Премини към съдържанието

    Препоръчан отговор


    Здравейте проблема е описан по-точно тук .

    .

    DDS (Ver_2011-06-23.01) - NTFSx86

    Internet Explorer: 8.0.6001.18702

    Run by Sniper Control at 11:40:54 on 2011-07-23

    Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.511.156 [GMT 3:00]

    .

    AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

    AV: F-PROT Antivirus for Windows *Disabled/Outdated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}

    .

    ============== Running Processes ===============

    .

    C:\WINXP\system32\nvsvc32.exe

    C:\WINXP\system32\svchost -k DcomLaunch

    svchost.exe

    C:\WINXP\System32\svchost.exe -k netsvcs

    svchost.exe

    svchost.exe

    C:\WINXP\system32\spoolsv.exe

    svchost.exe

    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

    C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    svchost.exe

    C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe

    C:\WINXP\Explorer.EXE

    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe

    C:\WINXP\system32\RunDLL32.exe

    C:\WINXP\SOUNDMAN.EXE

    C:\WINXP\system32\rundll32.exe

    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

    C:\WINXP\system32\rundll32.exe

    C:\Documents and Settings\Sniper Control\Desktop\New Folder\update\realsched.exe

    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe

    C:\Program Files\Netropa\Onscreen Display\OSD.exe

    C:\WINXP\system32\ctfmon.exe

    C:\Program Files\Skype\Phone\Skype.exe

    C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe

    C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe

    C:\WINXP\system32\taskmgr.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.google.bg/

    uInternet Settings,ProxyOverride = *.local

    mSearchAssistant = hxxp://start.facemoods.com/?a=stonicla&s={searchTerms}&f=4

    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL

    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

    uRun: [ctfmon.exe] c:\winxp\system32\ctfmon.exe

    mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

    mRun: [NvCplDaemon] RUNDLL32.EXE c:\winxp\system32\NvCpl.dll,NvStartup

    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

    mRun: [soundMan] SOUNDMAN.EXE

    mRun: [MULTIMEDIA KEYBOARD] c:\program files\netropa\multimedia keyboard\MMKeybd.exe

    mRun: [MSConfig] c:\winxp\pchealth\helpctr\binaries\MSConfig.exe /auto

    dRun: [CTFMON.EXE] c:\winxp\system32\CTFMON.EXE

    mPolicies-system: EnableLinkedConnections = 1 (0x1)

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab

    TCP: Interfaces\{D9034006-5AE1-429F-B2EF-967FC5C68FC7} : NameServer = 192.168.15.12,195.24.48.5

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winxp\system32\wpdshserviceobj.dll

    Hosts: 64.186.152.140 embedded.garena.com

    Hosts: 64.186.152.140 embedded.garenanow.com

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 SymDS;Symantec Data Store;c:\winxp\system32\drivers\nav\1206000.01d\SymDS.sys [2011-7-9 340088]

    R0 SymEFA;Symantec Extended File Attributes;c:\winxp\system32\drivers\nav\1206000.01d\SymEFA.sys [2011-7-9 744568]

    R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\winxp\system32\drivers\tdrpm273.sys [2011-4-4 752128]

    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\definitions\bashdefs\20110415.001\BHDrvx86.sys [2011-7-9 802936]

    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\winxp\system32\drivers\dtsoftbus01.sys [2011-3-16 218688]

    R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\winxp\system32\drivers\Msikbd2k.sys [2011-6-27 6656]

    R1 SymIRON;Symantec Iron Driver;c:\winxp\system32\drivers\nav\1206000.01d\Ironx86.sys [2011-7-9 136312]

    R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-4-4 3246040]

    R2 cpuz135;cpuz135;c:\winxp\system32\drivers\cpuz135_x32.sys [2011-5-4 21992]

    R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fbguard.exe [2011-7-10 98304]

    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-12 366640]

    R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.6.0.29\ccSvcHst.exe [2011-7-9 130008]

    R3 afcdp;afcdp;c:\winxp\system32\drivers\afcdp.sys [2011-4-4 167968]

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-22 105592]

    R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fbserver.exe [2011-7-10 3735552]

    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\definitions\ipsdefs\20110722.031\IDSXpx86.sys [2011-7-23 355256]

    R3 MBAMProtector;MBAMProtector;c:\winxp\system32\drivers\mbam.sys [2011-5-12 22712]

    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\definitions\virusdefs\20110722.040\NAVENG.SYS [2011-7-23 86008]

    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\definitions\virusdefs\20110722.040\NAVEX15.SYS [2011-7-23 1542392]

    R4 MBAMSwissArmy;MBAMSwissArmy;c:\winxp\system32\drivers\mbamswissarmy.sys [2011-5-12 41272]

    S0 NVStrap;NVStrap;c:\winxp\system32\drivers\NVStrap.sys [2011-5-15 4224]

    S2 FPAVServer;F-PROT Antivirus for Windows system;"c:\program files\frisk software\f-prot antivirus for windows\fpavserver.exe" --> c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [?]

    S2 nhksrv;Netropa NHK Server;c:\program files\netropa\multimedia keyboard\nhksrv.exe --> c:\program files\netropa\multimedia keyboard\nhksrv.exe [?]

    S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]

    S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\winxp\system32\drivers\ULILAN51.SYS [2011-7-18 28672]

    .

    =============== Created Last 30 ================

    .

    2011-07-22 21:54:01 -------- d-----w- c:\program files\HDD Regenerator

    2011-07-22 21:37:55 -------- d-----w- c:\documents and settings\sniper control\local settings\application data\Babylon

    2011-07-22 21:37:54 -------- d-----w- c:\documents and settings\sniper control\application data\Babylon

    2011-07-22 21:37:54 -------- d-----w- c:\documents and settings\all users\application data\Babylon

    2011-07-22 21:20:55 -------- d-----w- c:\documents and settings\sniper control\local settings\application data\Downloaded Installations

    2011-07-22 12:38:13 37888 -c--a-w- c:\winxp\system32\dllcache\bthmodem.sys

    2011-07-22 12:38:13 37888 ----a-w- c:\winxp\system32\drivers\bthmodem.sys

    2011-07-21 19:04:51 -------- d-----w- c:\documents and settings\sniper control\application data\goalbit

    2011-07-18 10:57:59 35587 ------w- c:\winxp\system32\rmlan.exe

    2011-07-18 10:57:59 34307 ------w- c:\winxp\system32\drivers\Install.EXE

    2011-07-18 10:57:59 28672 ----a-w- c:\winxp\system32\drivers\ULILAN51.SYS

    2011-07-18 10:57:59 28672 ------w- c:\winxp\system32\UnLAN.exe

    2011-07-18 10:57:53 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll

    2011-07-18 10:57:52 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll

    2011-07-18 10:57:52 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll

    2011-07-18 10:57:52 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll

    2011-07-18 10:57:47 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe

    2011-07-17 14:47:48 -------- d-----w- c:\documents and settings\sniper control\local settings\application data\SpacialAudio

    2011-07-15 19:11:07 -------- d-sh--w- c:\documents and settings\sniper control\IECompatCache

    2011-07-15 10:49:23 -------- d-----w- c:\documents and settings\sniper control\local settings\application data\Identities

    2011-07-14 20:54:38 -------- d-----w- c:\documents and settings\sniper control\local settings\application data\Apple Computer

    2011-07-14 20:53:12 -------- d-----w- c:\documents and settings\sniper control\local settings\application data\DFX

    2011-07-14 20:51:29 -------- d-----w- c:\documents and settings\sniper control\local settings\application data\Apple

    2011-07-12 18:24:50 -------- d-----w- c:\documents and settings\all users\application data\DFX

    2011-07-12 18:24:45 -------- d-----w- c:\program files\common files\DFX

    2011-07-12 18:24:44 -------- d-----w- c:\program files\DFX

    2011-07-12 18:21:54 -------- d-----w- c:\program files\Winamp Detect

    2011-07-12 18:21:18 123888 ------w- c:\winxp\system32\pxcpyi64.exe

    2011-07-12 18:21:15 59888 ------w- c:\winxp\system32\pxwma.dll

    2011-07-12 16:10:32 -------- d-----w- c:\documents and settings\sniper control\application data\GetGo Software

