Съмнение за вирус

19 май 201313 г.

съмнението ми се поражда от там че често влизам в сайтове в които гоогле чром

ми ги блокира и от извесно време имам проблеми с пускане на някой игри кaто ги пусна спират да работят като ги преинсталирам са си ok

DDs.txt

DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2Run by {Owner}Admincho at 18:23:52 on 2013-05-19Microsoft Windows XP Professional  5.1.2600.3.1251.359.1033.18.1023.296 [GMT 3:00]..============== Running Processes ================.C:WINDOWSsystem32nvsvc32.exeC:WINDOWSSystem32snmp.exeC:WINDOWSSystem32alg.exeC:WINDOWSExplorer.EXEC:Program FilesUnlockerUnlockerAssistant.exeC:WINDOWSsystem32rundll32.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesSkypePhoneSkype.exeC:Documents and Settings{Owner}AdminchoDesktopprocexp.exeC:Program FilesGoogleChromeApplicationchrome.exeC:Program FilesGoogleChromeApplicationchrome.exeC:Program FilesGoogleChromeApplicationchrome.exeC:Program FilesGoogleChromeApplicationchrome.exeC:Program FilesGoogleChromeApplicationchrome.exeC:Program FilesGoogleChromeApplicationchrome.exeC:Program FilesGoogleChromeApplicationchrome.exeC:Program FilesGoogleChromeApplicationchrome.exeE:Program FilesNotepad++notepad++.exeC:Documents and Settings{Owner}AdminchoDesktopdds.exeC:WINDOWSsystem32wbemwmiprvse.exeC:DOCUME~1{OWNER~1LOCALS~1Tempnsc12D.tmpPEV.DATC:WINDOWSSystem32svchost.exe -k netsvcsC:WINDOWSsystem32svchost.exe -k NetworkServiceC:WINDOWSsystem32svchost.exe -k LocalServiceC:WINDOWSsystem32svchost.exe -k LocalServiceC:WINDOWSsystem32svchost.exe -k imgsvcC:WINDOWSSystem32svchost.exe -k HTTPFilter.============== Pseudo HJT Report ===============.uStart Page = about:blankuInternet Connection Wizard,ShellNext = iexploreBHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:program filesjavajre7binssv.dllBHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesjavajre7binjp2ssv.dlluRun: [CTFMON.EXE] c:windowssystem32ctfmon.exeuRun: [uTorrent] "c:program filesutorrentuTorrent.exe"  /MINIMIZEDuRun: [Skype] "c:program filesskypephoneSkype.exe" /minimized /regrunmRun: [UnlockerAssistant] "c:program filesunlockerUnlockerAssistant.exe"mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInitmRun: [MSConfig] c:windowspchealthhelpctrbinariesMSConfig.exe /autodRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXEuExplorerRun: [Policies] c:windowssystem32windirCalc.exeuExplorerRun: [Policies] c:windowssystem32windirCalc.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoCDBurning = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:255mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exeLSP: REGEDIT4.LSP: [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetserviceswinsock2parametersprotocol_catalog9catalog_entries]LSP: [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetserviceswinsock2parametersprotocol_catalog9catalog_entriesLSP:   m33,32,mswsock2e,dllLSP:   LSP:   30,R1e,LLSP:   38,LSP:   ELSP:   e0,01,09,LSP:   <LSP:   f6,19,ff,c3,~r;93,A25,b5,d4,LSP:   Ha1,92,e9,03,LSP:   Ha1,92,ea,03,LSP:   bb,ff,LSP:   Ha1,92,eb,03,LSP:   m33,32,rsvpsp2e,dllLSP:   82,e6,9a,ec,03,LSP:   `ud0,0b,LSP:   iLSP:   01,LSP:   af6,90,|LSP:   f9,y01, e9,90,|hf6,90,|ff,ff,ff,ff,af6,90,|Njdd,w87,jLSP:   dd,w80,<_udc,0b,LSP:   01,@LSP:   eLSP:   2d,LSP:   34,LSP:   10,91,|db,01,91,|Xfd,y01,98,1a,1d,LSP:   dd,wcc,04,LSP:   01,04,LSP:   1c,LSP:   82,e6,9a,ed,03,LSP:   01,ff,Zdu LSP:   08,LSP:   91,|e8,H1e,01,LSP:   01,03,LSP:   pO0c,01,18,e5,o02,88,01,1c,LSP:   O0c,01,LSP:   fc,y01,18,05,1c,LSP:   af6,90,|XG1e,01,LSP:   Ha1,92,14,04,LSP:   35,LSP:   Ha1,92,15,04,LSP:   Ha1,92,16,04,LSP:   ALSP:   Ha1,92,17,04,LSP:   Ha1,92,18,04,LSP:   31,LSP:   32,LSP:   Ha1,92,19,04,LSP:   Ha1,92,1a,04,LSP:   33,LSP:   Ha1,92,1b,04,.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option...INFO: HKLM has more than 50 listed domains.   If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 192.168.1.1TCP: Interfaces{6C56B472-8AD6-4BD3-9328-A5E5DBC47158} : DHCPNameServer = 192.168.1.1SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dllLSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:program filesgooglechromeapplication26.0.1410.64installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromemASetup: {U73LQG80-3TXM-6848-3N7S-N511J7U5QY4W} - c:windowssystem32windirCalc.exe.================= FIREFOX ===================.FF - ProfilePath - .============= SERVICES / DRIVERS ===============.R0 mv61xxmm;mv61xxmm;c:windowssystem32driversmv61xxmm.sys [2012-7-12 13616]R0 mv64xxmm;mv64xxmm;c:windowssystem32driversmv64xxmm.sys [2012-7-12 5632]R0 mvxxmm;mvxxmm;c:windowssystem32driversmvxxmm.sys [2012-7-12 13616]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32driversdtsoftbus01.sys [2013-3-15 242240]R3 DFX11_1;DFX Audio Enhancer 11.1;c:windowssystem32driversdfx11_1.sys [2012-8-29 24424]R3 SNP325;USB PC Camera (SNPSTD325);c:windowssystem32driverssnp325.sys [2013-5-15 10343168]S0 cumon;cumon;c:windowssystem32driverscumon.sys --> c:windowssystem32driverscumon.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384]S2 gupdate;Услуга Google Update (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2012-12-24 116648]S2 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2013-2-28 161384]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32macromedflashFlashPlayerUpdateService.exe [2012-7-12 256904]S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2012-12-24 116648]S3 MozillaMaintenance;Mozilla Maintenance Service;c:program filesmozilla maintenance servicemaintenanceservice.exe [2013-4-19 115608]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsmicrosoft.netframeworkv4.0.30319wpfWPFFontCache_v0400.exe [2010-3-18 753504].=============== File Associations ===============.FileExt: .bat: batfile="%1" %*FileExt: .cmd: cmdfile="%1" %*FileExt: .com: comfile="%1" %*FileExt: .exe: exefile="%1" %*FileExt: .pif: piffile="%1" %*FileExt: .scr: scrfile="%1" /SFileExt: .reg: regfile=regedit.exe "%1"FileExt: .txt: txtfile=c:windowssystem32NOTEPAD.EXE %1FileExt: .chm: chm.file="c:windowshh.exe" %1FileExt: .ini: inifile=c:windowssystem32NOTEPAD.EXE %1FileExt: .inf: inffile=c:windowssystem32NOTEPAD.EXE %1.=============== Created Last 30 ================..==================== Find3M  ====================.2013-05-19 10:13:42 98304 -c--a-w- c:windowssystem32CmdLineExt.dll.=================== ROOTKIT  ====================.Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.netWindows 5.1.2600 Disk: ST340014A rev.3.06 -> Harddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-4 .device: opened successfullyuser: MBR read successfully.Disk trace:called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS 1 nt!IofCallDriver[0x804E37D5] -> DeviceHarddisk0DR0[0x86757AB8]3 CLASSPNP[0xF786EFD7] -> nt!IofCallDriver[0x804E37D5] -> Device00000055[0x8673D250]5 ACPI[0xF77E5620] -> nt!IofCallDriver[0x804E37D5] -> DeviceIdeIdeDeviceP0T0L0-4[0x8673FD98]kernel: MBR read successfully_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }user & kernel MBR OK .============= FINISH: 18:24:44,73 ===============

