Премини към съдържанието

    Препоръчан отговор


    има ли някакви съмнения или всичко е ок ?не разбирам нищо Благодаря!

    hijack.rtf

    Редактирано от icotonev (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте..!Да.... системата ви е инфектирана,използвате Windows XP Service Pack 2,който е спрян от поддръжка още преди две години.Не виждам правилно работеща антивирусна програма.Моля внимателно прочетете и следвайте стъпките на тази тема: Системата ми е инфектирана - Какво да правя сега?. Очаквам дневници от програмата DDS (точка 5). :)

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    компа е доста стар DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 6.0.2900.2180 Run by JORO at 18:52:56 on 2012-07-11 Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.254.13 [GMT 3:00] . . ============== Running Processes ================ . C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE D:трявнаekrn.exe C:WINDOWSsystem32ctfmon.exe C:WINDOWSSystem32alg.exe C:Program FilesSkypePhoneSkype.exe D:mozilfirefox.exe C:WINDOWSsystem32wbemwmiprvse.exe C:WINDOWSSystem32svchost.exe -k netsvcs C:WINDOWSsystem32svchost.exe -k NetworkService C:WINDOWSsystem32svchost.exe -k LocalService C:WINDOWSsystem32svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie mWinlogon: SFCDisable = dword:-99 EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N uExplorerRun: [qwzmwbmr] qgtqkzujdrldqiapkg.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:149 uPolicies-Explorer: NoCDBurning = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:1 mPolicies-System: EnableLUA = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:0 mPolicies-System: EnableInstallerDetection = dword:0 mPolicies-System: EnableSecureUIAPaths = dword:0 mPolicies-System: EnableVirtualization = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: &Search - <no file> IE: Google Sidewiki... - <no file> IE: Translate this web page with Babylon - <no file> IE: Translate with Babylon - <no file> TCP: NameServer = 192.168.1.1 TCP: Interfaces{1AEA982C-C068-456B-B16C-922455851FA4} : DHCPNameServer = 192.168.1.1 SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll LSA: Authentication Packages = msv1_0 nwprovau . ================= FIREFOX =================== . FF - ProfilePath - c:documents and settingsjoroapplication datamozillafirefoxprofiles244386wl.default FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/ FF - component: c:documents and settingsjoroapplication datamozillafirefoxprofiles244386wl.defaultextensionsengine@conduit.comcomponentsRadioWMPCoreGecko19.dll FF - plugin: c:program filesgoogleupdate1.3.21.111npGoogleUpdate3.dll FF - plugin: c:program filesmicrosoft silverlight4.0.60129.0npctrlui.dll FF - plugin: c:windowssystem32macromedflashNPSWF32_11_3_300_262.dll . ============= SERVICES / DRIVERS =============== . R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [2009-5-12 107256] R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [2009-5-12 94360] R2 ekrn;ESET Service;d:трявнаekrn.exe [2009-5-12 731840] R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:windowssystem32driversctlsb16.sys [2010-2-3 96256] R3 EL910;3Com 3CSOHO100B-TX PCI;c:windowssystem32driversEL910N51.sys [2011-6-8 38400] S2 gupdate;Google Update Service (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2010-2-4 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32macromedflashFlashPlayerUpdateService.exe [2012-6-15 250056] S3 DrvAgent32;DrvAgent32;c:windowssystem32driversDrvAgent32.sys [2011-7-13 23456] S3 gupdatem;Google Update Service (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2010-2-4 135664] S3 oinwstrdh;oinwstrdh;??c:windowssystem3201.tmp --> c:windowssystem3201.tmp [?] S3 SASENUM;SASENUM;??f:program filessuperantispywaresasenum.sys --> f:program filessuperantispywareSASENUM.SYS [?] . =============== File Associations =============== . FileExt: .txt: ApplicationsWordPad.exe="c:program fileswindows ntaccessoriesWORDPAD.EXE" "%1" [userChoice] ShellExec: Foxit Reader.exe: print="e:program filesfoxit softwarefoxit readerFoxit Reader.exe"/p "%1" ShellExec: Foxit Reader.exe: printto="e:program filesfoxit softwarefoxit readerFoxit Reader.exe"/t "%1" "%2" "%3" "%4" . =============== Created Last 30 ================ . 2012-07-11 11:59:08 388096 ----a-r- c:documents and settingsjoroapplication datamicrosoftinstaller{45a66726-69bc-466b-a7a4-12fcba4883d7}HiJackThis.exe 2012-06-15 14:19:46 426184 ----a-w- c:windowssystem32FlashPlayerApp.exe 2012-06-15 14:19:45 70344 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl . ==================== Find3M ==================== . . ============= FINISH: 18:54:17,40 ===============

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Първо,да премахнем активните зарази:

    Публикувано изображение Изтеглете ComboFix Публикувано изображение от тук и го запазете на десктопа си.

    • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.
    Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs
    • Стартирайте Combo-Fix.com Публикувано изображение и следвайте инструкциите.
    Бележка: ComboFix ще се стартира без инсталирана Recovery Console.
    • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.
    • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.
    ** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

    Публикувано изображение

    След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

    Публикувано изображение

    Изберете Yes, за да продължи сканирането за зловреден софтуер.

    Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:ComboFix.txt в следващия Ви коментар в тази тема.

    Бележка:

    • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
    • ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
    • ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
    • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
    • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:BUG.txt в следващия Ви коментар в тази тема.
    Публикувано изображение Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    не можах да разбера само коя ми е антишпионска програма не знаех че има такава на компа?


    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    не можах да разбера само коя ми е антишпионска програма не знаех че има такава на компа?

    А къде е ставало въпрос за антишпионска програма..?Ако визирате инструкцията ми за сканиране с Комбофикс..нали се сещате че това е обща инструкция и я използвам във всички теми в този раздел...?Вие нямате антишпионска програма ..ама другия човек в другата тема има....!За вас се отнася само да изключите антивирусната си програма.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ComboFix 12-07-11.03 - JORO 07.2012 г. 11:14:49.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.254.105 [GMT 3:00] Running from: c:documents and settingsJORODesktopComboFix.exe * Created a new restore point . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:documents and settingsAll UsersApplication DataTEMP c:documents and settingsJOROWINDOWS c:windowssystem32driversetchosts.ics c:windowsXSxS . c:windowssystem32srsvc.dll . . . is infected!! . . ((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 ))))))))))))))))))))))))))))))) . . 2012-07-11 11:59 . 2012-07-11 11:59 388096 ----a-r- c:documents and settingsJOROApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2012-06-15 14:19 . 2012-06-23 17:58 426184 ----a-w- c:windowssystem32FlashPlayerApp.exe 2012-06-15 14:19 . 2012-06-23 17:58 70344 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-19 16:59 . 2010-02-12 18:49 47104 -c--a-w- c:program filesmozilla firefoxcomponentsFFComm.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-02-12 . 655D2BD5CD09A4CD5B430050B91A7950 . 146432 . . [5.1.2600.2180] . . c:windowsregedit.exe . [-] 2010-02-12 . E3487C9BA13AF080CF5A8F1F6B980F33 . 15360 . . [5.1.2600.2180] . . c:windowssystem32ctfmon.exe . . . c:windowsSystem32srsvc.dll ... is missing !! c:windowsSystem32wscntfy.exe ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce] "_nltide_3"="advpack.dll" [2004-08-04 99840] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "EnableVirtualization"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreguTorrent . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-] "C-Media Mixer"=Mixer.exe /startup "Adobe Reader Speed Launcher"="d:programi ot cdReaderReader_sl.exe" "HP Software Update"=d:hpHP Software UpdateHPWuSchd2.exe . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] "%windir%system32sessmgr.exe"= "c:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE"= "c:Program FilesMicrosoft OfficeOffice12GROOVE.EXE"= "c:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE"= "d:HPDigital Imagingbinhpqtra08.exe"= "d:HPDigital Imagingbinhpqste08.exe"= "d:HPDigital Imagingbinhpofxm08.exe"= "d:HPDigital Imagingbinhposfx08.exe"= "d:HPDigital Imagingbinhposid01.exe"= "d:HPDigital Imagingbinhpqscnvw.exe"= "d:HPDigital Imagingbinhpqkygrp.exe"= "d:HPDigital ImagingbinhpqCopy.exe"= "d:HPDigital Imagingbinhpfccopy.exe"= "d:HPDigital Imagingbinhpzwiz01.exe"= "d:HPDigital ImagingUnloadHpqPhUnl.exe"= "d:HPDigital ImagingUnloadHpqDIA.exe"= "d:HPDigital Imagingbinhpoews01.exe"= "d:HPDigital Imagingbinhpqnrs08.exe"= "c:Program FilesOperaopera.exe"= "c:Program FilesOperapluginwrapperopera_plugin_wrapper.exe"= "c:Program FilesSkypePhoneSkype.exe"= . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList] "1483:TCP"= 1483:TCP:svznsm . R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [12.5.2009 г. 06:33 107256] R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [12.5.2009 г. 06:34 94360] R2 ekrn;ESET Service;d:трявнаekrn.exe [12.5.2009 г. 06:33 731840] R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:windowssystem32driversctlsb16.sys [03.2.2010 г. 01:49 96256] R3 EL910;3Com 3CSOHO100B-TX PCI;c:windowssystem32driversEL910N51.sys [08.6.2011 г. 15:54 38400] S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [04.2.2010 г. 02:17 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [15.6.2012 г. 17:19 250056] S3 DrvAgent32;DrvAgent32;c:windowssystem32driversDrvAgent32.sys [13.7.2011 г. 21:58 23456] S3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [04.2.2010 г. 02:17 135664] S3 oinwstrdh;oinwstrdh;??c:windowssystem3201.tmp --> c:windowssystem3201.tmp [?] S3 SASENUM;SASENUM;??f:program filesSUPERAntiSpywareSASENUM.SYS --> f:program filesSUPERAntiSpywareSASENUM.SYS [?] . HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost - NetSvcs paovxprvs . Contents of the 'Scheduled Tasks' folder . 2012-07-11 c:windowsTasksAdobe Flash Player Updater.job - c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-06-15 17:58] . 2012-07-12 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2010-02-03 23:17] . 2012-07-11 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2010-02-03 23:17] . . ------- Supplementary Scan ------- . uStart Page = about:blank uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Google Sidewiki... IE: Translate this web page with Babylon IE: Translate with Babylon TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:documents and settingsJOROApplication DataMozillaFirefoxProfiles244386wl.default FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/ . - - - - ORPHANS REMOVED - - - - . AddRemove-HijackThis - c:documents and settingsJORODesktopHijackThis.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-12 11:26 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINESystemControlSet001Servicesoinwstrdh] "ImagePath"="??c:windowssystem3201.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINEsoftwareClasses.swfOpenWithList] @DACL=(02 0000) . [HKEY_LOCAL_MACHINEsoftwareClassesFlashProp.FlashPropCurVer] @DACL=(02 0000) @="FlashProp.FlashProp.1" . Completion time: 2012-07-12 11:32:30 ComboFix-quarantined-files.txt 2012-07-12 08:32 . Pre-Run: 16 350 322 688 bytes free Post-Run: 16 351 318 016 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe . - - End Of File - - F38E92D554874BABBDE4CB3F7C301CD5

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

    KILLALL::
    
    ClearJavaCache::
    
    File::
    c:windowssystem3201.tmp
    
    Driver::
    oinwstrdh
    
    NetSvc::
    paovxprvs
    
    DDS::
    uExplorerRun: [qwzmwbmr] qgtqkzujdrldqiapkg.exe
    IE: &Search - <no file>
    IE: Google Sidewiki... - <no file>
    IE: Translate this web page with Babylon - <no file>
    IE: Translate with Babylon - <no file>
    
    Registry::
    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
    "1483:TCP"=-
    
    

    След съхранението преместете CFScript.txt на иконата на ComboFix.exe

    Публикувано изображение

    Генерирания рапорт прикачете в следващия си пост..!

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    :D

    Start ==> Run ==> в отворилия се прозорец въвеждате Notepad.exe ==> ок

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    не ми излези никакъв лог ? да го повторя пак ? или ?

    Редактирано от ManUnited (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ..намира се в C:Qoobox ..в тази папка има файл ComboFix.txt (възможно е и файлаовете да изглеждат така ComboFix1..2...3 .txt)....копиайте съдържанието им в следващия си пост.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    това ли е? ComboFix 12-07-11.03 - JORO 07.2012 г. 11:14:49.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.254.105 [GMT 3:00] Running from: c:documents and settingsJORODesktopComboFix.exe * Created a new restore point . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:documents and settingsAll UsersApplication DataTEMP c:documents and settingsJOROWINDOWS c:windowssystem32driversetchosts.ics c:windowsXSxS . c:windowssystem32srsvc.dll . . . is infected!! . . ((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 ))))))))))))))))))))))))))))))) . . 2012-07-11 11:59 . 2012-07-11 11:59 388096 ----a-r- c:documents and settingsJOROApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2012-06-15 14:19 . 2012-06-23 17:58 426184 ----a-w- c:windowssystem32FlashPlayerApp.exe 2012-06-15 14:19 . 2012-06-23 17:58 70344 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-19 16:59 . 2010-02-12 18:49 47104 -c--a-w- c:program filesmozilla firefoxcomponentsFFComm.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-02-12 . 655D2BD5CD09A4CD5B430050B91A7950 . 146432 . . [5.1.2600.2180] . . c:windowsregedit.exe . [-] 2010-02-12 . E3487C9BA13AF080CF5A8F1F6B980F33 . 15360 . . [5.1.2600.2180] . . c:windowssystem32ctfmon.exe . . . c:windowsSystem32srsvc.dll ... is missing !! c:windowsSystem32wscntfy.exe ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce] "_nltide_3"="advpack.dll" [2004-08-04 99840] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "EnableVirtualization"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreguTorrent . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-] "C-Media Mixer"=Mixer.exe /startup "Adobe Reader Speed Launcher"="d:programi ot cdReaderReader_sl.exe" "HP Software Update"=d:hpHP Software UpdateHPWuSchd2.exe . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] "%windir%system32sessmgr.exe"= "c:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE"= "c:Program FilesMicrosoft OfficeOffice12GROOVE.EXE"= "c:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE"= "d:HPDigital Imagingbinhpqtra08.exe"= "d:HPDigital Imagingbinhpqste08.exe"= "d:HPDigital Imagingbinhpofxm08.exe"= "d:HPDigital Imagingbinhposfx08.exe"= "d:HPDigital Imagingbinhposid01.exe"= "d:HPDigital Imagingbinhpqscnvw.exe"= "d:HPDigital Imagingbinhpqkygrp.exe"= "d:HPDigital ImagingbinhpqCopy.exe"= "d:HPDigital Imagingbinhpfccopy.exe"= "d:HPDigital Imagingbinhpzwiz01.exe"= "d:HPDigital ImagingUnloadHpqPhUnl.exe"= "d:HPDigital ImagingUnloadHpqDIA.exe"= "d:HPDigital Imagingbinhpoews01.exe"= "d:HPDigital Imagingbinhpqnrs08.exe"= "c:Program FilesOperaopera.exe"= "c:Program FilesOperapluginwrapperopera_plugin_wrapper.exe"= "c:Program FilesSkypePhoneSkype.exe"= . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList] "1483:TCP"= 1483:TCP:svznsm . R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [12.5.2009 г. 06:33 107256] R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [12.5.2009 г. 06:34 94360] R2 ekrn;ESET Service;d:трявнаekrn.exe [12.5.2009 г. 06:33 731840] R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:windowssystem32driversctlsb16.sys [03.2.2010 г. 01:49 96256] R3 EL910;3Com 3CSOHO100B-TX PCI;c:windowssystem32driversEL910N51.sys [08.6.2011 г. 15:54 38400] S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [04.2.2010 г. 02:17 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [15.6.2012 г. 17:19 250056] S3 DrvAgent32;DrvAgent32;c:windowssystem32driversDrvAgent32.sys [13.7.2011 г. 21:58 23456] S3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [04.2.2010 г. 02:17 135664] S3 oinwstrdh;oinwstrdh;??c:windowssystem3201.tmp --> c:windowssystem3201.tmp [?] S3 SASENUM;SASENUM;??f:program filesSUPERAntiSpywareSASENUM.SYS --> f:program filesSUPERAntiSpywareSASENUM.SYS [?] . HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost - NetSvcs paovxprvs . Contents of the 'Scheduled Tasks' folder . 2012-07-11 c:windowsTasksAdobe Flash Player Updater.job - c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-06-15 17:58] . 2012-07-12 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2010-02-03 23:17] . 2012-07-11 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2010-02-03 23:17] . . ------- Supplementary Scan ------- . uStart Page = about:blank uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Google Sidewiki... IE: Translate this web page with Babylon IE: Translate with Babylon TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:documents and settingsJOROApplication DataMozillaFirefoxProfiles244386wl.default FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/ . - - - - ORPHANS REMOVED - - - - . AddRemove-HijackThis - c:documents and settingsJORODesktopHijackThis.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-12 11:26 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINESystemControlSet001Servicesoinwstrdh] "ImagePath"="??c:windowssystem3201.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINEsoftwareClasses.swfOpenWithList] @DACL=(02 0000) . [HKEY_LOCAL_MACHINEsoftwareClassesFlashProp.FlashPropCurVer] @DACL=(02 0000) @="FlashProp.FlashProp.1" . Completion time: 2012-07-12 11:32:30 ComboFix-quarantined-files.txt 2012-07-12 08:32 . Pre-Run: 16 350 322 688 bytes free Post-Run: 16 351 318 016 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe . - - End Of File - - F38E92D554874BABBDE4CB3F7C301CD5

