, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 14:14:43, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 14:12:39, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 14:12:39, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 14:12:39, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 14:10:35, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 14:10:35, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 14:10:35, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 14:08:31, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 14:08:31, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 14:08:31, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 14:06:27, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 14:06:27, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 14:06:27, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 14:04:23, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 14:04:23, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 14:04:23, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 14:02:20, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 14:02:20, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 14:02:20, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 14:00:16, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 14:00:16, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 14:00:16, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 13:58:12, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 13:58:12, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 13:58:12, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 13:56:08, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 13:56:08, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 13:56:08, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 13:54:04, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 13:54:04, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 13:54:04, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 13:52:00, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 13:52:00, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 13:52:00, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 13:49:56, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 13:49:56, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 13:49:56, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 13:47:52, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 13:47:52, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 13:47:52, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 13:45:49, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 13:45:49, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 13:45:49, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 13:43:45, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 13:43:45, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 13:43:45, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 13:41:41, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 13:41:41, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 13:41:41, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 13:39:37, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 13:39:37, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 13:39:37, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 13:37:33, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 13:37:33, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 13:37:33, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 13:35:29, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 13:35:29, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 13:35:29, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 13:33:25, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 13:33:25, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 13:33:25, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 13:31:21, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 13:31:21, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 13:31:21, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 13:29:17, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 13:29:17, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 13:29:17, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 13:27:14, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 21.7.2011 г. 13:27:14, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\phoenix\phoenix.exe. Reference error message: The operation completed successfully. . 21.7.2011 г. 13:27:14, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 21.7.2011 г. 13:09:43, error: Service Control Manager [7034] - The srvsysdriver32 service terminated unexpectedly. It has done this 1 time(s). 21.7.2011 г. 13:08:06, error: Service Control Manager [7023] - The System Support service terminated with the following error: The specified module could not be found. 21.7.2011 г. 13:08:06, error: Service Control Manager [7023] - The Network Boot service terminated with the following error: The specified module could not be found. 21.7.2011 г. 13:08:06, error: Service Control Manager [7023] - The Helper Config service terminated with the following error: The specified module could not be found. 21.7.2011 г. 13:08:06, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified. 21.7.2011 г. 13:07:48, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 4061865DA5D7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 21.7.2011 г. 13:07:15, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 21.7.2011 г. 13:07:09, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 20.7.2011 г. 19:31:38, error: Service Control Manager [7023] - The System Support service terminated with the following error: The specified module could not be found. 20.7.2011 г. 19:31:38, error: Service Control Manager [7023] - The Network Boot service terminated with the following error: The specified module could not be found. 20.7.2011 г. 19:31:38, error: Service Control Manager [7023] - The Helper Config service terminated with the following error: The specified module could not be found. 20.7.2011 г. 19:31:38, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified. 20.7.2011 г. 19:30:47, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 20.7.2011 г. 19:30:39, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 20.7.2011 г. 17:31:44, error: Service Control Manager [7023] - The System Support service terminated with the following error: The specified module could not be found. 20.7.2011 г. 17:31:44, error: Service Control Manager [7023] - The Network Boot service terminated with the following error: The specified module could not be found. 20.7.2011 г. 17:31:44, error: Service Control Manager [7023] - The Helper Config service terminated with the following error: The specified module could not be found. 20.7.2011 г. 17:31:44, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified. 20.7.2011 г. 17:31:26, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 4061865DA5D7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 20.7.2011 г. 13:09:53, error: Service Control Manager [7023] - The System Support service terminated with the following error: The specified module could not be found. 20.7.2011 г. 13:09:53, error: Service Control Manager [7023] - The Network Boot service terminated with the following error: The specified module could not be found. 20.7.2011 г. 13:09:53, error: Service Control Manager [7023] - The Helper Config service terminated with the following error: The specified module could not be found. 20.7.2011 г. 13:09:53, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified. 20.7.2011 г. 13:09:29, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 4061865DA5D7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 19.7.2011 г. 13:48:58, error: Service Control Manager [7023] - The System Support service terminated with the following error: The specified module could not be found. 19.7.2011 г. 13:48:58, error: Service Control Manager [7023] - The Network Boot service terminated with the following error: The specified module could not be found. 19.7.2011 г. 13:48:58, error: Service Control Manager [7023] - The Helper Config service terminated with the following error: The specified module could not be found. 