Премини към съдържанието

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

Just Human..

Бавна работа на компютъра

Препоръчан отговор


Здравейте проблема е описан по-точно тук .

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Sniper Control at 11:40:54 on 2011-07-23

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.511.156 [GMT 3:00]

.

AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

AV: F-PROT Antivirus for Windows *Disabled/Outdated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}

.

============== Running Processes ===============

.

C:\WINXP\system32\nvsvc32.exe

C:\WINXP\system32\svchost -k DcomLaunch

svchost.exe

C:\WINXP\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINXP\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe

C:\WINXP\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe

C:\WINXP\system32\RunDLL32.exe

C:\WINXP\SOUNDMAN.EXE

C:\WINXP\system32\rundll32.exe

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\WINXP\system32\rundll32.exe

C:\Documents and Settings\Sniper Control\Desktop\New Folder\update\realsched.exe

C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\WINXP\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe

C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe

C:\WINXP\system32\taskmgr.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.bg/

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://start.facemoods.com/?a=stonicla&s={searchTerms}&f=4

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\winxp\system32\ctfmon.exe

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [NvCplDaemon] RUNDLL32.EXE c:\winxp\system32\NvCpl.dll,NvStartup

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [soundMan] SOUNDMAN.EXE

mRun: [MULTIMEDIA KEYBOARD] c:\program files\netropa\multimedia keyboard\MMKeybd.exe

mRun: [MSConfig] c:\winxp\pchealth\helpctr\binaries\MSConfig.exe /auto

dRun: [CTFMON.EXE] c:\winxp\system32\CTFMON.EXE

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab

TCP: Interfaces\{D9034006-5AE1-429F-B2EF-967FC5C68FC7} : NameServer = 192.168.15.12,195.24.48.5

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winxp\system32\wpdshserviceobj.dll

Hosts: 64.186.152.140 embedded.garena.com

Hosts: 64.186.152.140 embedded.garenanow.com

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\winxp\system32\drivers\nav\1206000.01d\SymDS.sys [2011-7-9 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\winxp\system32\drivers\nav\1206000.01d\SymEFA.sys [2011-7-9 744568]

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\winxp\system32\drivers\tdrpm273.sys [2011-4-4 752128]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\definitions\bashdefs\20110415.001\BHDrvx86.sys [2011-7-9 802936]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\winxp\system32\drivers\dtsoftbus01.sys [2011-3-16 218688]

R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\winxp\system32\drivers\Msikbd2k.sys [2011-6-27 6656]

R1 SymIRON;Symantec Iron Driver;c:\winxp\system32\drivers\nav\1206000.01d\Ironx86.sys [2011-7-9 136312]

R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-4-4 3246040]

R2 cpuz135;cpuz135;c:\winxp\system32\drivers\cpuz135_x32.sys [2011-5-4 21992]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fbguard.exe [2011-7-10 98304]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-12 366640]

R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.6.0.29\ccSvcHst.exe [2011-7-9 130008]

R3 afcdp;afcdp;c:\winxp\system32\drivers\afcdp.sys [2011-4-4 167968]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-22 105592]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fbserver.exe [2011-7-10 3735552]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\definitions\ipsdefs\20110722.031\IDSXpx86.sys [2011-7-23 355256]

R3 MBAMProtector;MBAMProtector;c:\winxp\system32\drivers\mbam.sys [2011-5-12 22712]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\definitions\virusdefs\20110722.040\NAVENG.SYS [2011-7-23 86008]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\definitions\virusdefs\20110722.040\NAVEX15.SYS [2011-7-23 1542392]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\winxp\system32\drivers\mbamswissarmy.sys [2011-5-12 41272]

S0 NVStrap;NVStrap;c:\winxp\system32\drivers\NVStrap.sys [2011-5-15 4224]

S2 FPAVServer;F-PROT Antivirus for Windows system;"c:\program files\frisk software\f-prot antivirus for windows\fpavserver.exe" --> c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [?]

S2 nhksrv;Netropa NHK Server;c:\program files\netropa\multimedia keyboard\nhksrv.exe --> c:\program files\netropa\multimedia keyboard\nhksrv.exe [?]

S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]

S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\winxp\system32\drivers\ULILAN51.SYS [2011-7-18 28672]

.

=============== Created Last 30 ================

.

2011-07-22 21:54:01 -------- d-----w- c:\program files\HDD Regenerator

2011-07-22 21:37:55 -------- d-----w- c:\documents and settings\sniper control\local settings\application data\Babylon

2011-07-22 21:37:54 -------- d-----w- c:\documents and settings\sniper control\application data\Babylon

2011-07-22 21:37:54 -------- d-----w- c:\documents and settings\all users\application data\Babylon

2011-07-22 21:20:55 -------- d-----w- c:\documents and settings\sniper control\local settings\application data\Downloaded Installations

2011-07-22 12:38:13 37888 -c--a-w- c:\winxp\system32\dllcache\bthmodem.sys

2011-07-22 12:38:13 37888 ----a-w- c:\winxp\system32\drivers\bthmodem.sys

2011-07-21 19:04:51 -------- d-----w- c:\documents and settings\sniper control\application data\goalbit

2011-07-18 10:57:59 35587 ------w- c:\winxp\system32\rmlan.exe

2011-07-18 10:57:59 34307 ------w- c:\winxp\system32\drivers\Install.EXE

2011-07-18 10:57:59 28672 ----a-w- c:\winxp\system32\drivers\ULILAN51.SYS

2011-07-18 10:57:59 28672 ------w- c:\winxp\system32\UnLAN.exe

2011-07-18 10:57:53 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll

2011-07-18 10:57:52 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll

2011-07-18 10:57:52 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll

2011-07-18 10:57:52 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll

2011-07-18 10:57:47 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe

2011-07-17 14:47:48 -------- d-----w- c:\documents and settings\sniper control\local settings\application data\SpacialAudio

2011-07-15 19:11:07 -------- d-sh--w- c:\documents and settings\sniper control\IECompatCache

2011-07-15 10:49:23 -------- d-----w- c:\documents and settings\sniper control\local settings\application data\Identities

2011-07-14 20:54:38 -------- d-----w- c:\documents and settings\sniper control\local settings\application data\Apple Computer

2011-07-14 20:53:12 -------- d-----w- c:\documents and settings\sniper control\local settings\application data\DFX

2011-07-14 20:51:29 -------- d-----w- c:\documents and settings\sniper control\local settings\application data\Apple

2011-07-12 18:24:50 -------- d-----w- c:\documents and settings\all users\application data\DFX

2011-07-12 18:24:45 -------- d-----w- c:\program files\common files\DFX

2011-07-12 18:24:44 -------- d-----w- c:\program files\DFX

2011-07-12 18:21:54 -------- d-----w- c:\program files\Winamp Detect

2011-07-12 18:21:18 123888 ------w- c:\winxp\system32\pxcpyi64.exe

2011-07-12 18:21:15 59888 ------w- c:\winxp\system32\pxwma.dll

2011-07-12 16:10:32 -------- d-----w- c:\documents and settings\sniper control\application data\GetGo Software

2011-07-12 15:05:13 -------- d-----w- c:\program files\GetGo Software

2011-07-11 16:36:17 101120 -c--a-w- c:\winxp\system32\dllcache\bthpan.sys

2011-07-11 16:36:17 101120 ----a-w- c:\winxp\system32\drivers\bthpan.sys

2011-07-11 16:36:02 59136 -c--a-w- c:\winxp\system32\dllcache\rfcomm.sys

2011-07-11 16:36:02 59136 ----a-w- c:\winxp\system32\drivers\rfcomm.sys

2011-07-11 16:36:02 17024 -c--a-w- c:\winxp\system32\dllcache\bthenum.sys

2011-07-11 16:36:02 17024 ----a-w- c:\winxp\system32\drivers\BthEnum.sys

2011-07-11 16:36:01 8192 -c--a-w- c:\winxp\system32\dllcache\wshirda.dll

2011-07-11 16:36:01 8192 ----a-w- c:\winxp\system32\wshirda.dll

2011-07-11 16:36:01 28160 -c--a-w- c:\winxp\system32\dllcache\irmon.dll

2011-07-11 16:36:01 28160 ----a-w- c:\winxp\system32\irmon.dll

2011-07-11 16:36:01 151552 -c--a-w- c:\winxp\system32\dllcache\irftp.exe

2011-07-11 16:36:01 151552 ----a-w- c:\winxp\system32\irftp.exe

2011-07-11 16:35:46 18944 -c--a-w- c:\winxp\system32\dllcache\bthusb.sys

2011-07-11 16:35:46 18944 ----a-w- c:\winxp\system32\drivers\BTHUSB.SYS

2011-07-11 16:01:35 -------- d-----w- c:\program files\SHOUTcast

2011-07-10 19:31:05 -------- d-----w- c:\documents and settings\sniper control\application data\HLSW