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Само този ли е ..? Това е от първоначалното сканиране...Трябва ми другия..резултат от изпълнение на скрипта.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    А можете ли да архивирате цялата папка C:Qoobox и да я качите на някой сървър ..например тук:

    http://www.zippyshare.com/ и после публикувайте линк за да я изтегля...!

    С две думи да ви обясня какво се случва в момента и защо държа на тези логове..Така,след като ви написах скрипт (пост 8) с цел да премахна вирусите от системата ви...Искам да видя резултата и без този лог това е невъзможно..!

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ами друг сайт да ми дадете,защото не иска да се качва тука то е 55кв

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Добре..! :)

    Публикувано изображение Изтрийте вашето копие на Комбофикс (като изтриете иконата Публикувано изображение от вашия десктоп)...изтеглете ново свежо копие от тук и го запазете на десктопа си.Направете нова проверка по инструкцията в пост 4.

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ComboFix 12-07-12.02 - JORO 07.2012 г. 18:57:43.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.254.55 [GMT 3:00] Running from: c:documents and settingsJOROMy DocumentsDownloadsComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:windowssystem32srsvc.dll . . . is infected!! . . ((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 ))))))))))))))))))))))))))))))) . . 2012-07-11 11:59 . 2012-07-11 11:59 388096 ----a-r- c:documents and settingsJOROApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2012-06-15 14:19 . 2012-06-23 17:58 426184 ----a-w- c:windowssystem32FlashPlayerApp.exe 2012-06-15 14:19 . 2012-06-23 17:58 70344 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-19 16:59 . 2010-02-12 18:49 47104 -c--a-w- c:program filesmozilla firefoxcomponentsFFComm.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-02-12 . 655D2BD5CD09A4CD5B430050B91A7950 . 146432 . . [5.1.2600.2180] . . c:windowsregedit.exe . [-] 2010-02-12 . E3487C9BA13AF080CF5A8F1F6B980F33 . 15360 . . [5.1.2600.2180] . . c:windowssystem32ctfmon.exe . ((((((((((((((((((((((((((((( SnapShot@2012-07-12_08.27.01 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-07 10:26 . 2012-07-12 13:22 1744 c:windowssystem32d3d9caps.dat - 2010-02-07 10:26 . 2012-07-11 11:16 1744 c:windowssystem32d3d9caps.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce] "_nltide_3"="advpack.dll" [2004-08-04 99840] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "EnableVirtualization"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-] "C-Media Mixer"=Mixer.exe /startup "Adobe Reader Speed Launcher"="d:programi ot cdReaderReader_sl.exe" "HP Software Update"=d:hpHP Software UpdateHPWuSchd2.exe . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] "%windir%system32sessmgr.exe"= "c:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE"= "c:Program FilesMicrosoft OfficeOffice12GROOVE.EXE"= "c:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE"= "d:HPDigital Imagingbinhpqtra08.exe"= "d:HPDigital Imagingbinhpqste08.exe"= "d:HPDigital Imagingbinhpofxm08.exe"= "d:HPDigital Imagingbinhposfx08.exe"= "d:HPDigital Imagingbinhposid01.exe"= "d:HPDigital Imagingbinhpqscnvw.exe"= "d:HPDigital Imagingbinhpqkygrp.exe"= "d:HPDigital ImagingbinhpqCopy.exe"= "d:HPDigital Imagingbinhpfccopy.exe"= "d:HPDigital Imagingbinhpzwiz01.exe"= "d:HPDigital ImagingUnloadHpqPhUnl.exe"= "d:HPDigital ImagingUnloadHpqDIA.exe"= "d:HPDigital Imagingbinhpoews01.exe"= "d:HPDigital Imagingbinhpqnrs08.exe"= "c:Program FilesOperaopera.exe"= "c:Program FilesOperapluginwrapperopera_plugin_wrapper.exe"= "c:Program FilesSkypePhoneSkype.exe"= . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList] "1483:TCP"= 1483:TCP:svznsm . R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [12.5.2009 г. 06:33 107256] R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [12.5.2009 г. 06:34 94360] R2 ekrn;ESET Service;d:трявнаekrn.exe [12.5.2009 г. 06:33 731840] R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:windowssystem32driversctlsb16.sys [03.2.2010 г. 01:49 96256] R3 EL910;3Com 3CSOHO100B-TX PCI;c:windowssystem32driversEL910N51.sys [08.6.2011 г. 15:54 38400] S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [04.2.2010 г. 02:17 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [15.6.2012 г. 17:19 250056] S3 DrvAgent32;DrvAgent32;c:windowssystem32driversDrvAgent32.sys [13.7.2011 г. 21:58 23456] S3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [04.2.2010 г. 02:17 135664] S3 oinwstrdh;oinwstrdh;??c:windowssystem3201.tmp --> c:windowssystem3201.tmp [?] S3 SASENUM;SASENUM;??f:program filesSUPERAntiSpywareSASENUM.SYS --> f:program filesSUPERAntiSpywareSASENUM.SYS [?] . HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost - NetSvcs paovxprvs . Contents of the 'Scheduled Tasks' folder . 2012-07-12 c:windowsTasksAdobe Flash Player Updater.job - c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-06-15 17:58] . 2012-07-12 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2010-02-03 23:17] . 2012-07-12 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2010-02-03 23:17] . . ------- Supplementary Scan ------- . uStart Page = about:blank uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Google Sidewiki... IE: Translate this web page with Babylon IE: Translate with Babylon TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:documents and settingsJOROApplication DataMozillaFirefoxProfiles244386wl.default FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-12 19:09 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINESystemControlSet001Servicesoinwstrdh] "ImagePath"="??c:windowssystem3201.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINEsoftwareClasses.swfOpenWithList] @DACL=(02 0000) . [HKEY_LOCAL_MACHINEsoftwareClassesFlashProp.FlashPropCurVer] @DACL=(02 0000) @="FlashProp.FlashProp.1" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(524) c:windowssystem32msi.dll . Completion time: 2012-07-12 19:14:25 ComboFix-quarantined-files.txt 2012-07-12 16:14 ComboFix2.txt 2012-07-12 08:32 . Pre-Run: 16 297 762 816 bytes free Post-Run: 16 299 057 152 bytes free . - - End Of File - - F7A0F57898C8C5B42DDF5F26852F6B0D

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Мисля че тъпчем на едно и също място цял ден....Имам чуството че не сте изпълнили първия ми скрипт...така няма да се получи за съжаление..!

    Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

    KILLALL::
    
    ClearJavaCache::
    
    File::
    c:windowssystem3201.tmp
    
    Driver::
    oinwstrdh
    
    NetSvc::
    paovxprvs
    
    Registry::
    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
    "1483:TCP"=-
    

    След съхранението преместете CFScript.txt на иконата на ComboFix.exe

    Публикувано изображение

    Генерирания рапорт прикачете в следващия си пост..!

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ComboFix 12-07-11.03 - JORO 07.2012 г. 11:14:49.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.254.105 [GMT 3:00] Running from: c:documents and settingsJORODesktopComboFix.exe * Created a new restore point . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:documents and settingsAll UsersApplication DataTEMP c:documents and settingsJOROWINDOWS c:windowssystem32driversetchosts.ics c:windowsXSxS . c:windowssystem32srsvc.dll . . . is infected!! . . ((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 ))))))))))))))))))))))))))))))) . . 2012-07-11 11:59 . 2012-07-11 11:59 388096 ----a-r- c:documents and settingsJOROApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2012-06-15 14:19 . 2012-06-23 17:58 426184 ----a-w- c:windowssystem32FlashPlayerApp.exe 2012-06-15 14:19 . 2012-06-23 17:58 70344 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-19 16:59 . 2010-02-12 18:49 47104 -c--a-w- c:program filesmozilla firefoxcomponentsFFComm.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-02-12 . 655D2BD5CD09A4CD5B430050B91A7950 . 146432 . . [5.1.2600.2180] . . c:windowsregedit.exe . [-] 2010-02-12 . E3487C9BA13AF080CF5A8F1F6B980F33 . 15360 . . [5.1.2600.2180] . . c:windowssystem32ctfmon.exe . . . c:windowsSystem32srsvc.dll ... is missing !! c:windowsSystem32wscntfy.exe ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce] "_nltide_3"="advpack.dll" [2004-08-04 99840] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "EnableVirtualization"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreguTorrent . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-] "C-Media Mixer"=Mixer.exe /startup "Adobe Reader Speed Launcher"="d:programi ot cdReaderReader_sl.exe" "HP Software Update"=d:hpHP Software UpdateHPWuSchd2.exe . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] "%windir%system32sessmgr.exe"= "c:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE"= "c:Program FilesMicrosoft OfficeOffice12GROOVE.EXE"= "c:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE"= "d:HPDigital Imagingbinhpqtra08.exe"= "d:HPDigital Imagingbinhpqste08.exe"= "d:HPDigital Imagingbinhpofxm08.exe"= "d:HPDigital Imagingbinhposfx08.exe"= "d:HPDigital Imagingbinhposid01.exe"= "d:HPDigital Imagingbinhpqscnvw.exe"= "d:HPDigital Imagingbinhpqkygrp.exe"= "d:HPDigital ImagingbinhpqCopy.exe"= "d:HPDigital Imagingbinhpfccopy.exe"= "d:HPDigital Imagingbinhpzwiz01.exe"= "d:HPDigital ImagingUnloadHpqPhUnl.exe"= "d:HPDigital ImagingUnloadHpqDIA.exe"= "d:HPDigital Imagingbinhpoews01.exe"= "d:HPDigital Imagingbinhpqnrs08.exe"= "c:Program FilesOperaopera.exe"= "c:Program FilesOperapluginwrapperopera_plugin_wrapper.exe"= "c:Program FilesSkypePhoneSkype.exe"= . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList] "1483:TCP"= 1483:TCP:svznsm . R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [12.5.2009 г. 06:33 107256] R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [12.5.2009 г. 06:34 94360] R2 ekrn;ESET Service;d:трявнаekrn.exe [12.5.2009 г. 06:33 731840] R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:windowssystem32driversctlsb16.sys [03.2.2010 г. 01:49 96256] R3 EL910;3Com 3CSOHO100B-TX PCI;c:windowssystem32driversEL910N51.sys [08.6.2011 г. 15:54 38400] S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [04.2.2010 г. 02:17 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [15.6.2012 г. 17:19 250056] S3 DrvAgent32;DrvAgent32;c:windowssystem32driversDrvAgent32.sys [13.7.2011 г. 21:58 23456] S3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [04.2.2010 г. 02:17 135664] S3 oinwstrdh;oinwstrdh;??c:windowssystem3201.tmp --> c:windowssystem3201.tmp [?] S3 SASENUM;SASENUM;??f:program filesSUPERAntiSpywareSASENUM.SYS --> f:program filesSUPERAntiSpywareSASENUM.SYS [?] . HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost - NetSvcs paovxprvs . Contents of the 'Scheduled Tasks' folder . 2012-07-11 c:windowsTasksAdobe Flash Player Updater.job - c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-06-15 17:58] . 2012-07-12 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2010-02-03 23:17] . 2012-07-11 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2010-02-03 23:17] . . ------- Supplementary Scan ------- . uStart Page = about:blank uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Google Sidewiki... IE: Translate this web page with Babylon IE: Translate with Babylon TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:documents and settingsJOROApplication DataMozillaFirefoxProfiles244386wl.default FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/ . - - - - ORPHANS REMOVED - - - - . AddRemove-HijackThis - c:documents and settingsJORODesktopHijackThis.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-12 11:26 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINESystemControlSet001Servicesoinwstrdh] "ImagePath"="??c:windowssystem3201.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINEsoftwareClasses.swfOpenWithList] @DACL=(02 0000) . [HKEY_LOCAL_MACHINEsoftwareClassesFlashProp.FlashPropCurVer] @DACL=(02 0000) @="FlashProp.FlashProp.1" . Completion time: 2012-07-12 11:32:30 ComboFix-quarantined-files.txt 2012-07-12 08:32 . Pre-Run: 16 350 322 688 bytes free Post-Run: 16 351 318 016 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe . - - End Of File - - F38E92D554874BABBDE4CB3F7C301CD5 друго не ми излиза правя така както казвате не знам изкара ми два лога затова и двата пускам не знам дали не са едни и същи ComboFix 12-07-12.02 - JORO 07.2012 г. 9:45.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.254.85 [GMT 3:00] Running from: c:documents and settingsJOROMy DocumentsDownloadsComboFix.exe Command switches used :: c:documents and settingsJORODesktopCFScript.txt.txt * Created a new restore point . FILE :: "c:windowssystem3201.tmp" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:windowssystem32srsvc.dll . . . is infected!! . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------Service_oinwstrdh . . ((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 ))))))))))))))))))))))))))))))) . . 2012-07-13 05:53 . 2012-07-13 05:53 -------- d-----w- c:windowssystem32xircom 2012-07-13 05:53 . 2012-07-13 05:53 -------- d-----w- c:windowssystem32wbemsnmp 2012-07-13 05:53 . 2012-07-13 05:53 -------- d-----w- c:windowssystem32restore 2012-07-13 05:53 . 2012-07-13 05:53 -------- d-----w- c:windowshelp 2012-07-13 05:53 . 2012-07-13 05:53 -------- d-----w- c:program filesmicrosoft frontpage 2012-07-11 11:59 . 2012-07-11 11:59 388096 ----a-r- c:documents and settingsJOROApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2012-06-15 14:19 . 2012-07-12 16:57 426184 ----a-w- c:windowssystem32FlashPlayerApp.exe 2012-06-15 14:19 . 2012-07-12 16:57 70344 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-19 16:59 . 2010-02-12 18:49 47104 -c--a-w- c:program filesmozilla firefoxcomponentsFFComm.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-02-12 . 655D2BD5CD09A4CD5B430050B91A7950 . 146432 . . [5.1.2600.2180] . . c:windowsregedit.exe . [-] 2010-02-12 . E3487C9BA13AF080CF5A8F1F6B980F33 . 15360 . . [5.1.2600.2180] . . c:windowssystem32ctfmon.exe . ((((((((((((((((((((((((((((( SnapShot@2012-07-12_08.27.01 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-07 10:26 . 2012-07-12 13:22 1744 c:windowssystem32d3d9caps.dat - 2010-02-07 10:26 . 2012-07-11 11:16 1744 c:windowssystem32d3d9caps.dat + 2012-07-12 16:57 . 2012-07-12 16:57 686280 c:windowssystem32MacromedFlashFlashUtil32_11_3_300_265_Plugin.exe + 2012-06-15 14:19 . 2012-07-12 16:58 250056 c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe - 2012-06-15 14:19 . 2012-06-23 17:58 250056 c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe + 2012-07-12 16:57 . 2012-07-12 16:57 9465032 c:windowssystem32MacromedFlashNPSWF32_11_3_300_265.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce] "_nltide_3"="advpack.dll" [2004-08-04 99840] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "EnableVirtualization"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-] "C-Media Mixer"=Mixer.exe /startup "Adobe Reader Speed Launcher"="d:programi ot cdReaderReader_sl.exe" "HP Software Update"=d:hpHP Software UpdateHPWuSchd2.exe . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] "%windir%system32sessmgr.exe"= "c:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE"= "c:Program FilesMicrosoft OfficeOffice12GROOVE.EXE"= "c:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE"= "d:HPDigital Imagingbinhpqtra08.exe"= "d:HPDigital Imagingbinhpqste08.exe"= "d:HPDigital Imagingbinhpofxm08.exe"= "d:HPDigital Imagingbinhposfx08.exe"= "d:HPDigital Imagingbinhposid01.exe"= "d:HPDigital Imagingbinhpqscnvw.exe"= "d:HPDigital Imagingbinhpqkygrp.exe"= "d:HPDigital ImagingbinhpqCopy.exe"= "d:HPDigital Imagingbinhpfccopy.exe"= "d:HPDigital Imagingbinhpzwiz01.exe"= "d:HPDigital ImagingUnloadHpqPhUnl.exe"= "d:HPDigital ImagingUnloadHpqDIA.exe"= "d:HPDigital Imagingbinhpoews01.exe"= "d:HPDigital Imagingbinhpqnrs08.exe"= "c:Program FilesOperaopera.exe"= "c:Program FilesOperapluginwrapperopera_plugin_wrapper.exe"= "c:Program FilesSkypePhoneSkype.exe"= . R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [12.5.2009 г. 06:33 107256] R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [12.5.2009 г. 06:34 94360] R2 ekrn;ESET Service;d:трявнаekrn.exe [12.5.2009 г. 06:33 731840] R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:windowssystem32driversctlsb16.sys [03.2.2010 г. 01:49 96256] R3 EL910;3Com 3CSOHO100B-TX PCI;c:windowssystem32driversEL910N51.sys [08.6.2011 г. 15:54 38400] S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [04.2.2010 г. 02:17 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [15.6.2012 г. 17:19 250056] S3 DrvAgent32;DrvAgent32;c:windowssystem32driversDrvAgent32.sys [13.7.2011 г. 21:58 23456] S3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [04.2.2010 г. 02:17 135664] S3 SASENUM;SASENUM;??f:program filesSUPERAntiSpywareSASENUM.SYS --> f:program filesSUPERAntiSpywareSASENUM.SYS [?] . Contents of the 'Scheduled Tasks' folder . 2012-07-13 c:windowsTasksAdobe Flash Player Updater.job - c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-06-15 16:58] . 2012-07-13 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2010-02-03 23:17] . 2012-07-13 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2010-02-03 23:17] . . ------- Supplementary Scan ------- . uStart Page = about:blank uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:documents and settingsJOROApplication DataMozillaFirefoxProfiles244386wl.default FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-13 10:04 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINEsoftwareClasses.swfOpenWithList] @DACL=(02 0000) . [HKEY_LOCAL_MACHINEsoftwareClassesFlashProp.FlashPropCurVer] @DACL=(02 0000) @="FlashProp.FlashProp.1" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(912) c:windowssystem32msi.dll . ------------------------ Other Running Processes ------------------------ . d:c:WINDOWSsystem32svchost.exe . ************************************************************************** . Completion time: 2012-07-13 10:09:57 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-13 07:09 ComboFix2.txt 2012-07-12 16:14 ComboFix3.txt 2012-07-12 08:32 . Pre-Run: 16 405 745 664 bytes free Post-Run: 16 325 029 888 bytes free . - - End Of File - - 7C0510F78C699D6DCC826D664C658D91 това ми излиза когато започне програма