19.7.2011 г. 13:48:58, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified. 19.7.2011 г. 11:19:33, error: Service Control Manager [7023] - The System Support service terminated with the following error: The specified module could not be found. 19.7.2011 г. 11:19:33, error: Service Control Manager [7023] - The Network Boot service terminated with the following error: The specified module could not be found. 19.7.2011 г. 11:19:33, error: Service Control Manager [7023] - The Helper Config service terminated with the following error: The specified module could not be found. 19.7.2011 г. 11:19:33, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified. 19.7.2011 г. 11:19:14, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 4061865DA5D7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 18.7.2011 г. 12:05:44, error: Service Control Manager [7023] - The System Support service terminated with the following error: The specified module could not be found. 18.7.2011 г. 12:05:44, error: Service Control Manager [7023] - The Network Boot service terminated with the following error: The specified module could not be found. 18.7.2011 г. 12:05:44, error: Service Control Manager [7023] - The Helper Config service terminated with the following error: The specified module could not be found. 18.7.2011 г. 12:05:44, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified. 18.7.2011 г. 12:05:25, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 4061865DA5D7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 17.7.2011 г. 17:50:16, error: Service Control Manager [7023] - The System Support service terminated with the following error: The specified module could not be found. 17.7.2011 г. 17:50:16, error: Service Control Manager [7023] - The Network Boot service terminated with the following error: The specified module could not be found. 17.7.2011 г. 17:50:16, error: Service Control Manager [7023] - The Helper Config service terminated with the following error: The specified module could not be found. 17.7.2011 г. 17:50:16, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified. 17.7.2011 г. 17:49:57, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 4061865DA5D7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 17.7.2011 г. 11:46:28, error: Service Control Manager [7023] - The System Support service terminated with the following error: The specified module could not be found. 17.7.2011 г. 11:46:28, error: Service Control Manager [7023] - The Network Boot service terminated with the following error: The specified module could not be found. 17.7.2011 г. 11:46:28, error: Service Control Manager [7023] - The Helper Config service terminated with the following error: The specified module could not be found. 17.7.2011 г. 11:46:28, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified. 17.7.2011 г. 11:46:10, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 4061865DA5D7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 16.7.2011 г. 16:12:12, error: System Error [1003] - Error code 10000050, parameter1 f78a3044, parameter2 00000000, parameter3 b6ea14df, parameter4 00000000. 16.7.2011 г. 16:11:55, error: Service Control Manager [7023] - The System Support service terminated with the following error: The specified module could not be found. 16.7.2011 г. 16:11:55, error: Service Control Manager [7023] - The Network Boot service terminated with the following error: The specified module could not be found. 16.7.2011 г. 16:11:55, error: Service Control Manager [7023] - The Helper Config service terminated with the following error: The specified module could not be found. 16.7.2011 г. 16:11:55, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified. 16.7.2011 г. 09:05:29, error: Service Control Manager [7023] - The System Support service terminated with the following error: The specified module could not be found. 16.7.2011 г. 09:05:29, error: Service Control Manager [7023] - The Network Boot service terminated with the following error: The specified module could not be found. 16.7.2011 г. 09:05:29, error: Service Control Manager [7023] - The Helper Config service terminated with the following error: The specified module could not be found. 16.7.2011 г. 09:05:29, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified. 16.7.2011 г. 09:05:11, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 4061865DA5D7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 15.7.2011 г. 13:27:14, error: Service Control Manager [7023] - The System Support service terminated with the following error: The specified module could not be found. 15.7.2011 г. 13:27:14, error: Service Control Manager [7023] - The Network Boot service terminated with the following error: The specified module could not be found. 15.7.2011 г. 13:27:14, error: Service Control Manager [7023] - The Helper Config service terminated with the following error: The specified module could not be found. 15.7.2011 г. 13:27:14, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified. 15.7.2011 г. 13:24:53, error: Service Control Manager [7023] - The System Support service terminated with the following error: The specified module could not be found. 15.7.2011 г. 13:24:53, error: Service Control Manager [7023] - The Network Boot service terminated with the following error: The specified module could not be found. 15.7.2011 г. 13:24:53, error: Service Control Manager [7023] - The Helper Config service terminated with the following error: The specified module could not be found. 15.7.2011 г. 13:24:53, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified. 15.7.2011 г. 12:31:29, error: Service Control Manager [7023] - The System Support service terminated with the following error: The specified module could not be found. 15.7.2011 г. 12:31:29, error: Service Control Manager [7023] - The Network Boot service terminated with the following error: The specified module could not be found. 15.7.2011 г. 12:31:29, error: Service Control Manager [7023] - The Helper Config service terminated with the following error: The specified module could not be found. 15.7.2011 г. 12:31:29, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified. 15.7.2011 г. 12:26:05, error: Service Control Manager [7023] - The System Support service terminated with the following error: The specified module could not be found. 15.7.2011 г. 12:26:05, error: Service Control Manager [7023] - The Network Boot service terminated with the following error: The specified module could not be found. 15.7.2011 г. 12:26:05, error: Service Control Manager [7023] - The Helper Config service terminated with the following error: The specified module could not be found. 15.7.2011 г. 12:26:05, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified. 15.7.2011 г. 12:25:47, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 4061865DA5D7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 14.7.2011 г. 12:29:18, error: Service Control Manager [7023] - The System Support service terminated with the following error: The specified module could not be found. 14.7.2011 г. 12:29:18, error: Service Control Manager [7023] - The Network Boot service terminated with the following error: The specified module could not be found. 14.7.2011 г. 12:29:18, error: Service Control Manager [7023] - The Helper Config service terminated with the following error: The specified module could not be found. 14.7.2011 г. 12:29:18, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified. 14.7.2011 г. 11:57:36, error: Service Control Manager [7023] - The System Support service terminated with the following error: The specified module could not be found. 14.7.2011 г. 11:57:36, error: Service Control Manager [7023] - The Network Boot service terminated with the following error: The specified module could not be found. 14.7.2011 г. 11:57:36, error: Service Control Manager [7023] - The Helper Config service terminated with the following error: The specified module could not be found. 14.7.2011 г. 11:57:36, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified. . ==== End Of File ===========================