    2011-07-12 15:05:13 -------- d-----w- c:\program files\GetGo Software

    2011-07-11 16:36:17 101120 -c--a-w- c:\winxp\system32\dllcache\bthpan.sys

    2011-07-11 16:36:17 101120 ----a-w- c:\winxp\system32\drivers\bthpan.sys

    2011-07-11 16:36:02 59136 -c--a-w- c:\winxp\system32\dllcache\rfcomm.sys

    2011-07-11 16:36:02 59136 ----a-w- c:\winxp\system32\drivers\rfcomm.sys

    2011-07-11 16:36:02 17024 -c--a-w- c:\winxp\system32\dllcache\bthenum.sys

    2011-07-11 16:36:02 17024 ----a-w- c:\winxp\system32\drivers\BthEnum.sys

    2011-07-11 16:36:01 8192 -c--a-w- c:\winxp\system32\dllcache\wshirda.dll

    2011-07-11 16:36:01 8192 ----a-w- c:\winxp\system32\wshirda.dll

    2011-07-11 16:36:01 28160 -c--a-w- c:\winxp\system32\dllcache\irmon.dll

    2011-07-11 16:36:01 28160 ----a-w- c:\winxp\system32\irmon.dll

    2011-07-11 16:36:01 151552 -c--a-w- c:\winxp\system32\dllcache\irftp.exe

    2011-07-11 16:36:01 151552 ----a-w- c:\winxp\system32\irftp.exe

    2011-07-11 16:35:46 18944 -c--a-w- c:\winxp\system32\dllcache\bthusb.sys

    2011-07-11 16:35:46 18944 ----a-w- c:\winxp\system32\drivers\BTHUSB.SYS

    2011-07-11 16:01:35 -------- d-----w- c:\program files\SHOUTcast

    2011-07-10 19:31:05 -------- d-----w- c:\documents and settings\sniper control\application data\HLSW

    2011-07-10 18:09:44 548864 ----a-w- c:\winxp\system32\GDS32.DLL

    2011-07-09 11:31:20 60872 ----a-w- c:\winxp\system32\S32EVNT1.DLL

    2011-07-09 11:31:20 126584 ----a-w- c:\winxp\system32\drivers\SYMEVENT.SYS

    2011-07-09 11:31:19 -------- d-----w- c:\program files\Symantec

    2011-07-09 11:31:19 -------- d-----w- c:\program files\common files\Symantec Shared

    2011-07-09 11:31:04 744568 ----a-r- c:\winxp\system32\drivers\nav\1206000.01d\SymEFA.sys

    2011-07-09 11:31:04 516216 ----a-r- c:\winxp\system32\drivers\nav\1206000.01d\srtsp.sys

    2011-07-09 11:31:04 50168 ----a-r- c:\winxp\system32\drivers\nav\1206000.01d\srtspx.sys

    2011-07-09 11:31:04 369784 ----a-r- c:\winxp\system32\drivers\nav\1206000.01d\symtdi.sys

    2011-07-09 11:31:04 340088 ----a-r- c:\winxp\system32\drivers\nav\1206000.01d\SymDS.sys

    2011-07-09 11:31:04 331384 ----a-r- c:\winxp\system32\drivers\nav\1206000.01d\symtdiv.sys

    2011-07-09 11:31:04 296568 ----a-r- c:\winxp\system32\drivers\nav\1206000.01d\symnets.sys

    2011-07-09 11:31:04 136312 ----a-r- c:\winxp\system32\drivers\nav\1206000.01d\Ironx86.sys

    2011-07-09 11:30:27 -------- d-----w- c:\winxp\system32\drivers\nav\1206000.01D

    2011-07-09 11:30:27 -------- d-----w- c:\winxp\system32\drivers\NAV

    2011-07-09 11:30:24 -------- d-----w- c:\program files\Norton AntiVirus

    2011-07-09 11:30:23 -------- d-----w- c:\documents and settings\all users\application data\Norton

    2011-07-09 11:30:09 -------- d-----w- c:\program files\NortonInstaller

    2011-07-09 11:30:09 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller

    2011-07-09 08:31:08 -------- d-----w- c:\documents and settings\sniper control\application data\URSoft

    2011-07-09 08:29:22 -------- d-----w- c:\documents and settings\sniper control\local settings\application data\Temp

    2011-07-09 08:21:41 -------- d-----w- c:\winxp\E58B329BFB28487490DE0D7CB2709267.TMP

    2011-07-08 20:26:04 -------- d-----w- c:\winxp\system32\QuickTime

    2011-07-08 20:25:13 -------- d-----w- c:\program files\common files\TechSmith Shared

    2011-07-08 20:14:38 -------- d-----w- c:\documents and settings\all users\application data\FRISK Software

    2011-07-06 19:23:03 -------- d-----w- c:\documents and settings\sniper control\application data\AVG

    2011-07-06 19:21:57 -------- d-----w- c:\winxp\XSxS

    2011-07-06 19:21:57 -------- d-----w- c:\program files\Xenocode

    2011-07-06 18:21:15 -------- d-----w- c:\program files\Firebird

    2011-06-29 10:50:11 -------- d-----w- c:\documents and settings\sniper control\application data\AVG10

    2011-06-29 10:46:38 -------- d-----w- c:\documents and settings\all users\application data\AVG10

    2011-06-29 10:45:53 -------- d-----w- c:\program files\AVG

    2011-06-29 10:42:21 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

    2011-06-29 10:41:28 -------- d-----w- c:\documents and settings\all users\application data\MFAData

    2011-06-28 19:20:02 -------- d-----w- c:\program files\common files\xing shared

    2011-06-28 19:19:30 499712 ----a-w- c:\winxp\system32\msvcp71.dll

    2011-06-28 19:19:30 348160 ----a-w- c:\winxp\system32\msvcr71.dll

    2011-06-28 18:57:03 -------- d-----w- c:\winxp\SxsCaPendDel

    2011-06-27 18:04:46 98304 ----a-w- c:\winxp\system32\msikbd.dll

    2011-06-27 18:04:46 6656 ------w- c:\winxp\system32\drivers\Msikbd2k.sys

    2011-06-27 18:04:46 28672 ----a-w- c:\winxp\system32\msiosd32.dll

    2011-06-23 20:50:23 -------- d-----w- c:\program files\InhatchTeam

    .

    ==================== Find3M ====================

    .

    2011-07-22 22:24:32 252096 ----a-w- c:\winxp\system32\nvdrsdb1.bin

    2011-07-22 22:24:32 1 ----a-w- c:\winxp\system32\nvdrssel.bin

    2011-07-22 22:24:31 252096 ----a-w- c:\winxp\system32\nvdrsdb0.bin

    2011-07-16 19:09:23 60416 ----a-w- c:\winxp\ALCFDRTM.VER

    2011-07-06 16:52:42 41272 ----a-w- c:\winxp\system32\drivers\mbamswissarmy.sys

    2011-07-06 16:52:42 22712 ----a-w- c:\winxp\system32\drivers\mbam.sys

    2011-06-16 20:30:28 14 ----a-w- c:\winxp\system32\systeminfo.dll

    2011-06-15 14:04:50 0 ----a-w- c:\winxp\system32\ConduitEngine.tmp

    2011-05-22 10:08:31 86016 ----a-w- c:\winxp\system32\OpenAL32.dll

    2011-05-22 10:08:31 262144 ----a-w- c:\winxp\system32\wrap_oal.dll

    2011-05-02 08:13:24 138184 ----a-w- c:\winxp\system32\drivers\PnkBstrK.sys

    2011-05-02 08:12:41 183112 ----a-w- c:\winxp\system32\PnkBstrB.exe

    2011-04-24 12:52:38 17480 ----a-w- c:\winxp\system32\drivers\hamachi.sys

    .

    ============= FINISH: 11:42:10,65 ===============

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2011-06-23.01)

    .

    Microsoft Windows XP Professional

    Boot Device: \Device\HarddiskVolume1

    Install Date: 15.3.2011 г. 16:59:09

    System Uptime: 23.7.2011 г. 10:20:42 (1 hours ago)

    .

    Motherboard: | | 939Dual-SATA2

    Processor: AMD Athlon 64 Processor 3700+ | CPUSocket | 2200/200mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 20 GiB total, 6,097 GiB free.

    D: is FIXED (NTFS) - 55 GiB total, 14,118 GiB free.

    E: is CDROM ()

    F: is CDROM ()

    .

    ==== Disabled Device Manager Items =============

    .

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

    Description: ULi PCI Fast Ethernet Controller

    Device ID: PCI\VEN_10B9&DEV_5263&SUBSYS_52631849&REV_40\3&267A616A&0&88

    Manufacturer: ULi Electronics Inc.

    Name: ULi PCI Fast Ethernet Controller

    PNP Device ID: PCI\VEN_10B9&DEV_5263&SUBSYS_52631849&REV_40\3&267A616A&0&88

    Service: ULI5261XP

    .

    ==== System Restore Points ===================

    .

    RP45: 29.6.2011 г. 13:29:40 - Removed ESET Smart Security

    RP46: 29.6.2011 г. 13:45:34 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    RP47: 29.6.2011 г. 13:45:52 - Installed AVG 2011

    RP48: 29.6.2011 г. 13:46:25 - Installed AVG 2011

    RP49: 30.6.2011 г. 17:25:54 - System Checkpoint

    RP50: 04.7.2011 г. 14:58:31 - System Checkpoint

    RP51: 06.7.2011 г. 19:48:22 - System Checkpoint

    RP52: 07.7.2011 г. 21:41:42 - System Checkpoint

    RP53: 08.7.2011 г. 23:07:12 - Installed Camtasia Studio 7

    RP54: 08.7.2011 г. 23:07:15 - Removed AVG 2011

    RP55: 08.7.2011 г. 23:09:26 - Removed AVG 2011

    RP56: 08.7.2011 г. 23:14:36 - Installed F-PROT Antivirus for Windows

    RP57: 08.7.2011 г. 23:24:37 - Installed Camtasia Studio 7

    RP58: 09.7.2011 г. 11:35:06 - Installed F-PROT Antivirus for Windows

    RP59: 09.7.2011 г. 14:08:34 - Installed F-PROT Antivirus for Windows

    RP60: 12.7.2011 г. 19:21:16 - Removed Ask Toolbar.