    Нов Microsoft Office Word Document.doc

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Хубаво....доло-горе сме се справили донякъде...Имаме още работа..!

    Публикувано изображениеЗадължително,изтеглете Windows XP Service Pack 3 (SP3) и запомнете на вашия десктоп.Затворете всички приложения и стартирате.След като процедурата завърши рестартирате вашия компютър.

    Публикувано изображение Изтеглете Security Check (автор: screen317) от тук или от тук и го запишете на десктопа.

    • Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.
    • Когато програмата завърши работата си, ще се отвори един текстов документ: checkup.txt.
    • Копирайте съдържанието на checkup.txt с Копирай (Copy) и с Постави (Paste) го поставете в следващия си коментар.
    Публикувано изображение Изтеглете Malwarebytes' Anti-Malware или от тук

    * Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.

    * Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.

    * Ако има намерени обновявания, тя ще ги изтегли и инсталира.

    * Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.

    * Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.

    * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.

    * Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.

    * Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. Копирайте този лог и го публикувайте в следващия си коментар по темата.

    Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

    • Харесва ми 3

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    само да пита за този pack3 има ли някакви изисквания за параметри на компа,защото е слабичък и няма много дисково пространство?или не пречи ?и уиндоуса не е оригинал

    Редактирано от ManUnited (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    • Горещи теми в момента

    • Подобни теми

      • от vasilvas
        Имам съмнения, че системата ми е инфектирана. Ето логовете генерирани от D.D.S


        Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-09-30.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 22.4.2010 г. 11:13:49 System Uptime: 06.8.2012 г. 11:12:32 (0 hours ago) . Motherboard: | | 4Core1333-FullHD Processor: Genuine Intel(R) CPU 2160 @ 1.80GHz | CPUSocket | 1795/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 29 GiB total, 10,8 GiB free. D: is FIXED (NTFS) - 120 GiB total, 61,129 GiB free. E: is CDROM () F: is CDROM () G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP199: 04.8.2012 г. 12:05:57 - System Checkpoint RP200: 04.8.2012 г. 15:34:57 - Installed Python 3.2.3 RP201: 04.8.2012 г. 22:33:28 - Software Distribution Service 3.0 RP202: 05.8.2012 г. 13:37:43 - Installed Oracle VM VirtualBox 4.1.18 RP203: 06.8.2012 г. 08:56:58 - Software Distribution Service 3.0 RP204: 06.8.2012 г. 11:25:58 - Software Distribution Service 3.0 . ==== Installed Programs ====================== . Архиватор WinRAR µTorrent Acoustica Effects Pack Acoustica Mixcraft 5 Adobe After Effects CS3 Adobe After Effects CS3 Presets Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Audition CS5.5 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Community Help Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe Media Player Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS5 Adobe Reader X (10.1.1) Adobe Setup Adobe Shockwave Player 11.6 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Video Profiles Adobe XMP DVA Panels CS3 Adobe XMP Panels CS3 Advanced SystemCare 5 Akamai NetSession Interface Antares Autotune VST v5.09 Apple Application Support Apple Software Update Assassin's Creed Audacity 2.0 Auto Shut Down 1.2 AviSynth 2.5 Babylon toolbar on IE Bandicam Bandisoft MPEG-1 Decoder BFL_FIFA_10 Blender (remove only) BSPlayer Build Your Own Net Dream (remove only) Camtasia Studio 7 Cheat Engine 6.0 Combined Community Codec Pack BETA 2009-12-03 Counter-Strike 1.6 Professional Edition v2.0 CPUID CPU-Z 1.60 Curse Client CyberGhost VPN DAudioK 0.1.9 beta Decal Converter DeskPins (remove only) DirectVobSub 2.40.3093 x86 Dragon Nest SEA EA SPORTS online 2006 EASEUS Partition Master 9.1.0 Home Edition EasyBits GO Enable Viacam 1.5.3 File Type Assistant FileZilla Client 3.3.5.1 Florensia 2.00.01 Foxit Reader Fraps (remove only) Game Booster 3 GameGain Garena Plus GMail Drive Shell Extension GOM Player Google Земя Google App Engine Google Toolbar for Internet Explorer Google Update Helper Haali Media Splitter Havij 1.14 Free Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB932716-v2) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Hotspot Shield 2.67 Icy Tower v1.5 ImgBurn Instant HD Advanced ItaEst - Taka e! Java Auto Updater Java(TM) 6 Update 22 Just Great Software EditPad Lite 7.0.4 K-Lite Mega Codec Pack 5.1.0 KillProcess 2.44 Left 4 Dead Left 4 Dead Standalone Patch LogMeIn Hamachi MacroGamer 2.7.5 Malwarebytes Anti-Malware version 1.62.0.1300 ManyCam 2.6.55 (remove only) Mass Effect 2 MessengerDiscovery 3.2.180 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Antimalware Microsoft Application Error Reporting Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Choice Guard Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2008 Management Objects Microsoft SQL Server 2008 Native Client Microsoft SQL Server Compact 3.5 SP1 Design Tools English Microsoft SQL Server Compact 3.5 SP1 English Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual Basic 6.0 Professional Edition Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Web Publishing Wizard 1.53 Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 Microsoft XML Parser Microsoft XNA Framework Redistributable 4.0 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 MKVtoolnix 4.8.0 Motherboard Monitor 5 Mozilla Firefox 10.0 (x86 en-US) Mozilla Thunderbird (3.1.3) MSI Afterburner 2.1.0 MSN MSVCRT MSVCRT Redists MSXML 4.0 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB933579) Naruto Naiteki Kensei Nero 8 Lite Nexon Game Manager nHancer No-IP DUC Norton PartitionMagic Norton PartitionMagic 8.0 Note-It v4.6 Notepad++ NVIDIA Control Panel 301.42 NVIDIA Graphics Driver 301.42 NVIDIA Install Application NVIDIA nView 135.95 NVIDIA PhysX NVIDIA PhysX System Software 9.12.0213 NVIDIA Update 1.8.15 NVIDIA Update Components Oracle VM VirtualBox 4.1.18 Orbit Downloader oZone3D.Net FurMark v1.8.2 Panda USB Vaccine 1.0.1.4 Pando Media Booster PCSX2 - Playstation 2 Emulator PDF Settings CS5 PE Explorer 1.99 R6 PerfectDisk 12 Professional PicPick Pivot Stickfigure Animator PlayClaw Pro Evolution Soccer 2012 1.01 Prototype Proxifier version 2.7 Python 2.6.4 Python 3.2.3 QuickStores-Toolbar 1.1.0 QuickTime QuickTime Alternative 1.76 Rapidshare Auto Downloader 4.1 RapidTyping ReadManiac 2.5.2 Realtek High Definition Audio Driver RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition S4 League_EU Samsung USB Driver Sandboxie 3.64 (32-bit) Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Groove 2007 (KB2552997) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SecurityKISS Tunnel v0.1.4 Segoe UI Skype Click to Call Skype™ 5.10 Source SDK Base 2007 SQL Server System CLR Types Steam Subtitle Workshop 2.51 SUPERAntiSpyware swMSM System Requirements Lab CYRI Team Fortress 2 The Witcher Enhanced Edition tools-freebsd tools-linux tools-netware tools-solaris tools-windows tools-winPre2k Total Video Converter 3.71 100812 TrackerPro 1.0 Trapcode Particular v2 TrueBug PHP Obfuscator & Encoder 1.2 TVUPlayer 2.5.0.1 Unity Web Player Unlocker 1.9.1 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Outlook 2007 Junk Email Filter (KB2596560) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows Internet Explorer 8 (KB2632503) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows Internet Explorer 8 (KB980302) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2492386) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB980182) uTorrentControl2 Toolbar V-Ray for 3dsmax 2010 for x86 V-Ray for 3dsmax R9 for x86 Vegas Pro 10.0 Ventrilo Client Vid-Saver Video Enhancer 1.9.6 VideoMach Vindictus EU VirtualDub Filter Pack 1.0 VisualBee for Microsoft PowerPoint VisualSubSync (remove only) VLC media player 2.0.2 vloader-bg 1.55 vloader 2.7 VMware Workstation VobSub v2.23 (Remove Only) web beanfun! Web Page Maker V3.21 WebFldrs XP Winamp WinAVI Video Converter WinDirStat 1.1.2 WinDjView 1.0.3 Windows 7 USB/DVD Download Tool Windows Driver Package - Sony PSP Type B (11/20/2005 20051120) Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player Firefox Plugin WinHTTrack Website Copier 3.44-1 World of Warcraft Wrye Bash XML Paper Specification Shared Components Pack 1.0 . ==== Event Viewer Messages From Past Week ======== . 06.8.2012 г. 11:21:18, error: Dhcp [1002] - The IP address lease 10.37.8.74 for the Network Card with network address 00FF68C21D2C has been denied by the DHCP server 10.23.39.254 (The DHCP Server sent a DHCPNACK message). 06.8.2012 г. 11:14:36, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: amdide1 06.8.2012 г. 11:13:08, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 06.8.2012 г. 09:29:10, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1411.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 06.8.2012 г. 08:44:56, error: Dhcp [1002] - The IP address lease 10.95.16.121 for the Network Card with network address 00FF68C21D2C has been denied by the DHCP server 10.37.15.254 (The DHCP Server sent a DHCPNACK message). 05.8.2012 г. 23:19:33, error: Dhcp [1002] - The IP address lease 10.69.8.92 for the Network Card with network address 00FF68C21D2C has been denied by the DHCP server 10.95.23.254 (The DHCP Server sent a DHCPNACK message). 05.8.2012 г. 23:15:23, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 05.8.2012 г. 22:34:50, error: Dhcp [1002] - The IP address lease 10.73.56.92 for the Network Card with network address 00FF68C21D2C has been denied by the DHCP server 10.69.15.254 (The DHCP Server sent a DHCPNACK message). 05.8.2012 г. 21:49:40, error: Dhcp [1002] - The IP address lease 10.31.8.61 for the Network Card with network address 00FF68C21D2C has been denied by the DHCP server 10.73.63.254 (The DHCP Server sent a DHCPNACK message). 05.8.2012 г. 21:29:05, error: Dhcp [1002] - The IP address lease 10.69.16.4 for the Network Card with network address 00FF68C21D2C has been denied by the DHCP server 10.31.15.254 (The DHCP Server sent a DHCPNACK message). 05.8.2012 г. 18:25:30, error: Dhcp [1002] - The IP address lease 10.94.8.111 for the Network Card with network address 00FF68C21D2C has been denied by the DHCP server 10.69.23.254 (The DHCP Server sent a DHCPNACK message). 05.8.2012 г. 15:48:40, error: Dhcp [1002] - The IP address lease 10.2.24.70 for the Network Card with network address 00FF68C21D2C has been denied by the DHCP server 10.94.15.254 (The DHCP Server sent a DHCPNACK message). 05.8.2012 г. 15:46:30, error: Dhcp [1002] - The IP address lease 10.42.16.57 for the Network Card with network address 00FF68C21D2C has been denied by the DHCP server 10.2.31.254 (The DHCP Server sent a DHCPNACK message). 05.8.2012 г. 13:48:45, error: Dhcp [1002] - The IP address lease 10.36.40.36 for the Network Card with network address 00FF68C21D2C has been denied by the DHCP server 10.42.23.254 (The DHCP Server sent a DHCPNACK message). 05.8.2012 г. 13:45:25, error: Dhcp [1002] - The IP address lease 10.90.48.32 for the Network Card with network address 00FF68C21D2C has been denied by the DHCP server 10.36.47.254 (The DHCP Server sent a DHCPNACK message). 05.8.2012 г. 13:38:31, error: PSched [14107] - QoS [Adapter {01303991-7A1D-4911-84D5-68E77D5DD8CC}]: The Packet Scheduler could not initialize the virtual miniport with NDIS. 05.8.2012 г. 12:11:31, error: Dhcp [1002] - The IP address lease 10.48.8.5 for the Network Card with network address 00FF68C21D2C has been denied by the DHCP server 10.90.55.254 (The DHCP Server sent a DHCPNACK message). 05.8.2012 г. 11:48:14, error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s). 05.8.2012 г. 11:46:59, error: Dhcp [1002] - The IP address lease 10.23.48.77 for the Network Card with network address 00FF68C21D2C has been denied by the DHCP server 10.48.15.254 (The DHCP Server sent a DHCPNACK message). 05.8.2012 г. 09:39:56, error: Dhcp [1002] - The IP address lease 10.129.253.210 for the Network Card with network address 00FFC4A12518 has been denied by the DHCP server 10.129.140.165 (The DHCP Server sent a DHCPNACK message). 04.8.2012 г. 12:05:30, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000011E' while processing the file 'h2-ui-peers.ini' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 04.8.2012 г. 09:00:34, error: Dhcp [1002] - The IP address lease 10.129.140.166 for the Network Card with network address 00FFC4A12518 has been denied by the DHCP server 10.129.253.209 (The DHCP Server sent a DHCPNACK message). 03.8.2012 г. 14:03:03, error: Dhcp [1002] - The IP address lease 10.129.100.70 for the Network Card with network address 00FFC4A12518 has been denied by the DHCP server 10.129.100.69 (The DHCP Server sent a DHCPNACK message). 03.8.2012 г. 10:55:53, error: Dhcp [1002] - The IP address lease 10.129.140.166 for the Network Card with network address 00FFC4A12518 has been denied by the DHCP server 10.129.253.209 (The DHCP Server sent a DHCPNACK message). 03.8.2012 г. 09:31:06, error: Dhcp [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 00196658B5C0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 02.8.2012 г. 20:54:51, error: Dhcp [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 00196658B5C0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 02.8.2012 г. 14:26:15, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 01.8.2012 г. 16:57:01, error: Dhcp [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 00196658B5C0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). . ==== End Of File ===========================
        DDS: DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22 Run by User at 11:25:15 on 2012-08-06 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.1023.190 [GMT 3:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ============== Running Processes ================ . D:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IObit\Game Booster 3\gbtray.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Hotspot Shield\bin\hsswd.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe C:\WINDOWS\system32\NLSSRV32.EXE C:\Program Files\Sandboxie\SbieCtrl.exe C:\WINDOWS\system32\nvsvc32.exe C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe D:\Program Files\Raxco\PerfectDisk\PDAgent.exe D:\Program Files\DeskPins\DeskPins.exe C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Hotspot Shield\bin\openvpntray.exe C:\Program Files\Notepad++\notepad++.exe D:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hotspot Shield\bin\openvpn.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Hotspot Shield\bin\fbw.exe C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k Akamai C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uProxyOverride = 127.0.0.1:9421;<local>;*.local uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll mWinlogon: Userinit = userinit.exe, BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - c:\program files\orbitdownloader\orbitcth.dll BHO: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - c:\program files\babylontoolbar\babylontoolbar\1.5.29.1\bh\BabylonToolbar.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - c:\program files\utorrentcontrol2\prxtbuTor.dll TB: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - c:\program files\babylontoolbar\babylontoolbar\1.5.29.1\BabylonToolbarTlbr.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [Akamai NetSession Interface] "c:\documents and settings\user\local settings\application data\akamai\netsession_win.exe" uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Advanced SystemCare 5] "d:\program files\iobit\advanced systemcare 5\ASCTray.exe" /Manual uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "d:\program files\quicktime alternative\qttask.exe" -atboottime mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\user\startm~1\programs\startup\deskpins.lnk - d:\program files\deskpins\DeskPins.exe mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: ForceClassicControlPanel = dword:1 IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204 IE: &Search - <no file> IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: %SystemRoot%\system32\PrxerDrv.dll LSP: d:\new folder\vsocklib.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {3352B5B9-82E8-4FFD-9EB1-1A3E60056904} - hxxp://www.chilkatsoft.com/download/ChilkatCrypt2.cab DPF: {708BFDA5-5B56-435B-8227-726021E197E9} - hxxp://us.beanfun.com/beanfun_block/embeds/BFServiceAdapter.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab TCP: NameServer = 79.100.192.3 79.100.192.1 TCP: Interfaces\{01303991-7A1D-4911-84D5-68E77D5DD8CC} : DHCPNameServer = 79.100.192.3 79.100.192.1 TCP: Interfaces\{68C21D2C-984A-47F1-9A0B-92FF1B5F6109} : DHCPNameServer = 10.23.32.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\uvqjemag.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q= FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\uvqjemag.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll FF - plugin: c:\documents and settings\all users\application data\nexoneu\ngm\npNxGameeu.dll FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\uvqjemag.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\byond\bin\npbyond.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll FF - plugin: d:\program files\quicktime alternative\plugins\npqtplugin.dll FF - plugin: d:\program files\quicktime alternative\plugins\npqtplugin2.dll FF - plugin: d:\program files\quicktime alternative\plugins\npqtplugin3.dll FF - plugin: d:\program files\quicktime alternative\plugins\npqtplugin4.dll FF - plugin: d:\program files\quicktime alternative\plugins\npqtplugin5.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113597 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q= FF - user.js: extensions.BabylonToolbar.id - 1cd4190b00000000000000ffc4a12518 FF - user.js: extensions.BabylonToolbar.instlDay - 15555 FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1 FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.114:13:41 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165648] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2012-8-5 158552] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2012-8-5 91992] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-1-15 497496] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-3-4 21992] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-28 1373576] R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-8-3 476016] R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2012-8-3 387440] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-27 655944] R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-3-21 68928] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-6-27 1262400] R2 PDFSFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2011-9-7 66832] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-11-11 70768] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-27 22344] R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-2-8 133392] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2012-6-5 104792] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2012-6-5 116056] S0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [2009-10-26 9096] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Услуга Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-16 136176] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944] S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336] S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\cyberghost vpn\CGVPNCliService.exe [2012-8-2 2438696] S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-2-9 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-2-9 8456] S3 GGSAFERDriver;GGSAFER Driver;\??\d:\garena\garena plus\room\safedrv.sys --> d:\garena\garena plus\room\safedrv.sys [?] S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-16 136176] S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2011-6-21 29184] S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-2-22 22400] S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2011-8-19 26112] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?] S3 XDva387;XDva387;\??\c:\windows\system32\xdva387.sys --> c:\windows\system32\XDva387.sys [?] S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?] S3 XDva390;XDva390;\??\c:\windows\system32\xdva390.sys --> c:\windows\system32\XDva390.sys [?] S3 XDva391;XDva391;\??\c:\windows\system32\xdva391.sys --> c:\windows\system32\XDva391.sys [?] S4 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-11-11 539248] . =============== File Associations =============== . ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1" ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4" ShellExec: FOXITR~1.EXE: print="c:\progra~1\foxits~1\foxitr~1\FOXITR~1.EXE"/p "%1" ShellExec: FOXITR~1.EXE: printto="c:\progra~1\foxits~1\foxitr~1\FOXITR~1.EXE"/t "%1" "%2" "%3" "%4" . =============== Created Last 30 ================ . 2012-08-06 08:18:00 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0b827f07-8021-4efe-b800-aa760d76c8f2}\offreg.dll 2012-08-06 08:12:17 -------- d-----w- c:\windows\system32\Hotspot Shield 2012-08-05 11:44:13 -------- d-----w- c:\documents and settings\user\.VirtualBox 2012-08-05 10:38:08 158552 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-08-05 10:38:04 91992 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-08-05 07:28:07 561992 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor10.dll 2012-08-05 07:27:23 -------- d-----w- c:\documents and settings\all users\application data\Hotspot Shield 2012-08-05 07:26:56 -------- d-----w- c:\program files\Hotspot Shield 2012-08-04 19:33:34 6891424 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0b827f07-8021-4efe-b800-aa760d76c8f2}\mpengine.dll 2012-08-04 12:35:42 98304 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{789c9644-9f82-44d3-b4ca-ac31f46f5882}\python_icon.exe 2012-08-03 20:22:02 270304 ----a-w- c:\program files\mozilla firefox\updater.exe 2012-08-03 20:22:02 19424 ----a-w- c:\program files\mozilla firefox\xpcom.dll 2012-08-03 20:22:02 15621088 ----a-w- c:\program files\mozilla firefox\xul.dll 2012-08-03 20:20:58 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2012-08-03 20:20:58 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2012-08-03 20:20:58 118240 ----a-w- c:\program files\mozilla firefox\crashreporter.exe 2012-08-03 20:20:57 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2012-08-03 20:20:55 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2012-08-03 20:20:55 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll 2012-08-03 12:35:04 -------- d-----w- c:\program files\RAR Password Cracker 2012-08-03 11:15:51 -------- d-----w- c:\documents and settings\user\local settings\application data\VisualBeeExe 2012-08-03 11:14:27 -------- d-----w- c:\documents and settings\user\application data\BabylonToolbar 2012-08-03 11:13:53 -------- d-----w- c:\program files\BabylonToolbar 2012-08-03 11:13:03 -------- d-----w- c:\documents and settings\user\local settings\application data\Vid-Saver 2012-08-03 11:12:58 -------- d-----w- c:\program files\Vid-Saver 2012-08-03 11:12:54 -------- d-----w- c:\documents and settings\all users\VisualBee 2012-08-03 11:12:49 -------- d-----w- c:\documents and settings\user\local settings\application data\Babylon 2012-08-03 11:12:49 -------- d-----w- c:\documents and settings\all users\application data\Babylon 2012-08-03 11:12:48 -------- d-----w- c:\documents and settings\user\application data\Babylon 2012-08-02 11:31:07 -------- d-----w- c:\program files\CyberGhost VPN 2012-08-01 14:15:48 -------- d-----w- c:\documents and settings\user\local settings\application data\ManyCam 2012-08-01 14:15:45 -------- d-----w- c:\documents and settings\user\application data\ManyCam 2012-08-01 07:06:01 -------- d-----w- c:\documents and settings\all users\application data\Ask 2012-07-25 06:28:15 -------- d-----w- c:\documents and settings\user\local settings\application data\MessengerDiscovery 2012-07-25 06:27:19 -------- d-----w- c:\documents and settings\all users\application data\MessengerDiscovery 2012-07-24 20:11:54 39656 ----a-w- c:\windows\system32\drivers\HssDrv.sys 2012-07-24 20:11:50 33512 ----a-w- c:\windows\system32\drivers\taphss.sys 2012-07-24 19:25:20 -------- d-----w- c:\documents and settings\user\Tracing 2012-07-24 19:22:00 -------- d-----w- c:\program files\Microsoft 2012-07-24 19:21:40 -------- d-----w- c:\program files\Windows Live SkyDrive 2012-07-24 19:16:13 -------- d-----w- c:\program files\common files\Windows Live 2012-07-19 18:38:07 -------- d-----w- c:\documents and settings\user\application data\DVDVideoSoft . ==================== Find3M ==================== . 2012-07-03 10:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-27 11:53:14 1075248 ----a-w- c:\windows\system32\nvdrsdb0.bin 2012-06-27 11:53:14 1 ----a-w- c:\windows\system32\nvdrssel.bin 2012-06-27 11:53:08 1075248 ----a-w- c:\windows\system32\nvdrsdb1.bin 2012-06-25 05:25:17 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys 2012-06-25 05:25:16 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2012-06-05 13:33:00 116056 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2012-06-05 13:33:00 104792 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2012-06-05 13:32:58 135512 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll 2012-05-26 09:43:52 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-26 09:43:52 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-15 10:18:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:18:00 65536 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:18:00 6012928 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:18:00 4373248 ----a-w- c:\windows\system32\nv4_disp.dll 2012-05-15 10:18:00 2530624 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:18:00 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:18:00 2359808 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:18:00 18771968 ----a-w- c:\windows\system32\nvoglnt.dll 2012-05-15 10:18:00 17543168 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:18:00 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-05-15 10:18:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe 2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe 2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll . ============= FINISH: 11:28:26,57 ===============
      • от korica