attach.txt

.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-09-30.01).Microsoft Windows XP ProfessionalBoot Device: DeviceHarddiskVolume1Install Date: 25.3.2013 г. 16:00:47System Uptime: 19.5.2013 г. 15:36:03 (3 hours ago).Motherboard:        |  | P4I45DProcessor:                 Intel(R) Celeron(R) CPU 2.00GHz | FC-478 | 2560/130mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 10 GiB total, 2,445 GiB free.D: is FIXED (NTFS) - 27 GiB total, 18,323 GiB free.E: is FIXED (NTFS) - 77 GiB total, 54,26 GiB free.F: is CDROM ()G: is CDROM ()H: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: Description: Device ID: ROOTLEGACY_SASKUTIL0000Manufacturer: Name: PNP Device ID: ROOTLEGACY_SASKUTIL0000Service: .==== System Restore Points ===================.RP73: 16.5.2013 г. 06:07:29 - Software Distribution Service 3.0RP74: 16.5.2013 г. 06:08:49 - Software Distribution Service 3.0RP75: 17.5.2013 г. 06:47:28 - System CheckpointRP76: 19.5.2013 г. 12:34:24 - Removed GTA San AndreasRP77: 19.5.2013 г. 12:35:31 - Installed GTA San AndreasRP78: 19.5.2013 г. 13:23:37 - Removed GTA San AndreasRP79: 19.5.2013 г. 14:20:57 - Installed GTA San Andreas.==== Installed Programs ======================.Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY.==== Event Viewer Messages From Past Week ========.The service did not respond to the start or control request in a timely fashion.protocols.protocols.protocols.19.5.2013 г. 16:19:33, error: Service Control Manager [7034]  - The Print Spooler service terminated unexpectedly.  It has done this 3 time(s).19.5.2013 г. 16:17:47, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.19.5.2013 г. 16:14:23, error: DCOM [10009]  - DCOM was unable to communicate with the computer system using any of the configured19.5.2013 г. 16:14:20, error: DCOM [10009]  - DCOM was unable to communicate with the computer system using any of the configured19.5.2013 г. 16:13:40, error: DCOM [10009]  - DCOM was unable to communicate with the computer system using any of the configured19.5.2013 г. 15:37:47, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 2 time(s).19.5.2013 г. 15:37:47, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 15:37:47, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.19.5.2013 г. 15:37:13, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 15:19:08, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.19.5.2013 г. 15:18:12, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 2 time(s).19.5.2013 г. 15:18:07, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 15:17:54, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 13:04:56, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 2 time(s).19.5.2013 г. 13:04:49, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 13:04:47, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.19.5.2013 г. 13:04:21, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 13:04:21, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.19.5.2013 г. 13:00:48, error: Service Control Manager [7031]  - The Remote Procedure Call (RPC) service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.19.5.2013 г. 13:00:26, error: Service Control Manager [7034]  - The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 13:00:23, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 13:00:19, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.19.5.2013 г. 12:59:59, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 12:56:04, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 12:55:46, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 12:40:57, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.19.5.2013 г. 12:36:25, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).17.5.2013 г. 19:57:06, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).16.5.2013 г. 20:56:09, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Steam Client Service service to connect.16.5.2013 г. 20:56:09, error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error: 16.5.2013 г. 06:07:43, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).15.5.2013 г. 19:46:45, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 1 time(s).14.5.2013 г. 14:51:34, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).13.5.2013 г. 08:41:49, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).13.5.2013 г. 08:41:45, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 2 time(s).13.5.2013 г. 08:41:29, error: System Error [1003]  - Error code 10000050, parameter1 ffefffff, parameter2 00000000, parameter3 ffefffff, parameter4 00000000.13.5.2013 г. 08:41:10, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 1 time(s).13.5.2013 г. 08:33:42, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s)..==== End Of File ===========================

Цитирай

19 май 201313 г.

Здравейте,

Машината ви е сериозно зарезена:

1. Изтеглете ComboFix от BleepingComputer
и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:

След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:

2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива.

3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.

4. ComboFix ще провери дали Windows Recovery Console e инсталиранa.

*Ако Windows Recovery Console не е инсталирана, ще е необходимо да използвате YES за инсталация на Windows Recovery Console
*Ако Windows Recovery Console е инсталирана, ComboFix ще продължи работата си.

Забележка: Необходимо е да сте свързани към Интернет за да може Windows Recovery Console да се изтегли.

След инсталация на Windows Recovery Console потвърдете с YES, за да продължите напред. Снимка:

5. ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на Combofix, моля да прочетете това: Manually restoring the Internet connection section.

6. Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:

Цитирай

20 май 201313 г.

