Не не е нормално ..хм....!Нека видя лога..!

Вече привършва, но само да те питам - всеки път като сканира ComboFix (така де - последните 2 пъти) аваст ми намира файла \??\C:\DOCUME~1\home\LOCALS~1\Temp\catchme.sys . Дава ми опции да го изтрия или игнорирам...кое да направя?

Редактирано 15 март 201214 г. от KaWaii (преглед на промените)

Абсолютно нищо ..това е файл на Комбофикс..!Когато завършим ще деинсталираме Комбофикс и няма да има проблеми..!

ComboFix 12-03-12.03 - home 03.2012 г. 20:33:52.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.1983.1498 [GMT 2:00] Running from: c:\documents and settings\home\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\home\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 ))))))))))))))))))))))))))))))) . . 2012-03-10 14:09 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-03-10 14:09 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-03-10 14:09 . 2012-03-07 00:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-03-10 14:09 . 2012-03-07 00:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-03-10 14:09 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-10 14:09 . 2012-03-07 00:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-03-10 14:09 . 2012-03-07 00:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-03-10 14:09 . 2012-03-06 23:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-03-10 14:08 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr 2012-03-10 14:08 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-10 14:01 . 2012-03-10 14:01 -------- d-----w- c:\windows\system32\wbem\Repository 2012-03-10 11:58 . 2012-03-10 14:08 -------- d-----w- c:\program files\AVAST Software 2012-03-10 11:58 . 2012-03-10 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-03-10 11:21 . 2012-03-10 11:21 -------- d-----w- c:\documents and settings\home\Application Data\DriverCure 2012-03-10 11:21 . 2012-03-10 11:21 -------- d-----w- c:\program files\SpeedyPC Software 2012-03-10 11:21 . 2012-03-10 11:21 -------- d-----w- c:\program files\Common Files\SpeedyPC Software 2012-03-10 11:21 . 2012-03-10 11:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software 2012-03-10 10:33 . 2012-03-10 10:33 -------- d-----w- c:\documents and settings\LocalService\IETldCache 2012-03-10 10:25 . 2012-03-10 13:58 -------- d-sh--w- c:\documents and settings\home\Local Settings\Application Data\9f790a05 2012-02-23 16:49 . 2012-02-25 16:32 -------- d-----w- c:\documents and settings\home\riotsGamesLogs 2012-02-23 16:49 . 2012-02-23 16:49 -------- d-----w- c:\documents and settings\home\Application Data\LolClient 2012-02-23 00:40 . 2012-02-23 00:40 -------- d-----w- c:\program files\Common Files\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-11 16:54 . 2010-08-20 17:32 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-01-28 21:11 . 2012-01-28 21:11 629288 ----a-w- C:\WindowsXP-KB932823-v3-x86-ENU.exe 2012-01-28 20:59 . 2012-01-28 20:59 16883056 ----a-w- C:\Internet_Explorer_8_0.exe 2011-05-06 09:42 . 2011-05-06 09:42 14310930 ----a-w- c:\program files\any-video-converter-free.exe 2011-01-28 17:48 . 2011-01-28 17:48 359940 ----a-w- c:\program files\shoutcast-dsp-2-1-3-windows.exe 2011-01-28 17:46 . 2011-01-28 17:46 1948225 ----a-w- c:\program files\shoutcast-dnas-1-9-8-windows.exe 2011-01-19 22:10 . 2011-01-19 22:05 94112150 ----a-w- c:\program files\AC Web Ultimate Repack.exe 2011-01-19 22:01 . 2011-01-19 22:00 31323871 ----a-w- c:\program files\xampp-win32-1.5.2-installer.exe 2011-01-04 19:43 . 2011-01-04 19:22 232501 ----a-w- c:\program files\Minecraft.exe 2011-01-04 19:24 . 2011-01-04 19:24 232501 ----a-w- c:\program files\Minecraft(2).exe 2011-01-03 20:45 . 2011-01-03 20:45 3514656 ----a-w- c:\program files\TeamViewer_Setup.exe 2010-12-31 13:52 . 2010-12-31 13:52 401728 ----a-w- c:\program files\setup.exe 2010-12-30 21:33 . 2010-12-30 21:33 568648 ----a-w- c:\program files\GoogleEarthSetup.exe 2010-12-11 18:44 . 2010-12-11 18:44 2790864 ----a-w- c:\program files\install_flash_player.exe 2010-12-10 14:03 . 2010-12-10 14:03 22971688 ----a-w- c:\program files\Skype 4.2.0.169.exe 2010-12-09 18:03 . 2010-12-09 18:02 8027408 ----a-w- c:\program files\boost-speed-setup.exe 2012-02-19 07:53 . 2011-05-01 07:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-03-12_16.01.07 ))))))))))))))))))))))))))))))))))))))))) . + 2012-03-15 18:45 . 2012-03-15 18:45 16384 c:\windows\Temp\Perflib_Perfdata_7b8.dat + 2012-03-15 18:45 . 2012-03-15 18:45 16384 c:\windows\Temp\Perflib_Perfdata_3b0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-28 3077528] "Akamai NetSession Interface"="c:\documents and settings\home\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 3329824] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112] "RTHDCPL"="RTHDCPL.EXE" [2009-12-08 18789920] "Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-10-15 380416] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200] "NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2006-10-04 53760] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-30 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 2.1.lnk backup=c:\windows\pss\Digimax Viewer 2.1.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^ _-=TIgI-sCripT=-_.lnk] path=c:\documents and settings\home\Start Menu\Programs\Startup\ _-=TIgI-sCripT=-_.lnk backup=c:\windows\pss\ _-=TIgI-sCripT=-_.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^.lnk] path=c:\documents and settings\home\Start Menu\Programs\Startup\.lnk backup=c:\windows\pss\.