        Здравейте. Пуснал съм тема относно моят проблем, но ме опътиха към една от вашите теми понеже има съмнение за вирус който явно "яде" от дисковото ми пространство. От няколко дена доло в дясно до часовника ми алармира "disk cleanup" че нямам място в локален диск "c://" Трия, правя, струвам както и с CCleaner така и мн трудно се освобождава дисково пространсво коетоми е важно на мен. Локалният диск ми е 9гб когато му дам - свойство на диск "c://" пише, че целия диск е пълен, а когато отворя диска и хвана всички папки в локания диск и им дам свойства показва, че са заети само - 6,60гб, интересно ми е къде се губят др. 2гб. Онзи ден освободих повече от Гигабайт дисково пространство в локален диск "c://" и вчера пак почна да алармира ,че е пълен без да съм инсталирал и правил нищо. Съфорумниците предположиха, че може да е вирус и ме опътиха към ваша тема с правилата за пускане на теми тук. Аз сканирам редовно със - Hitman pro 3.6.1, EmergencyKitScanner, Advanced SystemCare най-новата весия която е със вградена антивирусна но никоя програма не намира зловреден софтуер. За това ще следвам вашите инструкции и се надявам да ми кажете със сиг. дали имам зловреден софтуер на компютъра ми. Операционната ми Система е Уиндоус ЕксПи. Ето и логовете от DDS която изтеглих от тук: DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31 Run by User at 10:31:13 on 2012-07-19 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.1023.397 [GMT 3:00] . AV: Advanced SystemCare with Antivirus *Enabled/Outdated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30} AV: Spy Emergency *Disabled/Updated* {82117492-906E-4b02-A33A-84D42A2DD907} SP: Spy Emergency *Enabled/Updated* {82117492-906E-4b02-A33A-84D42A2DD907} . ============== Running Processes ================ . E:\Programs\install\Advanced SystemCare with Antivirus 2013\ascsvc.exe E:\Programs\install\Advanced SystemCare with Antivirus 2013\ascavsvc.exe C:\Program Files\HitmanPro\hmpsched.exe C:\WINXP\Explorer.EXE C:\WINXP\system32\spoolsv.exe C:\WINXP\SOUNDMAN.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINXP\system32\RunDLL32.exe C:\WINXP\system32\ctfmon.exe E:\Programs\install\Advanced SystemCare with Antivirus 2013\ASCTray.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINXP\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\WINXP\system32\wscntfy.exe C:\WINXP\System32\alg.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINXP\system32\wbem\wmiprvse.exe C:\WINXP\System32\svchost.exe -k netsvcs C:\WINXP\system32\svchost.exe -k NetworkService C:\WINXP\system32\svchost.exe -k LocalService C:\WINXP\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_0 uInternet Connection Wizard,ShellNext = iexplore BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [CTFMON.EXE] c:\winxp\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [Advanced SystemCare 5] "e:\programs\install\advanced systemcare with antivirus 2013\ASCTray.exe" /AutoStart mRun: [soundMan] SOUNDMAN.EXE mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\winxp\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet dRun: [CTFMON.EXE] c:\winxp\system32\CTFMON.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Add to Google Photos Screensa&ver - c:\winxp\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: Interfaces\{7752504E-6AF9-4364-801A-538D62C930A2} : NameServer = 87.120.0.1 87.120.0.10 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winxp\system32\wpdshserviceobj.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\n0no40zi.default\ FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\winxp\system32\macromed\flash\NPSWF32_11_3_300_265.dll . ============= SERVICES / DRIVERS =============== . R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;e:\programs\install\advanced systemcare with antivirus 2013\ASCSvc.exe [2012-7-18 513920] R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;e:\programs\install\advanced systemcare with antivirus 2013\ASCAvSvc.exe [2012-7-18 896896] R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2012-6-27 105832] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-4-13 2348352] R2 V2WCDRV;Video2Webcam;c:\winxp\system32\drivers\V2WCDRV.sys [2012-6-26 1053056] S0 mqqmi;mqqmi;c:\winxp\system32\drivers\jlmxchn.sys --> c:\winxp\system32\drivers\jlmxchn.sys [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\winxp\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-13 250056] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-17 113120] . =============== Created Last 30 ================ . 2012-07-19 07:02:25 34736 ----a-w- c:\winxp\system32\drivers\RKHit.sys 2012-07-18 20:24:11 -------- d-----w- c:\program files\CCleaner 2012-07-18 12:12:26 340624 ----a-w- c:\winxp\system32\drivers\trufos.sys 2012-07-18 12:12:24 353096 ----a-w- c:\winxp\system32\drivers\bdfsfltr.sys 2012-07-17 23:05:40 -------- d-----w- c:\program files\Xenocode 2012-07-17 22:19:47 -------- d-----w- c:\documents and settings\user\application data\Pointstone 2012-07-17 22:19:29 -------- d-----w- c:\program files\Pointstone 2012-07-17 06:30:31 -------- d-----w- c:\documents and settings\user\local settings\application data\Downloaded Installations 2012-07-14 16:14:00 1172480 ----a-w- c:\winxp\system32\SET829.tmp 2012-07-14 16:13:49 153088 ------w- c:\winxp\system32\SET826.tmp 2012-07-14 16:13:35 8463872 ------w- c:\winxp\system32\SET823.tmp 2012-07-11 07:54:03 -------- d-----w- c:\program files\IObit 2012-07-04 09:23:42 -------- d-----w- c:\documents and settings\all users\application data\{D76294E6-03B8-4971-AF2E-3F846161A690} 2012-07-04 09:23:42 -------- d-----w- c:\documents and settings\all users\application data\{6F2F3866-38AD-4f48-852C-2FF5DE7A7588} 2012-07-01 18:11:32 -------- d-----w- c:\documents and settings\user\application data\QuuSoft 2012-06-30 19:32:34 -------- d-----w- c:\program files\KoralSoft 2012-06-28 13:11:03 -------- d--h--w- c:\documents and settings\all users\application data\Common Files 2012-06-28 13:10:20 -------- d-----w- c:\documents and settings\all users\application data\MFAData 2012-06-27 23:12:48 32768 ----a-w- c:\winxp\system32\drivers\sp_rsdrv2.sys 2012-06-27 10:26:10 -------- d-----w- c:\program files\HitmanPro 2012-06-27 10:25:40 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro 2012-06-27 09:41:18 -------- d-----w- c:\documents and settings\user\local settings\application data\Identities 2012-06-27 08:45:40 1054 ---ha-w- C:\aaw7boot.cmd 2012-06-26 10:23:17 -------- d-----w- c:\winxp\system32\wbem\repository\FS 2012-06-26 10:23:17 -------- d-----w- c:\winxp\system32\wbem\Repository 2012-06-26 09:40:14 -------- d-----w- c:\documents and settings\user\local settings\application data\CRE 2012-06-26 07:06:20 258352 ----a-w- c:\winxp\system32\Unicows.dll 2012-06-26 07:06:20 224016 ----a-w- c:\winxp\system32\TABCTL32.OCX 2012-06-26 07:06:20 140288 ----a-w- c:\winxp\system32\COMDLG32.OCX 2012-06-25 13:46:42 -------- d--h--w- c:\winxp\PIF . ==================== Find3M ==================== . 2012-07-12 16:05:20 426184 ----a-w- c:\winxp\system32\FlashPlayerApp.exe 2012-07-12 16:05:19 70344 ----a-w- c:\winxp\system32\FlashPlayerCPLApp.cpl 2012-06-17 07:52:26 293992 ----a-w- c:\winxp\system32\nvdrsdb1.bin 2012-06-17 07:52:26 1 ----a-w- c:\winxp\system32\nvdrssel.bin 2012-06-13 13:29:09 1875072 ----a-w- c:\winxp\system32\win32k.sys 2012-06-08 13:16:32 60416 ----a-w- c:\winxp\ALCFDRTM.VER 2012-06-05 15:48:30 1447936 ----a-w- c:\winxp\system32\msxml6.dll 2012-06-05 14:48:08 356352 ----a-w- c:\winxp\eSellerateEngine.dll 2012-05-31 13:22:09 599040 ----a-w- c:\winxp\system32\crypt32.dll 2012-05-24 07:48:10 21376 ----a-w- c:\winxp\system32\RegistryDefragBootTime.exe 2012-05-16 15:06:45 920064 ------w- c:\winxp\system32\SET105.tmp 2012-05-15 13:27:44 1872128 ------w- c:\winxp\system32\_000013_.tmp.dll 2012-05-11 14:41:34 630272 ------w- c:\winxp\system32\SET10D.tmp 2012-05-11 14:41:34 6009344 ------w- c:\winxp\system32\SET10B.tmp 2012-05-11 14:41:34 55296 ------w- c:\winxp\system32\SET10C.tmp 2012-05-11 14:41:34 43520 ----a-w- c:\winxp\system32\licmgr10.dll 2012-05-11 14:41:34 2001408 ------w- c:\winxp\system32\SET111.tmp 2012-05-11 14:41:34 1469440 ----a-w- c:\winxp\system32\inetcpl.cpl 2012-05-11 14:41:34 1214464 ------w- c:\winxp\system32\SET106.tmp 2012-05-11 14:41:34 11112960 ------w- c:\winxp\system32\SET113.tmp 2012-05-11 14:41:34 105984 ------w- c:\winxp\system32\SET107.tmp 2012-05-11 12:12:55 385024 ----a-w- c:\winxp\system32\html.iec 2012-05-04 13:20:50 2192640 ----a-w- c:\winxp\system32\ntoskrnl.exe 2012-05-04 12:41:08 2069120 ----a-w- c:\winxp\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\winxp\system32\drivers\rdpwd.sys . ============= FINISH: 10:31:28,45 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-09-30.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 07.5.2005 г. 18:24:05 System Uptime: 19.7.2012 г. 10:05:12 (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | A8N-SLI Processor: AMD Athlon™ 64 Processor 3200+ | Socket 939 | 2015/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 10 GiB total, 0,327 GiB free. D: is FIXED (NTFS) - 39 GiB total, 0,248 GiB free. E: is FIXED (NTFS) - 39 GiB total, 1,447 GiB free. F: is FIXED (NTFS) - 39 GiB total, 1,365 GiB free. G: is FIXED (NTFS) - 20 GiB total, 0,585 GiB free. H: is FIXED (NTFS) - 7 GiB total, 0,795 GiB free. I: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP148: 15.7.2012 г. 20:29:33 - Контролна точка на системата RP149: 17.7.2012 г. 09:30:56 - Installed O&O Defrag Professional. RP150: 17.7.2012 г. 09:53:34 - Removed O&O Defrag Professional. RP151: 18.7.2012 г. 10:35:02 - Контролна точка на системата RP152: 18.7.2012 г. 23:15:43 - IObit Uninstaller restore point . ==== Installed Programs ====================== . µTorrent 7-Zip 9.20 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) Advanced SystemCare with Antivirus 2013 AsusUpdate AVS Update Manager 1.0 AVS4YOU Software Navigator 1.4 CCleaner Cool & Quiet Counter-Strike 1.6 Version 29, Exe build: 3647 Counter-Strike Non-Steam Cumulative Patch 24 Dictionary .NET 5.0.4545 ffdshow [rev 2975] [2009-05-28] Google Chrome HitmanPro 3.6 Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB976002-v5) Java Auto Updater Java™ 6 Update 31 KoralSoft - EuroDictXP Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Office Access MUI (Bulgarian) 2007 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Bulgarian) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (Bulgarian) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (Bulgarian) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Language Pack 2007 - Bulgarian/български Microsoft Office O MUI (Bulgarian) 2007 Microsoft Office OneNote MUI (Bulgarian) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (Bulgarian) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (Bulgarian) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (Bulgarian) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Russian) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Bulgarian) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (Bulgarian) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (Bulgarian) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (Bulgarian) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office X MUI (Bulgarian) 2007 Microsoft Software Update for Web Folders (Bulgarian) 12 Microsoft Software Update for Web Folders (English) 12 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox 13.0.1 (x86 bg) Mozilla Maintenance Service NVIDIA Control Panel 296.10 NVIDIA Drivers NVIDIA Graphics Driver 296.10 NVIDIA Install Application NVIDIA nView 136.18 NVIDIA Update 1.7.11 NVIDIA Update Components Picasa 3 QuickTime Alternative 2.8.0 Real Alternative 1.9.0 Realtek AC'97 Audio sala's Terminal Server Patch 2.1 Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Media Player (KB975558) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB980195) SkypeCap Skype™ 3.8 System Cleaner 6 The KMPlayer (remove only) Update for Microsoft Windows (KB971513) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows Internet Explorer 8 (KB2632503) Update for Windows XP (KB2467659) Update for Windows XP (KB2492386) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB898461) Update for Windows XP (KB971029) Video2Webcam Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP Winamp Windows Bulgarian Interface Pack Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Genuine Advantage Validation Tool (KB892130) WinRAR 4.10 (32-битова версия) . ==== Event Viewer Messages From Past Week ======== . 15.7.2012 г. 00:00:59, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 15.7.2012 г. 00:00:58, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 14.7.2012 г. 23:57:16, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 14.7.2012 г. 23:57:16, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 14.7.2012 г. 19:07:59, error: Service Control Manager [7034] - The AdvancedSystemCareAntivirus service terminated unexpectedly. It has done this 1 time(s). 14.7.2012 г. 19:07:38, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied. 14.7.2012 г. 12:11:17, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 14.7.2012 г. 12:10:17, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 14.7.2012 г. 12:10:17, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) . ==== End Of File =========================== Благодаря. Edit: Тук в логовете сега като ги прегледах видях, че уиндолса прави някакви ъпдейти а уж ъпдейтите съм ги изключил.
      • от Just Human..
        Здравейте колеги, днес инсталирах Аваст (бях без антивирусна около 1 месец). Инсталирах я защото почнаха да се показват сини еркани (температурите са ми в норма), както и това, че не мога да спирам някой процеси от мениджъра на задачите (с Край на задачата даже). Такива проблеми ми правят BIttorrent както и днес mbam. Eто и логовете от DDS:
        DDS (Ver_2011-09-30.01) - NTFS_x86
        Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_17
        Run by sControl at 21:14:32 on 2012-07-16
        Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.1023.344 [GMT 3:00]
        .
        AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
        .
        ============== Running Processes ================
        .
        C:\Program Files\AVAST Software\Avast\AvastSvc.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\Program Files\AVAST Software\Avast\avastUI.exe
        C:\Program Files\Skype\Phone\Skype.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Application Updater\ApplicationUpdater.exe
        C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\Program Files\VentSrv\ventrilo_svc.exe
        C:\Program Files\VentSrv\ventrilo_srv.exe
        C:\WINDOWS\System32\alg.exe
        C:\Program Files\Skype\Plugin Manager\skypePM.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\Mozilla Firefox\plugin-container.exe
        C:\Program Files\DAEMON Tools Lite\DTLite.exe
        C:\WINDOWS\system32\wbem\wmiprvse.exe
        C:\WINDOWS\System32\svchost.exe -k netsvcs
        C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
        C:\WINDOWS\system32\svchost.exe -k NetworkService
        C:\WINDOWS\system32\svchost.exe -k LocalService
        C:\WINDOWS\System32\svchost.exe -k netsvcs
        C:\WINDOWS\system32\svchost.exe -k LocalService
        C:\WINDOWS\system32\svchost.exe -k imgsvc
        .
        ============== Pseudo HJT Report ===============
        .
        uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
        uURLSearchHooks: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\youtube downloader toolbar\ie\6.0\youtubedownloaderToolbarIE.dll
        uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
        BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
        BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
        BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
        BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
        BHO: KMP Media Toolbar: {daf5b34c-1aa3-4c33-ae24-766a370635d2} -
        BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
        BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
        BHO: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\youtube downloader toolbar\ie\6.0\youtubedownloaderToolbarIE.dll
        TB: KMP Media Toolbar: {daf5b34c-1aa3-4c33-ae24-766a370635d2} -
        TB: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\youtube downloader toolbar\ie\6.0\youtubedownloaderToolbarIE.dll
        TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
        TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
        uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
        uRun: [Anders Kjersem: TransBar] d:\sniper control\programs\themes\transbar\TransBar.exe /NoConfig
        uRun: [speedConnectStartUp] <no file>
        mRun: [soundMan] SOUNDMAN.EXE
        mRun: [RivaTunerStartupDaemon] "d:\sniper control\programs\overclock\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner.exe" /S
        mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
        mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
        mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
        mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
        mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
        mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
        dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
        uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
        mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
        mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
        IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
        IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
        LSP: d:\sniper control\programs\we fi\vmware\vsocklib.dll
        DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
        DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
        DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
        DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
        TCP: Interfaces\{2B6DBC23-3083-4CC0-939A-35E8873DFCCF} : NameServer = 192.168.15.12,195.24.48.5
        TCP: Interfaces\{31014428-4498-43C5-88BE-764AF0B4A0CC} : NameServer = 192.168.15.12,195.24.48.5
        Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
        SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
        .
        ================= FIREFOX ===================
        .
        FF - ProfilePath - c:\documents and settings\scontrol\application data\mozilla\firefox\profiles\8zg5gh6y.default\
        FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
        FF - prefs.js: browser.search.selectedEngine - Google
        FF - prefs.js: browser.startup.homepage - about:home
        FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
        FF - prefs.js: network.proxy.type - 0
        FF - plugin: c:\documents and settings\scontrol\application data\mozilla\firefox\profiles\8zg5gh6y.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\plugins\np-mswmp.dll
        FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
        FF - plugin: c:\program files\goalbitsolutions\goalbit\npgoalbit.dll
        FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
        FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
        FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
        FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
        .
        ============= SERVICES / DRIVERS ===============
        .
        R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-16 721000]
        R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-16 353688]
        R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-3-8 242240]
        R1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2006-11-10 24064]
        R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-6-27 791488]
        R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-16 21256]
        R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-16 44808]
        R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-28 655944]
        R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2011-3-25 70768]
        R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-28 22344]
        R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2012-4-22 28672]
        S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2012-3-8 4224]
        S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
        S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2012-5-12 1763584]
        S3 AsrOcDrv;AsrOcDrv;\??\c:\windows\system32\drivers\asrocdrv.sys --> c:\windows\system32\drivers\AsrOcDrv.sys [?]
        S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena plus\room\safedrv.sys --> c:\program files\garena plus\room\safedrv.sys [?]
        S3 GPU-Z;GPU-Z;\??\c:\docume~1\scontrol\locals~1\temp\gpu-z.sys --> c:\docume~1\scontrol\locals~1\temp\GPU-Z.sys [?]
        S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-16 40776]
        S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2012-5-30 32512]
        S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
        S4 AODService;AODService;c:\program files\amd\overdrive\AODAssist.exe [2009-10-22 136544]
        S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-8 136176]
        S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-8 136176]
        S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
        S4 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
        S4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-3-25 539248]
        .
        =============== Created Last 30 ================
        .
        2012-07-16 15:15:31 558133 ----a-w- c:\windows\system32\sqlite3.dll
        2012-07-16 12:26:56 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
        2012-07-16 12:26:06 41224 ----a-w- c:\windows\avastSS.scr
        2012-07-16 12:25:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
        2012-07-16 12:16:00 -------- d-----w- c:\program files\ESET
        2012-07-16 10:26:55 0 ----a-w- c:\program files\GUT96B.tmp
        2012-07-16 10:26:55 -------- d-----w- c:\program files\GUM96A.tmp
        2012-07-14 19:48:04 -------- d-----w- c:\documents and settings\scontrol\local settings\application data\CRE
        2012-07-14 19:47:54 -------- d-----w- c:\program files\Conduit
        2012-07-14 19:47:53 -------- d-----w- c:\documents and settings\scontrol\local settings\application data\BitTorrentBar
        2012-07-14 19:47:52 -------- d-----w- c:\documents and settings\scontrol\local settings\application data\Conduit
        2012-07-14 19:47:51 -------- d-----w- c:\program files\BitTorrentBar
        2012-07-14 19:47:32 -------- d-----w- c:\program files\BitTorrent
        2012-07-14 19:47:14 -------- d-----w- c:\documents and settings\scontrol\application data\BitTorrent
        2012-07-13 08:02:03 -------- d-----w- c:\program files\The KMPlayer
        2012-07-13 08:01:54 -------- d-----w- c:\documents and settings\all users\application data\Ask
        2012-07-10 16:30:27 -------- d-----w- c:\documents and settings\scontrol\application data\NVIDIA
        2012-07-10 16:19:42 -------- d-----w- C:\NVIDIA
        2012-07-06 06:07:13 -------- d-----w- c:\documents and settings\scontrol\local settings\application data\Identities
        2012-07-03 06:46:15 -------- d-----w- c:\program files\VentSrv
        2012-07-02 15:38:39 -------- d-sh--w- C:\$RECYCLE.BIN
        2012-07-02 13:31:43 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
        2012-07-02 13:31:42 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
        2012-07-02 13:31:34 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
        2012-07-01 15:14:27 -------- d-----w- c:\documents and settings\scontrol\application data\wtxpcom
        2012-07-01 14:24:17 -------- d-----w- c:\documents and settings\scontrol\application data\YouTube Downloader
        2012-07-01 14:23:39 -------- d-----w- c:\documents and settings\scontrol\application data\Search Settings
        2012-07-01 14:23:30 -------- d-----w- c:\program files\Application Updater
        2012-07-01 14:23:29 -------- d-----w- c:\program files\common files\Spigot
        2012-07-01 14:23:28 -------- d-----w- c:\program files\YouTube Downloader Toolbar
        2012-06-30 09:13:17 -------- d-----w- c:\program files\GPU-Z
        2012-06-29 11:25:05 -------- d-----w- c:\windows\RegisteredPackages
        2012-06-29 11:23:03 -------- d-----w- c:\windows\system32\AGEIA
        2012-06-25 10:56:49 -------- d-----w- c:\documents and settings\all users\application data\Panda Security
        2012-06-23 07:03:30 -------- d-sh--w- C:\found.001
        2012-06-17 18:15:32 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
        2012-06-17 18:15:32 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
        .
        ==================== Find3M ====================
        .
        2012-07-15 13:15:38 1075248 ----a-w- c:\windows\system32\nvdrsdb1.bin
        2012-07-15 13:15:38 1 ----a-w- c:\windows\system32\nvdrssel.bin
        2012-07-15 13:15:35 1075248 ----a-w- c:\windows\system32\nvdrsdb0.bin
        2012-07-03 10:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
        2012-06-12 19:36:57 60416 ----a-w- c:\windows\ALCFDRTM.VER
        2012-05-29 11:49:05 224016 --s---r- c:\windows\system32\TABCTL32.OCX
        2012-05-29 11:49:05 1010720 --s---r- c:\windows\system32\MSCHRT20.OCX
        2012-05-29 11:49:04 152848 --s---r- c:\windows\system32\COMDLG32.OCX
        2012-05-29 11:48:50 1081616 --s---r- c:\windows\system32\MSCOMCTL.OCX
        2012-05-28 12:01:55 2076 ----a-w- c:\windows\system32\ealregsnapshot1.reg
        2012-05-15 10:18:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll
        2012-05-15 10:18:00 65536 ----a-w- c:\windows\system32\OpenCL.dll
        2012-05-15 10:18:00 6012928 ----a-w- c:\windows\system32\nvcuda.dll
        2012-05-15 10:18:00 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
        2012-05-15 10:18:00 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
        2012-05-15 10:18:00 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
        2012-05-15 10:18:00 2359808 ----a-w- c:\windows\system32\nvapi.dll
        2012-05-15 10:18:00 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
        2012-05-15 10:18:00 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
        2012-05-15 10:18:00 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
        2012-05-15 10:18:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
        2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll
        2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll
        2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe
        2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe
        2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll
        2012-04-22 10:51:40 592896 ----a-w- c:\windows\system32\drivers\umdf\PCCSWpdDriver.dll
        2012-04-22 10:51:40 1837296 ----a-w- c:\windows\system32\WUDFUpdate_01009.dll
        2012-04-22 10:51:38 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
        .
        ============= FINISH: 21:15:17.60 ===============