Автор

ComboFix 13-05-18.04 - {Owner}Admincho 05.2013 г.   6:33.1.1 - x86Microsoft Windows XP Professional  5.1.2600.3.1251.359.1033.18.1023.456 [GMT 3:00]Running from: c:documents and settings{Owner}AdminchoDesktopComboFix.exe..(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))..c:documents and settingsAll Users.WINDOWSApplication DataTEMPc:documents and settingsAll Users.WINDOWSApplication DataTEMP07BF512B.TMPc:program filesWinPCapc:program filesWinPCapdaemon_mgm.exec:program filesWinPCapinstall.logc:program filesWinPCapnpf_mgm.exec:program filesWinPCaprpcapd.exec:program filesWinPCapUninstall.exec:windowssystem32URTTempc:windowssystem32URTTempregtlib.exe..(((((((((((((((((((((((((   Files Created from 2013-04-20 to 2013-05-20  )))))))))))))))))))))))))))))))..2013-05-15 16:51 . 2008-04-13 23:42 53760 -c--a-w- c:windowssystem32vfwwdm32.dll2013-05-15 16:48 . 2007-02-12 11:50 20480 -c--a-w- c:windowsFixCamera.exe2013-05-15 16:48 . 2006-07-03 07:31 94208 -c--a-w- c:windowsamcap.exe2013-05-15 16:48 . 2007-04-25 12:36 835584 -c--a-w- c:windowsvsnp325.exe2013-05-15 16:48 . 2007-04-21 06:30 270336 -c--a-w- c:windowstsnp325.exe2013-05-15 16:48 . 2007-04-26 08:03 10343168 -c--a-w- c:windowssystem32driverssnp325.sys2013-05-15 16:48 . 2013-05-15 16:48 -------- dc----w- c:program filesCommon Filessnp3252013-05-15 16:48 . 2007-04-24 12:40 57344 -c--a-w- c:windowssystem32vsnp325.dll2013-05-15 16:48 . 2006-04-12 09:11 147456 -c--a-w- c:windowssystem32rsnp325.dll2013-05-15 16:48 . 2005-11-23 10:55 53248 -c--a-w- c:windowssystem32csnp325.dll2013-05-15 16:47 . 2013-05-15 16:47 -------- dc----w- c:documents and settings{Owner}AdminchoApplication DataInstallShield2013-05-14 23:37 . 2013-05-14 23:37 9195912 -c--a-w- c:windowssystem32FlashPlayerInstaller.exe2013-05-08 11:25 . 2005-04-03 20:02 69714 -c--a-w- c:program filesCommon FilesInstallShieldProfessionalRunTime1100Intel32ctor.dll2013-05-08 11:25 . 2005-04-03 20:01 274432 -c--a-w- c:program filesCommon FilesInstallShieldProfessionalRunTime1100Intel32iscript.dll2013-05-08 11:25 . 2005-04-03 20:00 184320 -c--a-w- c:program filesCommon FilesInstallShieldProfessionalRunTime1100Intel32iuser.dll2013-05-08 11:25 . 2005-04-03 20:02 753664 -c--a-w- c:program filesCommon FilesInstallShieldProfessionalRunTime1100Intel32iKernel.dll2013-05-08 11:25 . 2013-05-08 11:25 200836 -c--a-w- c:program filesCommon FilesInstallShieldProfessionalRunTime1100Intel32iGdi.dll2013-05-08 11:25 . 2013-05-08 11:25 331908 -c--a-w- c:program filesCommon FilesInstallShieldProfessionalRunTime1100Intel32setup.dll2013-05-07 19:33 . 2013-05-07 19:33 -------- dc----w- c:program filesAIMP32013-05-07 14:41 . 2013-05-07 14:41 -------- dc----w- c:program filesC-Media2013-05-07 14:39 . 2013-05-07 14:41 -------- dc----w- c:documents and settings{Owner}AdminchoLocal SettingsApplication DataPMB Files2013-05-07 14:39 . 2013-05-07 14:40 -------- dc----w- c:documents and settingsAll Users.WINDOWSApplication DataPMB Files2013-05-07 14:31 . 2013-05-07 14:31 -------- dc----w- c:documents and settings{Owner}AdminchoApplication DataWinamp2013-05-07 14:30 . 2013-05-07 14:30 -------- dc----w- c:documents and settings{Owner}AdminchoApplication Datavlc2013-05-07 14:13 . 2013-05-07 14:13 -------- dc----w- c:documents and settings{Owner}AdminchoLocal SettingsApplication DataDFX2013-05-07 14:07 . 2013-05-11 15:42 -------- dc----w- c:program filesOApps2013-05-06 13:49 . 2013-05-06 13:49 -------- dc----w- c:documents and settings{Owner}AdminchoLocal SettingsApplication Datahttp___www.minecraftversi2013-05-06 08:03 . 2013-05-06 08:03 -------- dc----w- c:documents and settings{Owner}AdminchoLocal SettingsApplication DataFOMM2013-04-28 10:44 . 2013-05-19 10:13 98304 -c--a-w- c:windowssystem32CmdLineExt.dll2013-04-25 06:32 . 2013-04-25 06:32 -------- dc----w- c:documents and settings{Owner}AdminchoApplication DataTeewars2013-04-21 20:18 . 2013-04-11 14:22 770384 -c--a-w- c:windowssystem32msvcr100.dll2013-04-21 20:18 . 2013-04-11 14:22 421200 -c--a-w- c:windowssystem32msvcp100.dll2013-04-21 07:59 . 2013-04-04 02:35 94112 -c--a-w- c:windowssystem32WindowsAccessBridge.dll...((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-05-14 23:37 . 2012-07-12 12:35 692104 -c--a-w- c:windowssystem32FlashPlayerApp.exe2013-05-14 23:37 . 2012-07-12 12:35 71048 -c--a-w- c:windowssystem32FlashPlayerCPLApp.cpl2013-04-16 22:17 . 2012-07-12 12:36 920064 -c--a-w- c:windowssystem32wininet.dll2013-04-16 22:17 . 2012-07-12 12:36 43520 -c--a-w- c:windowssystem32licmgr10.dll2013-04-16 22:17 . 2012-07-12 12:36 1469440 -c--a-w- c:windowssystem32inetcpl.cpl2013-04-12 23:28 . 2012-07-12 12:36 385024 -c--a-w- c:windowssystem32html.iec2013-04-12 07:10 . 2013-04-12 07:10 348160 -c--a-w- c:windowssystem32msvcr71.dll2013-04-12 07:10 . 2013-04-12 07:10 1700352 -c--a-w- c:windowssystem32gdiplus.dll2013-04-12 07:10 . 2013-04-12 07:10 1060864 -c--a-w- c:windowssystem32mfc71.dll2013-04-10 01:31 . 2012-07-12 12:34 1876352 -c--a-w- c:windowssystem32win32k.sys2013-04-03 11:22 . 2013-03-15 15:13 242240 -c--a-w- c:windowssystem32driversdtsoftbus01.sys2013-03-25 15:56 . 2013-03-25 15:34 861088 -c--a-w- c:windowssystem32npDeployJava1.dll2013-03-25 15:56 . 2013-03-25 15:34 782240 -c--a-w- c:windowssystem32deployJava1.dll2013-03-11 22:10 . 2013-03-29 23:01 237088 -c----w- c:windowssystem32MpSigStub.exe2013-03-08 08:35 . 2012-07-12 12:35 293376 -c--a-w- c:windowssystem32winsrv.dll2013-03-07 03:23 . 2012-05-04 12:41 2070016 -c--a-w- c:windowssystem32ntkrnlpa.exe2013-03-07 01:31 . 2012-07-12 12:34 2193536 -c--a-w- c:windowssystem32ntoskrnl.exe..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[-] 2012-07-12 . E17798E1E6FF1CA9C67B8576570E05EE . 1614848 . . [5.1.2600.5512] . . c:windowssystem32sfcfiles.dll.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"uTorrent"="c:program filesuTorrentuTorrent.exe" [2013-05-05 802136]"Skype"="c:program filesSkypePhoneSkype.exe" [2013-02-28 18642024].[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"UnlockerAssistant"="c:program filesUnlockerUnlockerAssistant.exe" [2010-07-04 17408]"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2006-11-17 7700480]"nwiz"="nwiz.exe" [2006-11-17 1622016]"NvMediaCenter"="c:windowssystem32NvMcTray.dll" [2006-11-17 86016].[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 15360].[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]"MemCheckBoxInRunDlg"= 1 (0x1).[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]SecurityProviders msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregFixCamera]2007-02-12 11:50 20480 -c--a-w- c:windowsFixCamera.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGlary Memory Optimizer]2013-02-04 13:58 109344 -c--a-w- e:program filesGlary Utilitiesmemdefrag.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregsnp325]2007-04-25 12:36 835584 -c--a-w- c:windowsvsnp325.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]2013-03-12 04:32 253816 -c--a-w- c:program filesCommon FilesJavaJava Updatejusched.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregtsnp325]2007-04-21 06:30 270336 -c--a-w- c:windowstsnp325.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001.[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]"EnableFirewall"= 0 (0x0).[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]"%windir%Network Diagnosticxpnetdiag.exe"="%windir%system32sessmgr.exe"="c:Program FilesuTorrentuTorrent.exe"="c:Program FilesSkypePhoneSkype.exe"="e:ValveGarry's Modhl2.exe"="e:ValveGarry's Modsrcds.exe"="e:Cracked SteamSteam.exe"=.R0 mv61xxmm;mv61xxmm;c:windowssystem32driversmv61xxmm.sys [12.7.2012 г. 15:44 13616]R0 mv64xxmm;mv64xxmm;c:windowssystem32driversmv64xxmm.sys [12.7.2012 г. 15:44 5632]R0 mvxxmm;mvxxmm;c:windowssystem32driversmvxxmm.sys [12.7.2012 г. 15:44 13616]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32driversdtsoftbus01.sys [15.3.2013 г. 18:13 242240]R3 DFX11_1;DFX Audio Enhancer 11.1;c:windowssystem32driversdfx11_1.sys [29.8.2012 г. 20:46 24424]R3 SNP325;USB PC Camera (SNPSTD325);c:windowssystem32driverssnp325.sys [15.5.2013 г. 19:48 10343168]S0 cumon;cumon;c:windowssystem32driverscumon.sys --> c:windowssystem32driverscumon.sys [?]S2 SkypeUpdate;Skype Updater;c:program filesSkypeUpdaterUpdater.exe [28.2.2013 г. 18:45 161384].--- Other Services/Drivers In Memory ---.*Deregistered* - PROCEXP152.[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-04-11 03:52 1642448 -c--a-w- c:program filesGoogleChromeApplication26.0.1410.64Installerchrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-05-20 c:windowsTasksAdobe Flash Player Updater.job- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-07-12 23:37].2013-04-12 c:windowsTasksAuslogics BoostSpeed Integrator Start On {Owner}Admincho Logon.job- d:program filesAuslogicsAuslogics BoostSpeedBoostSpeed.exe [2013-04-03 09:19].2013-05-05 c:windowsTasksGoogleUpdateTaskMachineCore.job- c:program filesGoogleUpdateGoogleUpdate.exe [2012-12-24 17:21].2013-05-05 c:windowsTasksGoogleUpdateTaskMachineUA.job- c:program filesGoogleUpdateGoogleUpdate.exe [2012-12-24 17:21]..------- Supplementary Scan -------.uStart Page = about:blankuInternet Connection Wizard,ShellNext = iexploreTCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - ..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-05-20 06:41Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ...  .scanning hidden autostart entries ... .scanning hidden files ...  .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_202_ActiveX.exe,-101".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_202_ActiveX.exe".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".Completion time: 2013-05-20  06:43:58ComboFix-quarantined-files.txt  2013-05-20 03:43.Pre-Run: 2 535 247 872 bytes freePost-Run: 2 752 360 448 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS[operating systems]c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /maxmem=1024 /numproc=1 /pcilock.- - End Of File - - 371D3268E85CE162E0612E07C275B7AE

нямам анти-вирусна като сложа каквато и да е почва да ми се забавя пускането на каквото и да е

и без да искам го минах с "Advanced mode" на DDS

Редактирано 20 май 201313 г. от rokis (преглед на промените)

Цитирай

20 май 201313 г.

Нещо не ми харесват логовете...по-специално MBR секцията.

Моля изтеглете последната версия на TDSSKiller оттук и я запазете на вашия декстоп.

[*]Стартирайте

TDSSKiller.exe за да стартирате приложението. След това кликнете върху бутона Change parameters.

[*]Сложете отметка през Loaded Modules.