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте...!Системата ви е сериозно заразена за целта..:

    Изтеглете ComboFix от тук или тук и го запазете на десктопа си.

    • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

    Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

    • Стартирайте Combo-Fix.com и следвайте инструкциите.

    Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

    • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

    • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

    ** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

    Публикувано изображение

    След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

    Публикувано изображение

    Изберете Yes, за да продължи сканирането за зловреден софтуер.

    Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

    Бележка:

    • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
    • ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
    • ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
    • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
    • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

    Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

    Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Иконата на аваст програмата ми вече е оранжева и наподобява петно а иначе немога да я изключа когато натисна десния бутон на мишката нестава нищо

    Редактирано от mimss9 (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    съжалявам нестава нищо като натискам копчето на мишката


    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Добре продължете със следващата точка от инструкцията....Комбофикс може да се опита да спре антивирусната ви...съгласете се ако програмата ви попита...!!!:cool:

    съжалявам нестава нищо като натискам копчето на мишката

    Натиска се десния бутон върху иконата ...нали така го правите...?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Добре продължете със следващата точка от инструкцията..!:cool:

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    log ComboFix 11-07-21.02 - BOBCAT 07.2011 г. 18:44:01.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.3071.2509 [GMT 3:00] Running from: c:\documents and settings\BOBCAT\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 110720-0] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MYWEBSEARCHSERVICE -------\Legacy_SRVIECHECK -------\Legacy_SRVSYSDRIVER32 -------\Legacy_WXPDRIVERS -------\Service_srviecheck -------\Service_srvsysdriver32 -------\Service_wxpdrivers . . ((((((((((((((((((((((((( Files Created from 2011-06-21 to 2011-07-21 ))))))))))))))))))))))))))))))) . . 2011-07-21 10:18 . 2011-07-21 10:18 -------- d-----w- c:\windows\ufa 2011-07-21 10:18 . 2011-07-21 10:18 -------- d-----w- c:\windows\rpcminer 2011-07-21 10:18 . 2011-07-21 10:18 -------- d-----w- c:\windows\phoenix 2011-07-21 10:11 . 2011-07-21 10:18 246272 ----a-w- c:\windows\unrar.exe 2011-07-20 16:31 . 2011-07-20 16:31 -------- d-----w- c:\windows\av_ico 2011-07-20 16:30 . 2011-07-21 15:37 -------- d--h--w- c:\windows\update.tray-9-0 2011-07-20 16:30 . 2011-07-20 16:30 -------- d--h--w- c:\windows\update.tray-9-0-lnk 2011-07-20 16:30 . 2011-07-21 15:37 -------- d--h--w- c:\windows\update.tray-7-0 2011-07-20 16:30 . 2011-07-20 16:30 -------- d--h--w- c:\windows\update.tray-7-0-lnk 2011-07-06 20:50 . 2011-07-07 10:16 -------- d-----w- c:\documents and settings\BOBCAT\Application Data\DivX 2011-07-06 20:49 . 2011-07-09 10:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2011-07-06 19:44 . 2011-07-06 19:44 -------- d-----w- c:\documents and settings\BOBCAT\Application Data\mediabarbs 2011-07-06 19:43 . 2011-07-06 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess 2011-07-06 19:04 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll 2011-06-25 08:45 . 2011-06-25 08:45 4 ----a-w- c:\windows\system32\proc1794749374.bin 2011-06-25 08:45 . 2011-06-25 08:45 -------- d-----w- c:\documents and settings\BOBCAT\Application Data\GanymedeNet 2011-06-25 08:45 . 2011-04-21 09:50 685552 ----a-w- c:\program files\Mozilla Firefox\plugins\NPMAKAOV2.dll 2011-06-25 08:45 . 2011-06-25 08:45 -------- d-----w- c:\program files\Ganymede . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-02 14:02 . 2004-08-04 12:00 1858944 ------w- c:\windows\system32\win32k.sys 2011-05-02 15:31 . 2009-03-07 14:55 692736 ------w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 11:07 . 2004-08-04 12:00 33280 ------w- c:\windows\system32\csrsrv.dll 2011-04-26 11:07 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-04-25 14:47 . 2004-08-04 12:00 81920 ------w- c:\windows\system32\ieencode.dll 2011-04-25 14:47 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 14:47 . 2004-08-04 12:00 61952 ------w- c:\windows\system32\tdc.ocx 2011-04-25 12:56 . 2004-08-04 12:00 369664 ------w- c:\windows\system32\html.iec 2010-10-29 12:27 . 2010-10-29 12:27 8402048 ----a-w- c:\program files\Firefox Setup 3.6.12.exe 2009-03-10 17:38 . 2009-03-10 17:36 7341888 ----a-w- c:\program files\Mozilla Firefox 3.0.4 bg.exe 2009-03-10 17:36 . 2009-03-10 17:35 1362977 ----a-w- c:\program files\BitLord_1.1.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-16 167368] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-17 68856] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-26 13574144] "nwiz"="nwiz.exe" [2008-06-26 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 86016] "RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "MyFunCards"="c:\progra~1\MYFUNC~2\bar\2.bin\79bar.dll" [2011-03-27 702464] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\BOBCAT\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2009-3-7 151552] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\WINDOWS\\update.tray-7-0-lnk\\svchost.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2706:TCP"= 2706:TCP:Inhatch P2P Streaming "2707:TCP"= 2707:TCP:Inhatch P2P Streaming "2708:TCP"= 2708:TCP:Inhatch P2P Streaming "2709:TCP"= 2709:TCP:Inhatch P2P Streaming . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07.3.2009 г. 18:05 685816] R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [19.1.2009 г. 21:31 277544] S2 cgafwr;Network Boot;c:\windows\system32\svchost.exe -k netsvcs [04.8.2004 г. 15:00 14336] S2 gupdate1ca04856b19e0e0;Услуга Google Update (gupdate1ca04856b19e0e0);c:\program files\Google\Update\GoogleUpdate.exe [14.7.2009 г. 16:17 133104] S2 MyFunCardsbarService;MyFunCards Service;c:\progra~1\MYFUNC~2\bar\2.bin\79barsvc.exe [27.3.2011 г. 13:02 36864] S2 ypsrsiaaa;System Support;c:\windows\system32\svchost.exe -k netsvcs [04.8.2004 г. 15:00 14336] S2 zyvhrrtw;Helper Config;c:\windows\system32\svchost.exe -k netsvcs [04.8.2004 г. 15:00 14336] S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14.7.2009 г. 16:17 133104] S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] S3 udwkojqv;udwkojqv;\??\c:\windows\System32\Drivers\udwkojqv.sys --> c:\windows\System32\Drivers\udwkojqv.sys [?] S3 yehluizc;yehluizc;\??\c:\windows\System32\Drivers\yehluizc.sys --> c:\windows\System32\Drivers\yehluizc.sys [?] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs cgafwr zyvhrrtw ypsrsiaaa . Contents of the 'Scheduled Tasks' folder . 2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-14 13:16] . 2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-14 13:16] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.bearshare.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: Е&кспортирай в Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\BOBCAT\Application Data\Mozilla\Firefox\Profiles\w1h98st9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/ FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm901YYbg&ptb=9D732B02-71E6-4475-A9C2-300693F4EB70&psa=&ind=2011021515&ptnrS=ZUxdm901YYbg&si=xBG&st=kwd&n=77ddc0cb&searchfor= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: BrotherSoft Extreme Community Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - %profile%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} FF - Ext: MediaBar: {E84D42CA-64EB-11DE-A65F-8C3656D89593} - %profile%\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} FF - Ext: MyFunCards: 79ffxtbr@MyFunCardsbar.com - c:\program files\MyFunCardsbar\bar\2.bin . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file) URLSearchHooks-{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file) BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll Toolbar-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file) Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file) Toolbar-{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file) Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll Toolbar-10 - (no file) WebBrowser-{7C5C0F58-E061-457D-9033-77307F5ED00C} - (no file) WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - (no file) HKLM-Run-wxpdrv - c:\windows\services32.exe HKLM-Run-tray_ico - (no file) HKLM-Run-tray_ico0 - c:\windows\update.tray-9-0\svchost.exe HKLM-Run-tray_ico1 - c:\windows\update.tray-7-0\svchost.exe HKLM-Run-tray_ico2 - (no file) HKLM-Run-tray_ico3 - (no file) HKLM-Run-tray_ico4 - (no file) HKLM-Run-sysdriver32.exe - c:\windows\sysdriver32.exe HKLM-Run-sysdriver32_.exe - c:\windows\sysdriver32_.exe HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe HKLM-Run-systemup - c:\windows\systemup.exe AddRemove-3D Driving-School - d:\igri\3D Driving School + Update and Crack\3D Driving-School\uninstall.exe AddRemove-ASIO4ALL - d:\fl.studio.8.0.0.xxl.producer.edition\ASIO4ALL v2\uninstall.exe AddRemove-avast! - c:\program files\Alwil Software\Avast4\aswRunDll.exe AddRemove-Bultra 2.0 - D:\SXUNINST.EXE AddRemove-Chicken Invaders 2_is1 - d:\igri\Chicken Invaders Collection\Chicken Invaders 2\unins000.exe AddRemove-Chicken Invaders 3_is1 - d:\igri\ChickenInvadersROTYXmas\Chicken Invaders 3\ReflexiveArcade\unins000.exe AddRemove-Chicken Invaders: Revenge of the Yolk (Christmas Edition)_is1 - d:\igri\ChickenInvadersROTYXmas\ChickenInvadersROTYXmas\unins000.exe AddRemove-Chicken Invaders_is1 - d:\igri\Chicken Invaders\Chicken Invaders\unins000.exe AddRemove-Doors Of The Mind 1.00 - d:\igri\Doors Of The Mind - BG\Doors Of The Mind\Uninstall.exe AddRemove-Echoes of the Past Royal House of Stone 1.00 - d:\igri\Echoes of the Past Royal House of Stone\Echoes of the Past Royal House of Stone\Uninstall.exe AddRemove-Favorite-Games_is1 - d:\igri\Favorite-Games\unins000.exe AddRemove-FL Studio 8 - d:\fl.studio.8.0.0.xxl.producer.edition\uninstall.exe AddRemove-Ice Age 3_is1 - c:\program files\Ice Age 3\unins000.exe AddRemove-Icy Tower_is1 - d:\igri\icytower1.2\unins000.exe AddRemove-Mario Forever - d:\igri\Super Mario\Odinstaluj.exe AddRemove-oggcodecs - d:\muzika\na mimety\oggcodecs\uninst.exe AddRemove-Princess Isabella A Witch's Curse 1.00 - d:\igri\BigFish - Princess Isabella A Witch's Curse\Princess Isabella A Witch's Curse\Uninstall.exe AddRemove-SMS_is1 - d:\ \Sms\sms\sms\unins000.exe AddRemove-Sven Bomwollen - d:\igri\SVENBO~1\SVENBO~1\UNWISE.EXE AddRemove-The Unblock Facebook Proxy Application_is1 - d:\ufpa\unins000.exe AddRemove-Xilisoft Video Converter Ultimate - d:\filmi\na mimety\Xilisoft Video Converter Ultimate 5.1.23.0402\Video Converter Ultimate\Uninstall.exe AddRemove-Zuma Deluxe 1.0 - d:\igri\ZUMA DELUXE\ZUMA DELUXE\Zuma Deluxe\PopUninstall.exe AddRemove-{1B8A7337-8449-4ACB-B0C7-FC5A796B0ABB}_is1 - d:\igri\Artur_rus\Arthur and the Revenge of Maltazard\Uninstall\unins000.exe AddRemove-Артур и месть Урдалака_is1 - d:\igri\Artur_rus\Arthur and the Revenge of Maltazard\Uninstall\unins000.exe AddRemove-Свен Всемогущий_is1 - d:\igri\SVENUS\SVEN\Свен Всемогущий\unins000.exe AddRemove-Свен. Дьявол хочет стадо_is1 - d:\igri\SVENUS\SVEN\Свен. Дьявол хочет стадо\unins000.exe AddRemove-Свен. Миссия выполнена_is1 - d:\igri\SVENUS\SVEN\Sven Kommt\Свен. Миссия выполнена\unins000.exe AddRemove-Фаворит - d:\igri\favorit\Фаворит\Uninstall.exe AddRemove-Advanced Archive Password Recovery - d:\материали от помагало\archpr\Advanced Archive Password Recovery\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-21 18:50 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3400) c:\windows\system32\newdll.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE c:\program files\BurnAware Pro Retail by minimaL\nmsaccessu.exe c:\windows\system32\nvsvc32.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2011-07-21 18:52:08 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-21 15:52 . Pre-Run: 21 722 484 736 bytes free Post-Run: 21 783 109 632 bytes free . - - End Of File - - 21FCB36237D318C7D58F6D2FF7BDD330