    RP61: 12.7.2011 г. 19:26:05 - Removed Fable - The Lost Chapters

    RP62: 12.7.2011 г. 20:05:30 - Removed Need for Speed™ Undercover

    RP63: 14.7.2011 г. 23:54:03 - Installed Safari

    RP64: 23.7.2011 г. 00:03:12 - Restore Operation

    RP65: 23.7.2011 г. 00:53:57 - Installed HDD Regenerator.

    .

    ==== Installed Programs ======================

    .

    3DMark06

    Acronis True Image Home 2011

    Adobe Anchor Service CS3

    Adobe Asset Services CS3

    Adobe Bridge CS3

    Adobe Bridge Start Meeting

    Adobe Camera Raw 4.0

    Adobe CMaps

    Adobe Color - Photoshop Specific

    Adobe Color Common Settings

    Adobe Color EU Extra Settings

    Adobe Color JA Extra Settings

    Adobe Color NA Recommended Settings

    Adobe Default Language CS3

    Adobe Device Central CS3

    Adobe ExtendScript Toolkit 2

    Adobe Flash Player 10 ActiveX

    Adobe Flash Player 10 Plugin

    Adobe Fonts All

    Adobe Help Viewer CS3

    Adobe Linguistics CS3

    Adobe PDF Library Files

    Adobe Photoshop CS3

    Adobe Setup

    Adobe Stock Photos CS3

    Adobe Type Support

    Adobe Update Manager CS3

    Adobe Version Cue CS3 Client

    Adobe WinSoft Linguistics Plugin

    Adobe XMP Panels CS3

    AIDA64 Extreme Edition v1.50

    Apple Application Support

    Apple Software Update

    ATITool Overclocking Utility

    BFL_FIFA_10

    BitTorrent

    Bonjour

    BS.Player PRO

    Camtasia Studio 7

    CPUID CPU-Z 1.57.1

    DAEMON Tools Lite

    DFX for Winamp

    FIFA 10

    Firebird 2.5.0.26074 (Win32)

    Garena 2010

    GOM Player

    HDD Regenerator

    Inhatch web plugins

    K-Lite Codec Pack 7.0.0 (Full)

    Malwarebytes' Anti-Malware version 1.51.1.1800

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    mIRC

    MSI to redistribute MS VS2005 CRT libraries

    Nero 6 Ultra Edition

    Norton AntiVirus

    NVIDIA Control Panel 266.58

    NVIDIA Graphics Driver 266.58

    NVIDIA Install Application

    NVIDIA nView 135.50

    NVIDIA nView Desktop Manager

    NVTweak

    Office Keyboard

    Opera 11.50

    oZone3D.Net FurMark v1.8.2

    PDF Settings

    RealNetworks - Microsoft Visual C++ 2008 Runtime

    Realtek AC'97 Audio

    RealUpgrade 1.1

    RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition

    Safari

    SAM Broadcaster v4

    Security Update for Windows XP (KB923789)

    SHOUTcast DNAS (remove only)

    SHOUTcast DNAS Server v2

    Skype™ 3.8

    SopCast 3.3.2

    System Requirements Lab CYRI

    TeamViewer 5

    ULi LAN Driver

    Ventrilo Client

    WebFldrs XP

    Winamp

    Winamp Detector Plug-in

    WinRAR archiver

    .

    ==== Event Viewer Messages From Past Week ========

    .

    23.7.2011 г. 10:24:11, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    23.7.2011 г. 02:01:08, error: Service Control Manager [7034] - The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s).

    23.7.2011 г. 02:00:50, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

    23.7.2011 г. 02:00:46, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

    23.7.2011 г. 01:58:46, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    23.7.2011 г. 01:21:59, error: Service Control Manager [7034] - The Firebird Server - DefaultInstance service terminated unexpectedly. It has done this 1 time(s).

    23.7.2011 г. 01:20:38, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    23.7.2011 г. 00:41:27, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    23.7.2011 г. 00:38:14, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    23.7.2011 г. 00:04:03, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATITool BHDrvx86 eeCtrl Fips Processor SRTSPX SymIRON SYMTDI

    23.7.2011 г. 00:03:20, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    22.7.2011 г. 23:58:24, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    22.7.2011 г. 23:56:24, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATITool BHDrvx86 eeCtrl Fips Processor SRTSPX SymIRON SYMTDI

    22.7.2011 г. 23:56:02, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    22.7.2011 г. 23:47:59, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATITool BHDrvx86 eeCtrl Fips Processor SRTSPX SymIRON SYMTDI

    22.7.2011 г. 23:47:22, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    22.7.2011 г. 19:24:44, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    22.7.2011 г. 19:15:54, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    22.7.2011 г. 18:58:09, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

    22.7.2011 г. 18:58:07, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

    22.7.2011 г. 15:31:50, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

    22.7.2011 г. 14:38:31, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

    22.7.2011 г. 13:59:22, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

    22.7.2011 г. 13:58:51, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

    22.7.2011 г. 10:42:38, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    21.7.2011 г. 23:38:48, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    21.7.2011 г. 22:04:28, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

    21.7.2011 г. 19:16:35, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    21.7.2011 г. 11:18:54, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

    21.7.2011 г. 10:13:38, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    20.7.2011 г. 21:53:20, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    20.7.2011 г. 13:06:08, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

    20.7.2011 г. 12:22:46, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

    19.7.2011 г. 21:43:01, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    19.7.2011 г. 21:18:14, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

    19.7.2011 г. 09:54:47, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    18.7.2011 г. 22:03:47, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    18.7.2011 г. 19:21:01, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    18.7.2011 г. 13:52:28, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    18.7.2011 г. 12:10:26, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    18.7.2011 г. 11:46:06, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    18.7.2011 г. 10:40:30, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    18.7.2011 г. 00:54:27, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    17.7.2011 г. 17:19:37, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

    16.7.2011 г. 21:03:52, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    16.7.2011 г. 17:32:29, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

    16.7.2011 г. 00:46:32, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

    .

    ==== End Of File ===========================

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте...И тук виждам две антивирусни...възможен е конфликт ...Преди да продължим деинсталирайте по ваш избор едната антивирусна и след това направете ново сканиране с DDS ..и публикувайте лога ..!:cool: Поздрави Ицо

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Извинявам се за нахалството но отпреди имах проблем със тази F-prot след като се ъпдейтнеше искаше рестарт и след рестарта тя просто изчезваше. Свалих някакъв премахвач на антивиурсни и уж я премахна ... В добавяне или премахване на програми я няма също така няма папка в програмни файлове. Бихте ли ми предложили решение ?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Number of found instalation 0. Сканирах със DDS и пак ми показа : AV: F-PROT Antivirus for Windows *Disabled/Outdated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9} ...


    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Изтеглете ComboFix от тук или тук и го запазете на десктопа си.

    • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

    Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

    • Стартирайте Combo-Fix.com и следвайте инструкциите.

    Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

    • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

    • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

    ** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

    Публикувано изображение

    След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

    Публикувано изображение

    Изберете Yes, за да продължи сканирането за зловреден софтуер.

    Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

    Бележка:

    • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
    • ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
    • ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
    • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
    • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

    Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

    Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ComboFix 11-07-23.01 - Sniper Control 07.2011 г. 18:04:16.1.1 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.511.190 [GMT 3:00]

    Running from: c:\documents and settings\Sniper Control\Desktop\ComboFix.exe

    AV: F-PROT Antivirus for Windows *Disabled/Outdated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}

    AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\documents and settings\Sniper Control\Application Data\facemoods.com

    c:\program files\HDD Regenerator\HDD Regenerator.exe

    c:\winxp\system32\systeminfo.dll

    c:\winxp\XSxS

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    -------\Legacy_WINRING0_1_0_1

    .

    .

    ((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 )))))))))))))))))))))))))))))))

    .

    .