2011-07-10 18:09:44 548864 ----a-w- c:\winxp\system32\GDS32.DLL

2011-07-09 11:31:20 60872 ----a-w- c:\winxp\system32\S32EVNT1.DLL

2011-07-09 11:31:20 126584 ----a-w- c:\winxp\system32\drivers\SYMEVENT.SYS

2011-07-09 11:31:19 -------- d-----w- c:\program files\Symantec

2011-07-09 11:31:19 -------- d-----w- c:\program files\common files\Symantec Shared

2011-07-09 11:31:04 744568 ----a-r- c:\winxp\system32\drivers\nav\1206000.01d\SymEFA.sys

2011-07-09 11:31:04 516216 ----a-r- c:\winxp\system32\drivers\nav\1206000.01d\srtsp.sys

2011-07-09 11:31:04 50168 ----a-r- c:\winxp\system32\drivers\nav\1206000.01d\srtspx.sys

2011-07-09 11:31:04 369784 ----a-r- c:\winxp\system32\drivers\nav\1206000.01d\symtdi.sys

2011-07-09 11:31:04 340088 ----a-r- c:\winxp\system32\drivers\nav\1206000.01d\SymDS.sys

2011-07-09 11:31:04 331384 ----a-r- c:\winxp\system32\drivers\nav\1206000.01d\symtdiv.sys

2011-07-09 11:31:04 296568 ----a-r- c:\winxp\system32\drivers\nav\1206000.01d\symnets.sys

2011-07-09 11:31:04 136312 ----a-r- c:\winxp\system32\drivers\nav\1206000.01d\Ironx86.sys

2011-07-09 11:30:27 -------- d-----w- c:\winxp\system32\drivers\nav\1206000.01D

2011-07-09 11:30:27 -------- d-----w- c:\winxp\system32\drivers\NAV

2011-07-09 11:30:24 -------- d-----w- c:\program files\Norton AntiVirus

2011-07-09 11:30:23 -------- d-----w- c:\documents and settings\all users\application data\Norton

2011-07-09 11:30:09 -------- d-----w- c:\program files\NortonInstaller

2011-07-09 11:30:09 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller

2011-07-09 08:31:08 -------- d-----w- c:\documents and settings\sniper control\application data\URSoft

2011-07-09 08:29:22 -------- d-----w- c:\documents and settings\sniper control\local settings\application data\Temp

2011-07-09 08:21:41 -------- d-----w- c:\winxp\E58B329BFB28487490DE0D7CB2709267.TMP

2011-07-08 20:26:04 -------- d-----w- c:\winxp\system32\QuickTime

2011-07-08 20:25:13 -------- d-----w- c:\program files\common files\TechSmith Shared

2011-07-08 20:14:38 -------- d-----w- c:\documents and settings\all users\application data\FRISK Software

2011-07-06 19:23:03 -------- d-----w- c:\documents and settings\sniper control\application data\AVG

2011-07-06 19:21:57 -------- d-----w- c:\winxp\XSxS

2011-07-06 19:21:57 -------- d-----w- c:\program files\Xenocode

2011-07-06 18:21:15 -------- d-----w- c:\program files\Firebird

2011-06-29 10:50:11 -------- d-----w- c:\documents and settings\sniper control\application data\AVG10

2011-06-29 10:46:38 -------- d-----w- c:\documents and settings\all users\application data\AVG10

2011-06-29 10:45:53 -------- d-----w- c:\program files\AVG

2011-06-29 10:42:21 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-06-29 10:41:28 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-06-28 19:20:02 -------- d-----w- c:\program files\common files\xing shared

2011-06-28 19:19:30 499712 ----a-w- c:\winxp\system32\msvcp71.dll

2011-06-28 19:19:30 348160 ----a-w- c:\winxp\system32\msvcr71.dll

2011-06-28 18:57:03 -------- d-----w- c:\winxp\SxsCaPendDel

2011-06-27 18:04:46 98304 ----a-w- c:\winxp\system32\msikbd.dll

2011-06-27 18:04:46 6656 ------w- c:\winxp\system32\drivers\Msikbd2k.sys

2011-06-27 18:04:46 28672 ----a-w- c:\winxp\system32\msiosd32.dll

2011-06-23 20:50:23 -------- d-----w- c:\program files\InhatchTeam

.

==================== Find3M ====================

.

2011-07-22 22:24:32 252096 ----a-w- c:\winxp\system32\nvdrsdb1.bin

2011-07-22 22:24:32 1 ----a-w- c:\winxp\system32\nvdrssel.bin

2011-07-22 22:24:31 252096 ----a-w- c:\winxp\system32\nvdrsdb0.bin

2011-07-16 19:09:23 60416 ----a-w- c:\winxp\ALCFDRTM.VER

2011-07-06 16:52:42 41272 ----a-w- c:\winxp\system32\drivers\mbamswissarmy.sys

2011-07-06 16:52:42 22712 ----a-w- c:\winxp\system32\drivers\mbam.sys

2011-06-16 20:30:28 14 ----a-w- c:\winxp\system32\systeminfo.dll

2011-06-15 14:04:50 0 ----a-w- c:\winxp\system32\ConduitEngine.tmp

2011-05-22 10:08:31 86016 ----a-w- c:\winxp\system32\OpenAL32.dll

2011-05-22 10:08:31 262144 ----a-w- c:\winxp\system32\wrap_oal.dll

2011-05-02 08:13:24 138184 ----a-w- c:\winxp\system32\drivers\PnkBstrK.sys

2011-05-02 08:12:41 183112 ----a-w- c:\winxp\system32\PnkBstrB.exe

2011-04-24 12:52:38 17480 ----a-w- c:\winxp\system32\drivers\hamachi.sys

.

============= FINISH: 11:42:10,65 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 15.3.2011 г. 16:59:09

System Uptime: 23.7.2011 г. 10:20:42 (1 hours ago)

.

Motherboard: | | 939Dual-SATA2

Processor: AMD Athlon 64 Processor 3700+ | CPUSocket | 2200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 20 GiB total, 6,097 GiB free.

D: is FIXED (NTFS) - 55 GiB total, 14,118 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: ULi PCI Fast Ethernet Controller

Device ID: PCI\VEN_10B9&DEV_5263&SUBSYS_52631849&REV_40\3&267A616A&0&88

Manufacturer: ULi Electronics Inc.

Name: ULi PCI Fast Ethernet Controller

PNP Device ID: PCI\VEN_10B9&DEV_5263&SUBSYS_52631849&REV_40\3&267A616A&0&88

Service: ULI5261XP

.

==== System Restore Points ===================

.

RP45: 29.6.2011 г. 13:29:40 - Removed ESET Smart Security

RP46: 29.6.2011 г. 13:45:34 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

RP47: 29.6.2011 г. 13:45:52 - Installed AVG 2011

RP48: 29.6.2011 г. 13:46:25 - Installed AVG 2011

RP49: 30.6.2011 г. 17:25:54 - System Checkpoint

RP50: 04.7.2011 г. 14:58:31 - System Checkpoint

RP51: 06.7.2011 г. 19:48:22 - System Checkpoint

RP52: 07.7.2011 г. 21:41:42 - System Checkpoint

RP53: 08.7.2011 г. 23:07:12 - Installed Camtasia Studio 7

RP54: 08.7.2011 г. 23:07:15 - Removed AVG 2011

RP55: 08.7.2011 г. 23:09:26 - Removed AVG 2011

RP56: 08.7.2011 г. 23:14:36 - Installed F-PROT Antivirus for Windows

RP57: 08.7.2011 г. 23:24:37 - Installed Camtasia Studio 7

RP58: 09.7.2011 г. 11:35:06 - Installed F-PROT Antivirus for Windows

RP59: 09.7.2011 г. 14:08:34 - Installed F-PROT Antivirus for Windows

RP60: 12.7.2011 г. 19:21:16 - Removed Ask Toolbar.