[*]Необходим е рестарт за осъществяване на промените. Направете го! [*]TDSSKiller ще стартира автоматично след рестарта. Важно е да се отбележи, че вашия компютър може да изглежда по-бавен, на моменти неизползваем и с по-ниска производителност. Това е нормално и ще трае само един рестарт. Дайте му достатъчно време да зареди приложенията стартиращи с Операционната Система във фонов режим. [*]След това натиснете Change parameters в TDSSKiller отново. [*]Сложете всички отметки (този път рестарт не се изисква).

[*]Натиснете бутона Start Scan.

[*]Проверката не би трябвало да отмене повече от 2 minutes. [*]Ако подозрителен обект бъде засечен, действието по подразбиране ще бъде Skip, кликнете върху Continue.

[*]Ако зловредни обекти бъдат намерени, тогава от падащото меню ще имате три възможности.
Бъдете сигурни, че избраното действие е Cure и натиснете върху Continue > Рестартирайте за да бъде завършена поправката.

Забележка: Ако Cure бутона не е наличен от възможностите, тогава моля изберете Skip бутона, не избирайте Delete освен ако не сте инструктирани затова. [*]Лог файл ще бъде създаден в свободната директория на дял C: . Потърсете за лог с името "TDSSKiller.[Version]_[Date]_[Time]_log.txt" и копирайте съдържанието му в следващия си пост.

Цитирай

20 май 201313 г.

Автор

Здр от както почнахме почна да ми зарежда бавно интернет страниците

и другото е че има два .log

ето първия той е кратък

14:31:55.0453 2448  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:4214:31:56.0031 2448  ============================================================14:31:56.0031 2448  Current date / time: 2013/05/20 14:31:56.003114:31:56.0031 2448  SystemInfo:14:31:56.0031 2448  14:31:56.0031 2448  OS Version: 5.1.2600 ServicePack: 3.014:31:56.0031 2448  Product type: Workstation14:31:56.0031 2448  ComputerName: GPD14:31:56.0031 2448  UserName: {Owner}Admincho14:31:56.0031 2448  Windows directory: C:WINDOWS14:31:56.0031 2448  System windows directory: C:WINDOWS14:31:56.0031 2448  Processor architecture: Intel x8614:31:56.0031 2448  Number of processors: 114:31:56.0031 2448  Page size: 0x100014:31:56.0031 2448  Boot type: Normal boot14:31:56.0031 2448  ============================================================14:31:58.0875 2448  Drive DeviceHarddisk0DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005414:31:58.0890 2448  Drive DeviceHarddisk1DR1 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005414:31:58.0890 2448  ============================================================14:31:58.0890 2448  DeviceHarddisk0DR0:14:31:58.0890 2448  MBR partitions:14:31:58.0890 2448  DeviceHarddisk0DR0Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x13FE59A14:31:58.0906 2448  DeviceHarddisk0DR0Partition2: MBR, Type 0x7, StartLBA 0x13FE618, BlocksNum 0x3686CE814:31:58.0906 2448  DeviceHarddisk1DR1:14:31:58.0906 2448  MBR partitions:14:31:58.0906 2448  DeviceHarddisk1DR1Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x995C65B14:31:58.0906 2448  ============================================================14:31:58.0921 2448  C: <-> DeviceHarddisk0DR0Partition114:31:58.0968 2448  D: <-> DeviceHarddisk0DR0Partition214:31:58.0984 2448  E: <-> DeviceHarddisk1DR1Partition114:31:58.0984 2448  ============================================================14:31:58.0984 2448  Initialize success14:31:58.0984 2448  ============================================================14:34:59.0109 2776  Deinitialize success

ето и втория той е доста голям
мммммм не мога да го напиша много е голям затова го прекачвам

http://dox.bg/files/dw?a=c896d94b6e

и нямаше възможност да избера Cure

Цитирай

20 май 201313 г.

Бави не заради инструментите, а заради прецакани LSP записи:

СТЪПКА 1

Моля изтеглете Farbar Service Scanner и я стартирайте.

[*]Сложете

всички отметки и натиснете бутона "Scan". [*]Ще се създаде лог файл с името (FSS.txt) в папката откъдето стартирате инструмента. [*]Прикачете лог файла в следващия си пост.

СТЪПКА 2

[*]Изтеглете

MiniToolBox.exe и го запазете на десктопа. [*]Сложете всички отметки и натиснете Go. [*]Прикачете лог файла Result.txt в следващия си пост.

СТЪПКА 3

[*]Отворете

следния сайт и изтеглете RKill.exe и ги запазете на вашия десктоп. [*]Стартирате програмата с двоен клик върху файла и изчакайте търпеливо. [*]След приключване на проверката ще се генерира лог файл с извършените процедури. [*]Прикачете лог файла в следващия си пост.

СТЪПКА 4

[*]Моля, изтеглете

SystemLook.exe и запазете програмата на десктопа. [*]Кликнете два пъти върху SystemLook.exe, за да стартирате програмата. [*]Копирайте съдържанието на следния код в текстовото поле на програмата.

:filefind
Calc.exe
:dir
c:windowssystem32windir /sub /md5
:regfind
U73LQG80-3TXM-6848-3N7S-N511J7U5QY4W
Calc.exe
:reg
HKEY_CURRENT_USERsoftwaremicrosoftwindowsCurrentversionpoliciesexplorerRun /s
HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components /s
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomains /s
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomains /s
HKLMSystemCurrentControlSetServicesWinsock /s
HKLMSystemCurrentControlSetServicesWinsock2 /s

[*]Кликнете на бутона Look, за да започне сканирането. [*]Когато сканирането завърши ще Ви се отвори Notepad с резултата от сканирането. [*]Моля, прикачете лог файла в следващия си коментар.

Цитирай

20 май 201313 г.

Автор

стъпка 1

http://dox.bg/files/dw?a=ef26d88f71

стъпка 2

http://dox.bg/files/dw?a=beb9a17204

стъпка 3 -има бъг

http://dox.bg/files/dw?a=e451b4fcf1 снимка

http://dox.bg/files/dw?a=d0af8d311c лог

стъпка 4

http://dox.bg/files/dw?a=15822db43d

много бавно се качват в дох затова се забавих

Цитирай

21 май 201313 г.

СТЪПКА 1

[*]Изтеглете

DeFogger от тук и го запазете на десктопа. [*]Стартирайте DeFogger с двоен клик на иконата и натиснете бутона Disable, за да забраните временно CD емулиращите драйвери. [*]След въпроса дали искате да продължите, натиснете Yes. [*]Когато програмата завърши работата си, ще се появи надпис Finished!. Натиснете ОК за изход от програмата. [*]Ако CD емулиращите програми са забранени, ще бъде зададен въпрос за рестарт (reboot). Разрешете рестарта с ОК.

СТЪПКА 2

Изтеглете този файл и го запазете на десктопа.

Отворете Notepad.exe и се уверете, че пред Format => няма отметка пред Word Wrap (ако има я махнете).

С copy/paste въведете следната информация:

@echo Unpacking files ...
@echo (This window will close when it's done)
@echo off
MKdir C:SP3
WindowsXP-KB936929-SP3-x86-ENU.exe -x: C:SP3 /quiet
cd C:SP3i386
expand sfcfiles.dl_ C:SP3sfcfiles.dll

Запазете файла с името expand.bat и го стартирайте.
Ще се създаде папка на C: с името SP3.

Изтеглете Combofix и го запазете на десктопа.
След това отново отворете notepad и с copy/paste поставете следната информация:

Fcopy::
C:SP3sfcfiles.dll | c:windowssystem32sfcfiles.dll

Registry::
[-HKEY_CURRENT_USERSoftwareMicrosoftActive SetupInstalled Components{U73LQG80-3TXM-6848-3N7S-N511J7U5QY4W}]
[-HKEY_USERSS-1-5-21-57989841-616249376-1606980848-1003SoftwareMicrosoftActive SetupInstalled Components{U73LQG80-3TXM-6848-3N7S-N511J7U5QY4W}]

Запазете файла с име CFScript и го провлачете и пуснете в Combofix (както на картинката отдолу):

Публикувайте лог файл в следващия си пост.

СТЪПКА 3

Изтеглете Complete Internet Repair и го запазете на десктопа.

Стартирайте файла CIntRep.exe и сложете всички отметки.

Натиснете бутона GO и изчакайте работата да приключи.

Ще поиска рестарт...съгласете се.

След рестарта публикувайте нов лог от DDS.