    2011-07-23 14:57 . 2011-07-23 14:58 -------- d-----w- C:\32788R22FWJFW

    2011-07-23 12:41 . 2002-01-12 13:30 3567 ----a-w- c:\winxp\system32\drivers\PortTalk.sys

    2011-07-23 11:56 . 2011-07-23 12:14 -------- d-----w- c:\program files\Hard Disk Sentinel

    2011-07-22 21:54 . 2011-07-23 15:18 -------- d-----w- c:\program files\HDD Regenerator

    2011-07-22 21:37 . 2011-07-22 21:37 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Babylon

    2011-07-22 21:37 . 2011-07-22 21:37 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\Babylon

    2011-07-22 21:37 . 2011-07-22 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon

    2011-07-22 21:20 . 2011-07-23 13:55 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Downloaded Installations

    2011-07-22 12:38 . 2008-04-13 19:16 37888 -c--a-w- c:\winxp\system32\dllcache\bthmodem.sys

    2011-07-22 12:38 . 2008-04-13 19:16 37888 ----a-w- c:\winxp\system32\drivers\bthmodem.sys

    2011-07-21 19:04 . 2011-07-22 21:00 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\goalbit

    2011-07-18 10:57 . 2005-04-27 06:15 35587 ------w- c:\winxp\system32\rmlan.exe

    2011-07-18 10:57 . 2005-04-27 06:15 34307 ------w- c:\winxp\system32\drivers\Install.EXE

    2011-07-18 10:57 . 2005-04-06 13:54 28672 ------w- c:\winxp\system32\UnLAN.exe

    2011-07-18 10:57 . 2005-03-22 17:36 28672 ----a-w- c:\winxp\system32\drivers\ULILAN51.SYS

    2011-07-18 10:57 . 2001-09-05 00:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll

    2011-07-18 10:57 . 2001-09-05 00:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

    2011-07-18 10:57 . 2001-09-05 00:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

    2011-07-18 10:57 . 2001-09-05 00:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

    2011-07-18 10:57 . 2002-02-01 13:23 610436 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

    2011-07-17 14:47 . 2011-07-17 14:47 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\SpacialAudio

    2011-07-15 19:11 . 2011-07-15 19:11 -------- d-sh--w- c:\documents and settings\Sniper Control\IECompatCache

    2011-07-15 10:49 . 2011-07-15 10:49 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Identities

    2011-07-15 10:28 . 2011-07-15 10:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

    2011-07-14 20:54 . 2011-07-14 20:55 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\Apple Computer

    2011-07-14 20:54 . 2011-07-14 20:54 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Apple Computer

    2011-07-14 20:54 . 2011-07-14 20:54 -------- d-----w- c:\program files\Safari

    2011-07-14 20:54 . 2011-07-14 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

    2011-07-14 20:53 . 2011-07-14 20:53 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\DFX

    2011-07-14 20:52 . 2011-07-14 20:52 -------- d-----w- c:\program files\Common Files\Apple

    2011-07-14 20:51 . 2011-07-14 20:51 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Apple

    2011-07-14 20:51 . 2011-07-14 20:51 -------- d-----w- c:\program files\Apple Software Update

    2011-07-14 20:51 . 2011-07-14 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

    2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\documents and settings\SUPPORT_388945a0

    2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\documents and settings\HelpAssistant

    2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\documents and settings\Guest

    2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\documents and settings\Administrator

    2011-07-12 18:24 . 2011-07-12 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DFX

    2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\program files\Common Files\DFX

    2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\program files\DFX

    2011-07-12 18:21 . 2011-07-12 18:21 -------- d-----w- c:\program files\Winamp Detect

    2011-07-12 18:21 . 2011-03-04 19:44 123888 ------w- c:\winxp\system32\pxcpyi64.exe

    2011-07-12 18:21 . 2011-03-04 19:44 59888 ------w- c:\winxp\system32\pxwma.dll

    2011-07-12 18:21 . 2011-07-12 18:24 -------- d-----w- c:\program files\Winamp

    2011-07-12 18:21 . 2011-07-12 18:24 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\Winamp

    2011-07-12 16:10 . 2011-07-12 16:10 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\GetGo Software

    2011-07-12 15:05 . 2011-07-12 16:23 -------- d-----w- c:\program files\GetGo Software

    2011-07-11 16:36 . 2008-04-13 19:21 101120 -c--a-w- c:\winxp\system32\dllcache\bthpan.sys

    2011-07-11 16:36 . 2008-04-13 19:21 101120 ----a-w- c:\winxp\system32\drivers\bthpan.sys

    2011-07-11 16:36 . 2008-04-13 19:16 59136 -c--a-w- c:\winxp\system32\dllcache\rfcomm.sys

    2011-07-11 16:36 . 2008-04-13 19:16 59136 ----a-w- c:\winxp\system32\drivers\rfcomm.sys

    2011-07-11 16:36 . 2008-04-13 19:16 17024 -c--a-w- c:\winxp\system32\dllcache\bthenum.sys

    2011-07-11 16:36 . 2008-04-13 19:16 17024 ----a-w- c:\winxp\system32\drivers\BthEnum.sys

    2011-07-11 16:36 . 2008-04-14 00:42 151552 -c--a-w- c:\winxp\system32\dllcache\irftp.exe

    2011-07-11 16:36 . 2008-04-14 00:42 151552 ----a-w- c:\winxp\system32\irftp.exe

    2011-07-11 16:36 . 2008-04-14 00:42 8192 -c--a-w- c:\winxp\system32\dllcache\wshirda.dll

    2011-07-11 16:36 . 2008-04-14 00:42 8192 ----a-w- c:\winxp\system32\wshirda.dll

    2011-07-11 16:36 . 2008-04-14 00:41 28160 -c--a-w- c:\winxp\system32\dllcache\irmon.dll

    2011-07-11 16:36 . 2008-04-14 00:41 28160 ----a-w- c:\winxp\system32\irmon.dll

    2011-07-11 16:35 . 2008-04-13 19:16 18944 -c--a-w- c:\winxp\system32\dllcache\bthusb.sys

    2011-07-11 16:35 . 2008-04-13 19:16 18944 ----a-w- c:\winxp\system32\drivers\BTHUSB.SYS

    2011-07-11 16:01 . 2011-07-12 16:11 -------- d-----w- c:\program files\SHOUTcast

    2011-07-10 19:31 . 2011-07-10 19:43 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\HLSW

    2011-07-10 18:09 . 2010-09-17 08:13 548864 ----a-w- c:\winxp\system32\GDS32.DLL

    2011-07-09 11:31 . 2011-07-09 11:31 60872 ----a-w- c:\winxp\system32\S32EVNT1.DLL

    2011-07-09 11:31 . 2011-07-09 11:31 126584 ----a-w- c:\winxp\system32\drivers\SYMEVENT.SYS

    2011-07-09 11:31 . 2011-07-10 11:54 -------- d-----w- c:\program files\Common Files\Symantec Shared

    2011-07-09 11:31 . 2011-07-09 11:31 -------- d-----w- c:\program files\Symantec

    2011-07-09 11:30 . 2011-07-09 11:30 -------- d-----w- c:\winxp\system32\drivers\NAV

    2011-07-09 11:30 . 2011-07-09 11:37 -------- d-----w- c:\program files\Norton AntiVirus

    2011-07-09 11:30 . 2011-07-09 11:30 -------- d-----w- c:\program files\Windows Sidebar

    2011-07-09 11:30 . 2011-07-09 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

    2011-07-09 11:30 . 2011-07-09 11:30 -------- d-----w- c:\program files\NortonInstaller

    2011-07-09 08:31 . 2011-07-09 08:31 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\URSoft

    2011-07-09 08:29 . 2011-07-09 08:29 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Temp

    2011-07-09 08:21 . 2011-07-09 08:21 -------- d-----w- c:\winxp\E58B329BFB28487490DE0D7CB2709267.TMP

    2011-07-08 20:26 . 2011-07-08 20:26 -------- d-----w- c:\winxp\system32\QuickTime

    2011-07-08 20:25 . 2011-07-08 20:25 -------- d-----w- c:\program files\QuickTime

    2011-07-08 20:25 . 2011-07-08 20:25 -------- d-----w- c:\program files\Common Files\TechSmith Shared

    2011-07-08 20:24 . 2011-07-08 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith

    2011-07-08 20:24 . 2011-07-08 20:24 -------- d-----w- c:\program files\TechSmith

    2011-07-08 20:14 . 2011-07-09 11:10 -------- dc----w- c:\winxp\system32\DRVSTORE

    2011-07-08 20:14 . 2011-07-08 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\FRISK Software

    2011-07-06 19:23 . 2011-07-06 19:23 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\AVG

    2011-07-06 19:22 . 2011-07-23 14:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

    2011-07-06 19:21 . 2011-07-06 19:21 -------- d-----w- c:\program files\Xenocode

    2011-07-06 18:21 . 2011-07-10 18:09 -------- d-----w- c:\program files\Firebird

    2011-06-29 10:46 . 2011-07-08 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

    2011-06-29 10:45 . 2011-07-06 19:47 -------- d-----w- c:\program files\AVG

    2011-06-29 10:42 . 2011-06-29 10:42 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

    2011-06-29 10:41 . 2011-07-08 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

    2011-06-28 19:20 . 2011-06-28 19:20 -------- d-----w- c:\program files\Common Files\xing shared

    2011-06-28 19:19 . 2011-06-28 19:19 499712 ----a-w- c:\winxp\system32\msvcp71.dll

