Премини към съдържанието

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

icekiller

Вирус който блокира достъпа до интернет

Препоръчан отговор


Значи много време се мъчих и изключвах разни съмнителни процеси от task manager-a като: 1D5.exe; 1D7.exe; wscntfy.exe and etc.. имам достъп в момента. НО не мога да си дръпна DDS дава ми след като натисна download DDS - чака, чака изписва Downloading DDS... и после като на снимката (прикачената снимка)... Помогнете да изчистим щайгата преди да съм откачил :shock11:

post-78148-0-51053200-1340542271_thumb.j

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Под Safe mode пак ли не ти дава възможност?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Какво има в hosts файла? Въпросният се намира в %systemroot%system32driversetc и отворен в текстов редактор, в общия случай трябва да съдържа само "127.0.0.1 localhost" след коментарите (редовете с '#').

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Съжалявам за закъснението. Малко пц-то е поизчистено с AVAST вече имам достъп до интернет:) НО нека проверим за остатъци от зловреден софтуеър. DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by niki at 19:34:43 on 2012-06-27 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2038.859 [GMT 3:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes ================ . C:Program FilesAVAST SoftwareAvastAvastSvc.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:WINDOWSsystem32RunDLL32.exe C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe C:Program FilesJavajre6binjqs.exe C:WINDOWSsystem32nvsvc32.exe C:WINDOWSsystem32Rundll32.exe C:Program FilesIDTWDMsttray.exe C:Program FilesAVAST SoftwareAvastavastUI.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesNVIDIA CorporationNVIDIA Updatusdaemonu.exe C:Program FilesDAEMON Tools LiteDTLite.exe C:WINDOWSSystem32alg.exe C:Program FilesGarena PlusGarenaMessenger.exe C:Program FilesSkypePhoneSkype.exe C:Program FilesuTorrentuTorrent.exe C:Program FilesGarena PlusRoomgarena_room.exe D:gamesWarcraft IIIwar3.exe C:Documents and SettingsnikiLocal SettingsApplication DataGoogleChromeApplicationchrome.exe C:Documents and SettingsnikiLocal SettingsApplication DataGoogleChromeApplicationchrome.exe C:Documents and SettingsnikiLocal SettingsApplication DataGoogleChromeApplicationchrome.exe C:Documents and SettingsnikiLocal SettingsApplication DataGoogleChromeApplicationchrome.exe C:Documents and SettingsnikiLocal SettingsApplication DataGoogleChromeApplicationchrome.exe C:Documents and SettingsnikiLocal SettingsApplication DataGoogleChromeApplicationchrome.exe C:WINDOWSsystem32wscntfy.exe C:WINDOWSsystem32wbemwmiprvse.exe C:WINDOWSSystem32svchost.exe -k netsvcs C:WINDOWSsystem32svchost.exe -k NetworkService C:WINDOWSsystem32svchost.exe -k LocalService C:WINDOWSsystem32svchost.exe -k LocalService C:WINDOWSsystem32svchost.exe -k imgsvc C:WINDOWSSystem32svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:program filesadobeacrobat 5.0readeractivexAcroIEHelper.ocx BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:program filesjavajre6binssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:program filesavast softwareavastaswWebRepIE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesjavajre6binjp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:program filesdaemon tools toolbarDTToolbar.dll TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:program filesdaemon tools toolbarDTToolbar.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:program filesavast softwareavastaswWebRepIE.dll uRun: [CTFMON.EXE] c:windowssystem32ctfmon.exe uRun: [Google Update] "c:documents and settingsnikilocal settingsapplication datagoogleupdateGoogleUpdate.exe" /c uRun: [DAEMON Tools Lite] "c:program filesdaemon tools liteDTLite.exe" -autorun uRun: [GarenaMessenger] "c:program filesgarena plusGarenaMessenger.exe" uRun: [skype] "c:program filesskypephoneSkype.exe" /minimized /regrun uRun: [uTorrent] "c:program filesutorrentuTorrent.exe" /MINIMIZED mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [nwiz] c:program filesnvidia corporationnviewnwiz.exe /installquiet mRun: [sysTrayApp] c:program filesidtwdmsttray.exe mRun: [APSDaemon] "c:program filescommon filesappleapple application supportAPSDaemon.exe" mRun: [avast] "c:program filesavast softwareavastavastUI.exe" /nogui dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE StartupFolder: c:docume~1nikistartm~1programsstartupimvu.lnk - c:documents and settingsnikiapplication dataimvuclientIMVUQualityAgent.exe StartupFolder: c:docume~1alluse~1startm~1programsstartupvideop~1.lnk - c:documents and settingsnikilocal settingstempVideo Performer63413.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: &Експортиране към Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:documents and settingsnikistart menuprogramsimvuRun IMVU.lnk IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces{542F66BC-A5F9-451C-AA14-FE6D2C4797C6} : DHCPNameServer = 192.168.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll Notify: WgaLogon - <no file> Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys [2012-6-26 612184] R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2012-6-26 337880] R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2012-6-26 20696] R2 avast! Antivirus;avast! Antivirus;c:program filesavast softwareavastAvastSvc.exe [2012-6-26 44768] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:program filesnvidia corporationnvidia updatusdaemonu.exe [2011-8-27 2255464] R3 GGSAFERDriver;GGSAFER Driver;??c:program filesgarena plusroomsafedrv.sys --> c:program filesgarena plusroomsafedrv.sys [?] S2 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2012-6-5 160944] . =============== Created Last 30 ================ . 