RP61: 12.7.2011 г. 19:26:05 - Removed Fable - The Lost Chapters

RP62: 12.7.2011 г. 20:05:30 - Removed Need for Speed™ Undercover

RP63: 14.7.2011 г. 23:54:03 - Installed Safari

RP64: 23.7.2011 г. 00:03:12 - Restore Operation

RP65: 23.7.2011 г. 00:53:57 - Installed HDD Regenerator.

.

==== Installed Programs ======================

.

3DMark06

Acronis True Image Home 2011

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Setup

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

AIDA64 Extreme Edition v1.50

Apple Application Support

Apple Software Update

ATITool Overclocking Utility

BFL_FIFA_10

BitTorrent

Bonjour

BS.Player PRO

Camtasia Studio 7

CPUID CPU-Z 1.57.1

DAEMON Tools Lite

DFX for Winamp

FIFA 10

Firebird 2.5.0.26074 (Win32)

Garena 2010

GOM Player

HDD Regenerator

Inhatch web plugins

K-Lite Codec Pack 7.0.0 (Full)

Malwarebytes' Anti-Malware version 1.51.1.1800

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

mIRC

MSI to redistribute MS VS2005 CRT libraries

Nero 6 Ultra Edition

Norton AntiVirus

NVIDIA Control Panel 266.58

NVIDIA Graphics Driver 266.58

NVIDIA Install Application

NVIDIA nView 135.50

NVIDIA nView Desktop Manager

NVTweak

Office Keyboard

Opera 11.50

oZone3D.Net FurMark v1.8.2

PDF Settings

RealNetworks - Microsoft Visual C++ 2008 Runtime

Realtek AC'97 Audio

RealUpgrade 1.1

RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition

Safari

SAM Broadcaster v4

Security Update for Windows XP (KB923789)

SHOUTcast DNAS (remove only)

SHOUTcast DNAS Server v2

Skype™ 3.8

SopCast 3.3.2

System Requirements Lab CYRI

TeamViewer 5

ULi LAN Driver

Ventrilo Client

WebFldrs XP

Winamp

Winamp Detector Plug-in

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

23.7.2011 г. 10:24:11, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

23.7.2011 г. 02:01:08, error: Service Control Manager [7034] - The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s).

23.7.2011 г. 02:00:50, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

23.7.2011 г. 02:00:46, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

23.7.2011 г. 01:58:46, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

23.7.2011 г. 01:21:59, error: Service Control Manager [7034] - The Firebird Server - DefaultInstance service terminated unexpectedly. It has done this 1 time(s).

23.7.2011 г. 01:20:38, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

23.7.2011 г. 00:41:27, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

23.7.2011 г. 00:38:14, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

23.7.2011 г. 00:04:03, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATITool BHDrvx86 eeCtrl Fips Processor SRTSPX SymIRON SYMTDI

23.7.2011 г. 00:03:20, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

22.7.2011 г. 23:58:24, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

22.7.2011 г. 23:56:24, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATITool BHDrvx86 eeCtrl Fips Processor SRTSPX SymIRON SYMTDI

22.7.2011 г. 23:56:02, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

22.7.2011 г. 23:47:59, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATITool BHDrvx86 eeCtrl Fips Processor SRTSPX SymIRON SYMTDI

22.7.2011 г. 23:47:22, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

22.7.2011 г. 19:24:44, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

22.7.2011 г. 19:15:54, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

22.7.2011 г. 18:58:09, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

22.7.2011 г. 18:58:07, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

22.7.2011 г. 15:31:50, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

22.7.2011 г. 14:38:31, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

22.7.2011 г. 13:59:22, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

22.7.2011 г. 13:58:51, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

22.7.2011 г. 10:42:38, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

21.7.2011 г. 23:38:48, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

21.7.2011 г. 22:04:28, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

21.7.2011 г. 19:16:35, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

21.7.2011 г. 11:18:54, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

21.7.2011 г. 10:13:38, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

20.7.2011 г. 21:53:20, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

20.7.2011 г. 13:06:08, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

20.7.2011 г. 12:22:46, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

19.7.2011 г. 21:43:01, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

19.7.2011 г. 21:18:14, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

19.7.2011 г. 09:54:47, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

18.7.2011 г. 22:03:47, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

18.7.2011 г. 19:21:01, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

18.7.2011 г. 13:52:28, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

18.7.2011 г. 12:10:26, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

18.7.2011 г. 11:46:06, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

18.7.2011 г. 10:40:30, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

18.7.2011 г. 00:54:27, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

17.7.2011 г. 17:19:37, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

16.7.2011 г. 21:03:52, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

16.7.2011 г. 17:32:29, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

16.7.2011 г. 00:46:32, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте...И тук виждам две антивирусни...възможен е конфликт ...Преди да продължим деинсталирайте по ваш избор едната антивирусна и след това направете ново сканиране с DDS ..и публикувайте лога ..!:cool: Поздрави Ицо

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Извинявам се за нахалството но отпреди имах проблем със тази F-prot след като се ъпдейтнеше искаше рестарт и след рестарта тя просто изчезваше. Свалих някакъв премахвач на антивиурсни и уж я премахна ... В добавяне или премахване на програми я няма също така няма папка в програмни файлове. Бихте ли ми предложили решение ?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Number of found instalation 0. Сканирах със DDS и пак ми показа : AV: F-PROT Antivirus for Windows *Disabled/Outdated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9} ...


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изтеглете ComboFix от тук или тук и го запазете на десктопа си.

  • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

  • Стартирайте Combo-Fix.com и следвайте инструкциите.

Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

  • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

  • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

Публикувано изображение

След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

Публикувано изображение

Изберете Yes, за да продължи сканирането за зловреден софтуер.

Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

Бележка:

  • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
  • ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
  • ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
  • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
  • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

ComboFix 11-07-23.01 - Sniper Control 07.2011 г. 18:04:16.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.511.190 [GMT 3:00]

Running from: c:\documents and settings\Sniper Control\Desktop\ComboFix.exe

AV: F-PROT Antivirus for Windows *Disabled/Outdated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}

AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Sniper Control\Application Data\facemoods.com

c:\program files\HDD Regenerator\HDD Regenerator.exe

c:\winxp\system32\systeminfo.dll

c:\winxp\XSxS

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_WINRING0_1_0_1

.

.

((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 )))))))))))))))))))))))))))))))

.

.

2011-07-23 14:57 . 2011-07-23 14:58 -------- d-----w- C:\32788R22FWJFW

2011-07-23 12:41 . 2002-01-12 13:30 3567 ----a-w- c:\winxp\system32\drivers\PortTalk.sys

2011-07-23 11:56 . 2011-07-23 12:14 -------- d-----w- c:\program files\Hard Disk Sentinel

2011-07-22 21:54 . 2011-07-23 15:18 -------- d-----w- c:\program files\HDD Regenerator

2011-07-22 21:37 . 2011-07-22 21:37 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Babylon

2011-07-22 21:37 . 2011-07-22 21:37 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\Babylon

2011-07-22 21:37 . 2011-07-22 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon

2011-07-22 21:20 . 2011-07-23 13:55 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Downloaded Installations

2011-07-22 12:38 . 2008-04-13 19:16 37888 -c--a-w- c:\winxp\system32\dllcache\bthmodem.sys

2011-07-22 12:38 . 2008-04-13 19:16 37888 ----a-w- c:\winxp\system32\drivers\bthmodem.sys

2011-07-21 19:04 . 2011-07-22 21:00 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\goalbit

2011-07-18 10:57 . 2005-04-27 06:15 35587 ------w- c:\winxp\system32\rmlan.exe

2011-07-18 10:57 . 2005-04-27 06:15 34307 ------w- c:\winxp\system32\drivers\Install.EXE