    2011-06-28 19:19 . 2011-06-28 19:19 348160 ----a-w- c:\winxp\system32\msvcr71.dll

    2011-06-28 18:57 . 2011-06-29 07:46 -------- d-----w- c:\winxp\SxsCaPendDel

    2011-06-28 12:38 . 2011-06-28 12:39 -------- d-----w- c:\program files\Real

    2011-06-27 18:04 . 2002-07-11 05:47 98304 ----a-w- c:\winxp\system32\msikbd.dll

    2011-06-27 18:04 . 2001-12-20 07:02 6656 ------w- c:\winxp\system32\drivers\Msikbd2k.sys

    2011-06-27 18:04 . 2000-06-08 00:09 28672 ----a-w- c:\winxp\system32\msiosd32.dll

    2011-06-23 20:50 . 2011-07-21 18:50 -------- d-----w- c:\program files\InhatchTeam

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2011-07-16 19:09 . 2011-03-15 15:37 60416 ----a-w- c:\winxp\ALCFDRTM.VER

    2011-07-06 16:52 . 2011-05-12 10:44 41272 ----a-w- c:\winxp\system32\drivers\mbamswissarmy.sys

    2011-07-06 16:52 . 2011-05-12 10:44 22712 ----a-w- c:\winxp\system32\drivers\mbam.sys

    2011-06-15 14:04 . 2011-06-15 14:04 0 ----a-w- c:\winxp\system32\ConduitEngine.tmp

    2011-05-22 10:08 . 2011-05-22 10:08 86016 ----a-w- c:\winxp\system32\OpenAL32.dll

    2011-05-22 10:08 . 2011-05-22 10:08 262144 ----a-w- c:\winxp\system32\wrap_oal.dll

    2011-05-02 08:13 . 2011-04-05 20:24 138184 ----a-w- c:\winxp\system32\drivers\PnkBstrK.sys

    2011-05-02 08:12 . 2011-04-05 20:24 183112 ----a-w- c:\winxp\system32\PnkBstrB.exe

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NvMediaCenter"="NvMCTray.dll" [2011-01-07 111208]

    "NvCplDaemon"="c:\winxp\system32\NvCpl.dll" [2011-01-07 13880424]

    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

    "MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]

    .

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\winxp\system32\CTFMON.EXE" [2008-04-14 15360]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableLinkedConnections"= 1 (0x1)

    .

    [HKLM\~\startupfolder\C:^Documents and Settings^Sniper Control^Start Menu^Programs^Startup^FIFA 10 Registration.lnk]

    path=c:\documents and settings\Sniper Control\Start Menu\Programs\Startup\FIFA 10 Registration.lnk

    backup=c:\winxp\pss\FIFA 10 Registration.lnkStartup

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

    2011-02-01 16:53 390720 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

    2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

    2008-04-14 11:00 208952 ----a-w- c:\winxp\ime\IMJP8_1\imjpmig.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

    2011-07-06 16:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    2001-07-09 07:50 155648 ----a-w- c:\winxp\system32\NeroCheck.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

    2008-04-14 11:00 455168 ----a-w- c:\winxp\system32\IME\TINTLGNT\TINTSETP.EXE

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

    2008-04-14 11:00 455168 ----a-w- c:\winxp\system32\IME\TINTLGNT\TINTSETP.EXE

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]

    2009-08-22 18:25 2781184 ----a-w- d:\sniper control\Programs\overclock\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor]

    2010-11-16 00:52 2536448 ----a-w- c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    2011-06-28 19:19 273544 ----a-w- c:\documents and settings\Sniper Control\Desktop\New Folder\Update\realsched.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

    2011-02-01 16:52 5546376 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\Opera\\opera.exe"=

    "d:\\Games\\Steam\\steamapps\\sniper_control\\half-life\\hl.exe"=

    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

    "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

    "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=

    "c:\\Program Files\\Garena\\Garena.exe"=

    "c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

    "d:\\asq forever\\asq cs\\Counter-Strike 1.6\\hl.exe"=

    "d:\\Games\\Steam\\steamapps\\sniper_control\\counter-strike\\hl.exe"=

    "c:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=

    "c:\\Program Files\\Winamp\\winamp.exe"=

    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "10950:TCP"= 10950:TCP:Inhatch P2P Streaming

    "10951:TCP"= 10951:TCP:Inhatch P2P Streaming

    "10952:TCP"= 10952:TCP:Inhatch P2P Streaming

    "10953:TCP"= 10953:TCP:Inhatch P2P Streaming

    "49780:UDP"= 49780:UDP:Inhatch P2P Streaming

    .

    R0 SymDS;Symantec Data Store;c:\winxp\system32\drivers\NAV\1206000.01D\SymDS.sys [09.7.2011 г. 14:31 340088]

    R0 SymEFA;Symantec Extended File Attributes;c:\winxp\system32\drivers\NAV\1206000.01D\SymEFA.sys [09.7.2011 г. 14:31 744568]

    R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\winxp\system32\drivers\tdrpm273.sys [04.4.2011 г. 20:37 752128]

    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\BASHDefs\20110415.001\BHDrvx86.sys [09.7.2011 г. 14:31 802936]

    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\winxp\system32\drivers\dtsoftbus01.sys [16.3.2011 г. 12:50 218688]

    R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\winxp\system32\drivers\Msikbd2k.sys [27.6.2011 г. 21:04 6656]

    R1 SymIRON;Symantec Iron Driver;c:\winxp\system32\drivers\NAV\1206000.01D\Ironx86.sys [09.7.2011 г. 14:31 136312]

    R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [04.4.2011 г. 20:38 3246040]

    R2 cpuz135;cpuz135;c:\winxp\system32\drivers\cpuz135_x32.sys [04.5.2011 г. 14:21 21992]

    R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [10.7.2011 г. 21:09 98304]

    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12.5.2011 г. 13:44 366640]

    R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [09.7.2011 г. 14:30 130008]

    R3 afcdp;afcdp;c:\winxp\system32\drivers\afcdp.sys [04.4.2011 г. 20:38 167968]

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [23.7.2011 г. 10:45 105592]

    R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [10.7.2011 г. 21:09 3735552]

    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\IPSDefs\20110722.031\IDSXpx86.sys [23.7.2011 г. 10:58 355256]

    R3 MBAMProtector;MBAMProtector;c:\winxp\system32\drivers\mbam.sys [12.5.2011 г. 13:44 22712]

    S0 NVStrap;NVStrap;c:\winxp\system32\drivers\NVStrap.sys [15.5.2011 г. 18:13 4224]

    S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe --> c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [?]

    S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]

    S3 PortTalk;PortTalk;c:\winxp\system32\drivers\PortTalk.sys [23.7.2011 г. 15:41 3567]

    S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\winxp\system32\drivers\ULILAN51.SYS [18.7.2011 г. 13:57 28672]

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2011-07-22 c:\winxp\Tasks\AppleSoftwareUpdate.job

    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]

    .

    2011-07-23 c:\winxp\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1767777339-1801674531-1003.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 07:47]

    .

    2011-07-23 c:\winxp\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1767777339-1801674531-1003.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 07:47]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.bg/

    uInternet Settings,ProxyOverride = *.local

    TCP: Interfaces\{D9034006-5AE1-429F-B2EF-967FC5C68FC7}: NameServer = 192.168.15.12,195.24.48.5

    .

    - - - - ORPHANS REMOVED - - - -

    .

    MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe

    MSConfigStartUp-HDD Regenerator - c:\program files\HDD Regenerator\HDD Regenerator.exe

    MSConfigStartUp-OscarEditor - c:\program files\OSCAR Editor\\OscarEditor.exe

    .

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2011-07-23 18:28

    Windows 5.1.2600 Service Pack 3 NTFS

    .

    scanning hidden processes ...

    .

    scanning hidden autostart entries ...

    .

    scanning hidden files ...

    .

    scan completed successfully

    hidden files: 0

    .

    **************************************************************************

    .

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]

    "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    .

    - - - - - - - > 'explorer.exe'(3936)

    c:\winxp\system32\WININET.dll

    c:\program files\NVIDIA Corporation\nView\nview.dll

    c:\winxp\system32\ieframe.dll

    c:\winxp\system32\webcheck.dll

    c:\winxp\system32\wpdshserviceobj.dll

    c:\winxp\system32\portabledevicetypes.dll

    c:\winxp\system32\portabledeviceapi.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\winxp\system32\nvsvc32.exe

    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

    c:\program files\Bonjour\mDNSResponder.exe

    c:\winxp\system32\wscntfy.exe

    c:\winxp\system32\RunDLL32.exe

    c:\winxp\SOUNDMAN.EXE

    c:\winxp\system32\rundll32.exe

    c:\program files\Netropa\Multimedia Keyboard\TrayMon.exe

    c:\program files\Netropa\Onscreen Display\OSD.exe

    .

    **************************************************************************

    .

    Completion time: 2011-07-23 18:33:44 - machine was rebooted

    ComboFix-quarantined-files.txt 2011-07-23 15:33

    .