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^PowerReg Scheduler.exe] path=c:\documents and settings\home\Start Menu\Programs\Startup\PowerReg Scheduler.exe backup=c:\windows\pss\PowerReg Scheduler.exeStartup . [HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^The Matrix_ Path of Neo Registration.lnk] path=c:\documents and settings\home\Start Menu\Programs\Startup\The Matrix_ Path of Neo Registration.lnk backup=c:\windows\pss\The Matrix_ Path of Neo Registration.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 21:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MorEmoticons] 2007-11-12 02:35 64000 ----a-w- c:\program files\MorEmoticons\Moremoticons.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Games\\war\\Warcraft III\\Warcraft III.exe"= "d:\\Games\\war\\Warcraft III\\War3.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Garena\\Garena.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "e:\\Games2\\CS\\hl.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "e:\\Games2\\CS\\hlds.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\wow server\\xampp\\apache\\bin\\apache.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "e:\\Games2\\AOE2\\AOE2\\empires2.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\home\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "23183:TCP"= 23183:TCP:BitComet 23183 TCP "23183:UDP"= 23183:UDP:BitComet 23183 UDP "6612:TCP"= 6612:TCP:Blizard Downloader "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "13189:TCP"= 13189:TCP:BitComet 13189 TCP "13189:UDP"= 13189:UDP:BitComet 13189 UDP "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675 "2706:TCP"= 2706:TCP:Inhatch P2P Streaming "2707:TCP"= 2707:TCP:Inhatch P2P Streaming "2708:TCP"= 2708:TCP:Inhatch P2P Streaming "2709:TCP"= 2709:TCP:Inhatch P2P Streaming "58389:TCP"= 58389:TCP:Pando Media Booster "58389:UDP"= 58389:UDP:Pando Media Booster "1113:TCP"= 1113:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.9.2007 г. 22:02 691696] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.3.2012 г. 16:09 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.3.2012 г. 16:09 337880] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04.8.2004 г. 00:56 14336] R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [16.12.2009 г. 17:38 375296] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.3.2012 г. 16:09 20696] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20.8.2010 г. 19:32 652360] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [08.10.2011 г. 07:48 2255464] R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [10.8.2011 г. 13:13 4096] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.8.2010 г. 19:32 20464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 г. 12:16 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05.8.2009 г. 20:21 133104] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [15.2.2012 г. 13:30 158856] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.11.2010 г. 00:54 1691480] S3 cpuz130;cpuz130;\??\c:\docume~1\home\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\home\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [04.12.2010 г. 15:25 130976] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\home\LOCALS~1\Temp\HQO85.tmp --> c:\docume~1\home\LOCALS~1\Temp\HQO85.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\d:\games\Garena\safedrv.sys --> d:\games\Garena\safedrv.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [05.8.2009 г. 20:21 133104] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [20.8.2010 г. 19:32 40776] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 г. 12:16 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:20] . 2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:20] . 2012-03-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-1303643608-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 19:09] . 2012-03-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-1303643608-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 19:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1 uInternet Settings,ProxyServer = 213.185.116.218:3128 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &С&валяне &с BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &С&валяне на всички с BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: &С&валяне на всичкото видео с BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} Trusted Zone: ubb.bg\ebb TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{DCBC3E0E-D6A9-4EAE-B79E-C26871E46E0B}: NameServer = 212.39.90.42,212.39.90.43 FF - ProfilePath - c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\ieu1njgb.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/picpick/{E56BB3A3-CA04-4D5B-992E-7732EF0E806D}?q= FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-15 20:46 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\home\LOCALS~1\Temp\HQO85.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1056) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(2592) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\wow server\xampp\mysql\bin\mysqld.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PnkBstrA.exe c:\program files\ATI Technologies\ATI.ACE\CLI.EXE c:\windows\RTHDCPL.EXE c:\windows\system32\RunDLL32.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\program files\ATI Technologies\ATI.ACE\cli.exe . ************************************************************************** . Completion time: 2012-03-15 20:50:32 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-15 18:50 ComboFix2.txt 2012-03-15 17:30 ComboFix3.txt 2012-03-12 16:04 . Pre-Run: 38 616 440 832 bytes free Post-Run: 38 627 155 968 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn . - - End Of File - - 068C3D86620DAE3DA5F4B833595BF26F