2011-07-18 10:57 . 2005-04-06 13:54 28672 ------w- c:\winxp\system32\UnLAN.exe

2011-07-18 10:57 . 2005-03-22 17:36 28672 ----a-w- c:\winxp\system32\drivers\ULILAN51.SYS

2011-07-18 10:57 . 2001-09-05 00:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll

2011-07-18 10:57 . 2001-09-05 00:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2011-07-18 10:57 . 2001-09-05 00:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2011-07-18 10:57 . 2001-09-05 00:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2011-07-18 10:57 . 2002-02-01 13:23 610436 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2011-07-17 14:47 . 2011-07-17 14:47 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\SpacialAudio

2011-07-15 19:11 . 2011-07-15 19:11 -------- d-sh--w- c:\documents and settings\Sniper Control\IECompatCache

2011-07-15 10:49 . 2011-07-15 10:49 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Identities

2011-07-15 10:28 . 2011-07-15 10:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2011-07-14 20:54 . 2011-07-14 20:55 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\Apple Computer

2011-07-14 20:54 . 2011-07-14 20:54 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Apple Computer

2011-07-14 20:54 . 2011-07-14 20:54 -------- d-----w- c:\program files\Safari

2011-07-14 20:54 . 2011-07-14 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2011-07-14 20:53 . 2011-07-14 20:53 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\DFX

2011-07-14 20:52 . 2011-07-14 20:52 -------- d-----w- c:\program files\Common Files\Apple

2011-07-14 20:51 . 2011-07-14 20:51 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Apple

2011-07-14 20:51 . 2011-07-14 20:51 -------- d-----w- c:\program files\Apple Software Update

2011-07-14 20:51 . 2011-07-14 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\documents and settings\SUPPORT_388945a0

2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\documents and settings\HelpAssistant

2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\documents and settings\Guest

2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\documents and settings\Administrator

2011-07-12 18:24 . 2011-07-12 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DFX

2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\program files\Common Files\DFX

2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\program files\DFX

2011-07-12 18:21 . 2011-07-12 18:21 -------- d-----w- c:\program files\Winamp Detect

2011-07-12 18:21 . 2011-03-04 19:44 123888 ------w- c:\winxp\system32\pxcpyi64.exe

2011-07-12 18:21 . 2011-03-04 19:44 59888 ------w- c:\winxp\system32\pxwma.dll

2011-07-12 18:21 . 2011-07-12 18:24 -------- d-----w- c:\program files\Winamp

2011-07-12 18:21 . 2011-07-12 18:24 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\Winamp

2011-07-12 16:10 . 2011-07-12 16:10 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\GetGo Software

2011-07-12 15:05 . 2011-07-12 16:23 -------- d-----w- c:\program files\GetGo Software

2011-07-11 16:36 . 2008-04-13 19:21 101120 -c--a-w- c:\winxp\system32\dllcache\bthpan.sys

2011-07-11 16:36 . 2008-04-13 19:21 101120 ----a-w- c:\winxp\system32\drivers\bthpan.sys

2011-07-11 16:36 . 2008-04-13 19:16 59136 -c--a-w- c:\winxp\system32\dllcache\rfcomm.sys

2011-07-11 16:36 . 2008-04-13 19:16 59136 ----a-w- c:\winxp\system32\drivers\rfcomm.sys

2011-07-11 16:36 . 2008-04-13 19:16 17024 -c--a-w- c:\winxp\system32\dllcache\bthenum.sys

2011-07-11 16:36 . 2008-04-13 19:16 17024 ----a-w- c:\winxp\system32\drivers\BthEnum.sys

2011-07-11 16:36 . 2008-04-14 00:42 151552 -c--a-w- c:\winxp\system32\dllcache\irftp.exe

2011-07-11 16:36 . 2008-04-14 00:42 151552 ----a-w- c:\winxp\system32\irftp.exe

2011-07-11 16:36 . 2008-04-14 00:42 8192 -c--a-w- c:\winxp\system32\dllcache\wshirda.dll

2011-07-11 16:36 . 2008-04-14 00:42 8192 ----a-w- c:\winxp\system32\wshirda.dll

2011-07-11 16:36 . 2008-04-14 00:41 28160 -c--a-w- c:\winxp\system32\dllcache\irmon.dll

2011-07-11 16:36 . 2008-04-14 00:41 28160 ----a-w- c:\winxp\system32\irmon.dll

2011-07-11 16:35 . 2008-04-13 19:16 18944 -c--a-w- c:\winxp\system32\dllcache\bthusb.sys

2011-07-11 16:35 . 2008-04-13 19:16 18944 ----a-w- c:\winxp\system32\drivers\BTHUSB.SYS

2011-07-11 16:01 . 2011-07-12 16:11 -------- d-----w- c:\program files\SHOUTcast

2011-07-10 19:31 . 2011-07-10 19:43 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\HLSW

2011-07-10 18:09 . 2010-09-17 08:13 548864 ----a-w- c:\winxp\system32\GDS32.DLL

2011-07-09 11:31 . 2011-07-09 11:31 60872 ----a-w- c:\winxp\system32\S32EVNT1.DLL

2011-07-09 11:31 . 2011-07-09 11:31 126584 ----a-w- c:\winxp\system32\drivers\SYMEVENT.SYS

2011-07-09 11:31 . 2011-07-10 11:54 -------- d-----w- c:\program files\Common Files\Symantec Shared

2011-07-09 11:31 . 2011-07-09 11:31 -------- d-----w- c:\program files\Symantec

2011-07-09 11:30 . 2011-07-09 11:30 -------- d-----w- c:\winxp\system32\drivers\NAV

2011-07-09 11:30 . 2011-07-09 11:37 -------- d-----w- c:\program files\Norton AntiVirus

2011-07-09 11:30 . 2011-07-09 11:30 -------- d-----w- c:\program files\Windows Sidebar

2011-07-09 11:30 . 2011-07-09 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2011-07-09 11:30 . 2011-07-09 11:30 -------- d-----w- c:\program files\NortonInstaller

2011-07-09 08:31 . 2011-07-09 08:31 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\URSoft

2011-07-09 08:29 . 2011-07-09 08:29 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Temp

2011-07-09 08:21 . 2011-07-09 08:21 -------- d-----w- c:\winxp\E58B329BFB28487490DE0D7CB2709267.TMP

2011-07-08 20:26 . 2011-07-08 20:26 -------- d-----w- c:\winxp\system32\QuickTime

2011-07-08 20:25 . 2011-07-08 20:25 -------- d-----w- c:\program files\QuickTime

2011-07-08 20:25 . 2011-07-08 20:25 -------- d-----w- c:\program files\Common Files\TechSmith Shared

2011-07-08 20:24 . 2011-07-08 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith

2011-07-08 20:24 . 2011-07-08 20:24 -------- d-----w- c:\program files\TechSmith

2011-07-08 20:14 . 2011-07-09 11:10 -------- dc----w- c:\winxp\system32\DRVSTORE

2011-07-08 20:14 . 2011-07-08 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\FRISK Software

2011-07-06 19:23 . 2011-07-06 19:23 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\AVG

2011-07-06 19:22 . 2011-07-23 14:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-07-06 19:21 . 2011-07-06 19:21 -------- d-----w- c:\program files\Xenocode

2011-07-06 18:21 . 2011-07-10 18:09 -------- d-----w- c:\program files\Firebird

2011-06-29 10:46 . 2011-07-08 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-06-29 10:45 . 2011-07-06 19:47 -------- d-----w- c:\program files\AVG

2011-06-29 10:42 . 2011-06-29 10:42 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-06-29 10:41 . 2011-07-08 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-06-28 19:20 . 2011-06-28 19:20 -------- d-----w- c:\program files\Common Files\xing shared

2011-06-28 19:19 . 2011-06-28 19:19 499712 ----a-w- c:\winxp\system32\msvcp71.dll

2011-06-28 19:19 . 2011-06-28 19:19 348160 ----a-w- c:\winxp\system32\msvcr71.dll