    Pre-Run: 6 751 334 400 bytes free

    Post-Run: 6 877 171 712 bytes free

    .

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINXP

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    UnsupportedDebug="do not select this" /debug

    multi(0)disk(0)rdisk(0)partition(1)\WINXP="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    .

    - - End Of File - - B523C8690750B1474C57A7ECDE19AFAD

    Ето лога от ComboFix

    Подобрение има. Сега ми цикли само на песните. Иначе сега по-бързо зарежда xp-то и всичко си върви нормално

    Редактирано от Sniper Control (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Радвам се...Но има още неща за оправяне...така че ще ви пиша малко по късно...!:party4:

    Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

    KILLALL::
    
    SecCenter::
    {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}
    
    File::
    c:\winxp\E58B329BFB28487490DE0D7CB2709267.TMP
     
    Folder::
    c:\documents and settings\Sniper Control\Application Data\AVG
    c:\documents and settings\All Users\Application Data\AVG10
    c:\program files\AVG
     
    DDS::
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://start.facemoods.com/?a=stonicla&s={searchTerms}&f=4
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    
    Reboot::
    
    
    

    След съхранението преместете CFScript.txt на иконата на ComboFix.exe

    Публикувано изображение

    Генерирания рапорт прикачете в следващия си пост..!

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ComboFix 11-07-23.04 - Sniper Control 07.2011 г. 21:33:41.2.1 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.511.235 [GMT 3:00]

    Running from: c:\documents and settings\Sniper Control\Desktop\ComboFix.exe

    Command switches used :: c:\documents and settings\Sniper Control\Desktop\CFScript.txt.txt

    .

    FILE ::

    "c:\winxp\E58B329BFB28487490DE0D7CB2709267.TMP"

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\documents and settings\All Users\Application Data\AVG10

    c:\documents and settings\Sniper Control\Application Data\AVG

    c:\documents and settings\Sniper Control\Application Data\AVG\PC Tuneup 2011\Logs\PC Tuneup 2011_SN.log

    c:\documents and settings\Sniper Control\Application Data\AVG\Rescue\PC Tuneup 2011\110706222303906.rsc

    c:\documents and settings\Sniper Control\Application Data\AVG\Rescue\PC Tuneup 2011\110706222317093.rsc

    c:\program files\AVG

    c:\program files\AVG\AVG10\Notification\AVGTBUpgrade2.exe

    c:\program files\AVG\AVG10\Notification\BuyFull_cz.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_da.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_es.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_fr.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_ge.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_hu.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_id.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_in.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_it.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_jp.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_ko.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_ms.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_nl.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_pb.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_pl.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_pt.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_ru.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_sc.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_sk.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_sp.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_tr.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_us.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_zh.htm

    c:\program files\AVG\AVG10\Notification\BuyFull_zt.htm

    c:\program files\AVG\AVG10\Notification\SPCheckerTE.exe

    c:\program files\AVG\AVG10\Notification\styles.css

    c:\program files\AVG\AVG10\Notification\update-payment-details-bkg.png

    c:\program files\AVG\AVG10\Notification\update-payment-details-btn.png

    c:\program files\AVG\AVG10\Notification\update-payment-details-btn2.png

    c:\program files\AVG\AVG10\Notification\update-payment-details-btn3.png

    .

    .

    ((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 )))))))))))))))))))))))))))))))

    .

    .

    2011-07-23 16:42 . 2006-08-01 12:02 49152 ----a-w- c:\winxp\system32\ChCfg.exe

    2011-07-23 16:41 . 2008-09-24 07:40 4122368 ----a-r- c:\winxp\system32\drivers\alcxwdm.sys

    2011-07-23 16:41 . 2006-12-08 12:20 10528768 ----a-w- c:\winxp\system32\RTLCPL.exe

    2011-07-23 16:41 . 2007-04-16 12:28 577536 ----a-w- c:\winxp\soundman.exe

    2011-07-23 16:41 . 2006-11-17 02:40 18804736 ----a-w- c:\winxp\system32\alsndmgr.cpl

    2011-07-23 16:41 . 2006-10-17 23:53 147456 ----a-w- c:\winxp\system32\RtlCPAPI.dll

    2011-07-23 16:40 . 2006-07-31 08:27 217088 ----a-w- c:\winxp\Alcrmv.exe

    2011-07-23 16:40 . 2006-07-31 08:19 315392 ----a-w- c:\winxp\alcupd.exe

    2011-07-23 12:41 . 2002-01-12 13:30 3567 ----a-w- c:\winxp\system32\drivers\PortTalk.sys

    2011-07-23 11:56 . 2011-07-23 12:14 -------- d-----w- c:\program files\Hard Disk Sentinel

    2011-07-22 21:54 . 2011-07-23 15:18 -------- d-----w- c:\program files\HDD Regenerator

    2011-07-22 21:37 . 2011-07-22 21:37 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Babylon

    2011-07-22 21:37 . 2011-07-22 21:37 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\Babylon

    2011-07-22 21:37 . 2011-07-22 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon

    2011-07-22 21:20 . 2011-07-23 13:55 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Downloaded Installations

    2011-07-22 12:38 . 2008-04-13 19:16 37888 -c--a-w- c:\winxp\system32\dllcache\bthmodem.sys

    2011-07-22 12:38 . 2008-04-13 19:16 37888 ----a-w- c:\winxp\system32\drivers\bthmodem.sys

    2011-07-21 19:04 . 2011-07-22 21:00 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\goalbit

    2011-07-18 10:57 . 2005-04-27 06:15 35587 ------w- c:\winxp\system32\rmlan.exe

    2011-07-18 10:57 . 2005-04-27 06:15 34307 ------w- c:\winxp\system32\drivers\Install.EXE

    2011-07-18 10:57 . 2005-04-06 13:54 28672 ------w- c:\winxp\system32\UnLAN.exe

    2011-07-18 10:57 . 2005-03-22 17:36 28672 ----a-w- c:\winxp\system32\drivers\ULILAN51.SYS

    2011-07-18 10:57 . 2001-09-05 00:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll

    2011-07-18 10:57 . 2001-09-05 00:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

    2011-07-18 10:57 . 2001-09-05 00:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

    2011-07-18 10:57 . 2001-09-05 00:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

    2011-07-18 10:57 . 2002-02-01 13:23 610436 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

    2011-07-17 14:47 . 2011-07-17 14:47 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\SpacialAudio

    2011-07-15 19:11 . 2011-07-15 19:11 -------- d-sh--w- c:\documents and settings\Sniper Control\IECompatCache

    2011-07-15 10:49 . 2011-07-15 10:49 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Identities

    2011-07-15 10:28 . 2011-07-15 10:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

    2011-07-14 20:54 . 2011-07-14 20:55 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\Apple Computer

    2011-07-14 20:54 . 2011-07-14 20:54 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Apple Computer

    2011-07-14 20:53 . 2011-07-14 20:53 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\DFX

    2011-07-14 20:52 . 2011-07-14 20:52 -------- d-----w- c:\program files\Common Files\Apple

    2011-07-14 20:51 . 2011-07-14 20:51 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Apple

    2011-07-14 20:51 . 2011-07-14 20:51 -------- d-----w- c:\program files\Apple Software Update

    2011-07-14 20:51 . 2011-07-14 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

    2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\documents and settings\SUPPORT_388945a0

    2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\documents and settings\HelpAssistant

    2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\documents and settings\Guest

    2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\documents and settings\Administrator

    2011-07-12 18:24 . 2011-07-12 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DFX

    2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\program files\Common Files\DFX

    2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\program files\DFX

    2011-07-12 18:21 . 2011-07-12 18:21 -------- d-----w- c:\program files\Winamp Detect

    2011-07-12 18:21 . 2011-03-04 19:44 123888 ------w- c:\winxp\system32\pxcpyi64.exe

    2011-07-12 18:21 . 2011-03-04 19:44 59888 ------w- c:\winxp\system32\pxwma.dll

    2011-07-12 18:21 . 2011-07-12 18:24 -------- d-----w- c:\program files\Winamp

    2011-07-12 18:21 . 2011-07-12 18:24 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\Winamp

    2011-07-12 16:10 . 2011-07-12 16:10 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\GetGo Software

    2011-07-12 15:05 . 2011-07-12 16:23 -------- d-----w- c:\program files\GetGo Software

    2011-07-11 16:36 . 2008-04-13 19:21 101120 -c--a-w- c:\winxp\system32\dllcache\bthpan.sys

    2011-07-11 16:36 . 2008-04-13 19:21 101120 ----a-w- c:\winxp\system32\drivers\bthpan.sys

    2011-07-11 16:36 . 2008-04-13 19:16 59136 -c--a-w- c:\winxp\system32\dllcache\rfcomm.sys

    2011-07-11 16:36 . 2008-04-13 19:16 59136 ----a-w- c:\winxp\system32\drivers\rfcomm.sys