СТЪПКА 4

Изтеглете Malwarebytes' Anti-Malware

[*]Кликнете два пъти върху

mbam-setup.exe, за да инсталирате програмата. [*]Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish. [*]Ако има намерени обновявания, тя ще ги изтегли и инсталира. [*]Стартирайте програмата и изберете "Perform Quick Scan", след това кликнете на Scan. [*]Сканирането ще отнеме малко време, затова моля да бъдете търпеливи. [*]Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата. [*]Уверете се, че на всички редове има отметки, и кликнете на Remove Selected. [*]Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. [*]Прикачете този лог в следващия си коментар в темата.

Забележка: Ако MalwareBytes'Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поискада рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

СТЪПКА 5

1) Изтеглете: ESET Online Scanner
2) Стартирайте esetsmartinstaller_enu.exe
3) Сложете отметка на YES, I accept the Terms of Use и изберете Start
4) Скенерът ще започне да изтегля компонентите, които са му необходими.
5) Уверете се, че има отметки на следните редове, включително и тези от менюто Advanced Settings:

[*]

Scan archives [*]Scan for potentially unwanted applications [*]Scan for potentially unsafe applications [*]Enable Anti-Stealth technology

Уверете се че, Remove found threats няма отметка!

И накрая изберете Start

6) Скенерът ще започне да изтегля последните дефиниции.
7) След, като сканирането завърши изберете Finish.
8) Отидете в: C:Program FilesESETESET Online Scanner.

9) Прикачете лог с името log.txt файла в следващия си пост.

Цитирай

21 май 201313 г.

Автор

1. пусна се но не ми е поиска рестарт

2. ето

ComboFix 13-05-20.01 - {Owner}Admincho 05.2013 г.  15:33:32.2.1 - x86Microsoft Windows XP Professional  5.1.2600.3.1251.359.1033.18.1023.325 [GMT 3:00]Running from: c:documents and settings{Owner}AdminchoDesktopComboFixexe.exeCommand switches used :: c:documents and settings{Owner}AdminchoDesktopCFScript.txt..(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))...--------------- FCopy ---------------.c:sp3sfcfiles.dll --> c:windowssystem32sfcfiles.dll.(((((((((((((((((((((((((   Files Created from 2013-04-21 to 2013-05-21  )))))))))))))))))))))))))))))))..2013-05-21 12:23 . 2013-05-21 12:25 -------- dc----w- C:SP32013-05-15 16:51 . 2008-04-13 23:42 53760 -c--a-w- c:windowssystem32vfwwdm32.dll2013-05-15 16:48 . 2007-02-12 11:50 20480 -c--a-w- c:windowsFixCamera.exe2013-05-15 16:48 . 2006-07-03 07:31 94208 -c--a-w- c:windowsamcap.exe2013-05-15 16:48 . 2007-04-25 12:36 835584 -c--a-w- c:windowsvsnp325.exe2013-05-15 16:48 . 2007-04-21 06:30 270336 -c--a-w- c:windowstsnp325.exe2013-05-15 16:48 . 2007-04-26 08:03 10343168 -c--a-w- c:windowssystem32driverssnp325.sys2013-05-15 16:48 . 2013-05-15 16:48 -------- dc----w- c:program filesCommon Filessnp3252013-05-15 16:48 . 2007-04-24 12:40 57344 -c--a-w- c:windowssystem32vsnp325.dll2013-05-15 16:48 . 2006-04-12 09:11 147456 -c--a-w- c:windowssystem32rsnp325.dll2013-05-15 16:48 . 2005-11-23 10:55 53248 -c--a-w- c:windowssystem32csnp325.dll2013-05-15 16:47 . 2013-05-15 16:47 -------- dc----w- c:documents and settings{Owner}AdminchoApplication DataInstallShield2013-05-14 23:37 . 2013-05-14 23:37 9195912 -c--a-w- c:windowssystem32FlashPlayerInstaller.exe2013-05-08 11:25 . 2005-04-03 20:02 69714 -c--a-w- c:program filesCommon FilesInstallShieldProfessionalRunTime1100Intel32ctor.dll2013-05-08 11:25 . 2005-04-03 20:01 274432 -c--a-w- c:program filesCommon FilesInstallShieldProfessionalRunTime1100Intel32iscript.dll2013-05-08 11:25 . 2005-04-03 20:00 184320 -c--a-w- c:program filesCommon FilesInstallShieldProfessionalRunTime1100Intel32iuser.dll2013-05-08 11:25 . 2005-04-03 20:02 753664 -c--a-w- c:program filesCommon FilesInstallShieldProfessionalRunTime1100Intel32iKernel.dll2013-05-08 11:25 . 2013-05-08 11:25 200836 -c--a-w- c:program filesCommon FilesInstallShieldProfessionalRunTime1100Intel32iGdi.dll2013-05-08 11:25 . 2013-05-08 11:25 331908 -c--a-w- c:program filesCommon FilesInstallShieldProfessionalRunTime1100Intel32setup.dll2013-05-07 19:33 . 2013-05-07 19:33 -------- dc----w- c:program filesAIMP32013-05-07 14:41 . 2013-05-07 14:41 -------- dc----w- c:program filesC-Media2013-05-07 14:39 . 2013-05-07 14:41 -------- dc----w- c:documents and settings{Owner}AdminchoLocal SettingsApplication DataPMB Files2013-05-07 14:39 . 2013-05-07 14:40 -------- dc----w- c:documents and settingsAll Users.WINDOWSApplication DataPMB Files2013-05-07 14:13 . 2013-05-07 14:13 -------- dc----w- c:documents and settings{Owner}AdminchoLocal SettingsApplication DataDFX2013-05-07 14:07 . 2013-05-11 15:42 -------- dc----w- c:program filesOApps2013-05-06 13:49 . 2013-05-06 13:49 -------- dc----w- c:documents and settings{Owner}AdminchoLocal SettingsApplication Datahttp___www.minecraftversi2013-05-06 08:03 . 2013-05-06 08:03 -------- dc----w- c:documents and settings{Owner}AdminchoLocal SettingsApplication DataFOMM2013-04-28 10:44 . 2013-05-19 10:13 98304 -c--a-w- c:windowssystem32CmdLineExt.dll2013-04-21 20:18 . 2013-04-11 14:22 770384 -c--a-w- c:windowssystem32msvcr100.dll2013-04-21 20:18 . 2013-04-11 14:22 421200 -c--a-w- c:windowssystem32msvcp100.dll...((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-05-14 23:37 . 2012-07-12 12:35 692104 -c--a-w- c:windowssystem32FlashPlayerApp.exe2013-05-14 23:37 . 2012-07-12 12:35 71048 -c--a-w- c:windowssystem32FlashPlayerCPLApp.cpl2013-04-16 22:17 . 2012-07-12 12:36 920064 -c--a-w- c:windowssystem32wininet.dll2013-04-16 22:17 . 