2011-06-28 18:57 . 2011-06-29 07:46 -------- d-----w- c:\winxp\SxsCaPendDel

2011-06-28 12:38 . 2011-06-28 12:39 -------- d-----w- c:\program files\Real

2011-06-27 18:04 . 2002-07-11 05:47 98304 ----a-w- c:\winxp\system32\msikbd.dll

2011-06-27 18:04 . 2001-12-20 07:02 6656 ------w- c:\winxp\system32\drivers\Msikbd2k.sys

2011-06-27 18:04 . 2000-06-08 00:09 28672 ----a-w- c:\winxp\system32\msiosd32.dll

2011-06-23 20:50 . 2011-07-21 18:50 -------- d-----w- c:\program files\InhatchTeam

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-16 19:09 . 2011-03-15 15:37 60416 ----a-w- c:\winxp\ALCFDRTM.VER

2011-07-06 16:52 . 2011-05-12 10:44 41272 ----a-w- c:\winxp\system32\drivers\mbamswissarmy.sys

2011-07-06 16:52 . 2011-05-12 10:44 22712 ----a-w- c:\winxp\system32\drivers\mbam.sys

2011-06-15 14:04 . 2011-06-15 14:04 0 ----a-w- c:\winxp\system32\ConduitEngine.tmp

2011-05-22 10:08 . 2011-05-22 10:08 86016 ----a-w- c:\winxp\system32\OpenAL32.dll

2011-05-22 10:08 . 2011-05-22 10:08 262144 ----a-w- c:\winxp\system32\wrap_oal.dll

2011-05-02 08:13 . 2011-04-05 20:24 138184 ----a-w- c:\winxp\system32\drivers\PnkBstrK.sys

2011-05-02 08:12 . 2011-04-05 20:24 183112 ----a-w- c:\winxp\system32\PnkBstrB.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="NvMCTray.dll" [2011-01-07 111208]

"NvCplDaemon"="c:\winxp\system32\NvCpl.dll" [2011-01-07 13880424]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\winxp\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[HKLM\~\startupfolder\C:^Documents and Settings^Sniper Control^Start Menu^Programs^Startup^FIFA 10 Registration.lnk]

path=c:\documents and settings\Sniper Control\Start Menu\Programs\Startup\FIFA 10 Registration.lnk

backup=c:\winxp\pss\FIFA 10 Registration.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

2011-02-01 16:53 390720 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2008-04-14 11:00 208952 ----a-w- c:\winxp\ime\IMJP8_1\imjpmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-07-06 16:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 07:50 155648 ----a-w- c:\winxp\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2008-04-14 11:00 455168 ----a-w- c:\winxp\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2008-04-14 11:00 455168 ----a-w- c:\winxp\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]

2009-08-22 18:25 2781184 ----a-w- d:\sniper control\Programs\overclock\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor]

2010-11-16 00:52 2536448 ----a-w- c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-06-28 19:19 273544 ----a-w- c:\documents and settings\Sniper Control\Desktop\New Folder\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

2011-02-01 16:52 5546376 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"d:\\Games\\Steam\\steamapps\\sniper_control\\half-life\\hl.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=

"c:\\Program Files\\Garena\\Garena.exe"=

"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

"d:\\asq forever\\asq cs\\Counter-Strike 1.6\\hl.exe"=

"d:\\Games\\Steam\\steamapps\\sniper_control\\counter-strike\\hl.exe"=

"c:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=

"c:\\Program Files\\Winamp\\winamp.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10950:TCP"= 10950:TCP:Inhatch P2P Streaming

"10951:TCP"= 10951:TCP:Inhatch P2P Streaming

"10952:TCP"= 10952:TCP:Inhatch P2P Streaming

"10953:TCP"= 10953:TCP:Inhatch P2P Streaming

"49780:UDP"= 49780:UDP:Inhatch P2P Streaming

.

R0 SymDS;Symantec Data Store;c:\winxp\system32\drivers\NAV\1206000.01D\SymDS.sys [09.7.2011 г. 14:31 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\winxp\system32\drivers\NAV\1206000.01D\SymEFA.sys [09.7.2011 г. 14:31 744568]

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\winxp\system32\drivers\tdrpm273.sys [04.4.2011 г. 20:37 752128]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\BASHDefs\20110415.001\BHDrvx86.sys [09.7.2011 г. 14:31 802936]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\winxp\system32\drivers\dtsoftbus01.sys [16.3.2011 г. 12:50 218688]

R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\winxp\system32\drivers\Msikbd2k.sys [27.6.2011 г. 21:04 6656]

R1 SymIRON;Symantec Iron Driver;c:\winxp\system32\drivers\NAV\1206000.01D\Ironx86.sys [09.7.2011 г. 14:31 136312]

R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [04.4.2011 г. 20:38 3246040]

R2 cpuz135;cpuz135;c:\winxp\system32\drivers\cpuz135_x32.sys [04.5.2011 г. 14:21 21992]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [10.7.2011 г. 21:09 98304]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12.5.2011 г. 13:44 366640]

R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [09.7.2011 г. 14:30 130008]

R3 afcdp;afcdp;c:\winxp\system32\drivers\afcdp.sys [04.4.2011 г. 20:38 167968]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [23.7.2011 г. 10:45 105592]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [10.7.2011 г. 21:09 3735552]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\IPSDefs\20110722.031\IDSXpx86.sys [23.7.2011 г. 10:58 355256]

R3 MBAMProtector;MBAMProtector;c:\winxp\system32\drivers\mbam.sys [12.5.2011 г. 13:44 22712]

S0 NVStrap;NVStrap;c:\winxp\system32\drivers\NVStrap.sys [15.5.2011 г. 18:13 4224]

S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe --> c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [?]

S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]

S3 PortTalk;PortTalk;c:\winxp\system32\drivers\PortTalk.sys [23.7.2011 г. 15:41 3567]

S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\winxp\system32\drivers\ULILAN51.SYS [18.7.2011 г. 13:57 28672]

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-22 c:\winxp\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]

.

2011-07-23 c:\winxp\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1767777339-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 07:47]

.

2011-07-23 c:\winxp\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1767777339-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 07:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

uInternet Settings,ProxyOverride = *.local

TCP: Interfaces\{D9034006-5AE1-429F-B2EF-967FC5C68FC7}: NameServer = 192.168.15.12,195.24.48.5

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe

MSConfigStartUp-HDD Regenerator - c:\program files\HDD Regenerator\HDD Regenerator.exe

MSConfigStartUp-OscarEditor - c:\program files\OSCAR Editor\\OscarEditor.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-23 18:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3936)

c:\winxp\system32\WININET.dll

c:\program files\NVIDIA Corporation\nView\nview.dll

c:\winxp\system32\ieframe.dll

c:\winxp\system32\webcheck.dll

c:\winxp\system32\wpdshserviceobj.dll

c:\winxp\system32\portabledevicetypes.dll

c:\winxp\system32\portabledeviceapi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\winxp\system32\nvsvc32.exe

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\winxp\system32\wscntfy.exe

c:\winxp\system32\RunDLL32.exe

c:\winxp\SOUNDMAN.EXE

c:\winxp\system32\rundll32.exe

c:\program files\Netropa\Multimedia Keyboard\TrayMon.exe

c:\program files\Netropa\Onscreen Display\OSD.exe

.

**************************************************************************

.

Completion time: 2011-07-23 18:33:44 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-23 15:33

.

Pre-Run: 6 751 334 400 bytes free

Post-Run: 6 877 171 712 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINXP

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINXP="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - B523C8690750B1474C57A7ECDE19AFAD

Ето лога от ComboFix

Подобрение има. Сега ми цикли само на песните. Иначе сега по-бързо зарежда xp-то и всичко си върви нормално

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Радвам се...Но има още неща за оправяне...така че ще ви пиша малко по късно...!:party4:

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

KILLALL::

SecCenter::
{3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}

File::
c:\winxp\E58B329BFB28487490DE0D7CB2709267.TMP
 
Folder::
c:\documents and settings\Sniper Control\Application Data\AVG
c:\documents and settings\All Users\Application Data\AVG10
c:\program files\AVG
 
DDS::
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://start.facemoods.com/?a=stonicla&s={searchTerms}&f=4
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

Reboot::


След съхранението преместете CFScript.txt на иконата на ComboFix.exe

Публикувано изображение

Генерирания рапорт прикачете в следващия си пост..!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

ComboFix 11-07-23.04 - Sniper Control 07.2011 г. 21:33:41.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.511.235 [GMT 3:00]

Running from: c:\documents and settings\Sniper Control\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Sniper Control\Desktop\CFScript.txt.txt

.