2012-06-26 20:14:12 -------- d-----w- c:windowssystem32appmgmt 2012-06-26 20:05:21 -------- d-----w- c:program filesCCleaner 2012-06-26 17:08:11 -------- d-----w- c:program filesSpybot - Search & Destroy 2012-06-26 17:08:11 -------- d-----w- c:documents and settingsall usersapplication dataSpybot - Search & Destroy 2012-06-26 17:04:24 -------- d-----w- c:documents and settingsnikiapplication dataTeamViewer 2012-06-26 17:02:33 612184 ----a-w- c:windowssystem32driversaswSnx.sys 2012-06-26 17:02:12 41184 ----a-w- c:windowsavastSS.scr 2012-06-26 17:01:54 -------- d-----w- c:program filesAVAST Software 2012-06-26 17:01:54 -------- d-----w- c:documents and settingsall usersapplication dataAVAST Software 2012-06-26 10:33:28 193 ----a-w- c:documents and settingsnikiapplication data2B3.exe 2012-06-16 21:56:18 311 ----a-w- c:documents and settingsnikiapplication data190.exe 2012-06-16 08:09:15 311 ----a-w- c:documents and settingsnikiapplication data187.exe 2012-06-16 08:06:02 311 ----a-w- c:documents and settingsnikiapplication data175.exe 2012-06-13 02:50:52 521728 -c----w- c:windowssystem32dllcachejsdbgui.dll 2012-06-09 16:59:08 193 ----a-w- c:documents and settingsnikiapplication data328.exe 2012-06-03 18:33:55 0 ----a-w- c:documents and settingsnikiapplication dataEC.exe 2012-06-03 18:33:52 0 ----a-w- c:documents and settingsnikiapplication dataEB.exe 2012-06-03 05:52:32 0 ----a-w- c:documents and settingsnikiapplication dataE6.exe 2012-06-03 05:52:28 0 ----a-w- c:documents and settingsnikiapplication dataE4.exe 2012-06-02 19:42:10 0 ----a-w- c:documents and settingsnikiapplication dataE0.exe 2012-06-02 19:42:07 0 ----a-w- c:documents and settingsnikiapplication dataDF.exe 2012-06-02 19:09:51 0 ----a-w- c:documents and settingsnikiapplication dataD9.exe 2012-06-02 19:09:49 0 ----a-w- c:documents and settingsnikiapplication dataD8.exe 2012-06-02 15:02:58 0 ----a-w- c:documents and settingsnikiapplication dataCB.exe 2012-06-02 15:02:49 0 ----a-w- c:documents and settingsnikiapplication dataC8.exe 2012-06-01 17:37:54 0 ----a-w- c:documents and settingsnikiapplication dataC0.exe 2012-06-01 17:37:51 0 ----a-w- c:documents and settingsnikiapplication dataBF.exe 2012-05-31 19:29:59 -------- d-----w- c:program filescommon filesBlizzard Entertainment 2012-05-29 18:40:50 193 ----a-w- c:documents and settingsnikiapplication data82.exe 2012-05-29 13:05:34 193 ----a-w- c:documents and settingsnikiapplication data59.exe . ==================== Find3M ==================== . 2012-06-02 12:19:44 22040 ----a-w- c:windowssystem32wucltui.dll.mui 2012-06-02 12:19:38 219160 ----a-w- c:windowssystem32wuaucpl.cpl 2012-06-02 12:19:38 15384 ----a-w- c:windowssystem32wuaucpl.cpl.mui 2012-06-02 12:19:34 15384 ----a-w- c:windowssystem32wuapi.dll.mui 2012-06-02 12:19:30 17944 ----a-w- c:windowssystem32wuaueng.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:windowssystem32crypt32.dll 2012-05-16 15:08:26 916992 ----a-w- c:windowssystem32wininet.dll 2012-05-15 13:27:44 1872128 ----a-w- c:windowssystem32win32k.sys 2012-05-11 14:42:33 43520 ------w- c:windowssystem32licmgr10.dll 2012-05-11 14:42:33 1469440 ------w- c:windowssystem32inetcpl.cpl 2012-05-11 11:38:02 385024 ------w- c:windowssystem32html.iec 2012-05-04 13:24:46 2148352 ----a-w- c:windowssystem32ntoskrnl.exe 2012-05-04 12:41:08 2026496 ----a-w- c:windowssystem32ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:windowssystem32driversrdpwd.sys . ============= FINISH: 19:35:09,54 =============== DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by niki at 19:34:43 on 2012-06-27 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2038.859 [GMT 3:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes ================ . C:Program FilesAVAST SoftwareAvastAvastSvc.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:WINDOWSsystem32RunDLL32.exe C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe C:Program FilesJavajre6binjqs.exe C:WINDOWSsystem32nvsvc32.exe C:WINDOWSsystem32Rundll32.exe C:Program FilesIDTWDMsttray.exe C:Program FilesAVAST SoftwareAvastavastUI.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesNVIDIA CorporationNVIDIA Updatusdaemonu.exe C:Program FilesDAEMON Tools LiteDTLite.exe C:WINDOWSSystem32alg.exe C:Program FilesGarena PlusGarenaMessenger.exe C:Program FilesSkypePhoneSkype.exe C:Program FilesuTorrentuTorrent.exe C:Program FilesGarena PlusRoomgarena_room.exe D:gamesWarcraft IIIwar3.exe C:Documents and SettingsnikiLocal SettingsApplication DataGoogleChromeApplicationchrome.exe C:Documents and SettingsnikiLocal SettingsApplication DataGoogleChromeApplicationchrome.exe C:Documents and SettingsnikiLocal SettingsApplication DataGoogleChromeApplicationchrome.exe C:Documents and SettingsnikiLocal SettingsApplication DataGoogleChromeApplicationchrome.exe C:Documents and SettingsnikiLocal SettingsApplication DataGoogleChromeApplicationchrome.exe C:Documents and SettingsnikiLocal SettingsApplication DataGoogleChromeApplicationchrome.exe C:WINDOWSsystem32wscntfy.exe C:WINDOWSsystem32wbemwmiprvse.exe C:WINDOWSSystem32svchost.exe -k netsvcs C:WINDOWSsystem32svchost.exe -k NetworkService C:WINDOWSsystem32svchost.exe -k LocalService C:WINDOWSsystem32svchost.exe -k LocalService C:WINDOWSsystem32svchost.exe -k imgsvc C:WINDOWSSystem32svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:program filesadobeacrobat 5.0readeractivexAcroIEHelper.ocx BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:program filesjavajre6binssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:program filesavast softwareavastaswWebRepIE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesjavajre6binjp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:program filesdaemon tools toolbarDTToolbar.dll TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:program filesdaemon tools toolbarDTToolbar.