    2011-07-11 16:36 . 2008-04-13 19:16 17024 -c--a-w- c:\winxp\system32\dllcache\bthenum.sys

    2011-07-11 16:36 . 2008-04-13 19:16 17024 ----a-w- c:\winxp\system32\drivers\BthEnum.sys

    2011-07-11 16:36 . 2008-04-14 00:42 151552 -c--a-w- c:\winxp\system32\dllcache\irftp.exe

    2011-07-11 16:36 . 2008-04-14 00:42 151552 ----a-w- c:\winxp\system32\irftp.exe

    2011-07-11 16:36 . 2008-04-14 00:42 8192 -c--a-w- c:\winxp\system32\dllcache\wshirda.dll

    2011-07-11 16:36 . 2008-04-14 00:42 8192 ----a-w- c:\winxp\system32\wshirda.dll

    2011-07-11 16:36 . 2008-04-14 00:41 28160 -c--a-w- c:\winxp\system32\dllcache\irmon.dll

    2011-07-11 16:36 . 2008-04-14 00:41 28160 ----a-w- c:\winxp\system32\irmon.dll

    2011-07-11 16:35 . 2008-04-13 19:16 18944 -c--a-w- c:\winxp\system32\dllcache\bthusb.sys

    2011-07-11 16:35 . 2008-04-13 19:16 18944 ----a-w- c:\winxp\system32\drivers\BTHUSB.SYS

    2011-07-11 16:01 . 2011-07-12 16:11 -------- d-----w- c:\program files\SHOUTcast

    2011-07-10 19:31 . 2011-07-10 19:43 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\HLSW

    2011-07-10 18:09 . 2010-09-17 08:13 548864 ----a-w- c:\winxp\system32\GDS32.DLL

    2011-07-09 11:30 . 2011-07-09 11:30 -------- d-----w- c:\program files\Windows Sidebar

    2011-07-09 11:30 . 2011-07-23 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

    2011-07-09 08:31 . 2011-07-09 08:31 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\URSoft

    2011-07-09 08:29 . 2011-07-09 08:29 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Temp

    2011-07-09 08:21 . 2011-07-09 08:21 -------- d-----w- c:\winxp\E58B329BFB28487490DE0D7CB2709267.TMP

    2011-07-08 20:26 . 2011-07-08 20:26 -------- d-----w- c:\winxp\system32\QuickTime

    2011-07-08 20:25 . 2011-07-08 20:25 -------- d-----w- c:\program files\QuickTime

    2011-07-08 20:25 . 2011-07-08 20:25 -------- d-----w- c:\program files\Common Files\TechSmith Shared

    2011-07-08 20:24 . 2011-07-08 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith

    2011-07-08 20:24 . 2011-07-08 20:24 -------- d-----w- c:\program files\TechSmith

    2011-07-08 20:14 . 2011-07-09 11:10 -------- dc----w- c:\winxp\system32\DRVSTORE

    2011-07-08 20:14 . 2011-07-08 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\FRISK Software

    2011-07-06 19:22 . 2011-07-23 14:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

    2011-07-06 19:21 . 2011-07-06 19:21 -------- d-----w- c:\program files\Xenocode

    2011-07-06 18:21 . 2011-07-10 18:09 -------- d-----w- c:\program files\Firebird

    2011-06-29 10:50 . 2011-06-29 10:50 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\AVG10

    2011-06-29 10:42 . 2011-06-29 10:42 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

    2011-06-29 10:41 . 2011-07-08 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

    2011-06-28 19:20 . 2011-06-28 19:20 -------- d-----w- c:\program files\Common Files\xing shared

    2011-06-28 19:19 . 2011-06-28 19:19 499712 ----a-w- c:\winxp\system32\msvcp71.dll

    2011-06-28 19:19 . 2011-06-28 19:19 348160 ----a-w- c:\winxp\system32\msvcr71.dll

    2011-06-28 18:57 . 2011-06-29 07:46 -------- d-----w- c:\winxp\SxsCaPendDel

    2011-06-28 12:38 . 2011-06-28 12:39 -------- d-----w- c:\program files\Real

    2011-06-27 18:04 . 2002-07-11 05:47 98304 ----a-w- c:\winxp\system32\msikbd.dll

    2011-06-27 18:04 . 2001-12-20 07:02 6656 ------w- c:\winxp\system32\drivers\Msikbd2k.sys

    2011-06-27 18:04 . 2000-06-08 00:09 28672 ----a-w- c:\winxp\system32\msiosd32.dll

    2011-06-23 20:50 . 2011-07-21 18:50 -------- d-----w- c:\program files\InhatchTeam

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2011-07-16 19:09 . 2011-03-15 15:37 60416 ----a-w- c:\winxp\ALCFDRTM.VER

    2011-07-06 16:52 . 2011-05-12 10:44 41272 ----a-w- c:\winxp\system32\drivers\mbamswissarmy.sys

    2011-07-06 16:52 . 2011-05-12 10:44 22712 ----a-w- c:\winxp\system32\drivers\mbam.sys

    2011-06-15 14:04 . 2011-06-15 14:04 0 ----a-w- c:\winxp\system32\ConduitEngine.tmp

    2011-05-22 10:08 . 2011-05-22 10:08 86016 ----a-w- c:\winxp\system32\OpenAL32.dll

    2011-05-22 10:08 . 2011-05-22 10:08 262144 ----a-w- c:\winxp\system32\wrap_oal.dll

    2011-05-02 08:13 . 2011-04-05 20:24 138184 ----a-w- c:\winxp\system32\drivers\PnkBstrK.sys

    2011-05-02 08:12 . 2011-04-05 20:24 183112 ----a-w- c:\winxp\system32\PnkBstrB.exe

    .

    .

    ((((((((((((((((((((((((((((( SnapShot@2011-07-23_15.28.54 )))))))))))))))))))))))))))))))))))))))))

    .

    - 2008-04-14 03:42 . 2008-04-14 01:42 23552 c:\winxp\system32\wdmaud.drv

    + 2008-04-14 03:42 . 2008-04-14 00:42 23552 c:\winxp\system32\wdmaud.drv

    + 2008-04-13 22:15 . 2004-07-09 01:27 48512 c:\winxp\system32\drivers\stream.sys

    + 2011-03-15 15:18 . 2008-04-13 19:15 60160 c:\winxp\system32\drivers\drmk.sys

    - 2011-03-15 15:18 . 2008-04-13 20:15 60160 c:\winxp\system32\drivers\drmk.sys

    + 2008-04-14 03:42 . 2008-04-14 00:42 23552 c:\winxp\system32\dllcache\wdmaud.drv

    - 2008-04-14 03:42 . 2008-04-14 01:42 23552 c:\winxp\system32\dllcache\wdmaud.drv

    + 2008-04-13 22:15 . 2004-07-09 01:27 48512 c:\winxp\system32\dllcache\stream.sys

    - 2011-03-15 15:18 . 2008-04-13 20:15 60160 c:\winxp\system32\dllcache\drmk.sys

    + 2011-03-15 15:18 . 2008-04-13 19:15 60160 c:\winxp\system32\dllcache\drmk.sys

    - 2011-03-15 15:18 . 2008-04-14 01:41 4096 c:\winxp\system32\ksuser.dll

    + 2011-03-15 15:18 . 2002-12-11 21:14 4096 c:\winxp\system32\ksuser.dll

    - 2011-03-15 15:18 . 2008-04-14 01:41 4096 c:\winxp\system32\dllcache\ksuser.dll

    + 2011-03-15 15:18 . 2002-12-11 21:14 4096 c:\winxp\system32\dllcache\ksuser.dll

    + 2011-03-15 15:18 . 2008-04-13 19:49 146048 c:\winxp\system32\drivers\portcls.sys

    - 2011-03-15 15:18 . 2008-04-13 20:49 146048 c:\winxp\system32\drivers\portcls.sys

    + 2011-03-15 15:18 . 2008-04-13 19:49 146048 c:\winxp\system32\dllcache\portcls.sys

    - 2011-03-15 15:18 . 2008-04-13 20:49 146048 c:\winxp\system32\dllcache\portcls.sys

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NvMediaCenter"="NvMCTray.dll" [2011-01-07 111208]

    "NvCplDaemon"="c:\winxp\system32\NvCpl.dll" [2011-01-07 13880424]

    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

    "MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]

    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

    .

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\winxp\system32\CTFMON.EXE" [2008-04-14 15360]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableLinkedConnections"= 1 (0x1)

    .