FILE ::

"c:\winxp\E58B329BFB28487490DE0D7CB2709267.TMP"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\AVG10

c:\documents and settings\Sniper Control\Application Data\AVG

c:\documents and settings\Sniper Control\Application Data\AVG\PC Tuneup 2011\Logs\PC Tuneup 2011_SN.log

c:\documents and settings\Sniper Control\Application Data\AVG\Rescue\PC Tuneup 2011\110706222303906.rsc

c:\documents and settings\Sniper Control\Application Data\AVG\Rescue\PC Tuneup 2011\110706222317093.rsc

c:\program files\AVG

c:\program files\AVG\AVG10\Notification\AVGTBUpgrade2.exe

c:\program files\AVG\AVG10\Notification\BuyFull_cz.htm

c:\program files\AVG\AVG10\Notification\BuyFull_da.htm

c:\program files\AVG\AVG10\Notification\BuyFull_es.htm

c:\program files\AVG\AVG10\Notification\BuyFull_fr.htm

c:\program files\AVG\AVG10\Notification\BuyFull_ge.htm

c:\program files\AVG\AVG10\Notification\BuyFull_hu.htm

c:\program files\AVG\AVG10\Notification\BuyFull_id.htm

c:\program files\AVG\AVG10\Notification\BuyFull_in.htm

c:\program files\AVG\AVG10\Notification\BuyFull_it.htm

c:\program files\AVG\AVG10\Notification\BuyFull_jp.htm

c:\program files\AVG\AVG10\Notification\BuyFull_ko.htm

c:\program files\AVG\AVG10\Notification\BuyFull_ms.htm

c:\program files\AVG\AVG10\Notification\BuyFull_nl.htm

c:\program files\AVG\AVG10\Notification\BuyFull_pb.htm

c:\program files\AVG\AVG10\Notification\BuyFull_pl.htm

c:\program files\AVG\AVG10\Notification\BuyFull_pt.htm

c:\program files\AVG\AVG10\Notification\BuyFull_ru.htm

c:\program files\AVG\AVG10\Notification\BuyFull_sc.htm

c:\program files\AVG\AVG10\Notification\BuyFull_sk.htm

c:\program files\AVG\AVG10\Notification\BuyFull_sp.htm

c:\program files\AVG\AVG10\Notification\BuyFull_tr.htm

c:\program files\AVG\AVG10\Notification\BuyFull_us.htm

c:\program files\AVG\AVG10\Notification\BuyFull_zh.htm

c:\program files\AVG\AVG10\Notification\BuyFull_zt.htm

c:\program files\AVG\AVG10\Notification\SPCheckerTE.exe

c:\program files\AVG\AVG10\Notification\styles.css

c:\program files\AVG\AVG10\Notification\update-payment-details-bkg.png

c:\program files\AVG\AVG10\Notification\update-payment-details-btn.png

c:\program files\AVG\AVG10\Notification\update-payment-details-btn2.png

c:\program files\AVG\AVG10\Notification\update-payment-details-btn3.png

.

.

((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 )))))))))))))))))))))))))))))))

.

.

2011-07-23 16:42 . 2006-08-01 12:02 49152 ----a-w- c:\winxp\system32\ChCfg.exe

2011-07-23 16:41 . 2008-09-24 07:40 4122368 ----a-r- c:\winxp\system32\drivers\alcxwdm.sys

2011-07-23 16:41 . 2006-12-08 12:20 10528768 ----a-w- c:\winxp\system32\RTLCPL.exe

2011-07-23 16:41 . 2007-04-16 12:28 577536 ----a-w- c:\winxp\soundman.exe

2011-07-23 16:41 . 2006-11-17 02:40 18804736 ----a-w- c:\winxp\system32\alsndmgr.cpl

2011-07-23 16:41 . 2006-10-17 23:53 147456 ----a-w- c:\winxp\system32\RtlCPAPI.dll

2011-07-23 16:40 . 2006-07-31 08:27 217088 ----a-w- c:\winxp\Alcrmv.exe

2011-07-23 16:40 . 2006-07-31 08:19 315392 ----a-w- c:\winxp\alcupd.exe

2011-07-23 12:41 . 2002-01-12 13:30 3567 ----a-w- c:\winxp\system32\drivers\PortTalk.sys

2011-07-23 11:56 . 2011-07-23 12:14 -------- d-----w- c:\program files\Hard Disk Sentinel

2011-07-22 21:54 . 2011-07-23 15:18 -------- d-----w- c:\program files\HDD Regenerator

2011-07-22 21:37 . 2011-07-22 21:37 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Babylon

2011-07-22 21:37 . 2011-07-22 21:37 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\Babylon

2011-07-22 21:37 . 2011-07-22 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon

2011-07-22 21:20 . 2011-07-23 13:55 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Downloaded Installations

2011-07-22 12:38 . 2008-04-13 19:16 37888 -c--a-w- c:\winxp\system32\dllcache\bthmodem.sys

2011-07-22 12:38 . 2008-04-13 19:16 37888 ----a-w- c:\winxp\system32\drivers\bthmodem.sys

2011-07-21 19:04 . 2011-07-22 21:00 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\goalbit

2011-07-18 10:57 . 2005-04-27 06:15 35587 ------w- c:\winxp\system32\rmlan.exe

2011-07-18 10:57 . 2005-04-27 06:15 34307 ------w- c:\winxp\system32\drivers\Install.EXE

2011-07-18 10:57 . 2005-04-06 13:54 28672 ------w- c:\winxp\system32\UnLAN.exe

2011-07-18 10:57 . 2005-03-22 17:36 28672 ----a-w- c:\winxp\system32\drivers\ULILAN51.SYS

2011-07-18 10:57 . 2001-09-05 00:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll

2011-07-18 10:57 . 2001-09-05 00:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2011-07-18 10:57 . 2001-09-05 00:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2011-07-18 10:57 . 2001-09-05 00:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2011-07-18 10:57 . 2002-02-01 13:23 610436 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2011-07-17 14:47 . 2011-07-17 14:47 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\SpacialAudio

2011-07-15 19:11 . 2011-07-15 19:11 -------- d-sh--w- c:\documents and settings\Sniper Control\IECompatCache

2011-07-15 10:49 . 2011-07-15 10:49 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Identities

2011-07-15 10:28 . 2011-07-15 10:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2011-07-14 20:54 . 2011-07-14 20:55 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\Apple Computer

2011-07-14 20:54 . 2011-07-14 20:54 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Apple Computer

2011-07-14 20:53 . 2011-07-14 20:53 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\DFX

2011-07-14 20:52 . 2011-07-14 20:52 -------- d-----w- c:\program files\Common Files\Apple

2011-07-14 20:51 . 2011-07-14 20:51 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Apple

2011-07-14 20:51 . 2011-07-14 20:51 -------- d-----w- c:\program files\Apple Software Update

2011-07-14 20:51 . 2011-07-14 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\documents and settings\SUPPORT_388945a0

2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\documents and settings\HelpAssistant

2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\documents and settings\Guest

2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\documents and settings\Administrator

2011-07-12 18:24 . 2011-07-12 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DFX

2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\program files\Common Files\DFX

2011-07-12 18:24 . 2011-07-12 18:24 -------- d-----w- c:\program files\DFX

2011-07-12 18:21 . 2011-07-12 18:21 -------- d-----w- c:\program files\Winamp Detect

2011-07-12 18:21 . 2011-03-04 19:44 123888 ------w- c:\winxp\system32\pxcpyi64.exe

2011-07-12 18:21 . 2011-03-04 19:44 59888 ------w- c:\winxp\system32\pxwma.dll

2011-07-12 18:21 . 2011-07-12 18:24 -------- d-----w- c:\program files\Winamp

2011-07-12 18:21 . 2011-07-12 18:24 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\Winamp

2011-07-12 16:10 . 2011-07-12 16:10 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\GetGo Software

2011-07-12 15:05 . 2011-07-12 16:23 -------- d-----w- c:\program files\GetGo Software