2012-07-12 12:36 43520 -c--a-w- c:windowssystem32licmgr10.dll2013-04-16 22:17 . 2012-07-12 12:36 1469440 -c--a-w- c:windowssystem32inetcpl.cpl2013-04-12 23:28 . 2012-07-12 12:36 385024 -c--a-w- c:windowssystem32html.iec2013-04-12 07:10 . 2013-04-12 07:10 348160 -c--a-w- c:windowssystem32msvcr71.dll2013-04-12 07:10 . 2013-04-12 07:10 1700352 -c--a-w- c:windowssystem32gdiplus.dll2013-04-12 07:10 . 2013-04-12 07:10 1060864 -c--a-w- c:windowssystem32mfc71.dll2013-04-10 01:31 . 2012-07-12 12:34 1876352 -c--a-w- c:windowssystem32win32k.sys2013-04-04 02:35 . 2013-04-21 07:59 94112 -c--a-w- c:windowssystem32WindowsAccessBridge.dll2013-04-03 11:22 . 2013-03-15 15:13 242240 -c--a-w- c:windowssystem32driversdtsoftbus01.sys2013-03-25 15:56 . 2013-03-25 15:34 861088 -c--a-w- c:windowssystem32npDeployJava1.dll2013-03-25 15:56 . 2013-03-25 15:34 782240 -c--a-w- c:windowssystem32deployJava1.dll2013-03-11 22:10 . 2013-03-29 23:01 237088 -c----w- c:windowssystem32MpSigStub.exe2013-03-08 08:35 . 2012-07-12 12:35 293376 -c--a-w- c:windowssystem32winsrv.dll2013-03-07 03:23 . 2012-05-04 12:41 2070016 -c--a-w- c:windowssystem32ntkrnlpa.exe2013-03-07 01:31 . 2012-07-12 12:34 2193536 -c--a-w- c:windowssystem32ntoskrnl.exe..(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"uTorrent"="c:program filesuTorrentuTorrent.exe" [2013-05-05 802136]"Skype"="c:program filesSkypePhoneSkype.exe" [2013-02-28 18642024].[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"UnlockerAssistant"="c:program filesUnlockerUnlockerAssistant.exe" [2010-07-04 17408]"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2006-11-17 7700480]"nwiz"="nwiz.exe" [2006-11-17 1622016]"NvMediaCenter"="c:windowssystem32NvMcTray.dll" [2006-11-17 86016].[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 15360].[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]"MemCheckBoxInRunDlg"= 1 (0x1).[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]SecurityProviders msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregFixCamera]2007-02-12 11:50 20480 -c--a-w- c:windowsFixCamera.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGlary Memory Optimizer]2013-02-04 13:58 109344 -c--a-w- e:program filesGlary Utilitiesmemdefrag.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregsnp325]2007-04-25 12:36 835584 -c--a-w- c:windowsvsnp325.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]2013-03-12 04:32 253816 -c--a-w- c:program filesCommon FilesJavaJava Updatejusched.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregtsnp325]2007-04-21 06:30 270336 -c--a-w- c:windowstsnp325.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001.[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]"EnableFirewall"= 0 (0x0).[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]"%windir%Network Diagnosticxpnetdiag.exe"="%windir%system32sessmgr.exe"="c:Program FilesuTorrentuTorrent.exe"="c:Program FilesSkypePhoneSkype.exe"="e:ValveGarry's Modhl2.exe"="e:ValveGarry's Modsrcds.exe"="e:Cracked SteamSteam.exe"=.R0 mv61xxmm;mv61xxmm;c:windowssystem32driversmv61xxmm.sys [12.7.2012 г. 15:44 13616]R0 mv64xxmm;mv64xxmm;c:windowssystem32driversmv64xxmm.sys [12.7.2012 г. 15:44 5632]R0 mvxxmm;mvxxmm;c:windowssystem32driversmvxxmm.sys [12.7.2012 г. 15:44 13616]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32driversdtsoftbus01.sys [15.3.2013 г. 18:13 242240]R3 DFX11_1;DFX Audio Enhancer 11.1;c:windowssystem32driversdfx11_1.sys [29.8.2012 г. 20:46 24424]S0 cumon;cumon;c:windowssystem32driverscumon.sys --> c:windowssystem32driverscumon.sys [?]S3 SNP325;USB PC Camera (SNPSTD325);c:windowssystem32driverssnp325.sys [15.5.2013 г. 19:48 10343168].--- Other Services/Drivers In Memory ---.*Deregistered* - PROCEXP152.[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-04-11 03:52 1642448 -c--a-w- c:program filesGoogleChromeApplication26.0.1410.64Installerchrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-05-21 c:windowsTasksAdobe Flash Player Updater.job- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-07-12 23:37].2013-04-12 c:windowsTasksAuslogics BoostSpeed Integrator Start On {Owner}Admincho Logon.job- d:program filesAuslogicsAuslogics BoostSpeedBoostSpeed.exe [2013-04-03 09:19].2013-05-05 c:windowsTasksGoogleUpdateTaskMachineCore.job- c:program filesGoogleUpdateGoogleUpdate.exe [2012-12-24 17:21].2013-05-05 c:windowsTasksGoogleUpdateTaskMachineUA.job- c:program filesGoogleUpdateGoogleUpdate.exe [2012-12-24 17:21]..------- Supplementary Scan -------.uStart Page = about:blankuInternet Connection Wizard,ShellNext = iexploreTCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - .- - - - ORPHANS REMOVED - - - -.SafeBoot-38367752.sys...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-05-21 15:45Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ...  .scanning hidden autostart entries ... .scanning hidden files ...  .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_202_ActiveX.exe,-101".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_202_ActiveX.exe".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(304)c:windowssystem32WININET.dllc:windowssystem32nview.dllc:windowssystem32ieframe.dllc:windowssystem32nvwddi.dllc:windowssystem32webcheck.dll.Completion time: 2013-05-21  15:49:21ComboFix-quarantined-files.txt  2013-05-21 12:49ComboFix2.txt  2013-05-20 03:43.Pre-Run: 1 951 645 696 bytes freePost-Run: 1 954 799 616 bytes free.- - End Of File - - 2832CCABA2F8FF7DFB4EE0DD755F0991