Логът е чист..!Остана още едно нещо и приключваме:

Изтеглете програмата: ESET Online Scanner

• Стартирайте esetsmartinstaller_enu.exe
• Сложете отметка на YES, I accept the Terms of Use и изберете Start:

  

• Скенерът ще започне да изтегля компонентите, които са му необходими:

  

• Уверете се, че има отметки на следните редове:

  

  Накрая изберете Start

• Скенерът ще започне да изтегля последните дефиниции.
• След, като сканирането завърши изберете Finish.
• Отидете в: C:\Program Files\ESET\ESET Online Scanner
• Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си коментар.

Този път бая закъснях с отговора, но бях в София и нямаше как да стане. Отново се извинявам ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=b72b8051184df848a4e48ae80c8ba0fd # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-03-15 09:49:27 # local_time=2012-03-15 11:49:27 (+0200, FLE Standard Time) # country="Bulgaria" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1797 16774142 0 6 449600 68382120 0 0 # compatibility_mode=8192 67108863 100 0 3786 3786 0 0 # scanned=165739 # found=11 # cleaned=11 # scan_time=9839 C:\Documents and Settings\home\Desktop\Meine nicht deine\FableTrn.exe probably a variant of Win32/Spy.Agent.BMYYYSA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Cheat Engine\Cheat Engine.exe a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Cheat Engine\dbk32.dll a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Cheat Engine\dbk32.sys Win32/HackTool.CheatEngine application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Cheat Engine\Systemcallretriever.exe a variant of Win32/HackTool.SystemCall.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Cheat Engine\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Garena\plugins\UI\GEngine.dll probably a variant of Win32/Agent.LIJKDGU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Sony Vegas Movie Studio Platinum Edition Pro v9.a Build 85\patch.exe Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Program Files\winamp5601_full_emusic-7plus_en-us.exe.vir Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettingsRes409.dll.vir Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=b72b8051184df848a4e48ae80c8ba0fd # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-03-25 06:15:21 # local_time=2012-03-25 09:15:21 (+0200, FLE Daylight Time) # country="Bulgaria" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1797 16774142 0 6 1298614 69231134 0 0 # compatibility_mode=8192 67108863 100 0 849200 849200 0 0 # scanned=262157 # found=15 # cleaned=15 # scan_time=11971 C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1253\A0332812.sys a variant of Win32/Rootkit.Kryptik.KL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1256\A0335676.dll Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1256\A0335677.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1259\A0337986.exe probably a variant of Win32/Spy.Agent.BMYYYSA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1259\A0337990.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1259\A0337992.exe a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1259\A0337993.dll a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1259\A0337994.sys Win32/HackTool.CheatEngine application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1259\A0337995.exe a variant of Win32/HackTool.SystemCall.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1259\A0337996.exe a variant of Win32/HackTool.SystemCall.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1259\A0338000.dll probably a variant of Win32/Agent.LIJKDGU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1259\A0338003.exe Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\WINDOWS\pss\PowerReg Scheduler.exeStartup Win32/PowerReg application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Games\SolSuite.2007.v7.11.WinAll.Incl.KeyGen-NeoX\keygen.exe a variant of Win32/Keygen.AM application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1267\A0342324.exe a variant of Win32/Keygen.AM application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Деинсталирайте Комбофикс така:

1.Натиснете Start ==> Run ==> въведете командата Combofix /Uninstall ==> OK

2.Изтеглете OTCleanIt или от тук,стартирайте и натиснете

Има още нещо което искам да проверя и ще се ориантираме към приключване..!

• Изтеглете Junction.zip и го разархивирайте в папка на десктопа.

  Копирайте файла Junction.exe в C:\Windows

• Отидете до Start => Run... => въведете командата отдолу с Copy/Paste и натиснете OK

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

• Изчакайте проверката да завърши и да се появи лог файла.
• Копирайте съдържанието му в следващия си пост.