2011-07-11 16:36 . 2008-04-13 19:21 101120 -c--a-w- c:\winxp\system32\dllcache\bthpan.sys

2011-07-11 16:36 . 2008-04-13 19:21 101120 ----a-w- c:\winxp\system32\drivers\bthpan.sys

2011-07-11 16:36 . 2008-04-13 19:16 59136 -c--a-w- c:\winxp\system32\dllcache\rfcomm.sys

2011-07-11 16:36 . 2008-04-13 19:16 59136 ----a-w- c:\winxp\system32\drivers\rfcomm.sys

2011-07-11 16:36 . 2008-04-13 19:16 17024 -c--a-w- c:\winxp\system32\dllcache\bthenum.sys

2011-07-11 16:36 . 2008-04-13 19:16 17024 ----a-w- c:\winxp\system32\drivers\BthEnum.sys

2011-07-11 16:36 . 2008-04-14 00:42 151552 -c--a-w- c:\winxp\system32\dllcache\irftp.exe

2011-07-11 16:36 . 2008-04-14 00:42 151552 ----a-w- c:\winxp\system32\irftp.exe

2011-07-11 16:36 . 2008-04-14 00:42 8192 -c--a-w- c:\winxp\system32\dllcache\wshirda.dll

2011-07-11 16:36 . 2008-04-14 00:42 8192 ----a-w- c:\winxp\system32\wshirda.dll

2011-07-11 16:36 . 2008-04-14 00:41 28160 -c--a-w- c:\winxp\system32\dllcache\irmon.dll

2011-07-11 16:36 . 2008-04-14 00:41 28160 ----a-w- c:\winxp\system32\irmon.dll

2011-07-11 16:35 . 2008-04-13 19:16 18944 -c--a-w- c:\winxp\system32\dllcache\bthusb.sys

2011-07-11 16:35 . 2008-04-13 19:16 18944 ----a-w- c:\winxp\system32\drivers\BTHUSB.SYS

2011-07-11 16:01 . 2011-07-12 16:11 -------- d-----w- c:\program files\SHOUTcast

2011-07-10 19:31 . 2011-07-10 19:43 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\HLSW

2011-07-10 18:09 . 2010-09-17 08:13 548864 ----a-w- c:\winxp\system32\GDS32.DLL

2011-07-09 11:30 . 2011-07-09 11:30 -------- d-----w- c:\program files\Windows Sidebar

2011-07-09 11:30 . 2011-07-23 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2011-07-09 08:31 . 2011-07-09 08:31 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\URSoft

2011-07-09 08:29 . 2011-07-09 08:29 -------- d-----w- c:\documents and settings\Sniper Control\Local Settings\Application Data\Temp

2011-07-09 08:21 . 2011-07-09 08:21 -------- d-----w- c:\winxp\E58B329BFB28487490DE0D7CB2709267.TMP

2011-07-08 20:26 . 2011-07-08 20:26 -------- d-----w- c:\winxp\system32\QuickTime

2011-07-08 20:25 . 2011-07-08 20:25 -------- d-----w- c:\program files\QuickTime

2011-07-08 20:25 . 2011-07-08 20:25 -------- d-----w- c:\program files\Common Files\TechSmith Shared

2011-07-08 20:24 . 2011-07-08 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith

2011-07-08 20:24 . 2011-07-08 20:24 -------- d-----w- c:\program files\TechSmith

2011-07-08 20:14 . 2011-07-09 11:10 -------- dc----w- c:\winxp\system32\DRVSTORE

2011-07-08 20:14 . 2011-07-08 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\FRISK Software

2011-07-06 19:22 . 2011-07-23 14:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-07-06 19:21 . 2011-07-06 19:21 -------- d-----w- c:\program files\Xenocode

2011-07-06 18:21 . 2011-07-10 18:09 -------- d-----w- c:\program files\Firebird

2011-06-29 10:50 . 2011-06-29 10:50 -------- d-----w- c:\documents and settings\Sniper Control\Application Data\AVG10

2011-06-29 10:42 . 2011-06-29 10:42 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-06-29 10:41 . 2011-07-08 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-06-28 19:20 . 2011-06-28 19:20 -------- d-----w- c:\program files\Common Files\xing shared

2011-06-28 19:19 . 2011-06-28 19:19 499712 ----a-w- c:\winxp\system32\msvcp71.dll

2011-06-28 19:19 . 2011-06-28 19:19 348160 ----a-w- c:\winxp\system32\msvcr71.dll

2011-06-28 18:57 . 2011-06-29 07:46 -------- d-----w- c:\winxp\SxsCaPendDel

2011-06-28 12:38 . 2011-06-28 12:39 -------- d-----w- c:\program files\Real

2011-06-27 18:04 . 2002-07-11 05:47 98304 ----a-w- c:\winxp\system32\msikbd.dll

2011-06-27 18:04 . 2001-12-20 07:02 6656 ------w- c:\winxp\system32\drivers\Msikbd2k.sys

2011-06-27 18:04 . 2000-06-08 00:09 28672 ----a-w- c:\winxp\system32\msiosd32.dll

2011-06-23 20:50 . 2011-07-21 18:50 -------- d-----w- c:\program files\InhatchTeam

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-16 19:09 . 2011-03-15 15:37 60416 ----a-w- c:\winxp\ALCFDRTM.VER

2011-07-06 16:52 . 2011-05-12 10:44 41272 ----a-w- c:\winxp\system32\drivers\mbamswissarmy.sys

2011-07-06 16:52 . 2011-05-12 10:44 22712 ----a-w- c:\winxp\system32\drivers\mbam.sys

2011-06-15 14:04 . 2011-06-15 14:04 0 ----a-w- c:\winxp\system32\ConduitEngine.tmp

2011-05-22 10:08 . 2011-05-22 10:08 86016 ----a-w- c:\winxp\system32\OpenAL32.dll

2011-05-22 10:08 . 2011-05-22 10:08 262144 ----a-w- c:\winxp\system32\wrap_oal.dll

2011-05-02 08:13 . 2011-04-05 20:24 138184 ----a-w- c:\winxp\system32\drivers\PnkBstrK.sys

2011-05-02 08:12 . 2011-04-05 20:24 183112 ----a-w- c:\winxp\system32\PnkBstrB.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-07-23_15.28.54 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-14 03:42 . 2008-04-14 01:42 23552 c:\winxp\system32\wdmaud.drv

+ 2008-04-14 03:42 . 2008-04-14 00:42 23552 c:\winxp\system32\wdmaud.drv

+ 2008-04-13 22:15 . 2004-07-09 01:27 48512 c:\winxp\system32\drivers\stream.sys

+ 2011-03-15 15:18 . 2008-04-13 19:15 60160 c:\winxp\system32\drivers\drmk.sys

- 2011-03-15 15:18 . 2008-04-13 20:15 60160 c:\winxp\system32\drivers\drmk.sys

+ 2008-04-14 03:42 . 2008-04-14 00:42 23552 c:\winxp\system32\dllcache\wdmaud.drv

- 2008-04-14 03:42 . 2008-04-14 01:42 23552 c:\winxp\system32\dllcache\wdmaud.drv

+ 2008-04-13 22:15 . 2004-07-09 01:27 48512 c:\winxp\system32\dllcache\stream.sys

- 2011-03-15 15:18 . 2008-04-13 20:15 60160 c:\winxp\system32\dllcache\drmk.sys

+ 2011-03-15 15:18 . 2008-04-13 19:15 60160 c:\winxp\system32\dllcache\drmk.sys

- 2011-03-15 15:18 . 2008-04-14 01:41 4096 c:\winxp\system32\ksuser.dll

+ 2011-03-15 15:18 . 2002-12-11 21:14 4096 c:\winxp\system32\ksuser.dll

- 2011-03-15 15:18 . 2008-04-14 01:41 4096 c:\winxp\system32\dllcache\ksuser.dll

+ 2011-03-15 15:18 . 2002-12-11 21:14 4096 c:\winxp\system32\dllcache\ksuser.dll

+ 2011-03-15 15:18 . 2008-04-13 19:49 146048 c:\winxp\system32\drivers\portcls.sys