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:program filesavast softwareavastaswWebRepIE.dll uRun: [CTFMON.EXE] c:windowssystem32ctfmon.exe uRun: [Google Update] "c:documents and settingsnikilocal settingsapplication datagoogleupdateGoogleUpdate.exe" /c uRun: [DAEMON Tools Lite] "c:program filesdaemon tools liteDTLite.exe" -autorun uRun: [GarenaMessenger] "c:program filesgarena plusGarenaMessenger.exe" uRun: [skype] "c:program filesskypephoneSkype.exe" /minimized /regrun uRun: [uTorrent] "c:program filesutorrentuTorrent.exe" /MINIMIZED mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [nwiz] c:program filesnvidia corporationnviewnwiz.exe /installquiet mRun: [sysTrayApp] c:program filesidtwdmsttray.exe mRun: [APSDaemon] "c:program filescommon filesappleapple application supportAPSDaemon.exe" mRun: [avast] "c:program filesavast softwareavastavastUI.exe" /nogui dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE StartupFolder: c:docume~1nikistartm~1programsstartupimvu.lnk - c:documents and settingsnikiapplication dataimvuclientIMVUQualityAgent.exe StartupFolder: c:docume~1alluse~1startm~1programsstartupvideop~1.lnk - c:documents and settingsnikilocal settingstempVideo Performer63413.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: &Експортиране към Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:documents and settingsnikistart menuprogramsimvuRun IMVU.lnk IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces{542F66BC-A5F9-451C-AA14-FE6D2C4797C6} : DHCPNameServer = 192.168.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll Notify: WgaLogon - <no file> Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys [2012-6-26 612184] R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2012-6-26 337880] R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2012-6-26 20696] R2 avast! Antivirus;avast! Antivirus;c:program filesavast softwareavastAvastSvc.exe [2012-6-26 44768] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:program filesnvidia corporationnvidia updatusdaemonu.exe [2011-8-27 2255464] R3 GGSAFERDriver;GGSAFER Driver;??c:program filesgarena plusroomsafedrv.sys --> c:program filesgarena plusroomsafedrv.sys [?] S2 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2012-6-5 160944] . =============== Created Last 30 ================ . 2012-06-26 20:14:12 -------- d-----w- c:windowssystem32appmgmt 2012-06-26 20:05:21 -------- d-----w- c:program filesCCleaner 2012-06-26 17:08:11 -------- d-----w- c:program filesSpybot - Search & Destroy 2012-06-26 17:08:11 -------- d-----w- c:documents and settingsall usersapplication dataSpybot - Search & Destroy 2012-06-26 17:04:24 -------- d-----w- c:documents and settingsnikiapplication dataTeamViewer 2012-06-26 17:02:33 612184 ----a-w- c:windowssystem32driversaswSnx.sys 2012-06-26 17:02:12 41184 ----a-w- c:windowsavastSS.scr 2012-06-26 17:01:54 -------- d-----w- c:program filesAVAST Software 2012-06-26 17:01:54 -------- d-----w- c:documents and settingsall usersapplication dataAVAST Software 2012-06-26 10:33:28 193 ----a-w- c:documents and settingsnikiapplication data2B3.exe 2012-06-16 21:56:18 311 ----a-w- c:documents and settingsnikiapplication data190.exe 2012-06-16 08:09:15 311 ----a-w- c:documents and settingsnikiapplication data187.exe 2012-06-16 08:06:02 311 ----a-w- c:documents and settingsnikiapplication data175.exe 2012-06-13 02:50:52 521728 -c----w- c:windowssystem32dllcachejsdbgui.dll 2012-06-09 16:59:08 193 ----a-w- c:documents and settingsnikiapplication data328.exe 2012-06-03 18:33:55 0 ----a-w- c:documents and settingsnikiapplication dataEC.exe 2012-06-03 18:33:52 0 ----a-w- c:documents and settingsnikiapplication dataEB.exe 2012-06-03 05:52:32 0 ----a-w- c:documents and settingsnikiapplication dataE6.exe 2012-06-03 05:52:28 0 ----a-w- c:documents and settingsnikiapplication dataE4.exe 2012-06-02 19:42:10 0 ----a-w- c:documents and settingsnikiapplication dataE0.exe 2012-06-02 19:42:07 0 ----a-w- c:documents and settingsnikiapplication dataDF.exe 2012-06-02 19:09:51 0 ----a-w- c:documents and settingsnikiapplication dataD9.exe 2012-06-02 19:09:49 0 ----a-w- c:documents and settingsnikiapplication dataD8.exe 2012-06-02 15:02:58 0 ----a-w- c:documents and settingsnikiapplication dataCB.exe 2012-06-02 15:02:49 0 ----a-w- c:documents and settingsnikiapplication dataC8.exe 2012-06-01 17:37:54 0 ----a-w- c:documents and settingsnikiapplication dataC0.exe 2012-06-01 17:37:51 0 ----a-w- c:documents and settingsnikiapplication dataBF.exe 2012-05-31 19:29:59 -------- d-----w- c:program filescommon filesBlizzard Entertainment 2012-05-29 18:40:50 193 ----a-w- c:documents and settingsnikiapplication data82.exe 2012-05-29 13:05:34 193 ----a-w- c:documents and settingsnikiapplication data59.exe . ==================== Find3M ==================== . 2012-06-02 12:19:44 22040 ----a-w- c:windowssystem32wucltui.dll.mui 2012-06-02 12:19:38 219160 ----a-w- c:windowssystem32wuaucpl.cpl 2012-06-02 12:19:38 15384 ----a-w- c:windowssystem32wuaucpl.cpl.mui 2012-06-02 12:19:34 15384 ----a-w- c:windowssystem32wuapi.dll.mui 2012-06-02 12:19:30 17944 ----a-w- c:windowssystem32wuaueng.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:windowssystem32crypt32.dll 2012-05-16 15:08:26 916992 ----a-w- c:windowssystem32wininet.dll 2012-05-15 13:27:44 1872128 ----a-w- c:windowssystem32win32k.sys 2012-05-11 14:42:33 43520 ------w- c:windowssystem32licmgr10.dll 2012-05-11 14:42:33 1469440 ------w- c:windowssystem32inetcpl.cpl 2012-05-11 11:38:02 385024 ------w- c:windowssystem32html.iec 2012-05-04 13:24:46 2148352 ----a-w- c:windowssystem32ntoskrnl.exe 2012-05-04 12:41:08 2026496 ----a-w- c:windowssystem32ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:windowssystem32driversrdpwd.sys . ============= FINISH: 19:35:09,54 ===============