        .
        UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
        IF REQUESTED, ZIP IT UP & ATTACH IT
        .
        DDS (Ver_2011-09-30.01)
        .
        Microsoft Windows XP Professional
        Boot Device: \Device\HarddiskVolume1
        Install Date: 3/8/2012 17:20:43
        System Uptime: 7/16/2012 18:35:35 (3 hours ago)
        .
        Motherboard: | | 939Dual-SATA2
        Processor: AMD Athlon™ 64 Processor 3700+ | CPUSocket | 2420/200mhz
        .
        ==== Disk Partitions =========================
        .
        A: is Removable
        C: is FIXED (NTFS) - 100 GiB total, 58.075 GiB free.
        D: is FIXED (NTFS) - 198 GiB total, 138.553 GiB free.
        E: is CDROM ()
        .
        ==== Disabled Device Manager Items =============
        .
        Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
        Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
        Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&3B8BE48B&0&3030
        Manufacturer: Realtek
        Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
        PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&3B8BE48B&0&3030
        Service: rtl8139
        .
        ==== System Restore Points ===================
        .
        RP33: 4/18/2012 23:50:58 - Installed DirectX
        RP34: 4/19/2012 15:32:37 - Installed HP USB Disk Storage Format Tool
        RP35: 4/19/2012 23:36:58 - avast! Pro Antivirus Setup
        RP36: 4/19/2012 23:39:07 - Installed Kaspersky Anti-Virus 2012.
        RP37: 4/19/2012 23:43:22 - Installed Kaspersky Anti-Virus 2012.
        RP38: 4/22/2012 18:44:50 - Контролна точка на системата
        RP39: 4/25/2012 21:24:51 - Контролна точка на системата
        RP40: 4/27/2012 21:54:00 - Контролна точка на системата
        RP41: 4/30/2012 10:58:52 - Installed Microsoft Virtual PC 2007
        RP42: 4/30/2012 11:42:09 - Installed Oracle VM VirtualBox 4.1.2
        RP43: 4/30/2012 12:10:13 - Removed Microsoft Virtual PC 2007
        RP44: 4/30/2012 12:10:47 - Removed Oracle VM VirtualBox 4.1.2
        RP45: 4/30/2012 12:12:02 - Removed HDD Regenerator
        RP46: 4/30/2012 21:22:00 - Installed NVIDIA Performance
        RP47: 4/30/2012 21:23:00 - Installed NVIDIA System Monitor
        RP48: 4/30/2012 22:05:37 - Операция за възстановяване
        RP49: 4/30/2012 22:27:22 - Removed Kaspersky Anti-Virus 2012.
        RP50: 4/30/2012 23:06:33 - Installed NVIDIA nTune
        RP51: 4/30/2012 23:21:49 - Installed AMD OverDrive.
        RP52: 5/1/2012 09:53:38 - Software Distribution Service 3.0
        RP53: 5/2/2012 13:05:16 - Контролна точка на системата
        RP54: 5/2/2012 20:09:53 - Removed League of Legends
        RP55: 5/2/2012 21:20:57 - Операция за възстановяване
        RP56: 5/2/2012 21:30:21 - Software Distribution Service 3.0
        RP57: 5/3/2012 22:31:00 - Software Distribution Service 3.0
        RP58: 5/4/2012 14:27:34 - Installed Iron Man.
        RP59: 5/5/2012 10:25:18 - Software Distribution Service 3.0
        RP60: 5/6/2012 01:53:29 - Software Distribution Service 3.0
        RP61: 5/6/2012 13:26:31 - Installed DirectX
        RP62: 5/7/2012 07:50:07 - Software Distribution Service 3.0
        RP63: 5/8/2012 10:02:10 - Software Distribution Service 3.0
        RP64: 5/9/2012 14:57:54 - Software Distribution Service 3.0
        RP65: 5/10/2012 16:35:29 - Контролна точка на системата
        RP66: 5/10/2012 21:08:12 - Software Distribution Service 3.0
        RP67: 5/12/2012 10:16:55 - Software Distribution Service 3.0
        RP68: 5/12/2012 10:28:47 - Installed Windows KB954550-v5.
        RP69: 5/12/2012 10:28:55 - Printer Driver Microsoft XPS Document Writer Installed
        RP70: 5/12/2012 10:29:02 - Printer Driver Microsoft XPS Document Writer Installed
        RP71: 5/12/2012 10:31:28 - Installed inSSIDer
        RP72: 5/12/2012 13:14:08 - Installed TP-LINK Wireless Configuration Utility and Driver
        RP73: 5/12/2012 13:15:47 - Инсталиране на неподписан драйвер
        RP74: 5/13/2012 02:07:12 - Software Distribution Service 3.0
        RP75: 5/14/2012 12:15:45 - Контролна точка на системата
        RP76: 5/15/2012 22:41:09 - Контролна точка на системата
        RP77: 5/17/2012 12:16:36 - Installed Spider-Man 3™
        RP78: 5/19/2012 20:35:06 - Installed Windows XP Wdf01009.
        RP79: 5/19/2012 20:36:26 - Installed Windows XP Wudf01009.
        RP80: 5/20/2012 21:46:25 - Инсталиране на неподписан драйвер
        RP81: 5/22/2012 07:37:02 - Контролна точка на системата
        RP82: 5/23/2012 12:15:38 - Контролна точка на системата
        RP83: 5/23/2012 17:39:00 - Removed Enemy Territory - QUAKE Wars™
        RP84: 5/24/2012 18:41:54 - Контролна точка на системата
        RP85: 5/26/2012 10:00:23 - Контролна точка на системата
        RP86: 5/27/2012 13:28:16 - Контролна точка на системата
        RP87: 5/27/2012 15:36:06 - Configured EA Download Manager
        RP88: 5/27/2012 15:36:50 - Configured EA Download Manager
        RP89: 5/28/2012 14:40:02 - Removed Burnout™ Paradise The Ultimate Box
        RP90: 5/28/2012 14:54:01 - Installed Burnout™ Paradise The Ultimate Box
        RP91: 5/28/2012 15:01:55 - Configured EA Download Manager
        RP92: 5/30/2012 15:00:35 - Installed Pro Evolution Soccer 2012.
        RP93: 5/31/2012 19:17:50 - Контролна точка на системата
        RP94: 6/2/2012 18:57:15 - Контролна точка на системата
        RP95: 6/4/2012 22:34:45 - Контролна точка на системата
        RP96: 6/6/2012 11:52:13 - Контролна точка на системата
        RP97: 6/6/2012 22:22:18 - Installed OSCAR Editor
        RP98: 6/8/2012 14:01:34 - Контролна точка на системата
        RP99: 6/10/2012 14:06:33 - Контролна точка на системата
        RP100: 6/17/2012 15:49:28 - Контролна точка на системата
        RP101: 6/21/2012 15:40:13 - Контролна точка на системата
        RP102: 6/24/2012 20:33:33 - Контролна точка на системата
        RP103: 6/27/2012 12:01:33 - Removed Ventrilo Client
        RP104: 6/27/2012 12:01:47 - Removed Ventrilo Client
        RP105: 6/27/2012 12:02:37 - Installed Ventrilo Client
        RP106: 6/27/2012 12:08:43 - Installed Ventrilo Server
        RP107: 6/29/2012 11:17:36 - Контролна точка на системата
        RP108: 6/29/2012 14:16:12 - Installed Tom Clancy's Ghost Recon Advanced Warfighter® 2
        RP109: 6/29/2012 14:23:00 - Installed AGEIA PhysX v7.05.17
        RP110: 6/29/2012 14:24:43 - Installed DirectX
        RP111: 7/1/2012 00:16:21 - Removed Ventrilo Client
        RP112: 7/1/2012 22:16:27 - Removed HP USB Disk Storage Format Tool
        RP113: 7/1/2012 22:16:57 - Removed inSSIDer
        RP114: 7/1/2012 22:21:33 - Removed Iron Man.
        RP115: 7/1/2012 22:31:45 - Removed Nokia Connectivity Cable Driver
        RP116: 7/1/2012 22:33:35 - Removed Spider-Man 3™
        RP117: 7/2/2012 16:31:33 - Installed DirectX
        RP118: 7/3/2012 09:45:41 - Removed Ventrilo Server
        RP119: 7/3/2012 09:46:15 - Installed Ventrilo Server
        RP120: 7/10/2012 19:16:05 - Configured NVIDIA nTune
        RP121: 7/14/2012 15:39:51 - Контролна точка на системата
        RP122: 7/15/2012 16:55:41 - Removed FIFA 10
        RP123: 7/15/2012 16:56:44 - Installed FIFA 10
        RP124: 7/16/2012 15:25:35 - avast! Free Antivirus Setup
        .
        ==== Installed Programs ======================
        .
        A-Mac Address Change 5.0
        Adobe AIR
        Adobe Community Help
        Adobe Flash Player 11 ActiveX
        Adobe Flash Player 11 Plugin
        Adobe Photoshop CS5.1
        Adobe Reader X (10.1.3)
        AGEIA PhysX v7.05.17
        AMD OverDrive
        AMD Processor Driver
        Anders Kjersem: TransBar
        avast! Free Antivirus
        BitTorrent
        BitTorrentBar Toolbar
        BS.Player PRO
        Burnout™ Paradise The Ultimate Box
        Counter-Strike
        Cracked Steam
        DAEMON Tools Lite
        DFX for Winamp
        Easy WiFi Radar 1.0.3
        ESET Online Scanner v3
        FIFA 10
        Garena Plus
        Goalbit web plugins
        GOM Player
        Google Chrome
        Google Update Helper
        HD Tune 2.52
        HDD Regenerator
        Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
        Hotfix for Windows Media Format 11 SDK (KB929399)
        Hotfix for Windows Media Player 11 (KB939683)
        Hotfix for Windows XP (KB2443685)
        Hotfix for Windows XP (KB954550-v5)
        Hotfix for Windows XP (KB970653-v3)
        J2SE Runtime Environment 5.0 Update 17
        Java Auto Updater
        Java™ 6 Update 31
        K-Lite Codec Pack 8.4.0 (Basic)
        League of Legends
        Malwarebytes Anti-Malware, версия 1.62.0.1300
        Microsoft .NET Framework 2.0 Service Pack 2
        Microsoft .NET Framework 3.0 Service Pack 2
        Microsoft .NET Framework 3.5 SP1
        Microsoft .NET Framework 4 Client Profile
        Microsoft .NET Framework 4 Extended
        Microsoft Application Error Reporting
        Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
        Microsoft User-Mode Driver Framework Feature Pack 1.9
        Microsoft Visual C++ 2005 Redistributable
        Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
        Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
        Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
        Microsoft_VC100_CRT_SP1_x86
        Microsoft_VC80_ATL_x86
        Microsoft_VC80_CRT_x86
        Microsoft_VC80_MFC_x86
        Microsoft_VC80_MFCLOC_x86
        Microsoft_VC90_ATL_x86
        Microsoft_VC90_CRT_x86
        Microsoft_VC90_MFC_x86
        Microsoft_VC90_MFCLOC_x86
        Mozilla Firefox 13.0.1 (x86 bg)
        Mozilla Maintenance Service
        MSVC80_x86_v2
        MSVC90_x86
        NVIDIA Control Panel 301.42
        NVIDIA Graphics Driver 301.42
        NVIDIA Install Application
        Opera 12.00
        Origin
        OSCAR Editor
        Pando Media Booster
        PC Connectivity Solution
        PDF Settings CS5
        Pro Evolution Soccer 2012
        qBittorrent 2.9.5
        Realtek AC'97 Audio
        SeaTools for Windows
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
        Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
        Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
        Security Update for Windows Internet Explorer 8 (KB2675157)
        Security Update for Windows Media Player 11 (KB954154)
        Security Update for Windows XP (KB2121546)
        Security Update for Windows XP (KB2296199)
        Security Update for Windows XP (KB2524375)
        Security Update for Windows XP (KB2621440)
        Security Update for Windows XP (KB2641653)
        Security Update for Windows XP (KB2647518)
        Security Update for Windows XP (KB2653956)
        Security Update for Windows XP (KB923789)
        Security Update for Windows XP (KB938464)
        Security Update for Windows XP (KB941569)
        Security Update for Windows XP (KB971468)
        Security Update for Windows XP (KB973346)
        Security Update for Windows XP (KB978037)
        Security Update for Windows XP (KB979683)
        Security Update for Windows XP (KB980195)
        Security Update for Windows XP (KB980232)
        Skype™ 3.8
        SpeedConnect XP Internet Accelerator 6.5
        System Requirements Lab
        System Requirements Lab CYRI
        SysTool Overclocking Utility
        TeamSpeak 3 Client
        TeamViewer 7
        Technitium MAC Address Changer v6.0.3
        TechPowerUp GPU-Z
        The KMPlayer (remove only)
        TL-WN721N/TL-WN722N Driver
        Tom Clancy's Ghost Recon Advanced Warfighter® 2
        tools-freebsd
        tools-linux
        tools-netware
        tools-solaris
        tools-windows
        tools-winPre2k
        ULi LAN Driver
        ULi SATA Driver
        Update for Windows XP (KB2607712)
        Ventrilo Server
        VLC media player 1.1.10
        VMware Workstation
        WebFldrs XP
        Winamp (remove only)
        Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
        Windows Internet Explorer 8
        WinRAR archiver
        YouTube Downloader Toolbar v6.0
        .
        ==== Event Viewer Messages From Past Week ========
        .
        7/9/2012 23:05:30, error: Service Control Manager [7034] - The Application Updater service terminated unexpectedly. It has done this 1 time(s).
        7/16/2012 15:19:54, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
        7/16/2012 14:03:23, error: System Error [1003] - Error code 1000000a, parameter1 00000000, parameter2 00000002, parameter3 00000001, parameter4 8051ee8e.
        7/16/2012 14:03:23, error: System Error [1003] - Error code 1000000a, parameter1 00000000, parameter2 00000002, parameter3 00000000, parameter4 805345ba.
        7/16/2012 14:03:22, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 00000002, parameter3 00000001, parameter4 f53fd10d.
        7/16/2012 14:03:21, error: System Error [1003] - Error code 100000d1, parameter1 e36fcdad, parameter2 00000002, parameter3 00000008, parameter4 e36fcdad.
        7/16/2012 14:03:21, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8708c020, parameter3 8708c194, parameter4 805c8c7c.
        7/16/2012 14:03:20, error: System Error [1003] - Error code 100000d1, parameter1 ff3769c1, parameter2 00000002, parameter3 00000000, parameter4 f58bb7bc.
        7/16/2012 14:03:19, error: System Error [1003] - Error code 1000000a, parameter1 46f57fdc, parameter2 00000002, parameter3 00000001, parameter4 80500d1c.
        7/16/2012 14:03:17, error: System Error [1003] - Error code 100000d0, parameter1 068030f8, parameter2 00000002, parameter3 00000001, parameter4 80542de7.
        7/16/2012 14:03:15, error: System Error [1003] - Error code 100000d1, parameter1 fef83f92, parameter2 00000002, parameter3 00000000, parameter4 f5264220.
        7/16/2012 14:03:13, error: System Error [1003] - Error code 1000000a, parameter1 2eb8974d, parameter2 00000002, parameter3 00000001, parameter4 805009c8.
        7/16/2012 14:03:08, error: System Error [1003] - Error code 1000007f, parameter1 00000008, parameter2 80042000, parameter3 00000000, parameter4 00000000.
        7/14/2012 23:36:22, error: nv [14] - Unknown error on L0 -> L0
        7/13/2012 18:38:04, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
        7/13/2012 10:33:39, error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).
        7/12/2012 23:04:23, error: Service Control Manager [7034] - The Ventrilo service terminated unexpectedly. It has done this 1 time(s).
        7/12/2012 21:25:00, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
        7/12/2012 19:54:06, error: Service Control Manager [7000] - The Vstor2 WS60 Virtual Storage Driver service failed to start due to the following error: The system cannot find the path specified.
        7/10/2012 19:15:12, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
        .
        ==== End Of File ===========================