DDS:

DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2Run by {Owner}Admincho at 16:02:42 on 2013-05-21#Option Extended Search is enabled.Microsoft Windows XP Professional  5.1.2600.3.1251.359.1033.18.1023.333 [GMT 3:00]..============== Running Processes ================.C:WINDOWSsystem32spoolsv.exeC:WINDOWSExplorer.EXEC:Program FilesUnlockerUnlockerAssistant.exeC:Program FilesuTorrentuTorrent.exeC:Program FilesSkypePhoneSkype.exeC:WINDOWSsystem32rundll32.exeC:Program FilesJavajre7binjqs.exeC:WINDOWSsystem32nvsvc32.exeC:Program FilesGoogleUpdateGoogleUpdate.exeC:WINDOWSSystem32snmp.exeC:WINDOWSsystem32wuauclt.exeC:WINDOWSSystem32alg.exeC:Program FilesGoogleChromeApplicationchrome.exeC:Program FilesGoogleChromeApplicationchrome.exeC:Program FilesGoogleChromeApplicationchrome.exeC:Program FilesGoogleChromeApplicationchrome.exeC:Program FilesGoogleChromeApplicationchrome.exeC:Program FilesGoogleChromeApplicationchrome.exeC:Documents and Settings{Owner}AdminchoDesktopdds.exeC:WINDOWSsystem32wbemwmiprvse.exeC:DOCUME~1{OWNER~1LOCALS~1Tempnsl19.tmpPEV.DATC:WINDOWSsystem32svchost.exe -k DcomLaunchC:WINDOWSsystem32svchost.exe -k rpcssC:WINDOWSSystem32svchost.exe -k netsvcsC:WINDOWSsystem32svchost.exe -k NetworkServiceC:WINDOWSsystem32svchost.exe -k LocalServiceC:WINDOWSsystem32svchost.exe -k LocalServiceC:WINDOWSsystem32svchost.exe -k imgsvcC:WINDOWSSystem32svchost.exe -k HTTPFilter.============== Pseudo HJT Report ===============.uStart Page = about:blankuInternet Connection Wizard,ShellNext = iexploreBHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:program filesjavajre7binssv.dllBHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesjavajre7binjp2ssv.dlluRun: [uTorrent] "c:program filesutorrentuTorrent.exe"  /MINIMIZEDuRun: [Skype] "c:program filesskypephoneSkype.exe" /minimized /regrunmRun: [UnlockerAssistant] "c:program filesunlockerUnlockerAssistant.exe"mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInitdRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXEuPolicies-Explorer: NoDriveTypeAutoRun = dword:323uPolicies-Explorer: NoCDBurning = dword:1uPolicies-Explorer: NoDriveAutoRun = dword:67108863uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:323mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1mPolicies-Explorer: NoDriveAutoRun = dword:67108863mPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:323mPolicies-Explorer: NoDriveAutoRun = dword:67108863IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exeTCP: NameServer = 192.168.1.1TCP: Interfaces{6C56B472-8AD6-4BD3-9328-A5E5DBC47158} : DHCPNameServer = 192.168.1.1SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dllLSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:program filesgooglechromeapplication26.0.1410.64installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.================= FIREFOX ===================.FF - ProfilePath - .============= SERVICES / DRIVERS ===============.R0 mv61xxmm;mv61xxmm;c:windowssystem32driversmv61xxmm.sys [2012-7-12 13616]R0 mv64xxmm;mv64xxmm;c:windowssystem32driversmv64xxmm.sys [2012-7-12 5632]R0 mvxxmm;mvxxmm;c:windowssystem32driversmvxxmm.sys [2012-7-12 13616]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32driversdtsoftbus01.sys [2013-3-15 242240]R3 DFX11_1;DFX Audio Enhancer 11.1;c:windowssystem32driversdfx11_1.sys [2012-8-29 24424]S0 cumon;cumon;c:windowssystem32driverscumon.sys --> c:windowssystem32driverscumon.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384]S2 gupdate;Услуга Google Update (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2012-12-24 116648]S2 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2013-2-28 161384]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32macromedflashFlashPlayerUpdateService.exe [2012-7-12 256904]S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2012-12-24 116648]S3 MozillaMaintenance;Mozilla Maintenance Service;c:program filesmozilla maintenance servicemaintenanceservice.exe [2013-4-19 115608]S3 SNP325;USB PC Camera (SNPSTD325);c:windowssystem32driverssnp325.sys [2013-5-15 10343168]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsmicrosoft.netframeworkv4.0.30319wpfWPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 60 ================.2013-05-21 12:56:44 -------- dc-h--r- c:documents and settings{owner}adminchoRecent2013-05-21 12:29:15 -------- dc----w- C:ComboFixexe2013-05-21 12:23:03 -------- dc----w- C:SP32013-05-20 03:31:51 -------- dcsha-r- C:cmdcons2013-05-20 03:29:53 98816 -c--a-w- c:windowssed.exe2013-05-20 03:29:53 256000 -c--a-w- c:windowsPEV.exe2013-05-20 03:29:53 208896 -c--a-w- c:windowsMBR.exe2013-05-15 16:51:16 53760 -c--a-w- c:windowssystem32vfwwdm32.dll2013-05-15 16:48:25 94208 -c--a-w- c:windowsamcap.exe2013-05-15 16:48:25 20480 -c--a-w- c:windowsFixCamera.exe2013-05-15 16:48:20 835584 -c--a-w- c:windowsvsnp325.exe2013-05-15 16:48:20 270336 -c--a-w- c:windowstsnp325.exe2013-05-15 16:48:19 10343168 -c--a-w- c:windowssystem32driverssnp325.sys2013-05-15 16:48:18 57344 -c--a-w- c:windowssystem32vsnp325.dll2013-05-15 16:48:18 53248 -c--a-w- c:windowssystem32csnp325.dll2013-05-15 16:48:18 147456 -c--a-w- c:windowssystem32rsnp325.dll2013-05-15 16:48:18 -------- dc----w- c:program filescommon filessnp3252013-05-15 16:47:42 -------- dc----w- c:documents and settings{owner}adminchoapplication dataInstallShield2013-05-14 23:37:08 9195912 -c--a-w- c:windowssystem32FlashPlayerInstaller.exe2013-05-08 11:25:17 69714 -c--a-w- c:program filescommon filesinstallshieldprofessionalruntime1100intel32ctor.dll2013-05-08 11:25:17 274432 -c--a-w- c:program filescommon filesinstallshieldprofessionalruntime1100intel32iscript.dll2013-05-08 11:25:17 184320 -c--a-w- c:program filescommon filesinstallshieldprofessionalruntime1100intel32iuser.dll2013-05-08 11:25:16 753664 -c--a-w- c:program filescommon filesinstallshieldprofessionalruntime1100intel32iKernel.dll2013-05-08 11:25:12 200836 -c--a-w- c:program filescommon filesinstallshieldprofessionalruntime1100intel32iGdi.dll2013-05-08 11:25:11 331908 -c--a-w- c:program filescommon filesinstallshieldprofessionalruntime1100intel32setup.dll2013-05-07 19:33:01 -------- dc----w- c:program filesAIMP32013-05-07 14:41:21 -------- dc----w- c:program filesC-Media2013-05-07 14:39:44 -------- dc----w- c:documents and settings{owner}admincholocal settingsapplication dataPMB Files2013-05-07 14:39:43 -------- dc----w- c:documents and settingsall users.windowsapplication dataPMB Files2013-05-07 14:13:57 -------- dc----w- c:documents and settings{owner}admincholocal settingsapplication dataDFX2013-05-07 14:07:31 -------- dc----w- c:program filesOApps2013-05-06 13:49:14 -------- dc----w- c:documents and settings{owner}admincholocal settingsapplication datahttp___www.minecraftversi2013-05-06 08:03:59 -------- dc----w- c:documents and settings{owner}admincholocal settingsapplication dataFOMM2013-04-28 10:44:53 98304 -c--a-w- c:windowssystem32CmdLineExt.dll2013-04-21 20:18:03 770384 -c--a-w- c:windowssystem32msvcr100.dll2013-04-21 20:18:03 421200 -c--a-w- c:windowssystem32msvcp100.dll2013-04-21 07:59:49 94112 -c--a-w- c:windowssystem32WindowsAccessBridge.dll2013-04-19 07:49:44 -------- dc----w- c:documents and settings{owner}admincholocal settingsapplication dataMozilla2013-04-19 07:49:44 -------- dc----w- c:documents and settings{owner}adminchoapplication dataMozilla2013-04-19 07:49:33 -------- dc----w- c:program filesMozilla Maintenance Service2013-04-14 15:55:46 5632 -c--a-w- c:program filescommon filesinstallshieldprofessionalruntime1050intel32DotNetInstaller.exe2013-04-12 19:52:57 -------- dc----w- c:windowssystem32wbemrepositoryFS2013-04-12 19:52:57 -------- dc----w- c:windowssystem32wbemRepository2013-04-12 09:14:16 76102 -c--a-w- c:windowssystem32driversfvstore.dat2013-04-12 07:22:37 222177 -c--a-w- c:windowssystem32driverssfi.dat2013-04-12 07:17:35 -------- dc----w- c:documents and settingsall users.windowsapplication dataComodo Downloader2013-04-12 07:12:46 -------- dc----w- c:documents and settingsall users.windowsapplication dataCOMODO2013-04-12 07:10:19 348160 -c--a-w- c:windowssystem32msvcr71.dll2013-04-12 07:10:19 1700352 -c--a-w- c:windowssystem32gdiplus.dll2013-04-12 07:10:19 1060864 -c--a-w- c:windowssystem32mfc71.dll2013-04-08 06:28:55 -------- dc----w- c:program filesNirSoft2013-04-07 11:06:13 -------- dc----w- c:documents and settings{owner}adminchoapplication data.techniclauncher2013-04-03 11:21:48 -------- dc----w- c:documents and