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте!

Радвам се, че имате достъп до интернет, но системата ви все още е инфектирана.

Публикували сте два пъти съдържанието на DDS.txt, но не и на Attach.txt. Моля, включете го в следващия си пост.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Това ще стане към 19:30, но все пак ми кажете къде да намеря вторият файл защото на десктопът ми създате само този, а един ми отвори автоматично след сканирането с DDS, и аз просто си помислих, че вторият (този на десктопа) е различен и е този който трябва. После се поразрових след като пуснах поста и видях, че си е само 1 :( Нямам въпросният "Attach.txt". Та моля за съдействие защо не е създаден въпросният файл и как да го създам?!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Препоръчвам ви най-добре да генерирате нови лог файлове от DDS.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Така извинявам се за закъснението ето ги и двата файла на ново: DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by niki at 22:22:44 on 2012-06-28 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2038.1244 [GMT 3:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes ================ . C:Program FilesAVAST SoftwareAvastAvastSvc.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32RunDLL32.exe C:Program FilesIDTWDMsttray.exe C:Program FilesAVAST SoftwareAvastavastUI.exe C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesDAEMON Tools LiteDTLite.exe C:Program FilesJavajre6binjqs.exe C:WINDOWSsystem32nvsvc32.exe C:Program FilesGarena PlusGarenaMessenger.exe C:Program FilesNVIDIA CorporationNVIDIA Updatusdaemonu.exe C:Program FilesuTorrentuTorrent.exe C:WINDOWSsystem32wuauclt.exe C:WINDOWSSystem32alg.exe C:WINDOWSsystem32msiexec.exe C:WINDOWSsystem32wscntfy.exe C:Program FilesSkypePhoneSkype.exe C:Documents and SettingsnikiLocal SettingsApplication DataGoogleChromeApplicationchrome.exe C:Documents and SettingsnikiLocal SettingsApplication DataGoogleChromeApplicationchrome.exe C:Documents and SettingsnikiLocal SettingsApplication DataGoogleChromeApplicationchrome.exe C:WINDOWSsystem32taskmgr.exe C:Documents and SettingsnikiLocal SettingsApplication DataGoogleChromeApplicationchrome.exe C:Documents and SettingsnikiLocal SettingsApplication DataGoogleChromeApplicationchrome.exe C:WINDOWSsystem32wbemwmiprvse.exe C:WINDOWSSystem32svchost.exe -k netsvcs C:WINDOWSsystem32svchost.exe -k NetworkService C:WINDOWSsystem32svchost.exe -k LocalService C:WINDOWSsystem32svchost.exe -k LocalService C:WINDOWSsystem32svchost.exe -k imgsvc C:WINDOWSSystem32svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:program filesadobeacrobat 5.0readeractivexAcroIEHelper.ocx BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:program filesjavajre6binssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:program filesavast softwareavastaswWebRepIE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesjavajre6binjp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:program filesdaemon tools toolbarDTToolbar.dll TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:program filesdaemon tools toolbarDTToolbar.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:program filesavast softwareavastaswWebRepIE.dll uRun: [CTFMON.EXE] c:windowssystem32ctfmon.exe uRun: [Google Update] "c:documents and settingsnikilocal settingsapplication datagoogleupdateGoogleUpdate.exe" /c uRun: [DAEMON Tools Lite] "c:program filesdaemon tools liteDTLite.exe" -autorun uRun: [GarenaMessenger] "c:program filesgarena plusGarenaMessenger.exe" uRun: [skype] "c:program filesskypephoneSkype.exe" /minimized /regrun uRun: [uTorrent] "c:program filesutorrentuTorrent.exe" /MINIMIZED mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [nwiz] c:program filesnvidia corporationnviewnwiz.exe /installquiet mRun: [sysTrayApp] c:program filesidtwdmsttray.exe mRun: [APSDaemon] "c:program filescommon filesappleapple application supportAPSDaemon.exe" mRun: [avast] "c:program filesavast softwareavastavastUI.exe" /nogui dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE StartupFolder: c:docume~1nikistartm~1programsstartupimvu.lnk - c:documents and settingsnikiapplication dataimvuclientIMVUQualityAgent.exe StartupFolder: c:docume~1alluse~1startm~1programsstartupvideop~1.lnk - c:documents and settingsnikilocal settingstempVideo Performer63413.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: &Експортиране към Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:documents and settingsnikistart menuprogramsimvuRun IMVU.lnk IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces{542F66BC-A5F9-451C-AA14-FE6D2C4797C6} : DHCPNameServer = 192.168.