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

    http://www.kaldata.com/forums/index.php?showtopic=181393&pid=2034054&st=0&#entry2034054
    
    KILLALL::
    
    Collect::
    c:\windows\System32\Drivers\yehluizc.sys
    c:\windows\System32\Drivers\udwkojqv.sys
    
    Driver::
    cgafwr
    zyvhrrtw
    ypsrsiaaa
    yehluizc
    udwkojqv
    
    NetSvc::
    cgafwr
    zyvhrrtw
    ypsrsiaaa
    
    Reboot::
    
    

    След съхранението преместете CFScript.txt на иконата на ComboFix.exe

    Публикувано изображение

    Генерирания рапорт прикачете в следващия си пост..!

    Публикувано изображение След изпълнението на скрипта направете следното - понеже виждам остатъци от McAfee...задължително ги премахнете с този инструмент MCPR.exe ....Но това след като изпълните скрипта и постнете резултата...!

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Извинявам се за намесата, но реших да помогна и създадох страница в facebook за да предупредим хората http://www.facebook.com/pages/%D0%98%D0%BC%D0%B0-%D1%85%D0%B0%D0%BA%D0%B5%D1%80%D0%B8-%D0%B2-%D0%A4%D0%B5%D0%B9%D1%81%D0%B1%D1%83%D0%BA/115322061896427 покани и твоите приятели :rolleyes:

    • Харесва ми 3

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Сложих текстовия файл в/у иконата на Комбофикс и пак започна да сканира а текстовата икона изчезна ..така ли трябва да се стане или ещо съм объркала? Накрая пак ми се появи лог документ ComboFix 11-07-21.04 - BOBCAT 07.2011 г. 11:07:01.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.3071.2490 [GMT 3:00] Running from: c:\documents and settings\BOBCAT\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\BOBCAT\Desktop\CFScript.txt AV: avast! antivirus 4.8.1368 [VPS 110720-0] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_CGAFWR -------\Legacy_YPSRSIAAA -------\Legacy_ZYVHRRTW -------\Service_cgafwr -------\Service_udwkojqv -------\Service_yehluizc -------\Service_ypsrsiaaa -------\Service_zyvhrrtw . . ((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 ))))))))))))))))))))))))))))))) . . 2011-07-21 10:18 . 2011-07-21 10:18 -------- d-----w- c:\windows\ufa 2011-07-21 10:18 . 2011-07-21 10:18 -------- d-----w- c:\windows\rpcminer 2011-07-21 10:18 . 2011-07-21 10:18 -------- d-----w- c:\windows\phoenix 2011-07-21 10:11 . 2011-07-21 10:18 246272 ----a-w- c:\windows\unrar.exe 2011-07-20 16:31 . 2011-07-20 16:31 -------- d-----w- c:\windows\av_ico 2011-07-20 16:30 . 2011-07-21 15:37 -------- d--h--w- c:\windows\update.tray-9-0 2011-07-20 16:30 . 2011-07-20 16:30 -------- d--h--w- c:\windows\update.tray-9-0-lnk 2011-07-20 16:30 . 2011-07-21 15:37 -------- d--h--w- c:\windows\update.tray-7-0 2011-07-20 16:30 . 2011-07-20 16:30 -------- d--h--w- c:\windows\update.tray-7-0-lnk 2011-07-06 20:50 . 2011-07-07 10:16 -------- d-----w- c:\documents and settings\BOBCAT\Application Data\DivX 2011-07-06 20:49 . 2011-07-09 10:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2011-07-06 19:44 . 2011-07-06 19:44 -------- d-----w- c:\documents and settings\BOBCAT\Application Data\mediabarbs 2011-07-06 19:43 . 2011-07-06 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess 2011-07-06 19:04 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll 2011-06-25 08:45 . 2011-06-25 08:45 4 ----a-w- c:\windows\system32\proc1794749374.bin 2011-06-25 08:45 . 2011-06-25 08:45 -------- d-----w- c:\documents and settings\BOBCAT\Application Data\GanymedeNet 2011-06-25 08:45 . 2011-04-21 09:50 685552 ----a-w- c:\program files\Mozilla Firefox\plugins\NPMAKAOV2.dll 2011-06-25 08:45 . 2011-06-25 08:45 -------- d-----w- c:\program files\Ganymede . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-02 14:02 . 2004-08-04 12:00 1858944 ------w- c:\windows\system32\win32k.sys 2011-05-02 15:31 . 2009-03-07 14:55 692736 ------w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 11:07 . 2004-08-04 12:00 33280 ------w- c:\windows\system32\csrsrv.dll 2011-04-26 11:07 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-04-25 14:47 . 2004-08-04 12:00 81920 ------w- c:\windows\system32\ieencode.dll 2011-04-25 14:47 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 14:47 . 2004-08-04 12:00 61952 ------w- c:\windows\system32\tdc.ocx 2011-04-25 12:56 . 2004-08-04 12:00 369664 ------w- c:\windows\system32\html.iec 2010-10-29 12:27 . 2010-10-29 12:27 8402048 ----a-w- c:\program files\Firefox Setup 3.6.12.exe 2009-03-10 17:38 . 2009-03-10 17:36 7341888 ----a-w- c:\program files\Mozilla Firefox 3.0.4 bg.exe 2009-03-10 17:36 . 2009-03-10 17:35 1362977 ----a-w- c:\program files\BitLord_1.1.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-16 167368] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-17 68856] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-26 13574144] "nwiz"="nwiz.exe" [2008-06-26 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 86016] "RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "MyFunCards"="c:\progra~1\MYFUNC~2\bar\2.bin\79bar.dll" [2011-03-27 702464] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\BOBCAT\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2009-3-7 151552] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\WINDOWS\\update.tray-7-0-lnk\\svchost.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2706:TCP"= 2706:TCP:Inhatch P2P Streaming "2707:TCP"= 2707:TCP:Inhatch P2P Streaming "2708:TCP"= 2708:TCP:Inhatch P2P Streaming "2709:TCP"= 2709:TCP:Inhatch P2P Streaming . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07.3.2009 г. 18:05 685816] R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [19.1.2009 г. 21:31 277544] S2 gupdate1ca04856b19e0e0;Услуга Google Update (gupdate1ca04856b19e0e0);c:\program files\Google\Update\GoogleUpdate.exe [14.7.2009 г. 16:17 133104] S2 MyFunCardsbarService;MyFunCards Service;c:\progra~1\MYFUNC~2\bar\2.bin\79barsvc.exe [27.3.2011 г. 13:02 36864] S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14.7.2009 г. 16:17 133104] S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] . Contents of the 'Scheduled Tasks' folder . 2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-14 13:16] . 2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-14 13:16] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.bearshare.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: Е&кспортирай в Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\BOBCAT\Application Data\Mozilla\Firefox\Profiles\w1h98st9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/ FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm901YYbg&ptb=9D732B02-71E6-4475-A9C2-300693F4EB70&psa=&ind=2011021515&ptnrS=ZUxdm901YYbg&si=xBG&st=kwd&n=77ddc0cb&searchfor= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: BrotherSoft Extreme Community Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - %profile%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} FF - Ext: MediaBar: {E84D42CA-64EB-11DE-A65F-8C3656D89593} - %profile%\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} FF - Ext: MyFunCards: 79ffxtbr@MyFunCardsbar.com - c:\program files\MyFunCardsbar\bar\2.bin . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-22 11:12 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3684) c:\windows\system32\newdll.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE c:\program files\BurnAware Pro Retail by minimaL\nmsaccessu.exe c:\windows\system32\nvsvc32.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2011-07-22 11:14:21 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-22 08:14 ComboFix2.txt 2011-07-21 15:52 . Pre-Run: 21 741 961 216 bytes free Post-Run: 21 723 308 032 bytes free . - - End Of File - - E48587CD5F8656EFAAA438D2C1AADEA2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Да..добре сте се справили..!:baby:Сега как е положението с компютъра ви....достъпа ви до Фейсбук и антивирусната ви програма оправиха ли се...?:blink:

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Във фейсбук мога да влизам още от вчера но антивирусната не се е оправила пак е оранжева икона и като натисна в/у иконата ми показва едно червено поле в долния десен ъгъл на монитора Туко що достъпа ми до фейсбук отново спря

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

    KILLALL::
    
    Folder::
    c:\windows\ufa
    c:\windows\rpcminer
    c:\windows\phoenix
    c:\windows\av_ico
    c:\windows\update.tray-9-0
    c:\windows\update.tray-9-0-lnk
    c:\windows\update.tray-7-0
    c:\windows\update.tray-7-0-lnk
    
    Reboot::
    
    
    

    След съхранението преместете CFScript.txt на иконата на ComboFix.exe

    Публикувано изображение

    Генерирания рапорт прикачете в следващия си пост..!

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    IE: Е&кспортирай в Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\BOBCAT\Application Data\Mozilla\Firefox\Profiles\w1h98st9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/ FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm901YYbg&ptb=9D732B02-71E6-4475-A9C2-300693F4EB70&psa=&ind=2011021515&ptnrS=ZUxdm901YYbg&si=xBG&st=kwd&n=77ddc0cb&searchfor= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: BrotherSoft Extreme Community Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - %profile%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} FF - Ext: MediaBar: {E84D42CA-64EB-11DE-A65F-8C3656D89593} - %profile%\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} FF - Ext: MyFunCards: 79ffxtbr@MyFunCardsbar.com - c:\program files\MyFunCardsbar\bar\2.bin . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-22 12:05 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3628) c:\windows\system32\newdll.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE c:\program files\BurnAware Pro Retail by minimaL\nmsaccessu.exe c:\windows\system32\nvsvc32.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2011-07-22 12:07:05 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-22 09:07 ComboFix2.txt 2011-07-22 08:14 ComboFix3.txt 2011-07-21 15:52 . Pre-Run: 21 791 121 408 bytes free Post-Run: 21 793 861 632 bytes free . - - End Of File - - FBF401E67F2E7C0D82A2B9EBD11782CF