    [HKLM\~\startupfolder\C:^Documents and Settings^Sniper Control^Start Menu^Programs^Startup^FIFA 10 Registration.lnk]

    path=c:\documents and settings\Sniper Control\Start Menu\Programs\Startup\FIFA 10 Registration.lnk

    backup=c:\winxp\pss\FIFA 10 Registration.lnkStartup

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

    2011-02-01 16:53 390720 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

    2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

    2008-04-14 11:00 208952 ----a-w- c:\winxp\ime\IMJP8_1\imjpmig.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

    2011-07-06 16:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    2001-07-09 07:50 155648 ----a-w- c:\winxp\system32\NeroCheck.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

    2008-04-14 11:00 455168 ----a-w- c:\winxp\system32\IME\TINTLGNT\TINTSETP.EXE

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

    2008-04-14 11:00 455168 ----a-w- c:\winxp\system32\IME\TINTLGNT\TINTSETP.EXE

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]

    2009-08-22 18:25 2781184 ----a-w- d:\sniper control\Programs\overclock\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor]

    2010-11-16 00:52 2536448 ----a-w- c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    2011-06-28 19:19 273544 ----a-w- c:\documents and settings\Sniper Control\Desktop\New Folder\Update\realsched.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

    2011-02-01 16:52 5546376 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\Opera\\opera.exe"=

    "d:\\Games\\Steam\\steamapps\\sniper_control\\half-life\\hl.exe"=

    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

    "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

    "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=

    "c:\\Program Files\\Garena\\Garena.exe"=

    "c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

    "d:\\asq forever\\asq cs\\Counter-Strike 1.6\\hl.exe"=

    "d:\\Games\\Steam\\steamapps\\sniper_control\\counter-strike\\hl.exe"=

    "c:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=

    "c:\\Program Files\\Winamp\\winamp.exe"=

    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "10950:TCP"= 10950:TCP:Inhatch P2P Streaming

    "10951:TCP"= 10951:TCP:Inhatch P2P Streaming

    "10952:TCP"= 10952:TCP:Inhatch P2P Streaming

    "10953:TCP"= 10953:TCP:Inhatch P2P Streaming

    "49780:UDP"= 49780:UDP:Inhatch P2P Streaming

    .

    R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\winxp\system32\drivers\tdrpm273.sys [04.4.2011 г. 20:37 752128]

    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\winxp\system32\drivers\dtsoftbus01.sys [16.3.2011 г. 12:50 218688]

    R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\winxp\system32\drivers\Msikbd2k.sys [27.6.2011 г. 21:04 6656]

    R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [04.4.2011 г. 20:38 3246040]

    R2 cpuz135;cpuz135;c:\winxp\system32\drivers\cpuz135_x32.sys [04.5.2011 г. 14:21 21992]

    R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [10.7.2011 г. 21:09 98304]

    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12.5.2011 г. 13:44 366640]

    R3 afcdp;afcdp;c:\winxp\system32\drivers\afcdp.sys [04.4.2011 г. 20:38 167968]

    R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [10.7.2011 г. 21:09 3735552]

    R3 MBAMProtector;MBAMProtector;c:\winxp\system32\drivers\mbam.sys [12.5.2011 г. 13:44 22712]

    S0 NVStrap;NVStrap;c:\winxp\system32\drivers\NVStrap.sys [15.5.2011 г. 18:13 4224]

    S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe --> c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [?]

    S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]

    S3 PortTalk;PortTalk;c:\winxp\system32\drivers\PortTalk.sys [23.7.2011 г. 15:41 3567]

    S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\winxp\system32\drivers\ULILAN51.SYS [18.7.2011 г. 13:57 28672]

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2011-07-22 c:\winxp\Tasks\AppleSoftwareUpdate.job

    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]

    .

    2011-07-23 c:\winxp\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1767777339-1801674531-1003.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 07:47]

    .

    2011-07-23 c:\winxp\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1767777339-1801674531-1003.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 07:47]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.bg/

    TCP: Interfaces\{D9034006-5AE1-429F-B2EF-967FC5C68FC7}: NameServer = 192.168.15.12,195.24.48.5

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2011-07-23 22:04

    Windows 5.1.2600 Service Pack 3 NTFS

    .

    scanning hidden processes ...

    .

    scanning hidden autostart entries ...

    .

    scanning hidden files ...

    .

    scan completed successfully

    hidden files: 0

    .

    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\S-1-5-21-1409082233-1767777339-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5056BDAD-1969-FEE8-DCB1-EC6F0645115C}*]

    @Allowed: (Read) (RestrictedCode)

    @Allowed: (Read) (RestrictedCode)

    "jajpjkcplomohcoeldkp"=hex:62,61,6e,6e,00,f6

    "jajpjkcplomohcoeldgc"=hex:62,61,65,6f,00,f6

    "iajkafpigijecopmgh"=hex:6b,61,6d,6e,6c,6a,70,69,69,62,6b,67,65,6c,6c,68,63,68,

    6c,68,69,66,00,00

    .

    [HKEY_USERS\S-1-5-21-1409082233-1767777339-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5710857D-FD17-2FDB-CC1A-72B708A38458}*]

    @Allowed: (Read) (RestrictedCode)

    @Allowed: (Read) (RestrictedCode)

    "iaepafmejphankccin"=hex:6a,61,68,6d,63,64,6d,6e,68,6c,6e,6b,65,67,64,64,68,66,

    6c,6e,00,00

    "haopcgicaejjmlnm"=hex:6a,61,69,6d,63,64,65,6d,6b,6d,63,65,6a,63,6a,66,61,68,

    6e,6d,00,ff

    "iaiodbfnnehiimipfb"=hex:63,61,68,6d,69,64,00,7c

    "dbgmndbihnhackkbbnheffkcieaemfecppiniego"=hex:68,61,70,6a,6a,6b,67,66,66,63,

    6d,6b,6b,65,65,64,00,00

    "jbgmndbihnhackkbbnhegeggbplfdcfekahaieikanffoblpnbmb"=hex:68,61,70,6a,6a,6b,

    67,66,66,63,6d,6b,6b,65,65,64,00,00

    "dbgmndbihnhackkbbnhemdfiebnffhemlnkmbekb"=hex:62,61,6f,66,00,00

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    .

    - - - - - - - > 'explorer.exe'(3016)

    c:\winxp\system32\WININET.dll

    c:\program files\NVIDIA Corporation\nView\nview.dll

    c:\winxp\system32\ieframe.dll

    c:\winxp\system32\webcheck.dll

    c:\winxp\system32\wpdshserviceobj.dll

    c:\winxp\system32\portabledevicetypes.dll

    c:\winxp\system32\portabledeviceapi.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\winxp\system32\nvsvc32.exe

    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

    c:\program files\Bonjour\mDNSResponder.exe

    c:\winxp\system32\RunDLL32.exe

    c:\winxp\SOUNDMAN.EXE

    c:\winxp\system32\rundll32.exe

    c:\program files\Netropa\Multimedia Keyboard\TrayMon.exe

    c:\program files\Netropa\Onscreen Display\OSD.exe

    c:\winxp\system32\wscntfy.exe

    .

    **************************************************************************

    .

    Completion time: 2011-07-23 22:08:22 - machine was rebooted

    ComboFix-quarantined-files.txt 2011-07-23 19:08

    ComboFix2.txt 2011-07-23 15:33

    .

    Pre-Run: 7 365 619 712 bytes free

    Post-Run: 7 500 697 600 bytes free

    .

    - - End Of File - - 9BD9FEB81896F711FF0ABA31BDB51931

    Искам да съобщя и за един проблем. След като се рестартира системата от ComboFix-a и като зареди не иска да се пускат браузъри и таск мениджър и се налага рестарт.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    * Изтеглете Malwarebytes' Anti-Malware или от тук

    * Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.

    * Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.

    * Ако има намерени обновявания, тя ще ги изтегли и инсталира.

    * Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.

    * Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.

    * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.

    * Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.

    * Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. Копирайте този лог и го публикувайте в следващия си коментар по темата.

    Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Свърш сканирането... най-накрая. Обаче пак този проблем при който след рестарт не иска да тръгнат браузърите и таск мениджъра. Също така забавянето при зареждането на уиндоуса и цикленето със звука остават.

    Malwarebytes' Anti-Malware 1.51.1.1800

    www.malwarebytes.org

    Database version: 7252

    Windows 5.1.2600 Service Pack 3

    Internet Explorer 8.0.6001.18702

    24.7.2011 г. 01:28:05

    mbam-log-2011-07-24 (01-28-05).txt

    Scan type: Full scan (C:\|D:\|)

    Objects scanned: 262837

    Time elapsed: 2 hour(s), 33 minute(s), 2 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 4

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    c:\documents and settings\sniper control\my documents\downloads\hard disk sentinel pro v3.60.4810\patch\hard.disk.sentinel.pro-mpt.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.

    c:\documents and settings\sniper control\my documents\downloads\symantec norton antivirus + internet security 2011 v18.6.0.29 incl. trialreset-box\1box_ntr2011.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

    c:\program files\hard disk sentinel\hard.disk.sentinel.pro-mpt.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.

    d:\system volume information\_restore{878072d4-2631-48b3-bff8-72f1b210d05b}\RP62\A0135885.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

    Редактирано от Sniper Control (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Изтрийте вашото копие на Комбофикс и изтеглете свежо от от тук или тук и го запазете на десктопа си.

    Направете ново сканиране по инструкцията в пост 6..!

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.