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll Notify: WgaLogon - <no file> Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys [2012-6-26 612184] R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2012-6-26 337880] R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2012-6-26 20696] R2 avast! Antivirus;avast! Antivirus;c:program filesavast softwareavastAvastSvc.exe [2012-6-26 44768] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:program filesnvidia corporationnvidia updatusdaemonu.exe [2011-8-27 2255464] S2 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2012-6-7 160944] S3 GGSAFERDriver;GGSAFER Driver;??c:program filesgarena plusroomsafedrv.sys --> c:program filesgarena plusroomsafedrv.sys [?] . =============== Created Last 30 ================ . 2012-06-26 20:14:12 -------- d-----w- c:windowssystem32appmgmt 2012-06-26 20:05:21 -------- d-----w- c:program filesCCleaner 2012-06-26 17:08:11 -------- d-----w- c:program filesSpybot - Search & Destroy 2012-06-26 17:08:11 -------- d-----w- c:documents and settingsall usersapplication dataSpybot - Search & Destroy 2012-06-26 17:04:24 -------- d-----w- c:documents and settingsnikiapplication dataTeamViewer 2012-06-26 17:02:33 612184 ----a-w- c:windowssystem32driversaswSnx.sys 2012-06-26 17:02:12 41184 ----a-w- c:windowsavastSS.scr 2012-06-26 17:01:54 -------- d-----w- c:program filesAVAST Software 2012-06-26 17:01:54 -------- d-----w- c:documents and settingsall usersapplication dataAVAST Software 2012-06-26 10:33:28 193 ----a-w- c:documents and settingsnikiapplication data2B3.exe 2012-06-16 21:56:18 311 ----a-w- c:documents and settingsnikiapplication data190.exe 2012-06-16 08:09:15 311 ----a-w- c:documents and settingsnikiapplication data187.exe 2012-06-16 08:06:02 311 ----a-w- c:documents and settingsnikiapplication data175.exe 2012-06-13 02:50:52 521728 -c----w- c:windowssystem32dllcachejsdbgui.dll 2012-06-09 16:59:08 193 ----a-w- c:documents and settingsnikiapplication data328.exe 2012-06-03 18:33:55 0 ----a-w- c:documents and settingsnikiapplication dataEC.exe 2012-06-03 18:33:52 0 ----a-w- c:documents and settingsnikiapplication dataEB.exe 2012-06-03 05:52:32 0 ----a-w- c:documents and settingsnikiapplication dataE6.exe 2012-06-03 05:52:28 0 ----a-w- c:documents and settingsnikiapplication dataE4.exe 2012-06-02 19:42:10 0 ----a-w- c:documents and settingsnikiapplication dataE0.exe 2012-06-02 19:42:07 0 ----a-w- c:documents and settingsnikiapplication dataDF.exe 2012-06-02 19:09:51 0 ----a-w- c:documents and settingsnikiapplication dataD9.exe 2012-06-02 19:09:49 0 ----a-w- c:documents and settingsnikiapplication dataD8.exe 2012-06-02 15:02:58 0 ----a-w- c:documents and settingsnikiapplication dataCB.exe 2012-06-02 15:02:49 0 ----a-w- c:documents and settingsnikiapplication dataC8.exe 2012-06-01 17:37:54 0 ----a-w- c:documents and settingsnikiapplication dataC0.exe 2012-06-01 17:37:51 0 ----a-w- c:documents and settingsnikiapplication dataBF.exe 2012-05-31 19:29:59 -------- d-----w- c:program filescommon filesBlizzard Entertainment . ==================== Find3M ==================== . 2012-06-02 12:19:44 22040 ----a-w- c:windowssystem32wucltui.dll.mui 2012-06-02 12:19:38 219160 ----a-w- c:windowssystem32wuaucpl.cpl 2012-06-02 12:19:38 15384 ----a-w- c:windowssystem32wuaucpl.cpl.mui 2012-06-02 12:19:34 15384 ----a-w- c:windowssystem32wuapi.dll.mui 2012-06-02 12:19:30 17944 ----a-w- c:windowssystem32wuaueng.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:windowssystem32crypt32.dll 2012-05-29 18:40:50 193 ----a-w- c:documents and settingsnikiapplication data82.exe 2012-05-29 13:05:34 193 ----a-w- c:documents and settingsnikiapplication data59.exe 2012-05-16 15:08:26 916992 ----a-w- c:windowssystem32wininet.dll 2012-05-15 13:27:44 1872128 ----a-w- c:windowssystem32win32k.sys 2012-05-11 14:42:33 43520 ------w- c:windowssystem32licmgr10.dll 2012-05-11 14:42:33 1469440 ------w- c:windowssystem32inetcpl.cpl 2012-05-11 11:38:02 385024 ------w- c:windowssystem32html.iec 2012-05-04 13:24:46 2148352 ----a-w- c:windowssystem32ntoskrnl.exe 2012-05-04 12:41:08 2026496 ----a-w- c:windowssystem32ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:windowssystem32driversrdpwd.sys . ============= FINISH: 22:22:51,50 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-09-30.01) . Microsoft Windows XP Professional Boot Device: DeviceHarddiskVolume1 Install