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Проблем ли има ..постнали сте само малка част от генерирания лог...?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ComboFix 11-07-21.04 - BOBCAT 07.2011 г. 11:59:19.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.3071.2499 [GMT 3:00] Running from: c:\documents and settings\BOBCAT\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\BOBCAT\Desktop\CFScript.txt AV: avast! antivirus 4.8.1368 [VPS 110720-0] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\BOBCAT\LOCALS~1\Temp\3695549.exe c:\windows\av_ico c:\windows\av_ico\ico_avast_desktop.ico c:\windows\av_ico\ico_avast_start.ico c:\windows\av_ico\ico_mcafee_start.ico c:\windows\btc_client_iplist.txt c:\windows\ddh_iplist.txt c:\windows\front_ip_list.txt c:\windows\iecheck_iplist.txt c:\windows\info1 c:\windows\iplist.txt c:\windows\l1rezerv.exe c:\windows\loader2.exe_ok c:\windows\phoenix c:\windows\phoenix\kernels\phatk\__init__.py c:\windows\phoenix\kernels\phatk\BFIPatcher.py c:\windows\phoenix\kernels\phatk\kernel.cl c:\windows\phoenix\kernels\poclbm\__init__.py c:\windows\phoenix\kernels\poclbm\BFIPatcher.py c:\windows\phoenix\kernels\poclbm\kernel.cl c:\windows\phoenix\phoenix.exe c:\windows\proc_list1.log c:\windows\rpcminer c:\windows\rpcminer\bitcoinminercuda_10.cubin c:\windows\rpcminer\bitcoinminercuda_11.cubin c:\windows\rpcminer\bitcoinminercuda_20.cubin c:\windows\rpcminer\bitcoinmineropencl.cl c:\windows\rpcminer\cudart32_32_16.dll c:\windows\rpcminer\curllib.dll c:\windows\rpcminer\libeay32.dll c:\windows\rpcminer\libsasl.dll c:\windows\rpcminer\openldap.dll c:\windows\rpcminer\rpcminer-4way.exe c:\windows\rpcminer\rpcminer-cpu.exe c:\windows\rpcminer\rpcminer-cuda.exe c:\windows\rpcminer\rpcminer-opencl.exe c:\windows\rpcminer\ssleay32.dll c:\windows\sysdriver32.exe c:\windows\sysdriver32_.exe c:\windows\system32\drivers\etc\HSTS~1 c:\windows\system32\drivers\etc\hоsts c:\windows\systemup.exe c:\windows\TEMP\22690770-loader2.exe c:\windows\TEMP\7367730.exe c:\windows\ufa c:\windows\ufa\ufa.exe c:\windows\update.2 c:\windows\update.2\svchost.exe c:\windows\update.5.0 c:\windows\update.5.0\svchost.exe c:\windows\update.tray-7-0-lnk c:\windows\update.tray-7-0-lnk\svchost.exe c:\windows\update.tray-7-0 c:\windows\update.tray-9-0-lnk c:\windows\update.tray-9-0-lnk\svchost.exe c:\windows\update.tray-9-0 c:\windows\winsetupapi.log . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SRVIECHECK -------\Legacy_SRVSYSDRIVER32 -------\Service_srviecheck -------\Service_srvsysdriver32 -------\Legacy_srvbtcclient -------\Legacy_srvbtcclient -------\Service_srvbtcclient -------\Service_srvbtcclient . . ((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 ))))))))))))))))))))))))))))))) . . 2011-07-21 10:11 . 2011-07-21 10:18 246272 ----a-w- c:\windows\unrar.exe 2011-07-06 20:50 . 2011-07-07 10:16 -------- d-----w- c:\documents and settings\BOBCAT\Application Data\DivX 2011-07-06 20:49 . 2011-07-09 10:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2011-07-06 19:44 . 2011-07-06 19:44 -------- d-----w- c:\documents and settings\BOBCAT\Application Data\mediabarbs 2011-07-06 19:43 . 2011-07-06 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess 2011-07-06 19:04 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll 2011-06-25 08:45 . 2011-06-25 08:45 4 ----a-w- c:\windows\system32\proc1794749374.bin 2011-06-25 08:45 . 2011-06-25 08:45 -------- d-----w- c:\documents and settings\BOBCAT\Application Data\GanymedeNet 2011-06-25 08:45 . 2011-04-21 09:50 685552 ----a-w- c:\program files\Mozilla Firefox\plugins\NPMAKAOV2.dll 2011-06-25 08:45 . 2011-06-25 08:45 -------- d-----w- c:\program files\Ganymede . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-02 14:02 . 2004-08-04 12:00 1858944 ------w- c:\windows\system32\win32k.sys 2011-05-02 15:31 . 2009-03-07 14:55 692736 ------w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 11:07 . 2004-08-04 12:00 33280 ------w- c:\windows\system32\csrsrv.dll 2011-04-26 11:07 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-04-25 14:47 . 2004-08-04 12:00 81920 ------w- c:\windows\system32\ieencode.dll 2011-04-25 14:47 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 14:47 . 2004-08-04 12:00 61952 ------w- c:\windows\system32\tdc.ocx 2011-04-25 12:56 . 2004-08-04 12:00 369664 ------w- c:\windows\system32\html.iec 2010-10-29 12:27 . 2010-10-29 12:27 8402048 ----a-w- c:\program files\Firefox Setup 3.6.12.exe 2009-03-10 17:38 . 2009-03-10 17:36 7341888 ----a-w- c:\program files\Mozilla Firefox 3.0.4 bg.exe 2009-03-10 17:36 . 2009-03-10 17:35 1362977 ----a-w- c:\program files\BitLord_1.1.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-07-21_15.49.55 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-22 08:36 . 2011-07-22 08:36 262144 c:\windows\system32\config\systemprofile\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-16 167368] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-17 68856] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-26 13574144] "nwiz"="nwiz.exe" [2008-06-26 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 86016] "RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "MyFunCards"="c:\progra~1\MYFUNC~2\bar\2.bin\79bar.dll" [2011-03-27 702464] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "sysdriver32.exe"="c:\windows\sysdriver32.exe" [bU] "sysdriver32_.exe"="c:\windows\sysdriver32_.exe" [bU] "systemup"="c:\windows\systemup.exe" [bU] "l1rezerv.exe"="c:\windows\l1rezerv.exe" [bU] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\BOBCAT\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2009-3-7 151552] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2706:TCP"= 2706:TCP:Inhatch P2P Streaming "2707:TCP"= 2707:TCP:Inhatch P2P Streaming "2708:TCP"= 2708:TCP:Inhatch P2P Streaming "2709:TCP"= 2709:TCP:Inhatch P2P Streaming . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07.3.2009 г. 18:05 685816] R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [19.1.2009 г. 21:31 277544] S2 gupdate1ca04856b19e0e0;Услуга Google Update (gupdate1ca04856b19e0e0);c:\program files\Google\Update\GoogleUpdate.exe [14.7.2009 г. 16:17 133104] S2 MyFunCardsbarService;MyFunCards Service;c:\progra~1\MYFUNC~2\bar\2.bin\79barsvc.exe [27.3.2011 г. 13:02 36864] S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14.7.2009 г. 16:17 133104] S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] . Contents of the 'Scheduled Tasks' folder . 2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-14 13:16] . 2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-14 13:16] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.bearshare.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: Е&кспортирай в Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\BOBCAT\Application Data\Mozilla\Firefox\Profiles\w1h98st9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/ FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm901YYbg&ptb=9D732B02-71E6-4475-A9C2-300693F4EB70&psa=&ind=2011021515&ptnrS=ZUxdm901YYbg&si=xBG&st=kwd&n=77ddc0cb&searchfor= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: BrotherSoft Extreme Community Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - %profile%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} FF - Ext: MediaBar: {E84D42CA-64EB-11DE-A65F-8C3656D89593} - %profile%\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} FF - Ext: MyFunCards: 79ffxtbr@MyFunCardsbar.com - c:\program files\MyFunCardsbar\bar\2.bin . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-22 12:05 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3628) c:\windows\system32\newdll.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE c:\program files\BurnAware Pro Retail by minimaL\nmsaccessu.exe c:\windows\system32\nvsvc32.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2011-07-22 12:07:05 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-22 09:07 ComboFix2.txt 2011-07-22 08:14 ComboFix3.txt 2011-07-21 15:52 . Pre-Run: 21 791 121 408 bytes free Post-Run: 21 793 861 632 bytes free . - - End Of File - - FBF401E67F2E7C0D82A2B9EBD11782CF

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Много е важно да знам моментното състояние на компютъра ви.....?:)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Вмомента е добре отново имам достъп до фейсбук но иконата на АВАСТ сега е правоъгълна подобна на srt файловете за субтитри които са

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Цццц....така:

    • Изтеглете OTL.exe и го запазете на десктопа.
    • Стартирайте файла Публикувано изображение (OTL.exe)
    • Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):
    :Services
    
    :files
    autorun.inf /alldrives
    autorun.exe /alldrives 
    recycler /alldrives
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [emptyflash]
    [Reboot]
    

    След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

    Windows ще се рестартира и ще се създаде лог файл - OTL fix log. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

    След като публикувате лога от OTL - продължете с:

    * Изтеглете Malwarebytes' Anti-Malware или от тук

    * Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.

    * Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.

    * Ако има намерени обновявания, тя ще ги изтегли и инсталира.

    * Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.

    * Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.

    * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.

    * Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.

    * Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. Копирайте този лог и го публикувайте в следващия си коментар по темата.

    Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    All processes killed

    ========== SERVICES/DRIVERS ==========

    ========== FILES ==========

    autorun.inf not found in C:\

    autorun.inf not found in D:\

    autorun.exe not found in C:\

    autorun.exe not found in D:\

    C:\RECYCLER\S-1-5-21-436374069-583907252-725345543-1003 folder moved successfully.

    C:\RECYCLER folder moved successfully.

    D:\RECYCLER\S-1-5-21-436374069-583907252-725345543-1003 folder moved successfully.

    D:\RECYCLER\S-1-5-21-299502267-1645522239-682003330-1003 folder moved successfully.

    D:\RECYCLER\S-1-5-21-1645522239-448539723-839522115-1004 folder moved successfully.

    D:\RECYCLER folder moved successfully.

    < ipconfig /flushdns /c >

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    C:\Documents and Settings\BOBCAT\Desktop\cmd.bat deleted successfully.

    C:\Documents and Settings\BOBCAT\Desktop\cmd.txt deleted successfully.

    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: BOBCAT

    ->Temp folder emptied: 4520 bytes

    ->Temporary Internet Files folder emptied: 33670 bytes

    ->Java cache emptied: 22261 bytes

    ->FireFox cache emptied: 78772885 bytes

    ->Google Chrome cache emptied: 28433187 bytes

    ->Flash cache emptied: 1225364 bytes

    User: Default User

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 67 bytes

    ->Flash cache emptied: 41 bytes

    User: LocalService

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 32835 bytes

    User: NetworkService

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 32835 bytes

    %systemdrive% .tmp files removed: 0 bytes

    %systemroot% .tmp files removed: 2162283 bytes

    %systemroot%\System32 .tmp files removed: 2577 bytes

    %systemroot%\System32\dllcache .tmp files removed: 0 bytes

    %systemroot%\System32\drivers .tmp files removed: 0 bytes

    Windows Temp folder emptied: 0 bytes

    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 106,00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

    HOSTS file reset successfully

    Restore points cleared and new OTL Restore Point set!

    [EMPTYFLASH]

    User: All Users

    User: BOBCAT

    ->Flash cache emptied: 0 bytes

    User: Default User

    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0,00 mb

    OTL by OldTimer - Version 3.2.26.1 log created on 07222011_124010

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Сега забелязах че сте пропуснали един много важен момент ,предполагам не се го видяли в пост 10:

    Публикувано изображение След изпълнението на скрипта направете следното - понеже виждам остатъци от McAfee...задължително ги премахнете с този инструмент MCPR.exe ....!

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Версия на базата от данни: 7228 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 22.7.2011 г. 13:12:24 mbam-log-2011-07-22 (13-12-24).txt Тип сканиране: Пълно сканиране (C:\|D:\|) Сканирани обекти: 224772 Изминало време: 21 минута(и), 56 секунда(и) Заразени процеси в паметта: 0 Заразени модули в паметта: 0 Заразени ключове в регистратурата: 5 Заразени стойности в регистратурата: 3 Заразени информационни обекти в регистратурата: 0 Заразени папки: 0 Заразени файлове: 16 Заразени процеси в паметта: (Не бяха открити зловредни обекти) Заразени модули в паметта: (Не бяха открити зловредни обекти) Заразени ключове в регистратурата: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jackpotcity (PUP.Casino.Gen) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INSTALL.EXE (PUP.Casino.Gen) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\luckynugget (PUP.Adware.Casino) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mummysgold (PUP.Casino.Gen) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spinpalace (PUP.Casino.Gen) -> Quarantined and deleted successfully. Заразени стойности в регистратурата: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> Quarantined and deleted successfully. Заразени информационни обекти в регистратурата: (Не бяха открити зловредни обекти) Заразени папки: (Не бяха открити зловредни обекти) Заразени файлове: c:\microgaming\Casino\jackpotcity\install.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully. c:\microgaming\Casino\luckynugget\install.exe (PUP.Adware.Casino) -> Quarantined and deleted successfully. c:\microgaming\Casino\mummysgoldcasino\install.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully. c:\microgaming\Casino\spinpalace\install.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully. c:\program files\image-line\toxic biohazard\toxic biohazard.dll (Trojan.Backdoor) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\WINDOWS\l1rezerv.exe.vir (Backdoor.Delf) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\WINDOWS\services32.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\WINDOWS\systemup.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\WINDOWS\system32\f3pssavr.scr.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\WINDOWS\update.1\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\WINDOWS\update.2\svchost.exe.vir (Trojan.Downloader.H) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\WINDOWS\update.tray-7-0\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\WINDOWS\update.tray-7-0-lnk\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\WINDOWS\update.tray-9-0\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\WINDOWS\update.tray-9-0-lnk\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. d:\adobe photoshop cs2 iso + keygen\keygen\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Отново питам ....как е положението с компютъра ви....?Премахнахте ли McAfee..?

    • Изтеглете Security Check (автор: screen317) от тук или от тук и го запишете на десктопа.
    • Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.
    • Когато програмата завърши работата си, ще се отвори един текстов документ: checkup.txt.
    • Копирайте съдържанието на checkup.txt с Копирай (Copy) и с Постави (Paste) го поставете в следващия си коментар.
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.