        След като инсталирах Аваст започна да пищи докато съм в Мозилата или операта и показва ето това:

      • от epiX
        Нямам представа от къде се появи този проблем, преинсталирах машината и той продължава да съществува. Пускам PC-то и на пускане, след като зареди Login Screen-а, пиша Password, влизам и всичко е забило. Мога да бутам Task Manager и отделни прозорци, но Desktop + Menu (TaskBar) са забили (freeze/бъгнали - не мога да ги натисна) и като сложа мишката върху TaskBar-а, излиза Cursor с зареждаща стрелка, а не нормалната. Clean-вах registry, чистих навсякъде, преинсталирах както казах и тн. Моля помогнете Не съм единствения с този проблем на скоро.

        Attach.txt -

        . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-09-30.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 7/12/2012 7:13:03 PM System Uptime: 7/12/2012 8:59:09 PM (2 hours ago) . Motherboard: EPoX COMPUTER CO.,LTD | | i925XE DDR2: 5LWAJ Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | Socket 775 | 3073/133mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 15 GiB total, 2.801 GiB free. D: is FIXED (NTFS) - 41 GiB total, 22.213 GiB free. E: is FIXED (NTFS) - 41 GiB total, 19.668 GiB free. F: is FIXED (NTFS) - 46 GiB total, 33.343 GiB free. G: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Video Controller (VGA Compatible) Device ID: PCI\VEN_10DE&DEV_0393&SUBSYS_04121462&REV_A1\4&FD38F8A&0&0008 Manufacturer: Name: Video Controller (VGA Compatible) PNP Device ID: PCI\VEN_10DE&DEV_0393&SUBSYS_04121462&REV_A1\4&FD38F8A&0&0008 Service: . ==== System Restore Points =================== . RP1: 7/12/2012 7:15:52 PM - System Checkpoint RP2: 7/12/2012 7:18:42 PM - Installed Realtek High Definition Audio Driver RP3: 7/12/2012 8:10:54 PM - Installed MorphVOX Pro RP4: 7/12/2012 8:20:17 PM - Installed DirectX RP5: 7/12/2012 8:21:45 PM - Removed Skype™ 3.8 RP6: 7/12/2012 8:35:36 PM - Removed MorphVOX Pro RP7: 7/12/2012 8:37:41 PM - Installed MorphVOX Pro . ==== Installed Programs ====================== . Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Photoshop CS3 Adobe Setup Adobe Stock Photos CS3 Adobe WinSoft Linguistics Plugin CCleaner FlexType 2K GOM Player Google Chrome Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 2.0 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 MorphVOX Pro Notepad++ Realtek High Definition Audio Driver Registry Clean Expert Security Update for Windows XP (KB923789) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB980195) Skype™ 5.10 Update for Microsoft Windows (KB971513) Update for Windows XP (KB2467659) Update for Windows XP (KB898461) uTorrentControl2 Toolbar WebFldrs XP Winamp Winamp Detector Plug-in WinRAR 4.20 (32-±ётѕІ° Іµрсёя) Wise Registry Cleaner 7.36 µTorrent . ==== Event Viewer Messages From Past Week ======== . 7/12/2012 9:56:28 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully. 7/12/2012 9:50:28 PM, information: Windows File Protection [64021] - The system file c:\winxp\system32\ieencode.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability. 7/12/2012 9:43:31 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\isapi\_vti_adm\admin.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability. 7/12/2012 9:43:21 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started. 7/12/2012 9:04:13 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s). 7/12/2012 9:04:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde 7/12/2012 9:01:42 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 7/12/2012 7:44:26 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:. 7/12/2012 7:21:55 PM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 000461ABDCD9 has been denied by the DHCP server 192.168.95.1 (The DHCP Server sent a DHCPNACK message). 7/12/2012 7:18:40 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 7/12/2012 7:13:15 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information. . ==== End Of File =========================== DDS.txt -


        DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by l337 at 22:24:42 on 2012-07-12 Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.2047.1036 [GMT 3:00] . . ============== Running Processes ================ . C:\WINXP\system32\spoolsv.exe C:\WINXP\SOUNDMAN.EXE C:\WINXP\ALCWZRD.EXE C:\WINXP\explorer.exe F:\MorphVOX Pro\MorphVOXPro.exe C:\WINXP\System32\alg.exe C:\WINXP\system32\wscntfy.exe E:\uTorrent\uTorrent.exe E:\FlexType 2K\FType2K.exe C:\Program Files\Skype\Phone\Skype.exe C:\Documents and Settings\l337\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\l337\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\l337\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\l337\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\l337\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\l337\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\l337\Local Settings\Application Data\Google\Chrome\Application\chrome.exe E:\Registry Clean Expert\RCHelper.exe E:\Wise Registry Cleaner\WiseRegCleaner.exe C:\Documents and Settings\l337\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\l337\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINXP\system32\wbem\wmiprvse.exe C:\WINXP\System32\svchost.exe -k netsvcs C:\WINXP\system32\svchost.exe -k NetworkService C:\WINXP\system32\svchost.exe -k LocalService C:\WINXP\system32\svchost.exe -k LocalService C:\WINXP\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - c:\program files\utorrentcontrol2\prxtbuTor.dll TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll uRun: [CTFMON.EXE] c:\winxp\system32\ctfmon.exe uRun: [uTorrent] "e:\utorrent\uTorrent.exe" /MINIMIZED uRun: [Google Update] "c:\documents and settings\l337\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun uRun: [RegClean Expert Scheduler] "e:\registry clean expert\RCHelper.exe" /startup mRun: [exflashservice] "c:\program files\epox\efs\EZ_FLASH_SERVICE.exe" "5000" mRun: [SoundMan] SOUNDMAN.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [Malwarebytes' Anti-Malware] "e:\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [WinampAgent] e:\winamp\winampa.exe dRun: [CTFMON.EXE] c:\winxp\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\flexty~1.lnk - e:\flextype 2k\FType2K.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe TCP: NameServer = 89.215.246.22 89.215.246.3 TCP: Interfaces\{5AB39541-54E7-42C6-9FF5-E9387D2BD5AA} : NameServer = 89.215.246.40 89.215.246.3 TCP: Interfaces\{E2623B4D-9F35-4791-8680-1B407FC73676} : NameServer = 89.215.246.22,89.215.246.3 TCP: Interfaces\{E2623B4D-9F35-4791-8680-1B407FC73676} : DHCPNameServer = 89.215.246.22 89.215.246.3 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winxp\system32\wpdshserviceobj.dll . ============= SERVICES / DRIVERS =============== . R3 MBAMProtector;MBAMProtector;c:\winxp\system32\drivers\mbam.sys [2012-7-12 22344] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\winxp\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winxp\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [2012-4-27 655944] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944] S3 EPEZFLASH;EPEZFLASH;c:\program files\epox\efs\EZ_FLASH.sys [2011-3-12 3984] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winxp\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-07-12 19:01:02 3072 -c--a-w- c:\winxp\system32\dllcache\audstub.sys 2012-07-12 19:01:02 3072 ----a-w- c:\winxp\system32\drivers\audstub.sys 2012-07-12 19:00:41 21504 -c--a-w- c:\winxp\system32\dllcache\hidserv.dll 2012-07-12 19:00:41 21504 ----a-w- c:\winxp\system32\hidserv.dll 2012-07-12 19:00:14 57600 -c--a-w- c:\winxp\system32\dllcache\redbook.sys 2012-07-12 19:00:14 57600 ----a-w- c:\winxp\system32\drivers\redbook.sys 2012-07-12 19:00:02 10624 -c--a-w- c:\winxp\system32\dllcache\gameenum.sys 2012-07-12 19:00:02 10624 ----a-w- c:\winxp\system32\drivers\gameenum.sys 2012-07-12 18:59:27 74240 -c--a-w- c:\winxp\system32\dllcache\usbui.dll 2012-07-12 18:59:27 74240 ----a-w- c:\winxp\system32\usbui.dll 2012-07-12 18:59:16 5504 -c--a-w- c:\winxp\system32\dllcache\intelide.sys 2012-07-12 18:59:16 5504 ----a-w- c:\winxp\system32\drivers\intelide.sys 2012-07-12 18:58:23 -------- d-----w- c:\documents and settings\l337\application data\Wise Registry Cleaner 2012-07-12 18:55:48 12063 -c--a-w- c:\winxp\system32\dllcache\wsiintxx.sys 2012-07-12 18:54:59 26112 -c--a-w- c:\winxp\system32\dllcache\usbser.sys 2012-07-12 18:53:59 8704 -c--a-w- c:\winxp\system32\dllcache\OLDAB5.tmp 2012-07-12 18:52:59 130942 -c--a-w- c:\winxp\system32\dllcache\ptserlv.sys 2012-07-12 18:51:57 65278 -c--a-w- c:\winxp\system32\dllcache\netflx3.sys 2012-07-12 18:50:59 34688 -c--a-w- c:\winxp\system32\dllcache\lbrtfdc.sys 2012-07-12 18:49:32 372824 -c--a-w- c:\winxp\system32\dllcache\iconf32.dll 2012-07-12 18:48:59 93696 -c--a-w- c:\winxp\system32\dllcache\hpgt42.dll 2012-07-12 18:47:59 153631 -c--a-w- c:\winxp\system32\dllcache\el90xnd5.sys 2012-07-12 18:46:59 57399 -c--a-w- c:\winxp\system32\dllcache\OLD4D2.tmp 2012-07-12 18:45:59 39552 -c--a-w- c:\winxp\system32\dllcache\brparwdm.sys 2012-07-12 18:44:51 7168 -c--a-w- c:\winxp\system32\dllcache\OLD226.tmp 2012-07-12 17:46:23 6416 ----a-w- c:\winxp\system32\kbdinori.Dll 2012-07-12 17:46:12 6416 ----a-w- c:\winxp\system32\kbdinasa.Dll 2012-07-12 17:46:11 6928 ----a-w- c:\winxp\system32\kbdhebx.Dll 2012-07-12 17:46:10 8992 ----a-w- c:\winxp\system32\kbdbphz.dLL 2012-07-12 17:46:10 8992 ----a-w- c:\winxp\system32\KBDBPH.dLL 2012-07-12 17:46:10 7440 ----a-w- c:\winxp\system32\Kbddll.dll 2012-07-12 17:46:10 6416 ----a-w- c:\winxp\system32\kbdbp.Dll 2012-07-12 17:46:10 6416 ----a-w- c:\winxp\system32\kbdbds.Dll 2012-07-12 17:45:10 45056 ----a-w- c:\winxp\system32\newdll.dll 2012-07-12 17:31:32 -------- d-----w- c:\documents and settings\l337\application data\Screaming Bee 2012-07-12 17:20:29 1892184 ----a-w- c:\winxp\system32\D3DX9_42.dll 2012-07-12 17:20:22 2414360 ----a-w- c:\winxp\system32\d3dx9_31.dll 2012-07-12 17:12:04 7552 -c--a-w- c:\winxp\system32\dllcache\mskssrv.sys 2012-07-12 17:12:04 7552 ----a-w- c:\winxp\system32\drivers\MSKSSRV.sys 2012-07-12 17:12:03 4992 -c--a-w- c:\winxp\system32\dllcache\mspqm.sys 2012-07-12 17:12:03 4992 ----a-w- c:\winxp\system32\drivers\MSPQM.sys 2012-07-12 17:12:01 5376 -c--a-w- c:\winxp\system32\dllcache\mspclock.sys 2012-07-12 17:12:01 5376 ----a-w- c:\winxp\system32\drivers\MSPCLOCK.sys 2012-07-12 17:10:56 -------- d-----w- c:\documents and settings\all users.winxp\application data\Screaming Bee 2012-07-12 17:01:41 558133 ----a-w- c:\winxp\system32\sqlite3.dll 2012-07-12 16:58:46 26368 -c--a-w- c:\winxp\system32\dllcache\usbstor.sys 2012-07-12 16:28:18 22344 ----a-w- c:\winxp\system32\drivers\mbam.sys 2012-07-12 16:27:39 -------- d-----w- c:\documents and settings\l337\application data\Malwarebytes 2012-07-12 16:27:39 -------- d-----w- c:\documents and settings\all users.winxp\application data\Malwarebytes 2012-07-12 16:25:27 -------- d-----w- c:\documents and settings\l337\local settings\application data\Google 2012-07-12 16:25:27 -------- d-----w- c:\documents and settings\l337\local settings\application data\CRE 2012-07-12 16:25:23 -------- d-----w- c:\documents and settings\l337\local settings\application data\uTorrentControl2 2012-07-12 16:25:22 -------- d-----w- c:\documents and settings\l337\local settings\application data\Temp 2012-07-12 16:25:22 -------- d-----w- c:\documents and settings\l337\local settings\application data\Conduit 2012-07-12 16:25:21 -------- d-----w- c:\program files\uTorrentControl2 2012-07-12 16:24:47 -------- d-----w- c:\documents and settings\l337\application data\uTorrent 2012-07-12 16:20:55 40960 ------r- c:\winxp\system32\ChCfg.exe 2012-07-12 16:20:55 135168 ------r- c:\winxp\system32\RtlCPAPI.dll 2012-07-12 16:20:51 -------- d-sh--w- c:\documents and settings\l337\PrivacIE 2012-07-12 16:20:21 4096 -c--a-w- c:\winxp\system32\dllcache\ksuser.dll 2012-07-12 16:20:21 4096 ----a-w- c:\winxp\system32\ksuser.dll 2012-07-12 16:20:21 146048 -c--a-w- c:\winxp\system32\dllcache\portcls.sys 2012-07-12 16:20:21 146048 ----a-w- c:\winxp\system32\drivers\portcls.sys 2012-07-12 16:20:21 129536 ----a-w- c:\winxp\system32\ksproxy.ax 2012-07-12 16:20:20 60160 -c--a-w- c:\winxp\system32\dllcache\drmk.sys 2012-07-12 16:20:20 60160 ----a-w- c:\winxp\system32\drivers\drmk.sys 2012-07-12 16:18:36 487424 ------r- c:\winxp\RtlExUpd.dll 2012-07-12 16:18:15 229888 ----a-r- c:\winxp\system32\drivers\yk51x86.sys 2012-07-12 16:17:38 798720 ------w- c:\winxp\system32\autorun.exe 2012-07-12 16:12:45 31232 -c--a-w- c:\winxp\system32\dllcache\weitekp9.sys 2012-07-12 16:11:59 70656 -c--a-w- c:\winxp\system32\dllcache\korwbrkr.dll 2012-07-12 16:10:59 68608 -c--a-w- c:\winxp\system32\dllcache\isatq.dll 2012-07-12 16:08:53 -------- d-sh--w- c:\documents and settings\all users.winxp\DRM 2012-07-12 16:06:59 81920 -c--a-w- c:\winxp\system32\dllcache\ils.dll 2012-07-12 16:05:35 83968 ----a-w- c:\program files\messenger\msgsc.dll 2012-07-12 16:04:59 884712 ----a-w- c:\program files\msn\msncorefiles\install\msn9components\Digcore.exe 2012-07-11 11:26:34 -------- d-----w- c:\winxp\setup.pss 2012-07-11 11:26:20 -------- d-----w- c:\winxp\setupupd 2012-07-10 11:36:14 -------- d-----w- c:\program files\Vstplugins 2012-07-06 09:02:04 -------- d-----w- c:\program files\CCleaner 2012-06-25 12:01:05 -------- d-----w- c:\program files\1ClickDownload 2012-06-19 16:53:24 -------- d-----w- c:\program files\SecurityKISS Tunnel 2012-06-19 16:49:39 -------- d-----w- c:\program files\WinGate 2012-06-19 14:35:14 4967624 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll 2012-06-19 11:29:52 -------- d-----w- c:\program files\Oracle . ==================== Find3M ==================== . 2012-05-27 16:06:01 236504 ----a-w- c:\program files\AMVapp-uninst.exe 2012-01-24 11:50:20 442846 ----a-w- c:\program files\common files\WireHelpSvc.exe . ============= FINISH: 22:25:29.25 ===============
      • от exbg
        Здравейте! От няколко дни компютърът ми се държи доста неадекватно. Бави отварянето на папки или програми, а също така се появи и проблем с интернета. Спира и трябва да рестартирам рутера. Оправя се, но след две минути отново същата история. Сканирах за вируси с MBAM и програмата откри 3 заразени обекта. Ето логовете:

        dds.txt


        DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 9.0.8112.16421 Run by PackardBell at 17:10:21 on 2012-06-26 Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1026.18.2551.880 [GMT 3:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe C:\Program Files\PANDORA.TV\PanService\PandoraService.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\DllHost.exe C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\sppsvc.exe C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Windows\system32\AUDIODG.EXE C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Users\PackardBell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PackardBell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PackardBell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PackardBell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PackardBell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PackardBell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\PackardBell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PackardBell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PackardBell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PackardBell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PackardBell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [Google Update] "c:\users\packardbell\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [WinampAgent] c:\program files\winamp\winampa.exe mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe" mRun: [TaskTray] <no file> mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{7425D516-3DCA-409A-AB7A-A07F5A26345F} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{7425D516-3DCA-409A-AB7A-A07F5A26345F}\4556C656361626C656F5659646566796 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{7425D516-3DCA-409A-AB7A-A07F5A26345F}\B52457C637164736F6D6D54557635647F6 : DHCPNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp Hosts: 127.0.0.1 genuine.microsoft.com Hosts: 127.0.0.1 mpa.one.microsoft.com Hosts: 127.0.0.1 sls.microsoft.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\packardbell\appdata\roaming\mozilla\firefox\profiles\elcwodc0.default\ FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\users\packardbell\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-6 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-6 337880] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-3-17 242240] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-6 20696] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-3-6 57688] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-17 44768] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-20 652872] R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-2-9 198136] R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2012-4-29 624856] R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2012-3-7 2533400] R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files\qualcomm atheros fast reconnect\Ath_WlanAgent.exe [2012-3-6 73728] R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2011-3-31 350248] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-20 20464] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-3-6 148800] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Услуга на Google Актуализация (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-6 116648] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 250056] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464] S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-6 116648] S3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2009-10-16 214568] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-10 113120] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-3-6 182304] S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184] S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264] S3 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2012-6-18 736104] SUnknown TsUsbFlt;TsUsbFlt; [x] SUnknown tsusbhub;tsusbhub; [x] . =============== File Associations =============== . FileExt: .reg: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice] . =============== Created Last 30 ================ . 2012-06-26 13:41:08 -------- d-----w- C:\Riot Games 2012-06-18 16:46:37 -------- d-----w- c:\users\packardbell\appdata\roaming\Tunngle 2012-06-18 16:46:37 -------- d-----w- c:\programdata\Tunngle 2012-06-18 16:46:32 -------- d-----w- c:\program files\Tunngle 2012-06-17 17:48:20 -------- d-----w- c:\users\packardbell\appdata\roaming\GarenaPlus 2012-06-17 17:47:54 -------- d-----w- c:\program files\Garena Plus 2012-06-17 17:47:49 -------- d-----w- c:\programdata\GarenaMessenger 2012-06-16 09:52:47 -------- d-----w- c:\program files\Cheat Engine 6.2 2012-06-16 00:14:09 -------- d-----w- c:\program files\Timed Shutdown 2012-06-14 22:02:52 -------- d-----w- c:\program files\SpeedFan 2012-06-14 22:02:16 -------- d-----w- C:\SpeedFan v4.44 2012-06-12 17:38:09 -------- d-----w- c:\users\packardbell\appdata\local\Macromedia 2012-06-06 21:16:55 -------- d-----w- c:\program files\SVD 2012-06-06 21:14:31 -------- d-----w- c:\users\packardbell\appdata\roaming\vloader-bg 2012-06-06 21:14:22 -------- d-----w- c:\program files\vloader-bg 2012-06-06 20:49:19 -------- d-----w- C:\VA - Stich House Vol.3 Tribal House 2012-06-06 20:40:06 -------- d-----w- C:\Sobieski Summer 2008 Mix with DJ AK-47 2012-06-03 12:00:24 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll 2012-06-03 12:00:24 32592 ----a-w- c:\windows\system32\msonpmon.dll 2012-06-03 11:57:51 -------- d-----w- c:\windows\PCHEALTH 2012-06-03 11:55:30 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2012-06-03 11:54:55 -------- d-----w- c:\users\packardbell\appdata\local\Microsoft Help 2012-06-03 11:26:16 -------- d-----w- c:\users\packardbell\appdata\local\ElevatedDiagnostics . ==================== Find3M ==================== . 2012-06-23 11:11:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-23 11:11:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-26 15:39:42 445016 ----a-w- c:\windows\system32\wrap_oal.dll 2012-05-26 15:39:42 109144 ----a-w- c:\windows\system32\OpenAL32.dll 2012-05-20 16:35:18 189248 ----a-w- c:\windows\system32\PnkBstrB.exe 2012-05-20 16:35:10 75136 ----a-w- c:\windows\system32\PnkBstrA.exe . ============= FINISH: 17:11:04,25 =============== attach.txt

        . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-09-30.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 6.3.2012 г. 14:38:30 System Uptime: 26.6.2012 г. 14:46:18 (3 hours ago) . Motherboard: Packard Bell | | EasyNote TM85 Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz | CPU | 911/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 58 GiB total, 31,282 GiB free. D: is FIXED (NTFS) - 538 GiB total, 375,743 GiB free. E: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Device ID: ROOT\NET\0000 Manufacturer: Name: PNP Device ID: ROOT\NET\0000 Service: . ==== System Restore Points =================== . RP72: 26.6.2012 г. 16:03:34 - Removed League of Legends RP73: 26.6.2012 г. 16:40:51 - Installed League of Legends . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.0 - Bulgarian Adobe Shockwave Player 11.6 Assassin's Creed Brotherhood avast! Free Antivirus Broadcom Gigabit NetLink Controller Call of Duty(R) 4 - Modern Warfare(TM) Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch CCleaner Cheat Engine 6.2 Counter Strike 1.6 FULL v44 Creation Master 11 Release 11.2 DAEMON Tools Lite Driver Genius Professional Edition EVEREST Ultimate Edition v5.50 F1 2010 FIFA 11 Fraps (remove only) GameRanger Garena Plus GLOBUL Connection Manager Google Земя Google Chrome Google Update Helper Grand Theft Auto IV HD Tune Pro 5.00 Intel(R) Management Engine Components IrfanView (remove only) Java Auto Updater Java(TM) 6 Update 31 K-Lite Codec Pack 8.4.0 (Full) KVIrc League of Legends Malwarebytes Anti-Malware, версия 1.60.0.1800 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft XML Parser mIRC Mozilla Firefox 13.0 (x86 bg) Mozilla Maintenance Service Nero 8 neroxml Nitro Reader 2 NVIDIA Control Panel 295.73 NVIDIA Graphics Driver 295.73 NVIDIA HD Audio Driver 1.3.12.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.0209 OpenAL Pando Media Booster Pandora Service PunkBuster Services Qualcomm Atheros Fast Reconnect Rapture3D 2.4.4 Game Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Revolt SCANIA Truck Driving Simulator 1.0.0 SimCity 4 Deluxe Skype™ 5.8 SopCast 3.5.0 SpeedFan (remove only) Steam SVD swMSM System Requirements Lab CYRI The KMPlayer (remove only) Timed Shutdown 0.5b Tunngle beta Ubisoft Game Launcher VCRedistSetup vloader-bg Winamp (remove only) Windows Live ID Sign-in Assistant WinRAR 4.11 (32-битова версия) . ==== Event Viewer Messages From Past Week ======== . 24.6.2012 г. 16:53:02, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 24.6.2012 г. 16:53:02, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 19.6.2012 г. 20:33:43, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File ===========================
    • Разглеждащи в момента   0 потребители

      Няма регистрирани потребители разглеждащи тази страница.

    • Дарение

    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.