Date: 07.5.2005 г. 18:24:05 System Uptime: 28.6.2012 г. 22:17:55 (0 hours ago) . Motherboard: Intel Corporation | | DP965LT Processor: Intel® Core2 CPU 6420 @ 2.13GHz | LGA 775 | 2131/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 36 GiB total, 15,122 GiB free. D: is FIXED (NTFS) - 59 GiB total, 14,954 GiB free. E: is FIXED (NTFS) - 59 GiB total, 18,153 GiB free. F: is CDROM () G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP257: 15.5.2012 г. 04:08:01 - System Checkpoint RP258: 16.5.2012 г. 04:37:28 - System Checkpoint RP259: 17.5.2012 г. 05:25:28 - System Checkpoint RP260: 18.5.2012 г. 05:37:17 - System Checkpoint RP261: 19.5.2012 г. 06:25:17 - System Checkpoint RP262: 20.5.2012 г. 07:12:12 - System Checkpoint RP263: 20.5.2012 г. 18:38:15 - Installed Windows XP KB932716-v2. RP264: 20.5.2012 г. 18:39:30 - Installed Windows 7 USB/DVD Download Tool RP265: 21.5.2012 г. 19:40:43 - System Checkpoint RP266: 22.5.2012 г. 20:16:42 - System Checkpoint RP267: 23.5.2012 г. 03:00:14 - Software Distribution Service 3.0 RP268: 24.5.2012 г. 03:40:11 - System Checkpoint RP269: 25.5.2012 г. 04:06:57 - System Checkpoint RP270: 26.5.2012 г. 04:54:16 - System Checkpoint RP271: 27.5.2012 г. 05:05:58 - System Checkpoint RP272: 28.5.2012 г. 05:33:18 - System Checkpoint RP273: 29.5.2012 г. 08:24:11 - System Checkpoint RP274: 30.5.2012 г. 08:44:20 - System Checkpoint RP275: 31.5.2012 г. 09:50:38 - System Checkpoint RP276: 31.5.2012 г. 19:46:01 - Removed Titan Quest RP277: 31.5.2012 г. 19:47:32 - Removed Titan Quest Immortal Throne RP278: 01.6.2012 г. 22:27:11 - System Checkpoint RP279: 02.6.2012 г. 23:38:48 - System Checkpoint RP280: 04.6.2012 г. 00:42:44 - System Checkpoint RP281: 05.6.2012 г. 08:40:57 - System Checkpoint RP282: 05.6.2012 г. 21:20:42 - Software Distribution Service 3.0 RP283: 06.6.2012 г. 23:26:25 - System Checkpoint RP284: 08.6.2012 г. 02:14:17 - System Checkpoint RP285: 09.6.2012 г. 03:11:32 - System Checkpoint RP286: 10.6.2012 г. 03:23:32 - System Checkpoint RP287: 11.6.2012 г. 04:11:32 - System Checkpoint RP288: 12.6.2012 г. 08:14:42 - System Checkpoint RP289: 13.6.2012 г. 08:39:00 - System Checkpoint RP290: 14.6.2012 г. 03:00:14 - Software Distribution Service 3.0 RP291: 15.6.2012 г. 03:26:26 - System Checkpoint RP292: 17.6.2012 г. 03:11:10 - System Checkpoint RP293: 18.6.2012 г. 04:11:05 - System Checkpoint RP294: 19.6.2012 г. 05:00:10 - System Checkpoint RP295: 20.6.2012 г. 05:58:56 - System Checkpoint RP296: 21.6.2012 г. 06:13:35 - System Checkpoint RP297: 22.6.2012 г. 07:25:35 - System Checkpoint RP298: 23.6.2012 г. 08:25:35 - System Checkpoint RP299: 24.6.2012 г. 19:37:44 - System Checkpoint RP300: 25.6.2012 г. 19:49:19 - System Checkpoint RP301: 26.6.2012 г. 20:01:54 - avast! Free Antivirus Инсталация RP302: 26.6.2012 г. 23:07:30 - Software Distribution Service 3.0 RP303: 26.6.2012 г. 23:14:06 - Removed Skype Click to Call RP304: 26.6.2012 г. 23:14:22 - Removed Windows 7 USB/DVD Download Tool RP305: 27.6.2012 г. 23:38:14 - System Checkpoint . ==== Installed Programs ====================== . µTorrent 2007 Microsoft Office Suite Service Pack 2 (SP2) Adobe Acrobat 5.0 AIMP2 Apple Application Support Apple Mobile Device Support Apple Software Update avast! Free Antivirus Bandisoft MPEG-1 Decoder BulgarianPhonetic XP by G. Atanasov CCleaner Creative EAX Settings Creative Speaker Settings DAEMON Tools Toolbar Device Control Diablo III DotaKeys 1.32.00 DTS+AC3 Filter Garena Classic 2011 Garena Plus GOM Player Google Chrome Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB932716-v2) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976002-v5) IBM Printer Software Uninstall Inhatch web plugins Intel® Management Engine Interface Intel® PRO Network Connections 11.2.0.69 iTunes Java Auto Updater Java 6 Update 31 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office Access MUI (Bulgarian) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Bulgarian) 2007 Microsoft Office Groove MUI (Bulgarian) 2007 Microsoft Office InfoPath MUI (Bulgarian) 2007 Microsoft Office OneNote MUI (Bulgarian) 2007 Microsoft Office Outlook MUI (Bulgarian) 2007 Microsoft Office PowerPoint MUI (Bulgarian) 2007 Microsoft Office Proof (Bulgarian) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Russian) 2007 Microsoft Office Proofing (Bulgarian) 2007 Microsoft Office Publisher MUI (Bulgarian) 2007 Microsoft Office Shared MUI (Bulgarian) 2007 Microsoft Office Word MUI (Bulgarian) 2007 Microsoft Software Update for Web Folders (Bulgarian) 12 