- 2011-03-15 15:18 . 2008-04-13 20:49 146048 c:\winxp\system32\drivers\portcls.sys

+ 2011-03-15 15:18 . 2008-04-13 19:49 146048 c:\winxp\system32\dllcache\portcls.sys

- 2011-03-15 15:18 . 2008-04-13 20:49 146048 c:\winxp\system32\dllcache\portcls.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="NvMCTray.dll" [2011-01-07 111208]

"NvCplDaemon"="c:\winxp\system32\NvCpl.dll" [2011-01-07 13880424]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\winxp\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[HKLM\~\startupfolder\C:^Documents and Settings^Sniper Control^Start Menu^Programs^Startup^FIFA 10 Registration.lnk]

path=c:\documents and settings\Sniper Control\Start Menu\Programs\Startup\FIFA 10 Registration.lnk

backup=c:\winxp\pss\FIFA 10 Registration.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

2011-02-01 16:53 390720 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2008-04-14 11:00 208952 ----a-w- c:\winxp\ime\IMJP8_1\imjpmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-07-06 16:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 07:50 155648 ----a-w- c:\winxp\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2008-04-14 11:00 455168 ----a-w- c:\winxp\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2008-04-14 11:00 455168 ----a-w- c:\winxp\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]

2009-08-22 18:25 2781184 ----a-w- d:\sniper control\Programs\overclock\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor]

2010-11-16 00:52 2536448 ----a-w- c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-06-28 19:19 273544 ----a-w- c:\documents and settings\Sniper Control\Desktop\New Folder\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

2011-02-01 16:52 5546376 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"d:\\Games\\Steam\\steamapps\\sniper_control\\half-life\\hl.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=

"c:\\Program Files\\Garena\\Garena.exe"=

"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

"d:\\asq forever\\asq cs\\Counter-Strike 1.6\\hl.exe"=

"d:\\Games\\Steam\\steamapps\\sniper_control\\counter-strike\\hl.exe"=

"c:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=

"c:\\Program Files\\Winamp\\winamp.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10950:TCP"= 10950:TCP:Inhatch P2P Streaming

"10951:TCP"= 10951:TCP:Inhatch P2P Streaming

"10952:TCP"= 10952:TCP:Inhatch P2P Streaming

"10953:TCP"= 10953:TCP:Inhatch P2P Streaming

"49780:UDP"= 49780:UDP:Inhatch P2P Streaming

.

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\winxp\system32\drivers\tdrpm273.sys [04.4.2011 г. 20:37 752128]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\winxp\system32\drivers\dtsoftbus01.sys [16.3.2011 г. 12:50 218688]

R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\winxp\system32\drivers\Msikbd2k.sys [27.6.2011 г. 21:04 6656]

R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [04.4.2011 г. 20:38 3246040]

R2 cpuz135;cpuz135;c:\winxp\system32\drivers\cpuz135_x32.sys [04.5.2011 г. 14:21 21992]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [10.7.2011 г. 21:09 98304]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12.5.2011 г. 13:44 366640]

R3 afcdp;afcdp;c:\winxp\system32\drivers\afcdp.sys [04.4.2011 г. 20:38 167968]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [10.7.2011 г. 21:09 3735552]

R3 MBAMProtector;MBAMProtector;c:\winxp\system32\drivers\mbam.sys [12.5.2011 г. 13:44 22712]

S0 NVStrap;NVStrap;c:\winxp\system32\drivers\NVStrap.sys [15.5.2011 г. 18:13 4224]

S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe --> c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [?]

S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]

S3 PortTalk;PortTalk;c:\winxp\system32\drivers\PortTalk.sys [23.7.2011 г. 15:41 3567]

S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\winxp\system32\drivers\ULILAN51.SYS [18.7.2011 г. 13:57 28672]

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-22 c:\winxp\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]

.

2011-07-23 c:\winxp\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1767777339-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 07:47]

.

2011-07-23 c:\winxp\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1767777339-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 07:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

TCP: Interfaces\{D9034006-5AE1-429F-B2EF-967FC5C68FC7}: NameServer = 192.168.15.12,195.24.48.5

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-23 22:04

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1409082233-1767777339-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5056BDAD-1969-FEE8-DCB1-EC6F0645115C}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"jajpjkcplomohcoeldkp"=hex:62,61,6e,6e,00,f6

"jajpjkcplomohcoeldgc"=hex:62,61,65,6f,00,f6

"iajkafpigijecopmgh"=hex:6b,61,6d,6e,6c,6a,70,69,69,62,6b,67,65,6c,6c,68,63,68,

6c,68,69,66,00,00

.

[HKEY_USERS\S-1-5-21-1409082233-1767777339-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5710857D-FD17-2FDB-CC1A-72B708A38458}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iaepafmejphankccin"=hex:6a,61,68,6d,63,64,6d,6e,68,6c,6e,6b,65,67,64,64,68,66,

6c,6e,00,00

"haopcgicaejjmlnm"=hex:6a,61,69,6d,63,64,65,6d,6b,6d,63,65,6a,63,6a,66,61,68,

6e,6d,00,ff

"iaiodbfnnehiimipfb"=hex:63,61,68,6d,69,64,00,7c

"dbgmndbihnhackkbbnheffkcieaemfecppiniego"=hex:68,61,70,6a,6a,6b,67,66,66,63,

6d,6b,6b,65,65,64,00,00

"jbgmndbihnhackkbbnhegeggbplfdcfekahaieikanffoblpnbmb"=hex:68,61,70,6a,6a,6b,

67,66,66,63,6d,6b,6b,65,65,64,00,00

"dbgmndbihnhackkbbnhemdfiebnffhemlnkmbekb"=hex:62,61,6f,66,00,00

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3016)

c:\winxp\system32\WININET.dll

c:\program files\NVIDIA Corporation\nView\nview.dll

c:\winxp\system32\ieframe.dll

c:\winxp\system32\webcheck.dll

c:\winxp\system32\wpdshserviceobj.dll

c:\winxp\system32\portabledevicetypes.dll

c:\winxp\system32\portabledeviceapi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\winxp\system32\nvsvc32.exe

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\winxp\system32\RunDLL32.exe

c:\winxp\SOUNDMAN.EXE

c:\winxp\system32\rundll32.exe

c:\program files\Netropa\Multimedia Keyboard\TrayMon.exe

c:\program files\Netropa\Onscreen Display\OSD.exe

c:\winxp\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-07-23 22:08:22 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-23 19:08

ComboFix2.txt 2011-07-23 15:33

.

Pre-Run: 7 365 619 712 bytes free

Post-Run: 7 500 697 600 bytes free

.

- - End Of File - - 9BD9FEB81896F711FF0ABA31BDB51931

Искам да съобщя и за един проблем. След като се рестартира системата от ComboFix-a и като зареди не иска да се пускат браузъри и таск мениджър и се налага рестарт.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

* Изтеглете Malwarebytes' Anti-Malware или от тук

* Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.

* Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.

* Ако има намерени обновявания, тя ще ги изтегли и инсталира.

* Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.

* Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.

* Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.

* Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.

* Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. Копирайте този лог и го публикувайте в следващия си коментар по темата.

Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Свърш сканирането... най-накрая. Обаче пак този проблем при който след рестарт не иска да тръгнат браузърите и таск мениджъра. Също така забавянето при зареждането на уиндоуса и цикленето със звука остават.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7252

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

24.7.2011 г. 01:28:05

mbam-log-2011-07-24 (01-28-05).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 262837

Time elapsed: 2 hour(s), 33 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\sniper control\my documents\downloads\hard disk sentinel pro v3.60.4810\patch\hard.disk.sentinel.pro-mpt.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.

c:\documents and settings\sniper control\my documents\downloads\symantec norton antivirus + internet security 2011 v18.6.0.29 incl. trialreset-box\1box_ntr2011.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\program files\hard disk sentinel\hard.disk.sentinel.pro-mpt.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.

d:\system volume information\_restore{878072d4-2631-48b3-bff8-72f1b210d05b}\RP62\A0135885.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изтрийте вашото копие на Комбофикс и изтеглете свежо от от тук или тук и го запазете на десктопа си.

Направете ново сканиране по инструкцията в пост 6..!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.