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 MPEG2 Codec(libmpeg2/mad) MSVC90_x86 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Nokia Connectivity Cable Driver Nokia PC Suite NVIDIA Control Panel 280.26 NVIDIA Graphics Driver 280.26 NVIDIA Install Application NVIDIA nView 135.94 NVIDIA nView Desktop Manager NVIDIA PhysX NVIDIA PhysX System Software 9.10.0514 NVIDIA Update 1.4.28 NVIDIA Update Components PC Connectivity Solution Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544521) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2559049) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2586448) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618444) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647516) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Skype™ 5.10 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB898461) Update for Windows XP (KB943729) Update for Windows XP (KB955759) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) VLC media player 1.0.5 Warcraft III: All Products WebFldrs XP Windows Driver Package - Nokia Modem (02/25/2011 4.7) Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Internet Explorer 8 Windows Media Player Firefox Plugin WinRAR 4.01 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 28.6.2012 г. 22:18:50, error: Service Control Manager [7000] - The Audio Service service failed to start due to the following error: The system cannot find the path specified. 26.6.2012 г. 23:01:17, error: System Error [1003] - Error code 1000000a, parameter1 00000023, parameter2 00000002, parameter3 00000000, parameter4 8050c667. 26.6.2012 г. 23:01:16, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bd089295, parameter3 b2216890, parameter4 00000000. 26.6.2012 г. 23:01:15, error: System Error [1003] - Error code 1000008e, parameter1 e0000001, parameter2 b8348925, parameter3 b175d704, parameter4 00000000. 26.6.2012 г. 23:01:14, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bd089295, parameter3 b1fe1890, parameter4 00000000. 26.6.2012 г. 23:01:13, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bd089295, parameter3 b26b2890, parameter4 00000000. 26.6.2012 г. 23:01:12, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bd089295, parameter3 afbe3890, parameter4 00000000. 26.6.2012 г. 23:01:11, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bd089295, parameter3 a3161890, parameter4 00000000. 26.6.2012 г. 23:01:10, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bd089295, parameter3 b19a7890, parameter4 00000000. 26.6.2012 г. 23:01:09, error: System Error [1003] - Error code 1000008e, parameter1 e0000001, parameter2 b84a8925, parameter3 ad8c62f8, parameter4 00000000. 26.6.2012 г. 23:01:03, error: System Error [1003] - Error code 1000008e, parameter1 e0000001, parameter2 b8388925, parameter3 b26a42f8, parameter4 00000000. 26.6.2012 г. 23:01:02, error: System Error [1003] - Error code 1000008e, parameter1 e0000001, parameter2 b84b0925, parameter3 b2cc02e4, parameter4 00000000. 26.6.2012 г. 23:01:01, error: System Error [1003] - Error code 1000008e, parameter1 e0000001, parameter2 b84a8925, parameter3 b25f9880, parameter4 00000000. 26.6.2012 г. 23:01:00, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bd089295, parameter3 b1c77890, parameter4 00000000. 26.6.2012 г. 23:00:58, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bd089295, parameter3 a17ad890, parameter4 00000000. 26.6.2012 г. 23:00:35, error: System Error [1003] - Error code 1000008e, parameter1 e0000001, parameter2 b84b0925, parameter3 b2516320, parameter4 00000000. 26.6.2012 г. 23:00:15, error: Service Control Manager [7000] - The Audio Service service failed to start due to the following error: The system cannot find the file specified. 24.6.2012 г. 15:54:57, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 24.6.2012 г. 15:53:34, error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s). 24.6.2012 г. 15:53:28, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 24.6.2012 г. 15:53:09, error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s). 24.6.2012 г. 15:52:41, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 24.6.2012 г. 15:51:29, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 24.6.2012 г. 15:49:41, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). 24.6.2012 г. 15:49:31, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). 24.6.2012 г. 15:49:26, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 24.6.2012 г. 15:49:23, error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Благодаря!

Стъпка 1

  • Изтеглете Malwarebytes' Anti-Malware Free от тук
  • Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.
  • Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.
  • Ако има намерени обновявания, тя ще ги изтегли и инсталира.
  • Стартирайте програмата и изберете "Perform Quick Scan", след това кликнете на Scan.
  • Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.
  • Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
  • Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.
  • Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. Копирайте този лог и го публикувайте в следващия си коментар по темата.
Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

Стъпка 2

Моля, изтеглете aswMBR и го запазете на вашия десктоп.

  • Кликнете с двоен клин на мишката върху файла aswMBR.exe за да го стартирате.
  • Изчакайте да изтегли дефинициите на avast!
  • От падащото меню посочете дял C: както е на снимката:
Публикувано изображение
  • Изберете Scan бутона, за да започне проверката.
  • Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му в следващия си коментар.

Стъпка 3

Изтеглете OTL.exe и го запазете на десктопа.

  • Стартирайте OTL (ако е необходимо, потвърдете през UAC).
  • Направете следните настройки:
  • Сложете отметка пред Scan All Users Публикувано изображение
  • Под менюто File Age изберете 90 days
  • Под менюто Standard Registry променете на ALL
  • Сложете отметки пред LOP и Purity Check
Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):

netsvcs
msconfig
safebootminimal
safebootnetwork
"%WinDir%$NtUninstallKB*$." /180
C:Program FilesCommon FilesComObjects*.* /s
%SYSTEMDRIVE%*.*
%USERPROFILE%*.*
%USERPROFILE%AppDataLocal*.*
%USERPROFILE%AppDataRoaming*.*
%ProgramData%*.*
%CommonProgramFiles%*.*
%PROGRAMFILES%*.*
%systemroot%system32configsystemprofileAppDataLocal*.*
%windir%ServiceProfilesLocalServiceAppDataLocalTemp*.*
%windir%ServiceProfilesNetworkServiceAppDataLocalTemp*.*
%windir%temp*.*
%windir%system32*.
%windir%sysnative*.
%Temp%smtmp1*.*
%Temp%smtmp2*.*
%Temp%smtmp3*.*
%Temp%smtmp4*.*
%systemroot%system32*.dll /lockedfiles
%systemroot%Tasks*.job /lockedfiles
%systemroot%system32drivers*.sys /180
%systemroot%system32drivers*.sys /lockedfiles
%systemroot%system32Spoolprtprocsw32x86*.dll
%systemroot%*. /rp /s
%systemroot%assemblytmp*.* /S /MD5
%systemroot%assemblytemp*.* /S /MD5
%systemroot%assemblyGAC*.* /S /MD5
%systemroot%assemblyGAC_32*.* /S /MD5
%SystemRoot%assemblyGAC_MSIL*.* /S /MD5
HKEY_CLASSES_ROOTCLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_CURRENT_USERSoftwareClassesCLSID{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
>C:commands.txt echo list vol /raw /hide /c
/wait
>C:DiskReport.txt diskpart /s C:commands.txt /raw /hide /c
/wait
type c:diskreport.txt /c
/wait
erase c:commands.txt /hide /c
/wait
erase c:diskreport.txt /hide /c
/md5start
REGSVR32.EXE
ilanot32.Dll
consrv.dll
services.exe
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
atapi.sys
iaStor.sys
serial.sys
volsnap.sys
disk.sys
redbook.sys
i8042prt.sys
afd.sys
netbt.sys
csc.sys
tcpip.sys
dfsc.sys
hlp.dat
/md5stop
  • Натиснете маркираният в синьо бутон: Run Scan.
  • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

В следващия си коментар, моля публикувайте следните лог файлове:

  • Лог файлът от Malwarebytes' Anti-Malware
  • Лог файлът от aswMBR
  • Лог файлът от OTL, заедно с Extras.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.04.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 niki :: NICKY [administrator] Protection: Enabled 04.7.2012 г. 21:32:38 mbam-log-2012-07-04 (21-32-38).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 195689 Time elapsed: 4 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830 (Worm.AutoRun) -> Quarantined and deleted successfully. Files Detected: 1 C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\Desktop.ini (Worm.AutoRun) -> Quarantined and deleted successfully. (end) aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-04 21:39:32 ----------------------------- 21:39:32.343 OS Version: Windows 5.1.2600 Service Pack 3 21:39:32.343 Number of processors: 2 586 0xF06 21:39:32.343 ComputerName: NICKY UserName: niki 21:39:33.343 Initialize success 21:39:34.625 AVAST engine defs: 12062901 21:39:51.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 21:39:51.140 Disk 0 Vendor: ExcelStor_Technology_J8160S P22OA70A Size: 157066MB BusType: 3 21:39:51.156 Disk 0 MBR read successfully 21:39:51.156 Disk 0 MBR scan 21:39:51.218 Disk 0 Windows XP default MBR code 21:39:51.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 37063 MB offset 63 21:39:51.218 Disk 0 Partition - 00 0F Extended LBA 120001 MB offset 75907125 21:39:51.234 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60000 MB offset 75907188 21:39:51.234 Disk 0 Partition - 00 05 Extended 60000 MB offset 198788310 21:39:51.250 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 60000 MB offset 198788373 21:39:51.250 Disk 0 scanning sectors +321669495 21:39:51.328 Disk 0 scanning C:\WINDOWS\system32\drivers 21:39:57.765 Service scanning 21:40:06.265 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32 21:40:08.828 Modules scanning 21:40:16.234 Disk 0 trace - called modules: 21:40:16.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spzy.sys >>UNKNOWN [0x89df7938]<< 21:40:16.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d8cab8] 21:40:16.234 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000006b[0x89d959e8] 21:40:16.234 5 ACPI.sys[b7e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-10[0x89d26b00] 21:40:16.484 AVAST engine scan C:\ 22:14:12.531 Scan finished successfully 22:15:16.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\niki\Desktop\MBR.dat" 22:15:16.359 The log file has been saved successfully to "C:\Documents and Settings\niki\Desktop\aswMBR.txt" ===============================

OTL.Txt

Extras.Txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Базата ви данни на Malwarebytes' Anti-Malware е много стара. Моля, обновете и повторете стъпките.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.