settings{owner}adminchoapplication dataDAEMON Tools Pro2013-04-03 11:21:46 -------- dc----w- c:documents and settingsall users.windowsapplication dataDAEMON Tools Pro2013-04-03 10:44:23 -------- dc----w- c:documents and settings{owner}adminchoapplication dataGlarySoft2013-04-03 10:43:34 -------- dc----w- c:documents and settings{owner}adminchoapplication dataAIMP32013-04-03 10:36:01 -------- dc----w- c:documents and settings{owner}adminchoapplication dataAuslogics2013-04-03 09:37:46 -------- dc----w- c:documents and settings{owner}admincholocal settingsapplication dataTemp2013-04-03 09:32:52 -------- dc----w- c:documents and settingsall users.windowsapplication dataSpybot - Search & Destroy2013-04-03 09:23:43 -------- dc----w- c:program filesuTorrent2013-04-03 09:22:40 -------- dc----w- c:documents and settings{owner}adminchoapplication datauTorrent2013-04-02 15:18:57 68616 -c--a-w- c:windowssystem32XAPOFX1_1.dll2013-04-02 15:17:58 267112 -c--a-w- c:windowssystem32xactengine2_9.dll2013-04-02 15:16:24 2297552 -c--a-w- c:windowssystem32d3dx9_26.dll2013-04-01 21:25:01 -------- dc----w- c:documents and settings{owner}adminchoapplication dataTeeworlds2013-03-31 01:08:50 -------- dc----w- c:windowsSxsCaPendDel2013-03-30 08:19:20 -------- dc----w- c:documents and settings{owner}adminchoapplication dataGRETECH2013-03-29 23:01:09 237088 -c----w- c:windowssystem32MpSigStub.exe2013-03-29 22:43:00 -------- dc----w- c:documents and settings{owner}adminchoapplication dataMinecraft Version Changer2013-03-29 22:06:13 89088 -c--a-w- c:windowssystem32spoolprtprocsw32x86filterpipelineprintproc.dll2013-03-29 22:05:40 14048 -c----w- c:windowssystem32spmsg2.dll2013-03-29 22:05:22 26488 -c--a-w- c:windowssystem32spupdsvc.exe2013-03-29 00:02:50 4992 -c--a-w- c:windowssystem32driversloop.sys2013-03-29 00:01:09 55808 -c--a-w- c:windowssystem32devcon.exe2013-03-28 11:15:36 221184 -c--a-w- c:windowssystem32wmpns.dll2013-03-26 12:28:30 -------- dc----w- c:documents and settings{owner}adminchoapplication dataTeamViewer2013-03-25 20:29:13 -------- dc----w- c:documents and settings{owner}adminchoapplication dataNotepad++2013-03-25 15:52:04 -------- dc----w- c:documents and settings{owner}admincholocal settingsapplication dataSun2013-03-25 15:42:55 5632 -c--a-r- c:windowssystem32kbdheb.dll2013-03-25 15:42:46 6144 -c--a-r- c:windowssystem32kbdth3.dll2013-03-25 15:42:46 6144 -c--a-r- c:windowssystem32kbdth2.dll2013-03-25 15:42:46 5632 -c--a-r- c:windowssystem32kbdth1.dll2013-03-25 15:42:46 5632 -c--a-r- c:windowssystem32kbdth0.dll2013-03-25 15:42:45 6144 -c--a-w- c:windowssystem32ftlx041e.dll2013-03-25 15:38:16 6272 -c--a-w- c:windowssystem32driverssplitter.sys2013-03-25 15:38:14 142592 -c--a-w- c:windowssystem32driversaec.sys2013-03-25 15:38:13 56576 -c--a-w- c:windowssystem32driversswmidi.sys2013-03-25 15:38:11 2944 -c--a-w- c:windowssystem32driversdrmkaud.sys2013-03-25 15:38:09 52864 -c--a-w- c:windowssystem32driversDMusic.sys2013-03-25 15:38:07 7552 -c--a-w- c:windowssystem32driversMSKSSRV.sys2013-03-25 15:38:05 4992 -c--a-w- c:windowssystem32driversMSPQM.sys2013-03-25 15:38:04 83072 -c--a-w- c:windowssystem32driverswdmaud.sys2013-03-25 15:38:02 172416 -c--a-w- c:windowssystem32driverskmixer.sys2013-03-25 15:38:00 5376 -c--a-w- c:windowssystem32driversMSPCLOCK.sys2013-03-25 15:37:58 60800 -c--a-w- c:windowssystem32driverssysaudio.sys2013-03-25 15:37:53 3072 -c--a-w- c:windowssystem32driversaudstub.sys2013-03-25 15:37:13 57600 -c--a-w- c:windowssystem32driversredbook.sys2013-03-25 15:36:39 20992 -c--a-w- c:windowssystem32driversRTL8139.sys2013-03-25 15:36:27 3994688 -c--a-w- c:windowssystem32driversnv4_mini.sys2013-03-25 15:36:26 4541824 -c--a-w- c:windowssystem32nv4_disp.dll2013-03-25 15:36:19 10624 -c--a-w- c:windowssystem32driversgameenum.sys2013-03-25 15:36:14 42368 -c--a-w- c:windowssystem32driversAGP440.SYS2013-03-25 15:36:09 74240 -c--a-w- c:windowssystem32usbui.dll2013-03-25 15:36:06 96256 -c--a-w- c:windowssystem32driversac97intc.sys2013-03-25 15:36:05 60160 -c--a-w- c:windowssystem32driversdrmk.sys2013-03-25 15:36:05 4096 -c--a-w- c:windowssystem32ksuser.dll2013-03-25 15:36:05 146048 -c--a-w- c:windowssystem32driversportcls.sys2013-03-25 15:36:05 129536 -c--a-w- c:windowssystem32ksproxy.ax2013-03-25 15:34:35 861088 -c--a-w- c:windowssystem32npDeployJava1.dll2013-03-25 15:34:35 782240 -c--a-w- c:windowssystem32deployJava1.dll2013-03-25 15:32:55 -------- dc----r- c:documents and settingsall users.windowsDocuments2013-03-25 15:31:57 291573 -c--a-w- C:DSPdsblr.exe2013-03-25 15:31:04 -------- dc----w- c:documents and settings{owner}adminchoapplication dataWinRAR2013-03-25 15:12:45 -------- dc----w- c:documents and settings{owner}admincholocal settingsapplication dataGoogle2013-03-25 15:10:30 -------- dc----w- c:documents and settings{owner}adminchoapplication data.minecraft2013-03-25 15:07:11 -------- dc----w- c:documents and settings{owner}adminchoapplication dataMacromedia2013-03-25 15:03:39 -------- dc----w- c:documents and settings{owner}adminchoapplication dataSkype2013-03-25 15:03:06 208896 -c--a-w- c:windowssystem32nvudisp.exe2013-03-25 15:03:04 -------- dc----w- c:windowssetupupd2013-03-25 15:02:19 208896 -c--a-w- c:windowssystem32NVUNINST.EXE2013-03-25 15:01:51 2560 -c--a-w- c:documents and settingsall users.windowsapplication datamicrosoftusmticonlib.dll2013-03-25 14:50:12 -------- dc----w- c:documents and settings{owner}adminchoapplication dataSun2013-03-25 14:44:39 -------- dc----w- c:documents and settings{owner}adminchoapplication dataAdobe2013-03-25 14:44:31 -------- dcsh--w- c:documents and settings{owner}adminchoPrivacIE2013-03-25 13:52:53 -------- dcsh--w- c:documents and settingsall users.windowsDRM2013-03-25 13:51:30 11264 -c--a-w- c:windowssystem32atrace.dll2013-03-25 13:51:20 12288 -c--a-w- c:windowssystem32nmevtmsg.dll2013-03-25 13:51:20 118784 -c--a-w- c:windowssystem32msg723.acm2013-03-25 13:51:18 64512 -c--a-w- c:windowssystem32acctres.dll2013-03-25 13:51:14 16384 -c--a-w- c:windowssystem32icfgnt5.dll2013-03-25 13:51:14 16384 -c--a-w- c:program filesinternet explorerconnection wizardisignup.exe2013-03-25 13:48:04 5632 -c--a-w- c:windowssystem32write.exe2013-03-24 18:43:08 -------- dc----w- c:program filesOpenAL2013-03-24 18:34:51 -------- dc----w- c:program filesPando Networks2013-03-22 23:52:46 -------- dc----w- c:program filesAuto Clicker.==================== Find6M  ====================.2013-05-14 23:37:15 71048 -c--a-w- c:windowssystem32FlashPlayerCPLApp.cpl2013-05-14 23:37:15 692104 -c--a-w- c:windowssystem32FlashPlayerApp.exe2013-04-16 22:17:15 920064 -c--a-w- c:windowssystem32wininet.dll2013-04-16 22:17:14 43520 -c--a-w- c:windowssystem32licmgr10.dll2013-04-16 22:17:14 1469440 -c--a-w- c:windowssystem32inetcpl.cpl2013-04-12 23:28:55 385024 -c--a-w- c:windowssystem32html.iec2013-04-10 01:31:19 1876352 -c--a-w- c:windowssystem32win32k.sys2013-04-03 11:22:48 242240 -c--a-w- c:windowssystem32driversdtsoftbus01.sys2013-03-08 08:35:47 293376 -c--a-w- c:windowssystem32winsrv.dll2013-03-07 03:23:36 2070016 -c--a-w- c:windowssystem32ntkrnlpa.exe2013-03-07 01:31:48 2193536 -c--a-w- c:windowssystem32ntoskrnl.exe2013-02-12 00:32:23 12928 -c--a-w- c:windowssystem32driversusb8023.sys2013-01-26 03:55:10 552448 -c--a-w- c:windowssystem32oleaut32.dll2013-01-02 06:48:28 148992 -c--a-w- c:windowssystem32mpg2splt.ax2013-01-02 06:48:28 1292288 -c--a-w- c:windowssystem32quartz.dll2012-12-16 12:31:02 290560 -c--a-w- c:windowssystem32atmfd.dll.============= FINISH: 16:03:41,73 ===============

Attach:

.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-09-30.01).Microsoft Windows XP ProfessionalBoot Device: DeviceHarddiskVolume1Install Date: 25.3.2013 г. 16:00:47System Uptime: 21.5.2013 г. 15:57:23 (1 hours ago).Motherboard:        |  | P4I45DProcessor:                 Intel(R) Celeron(R) CPU 2.00GHz | FC-478 | 2560/130mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 10 GiB total, 1,833 GiB free.D: is FIXED (NTFS) - 27 GiB total, 17,777 GiB free.E: is FIXED (NTFS) - 77 GiB total, 54,262 GiB free.F: is CDROM ()G: is CDROM ()H: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: Description: Device ID: ROOTLEGACY_SASKUTIL0000Manufacturer: Name: PNP Device ID: ROOTLEGACY_SASKUTIL0000Service: .==== System Restore Points ===================.RP73: 16.5.2013 г. 06:07:29 - Software Distribution Service 3.0RP74: 16.5.2013 г. 06:08:49 - Software Distribution Service 3.0RP75: 17.5.2013 г. 06:47:28 - System CheckpointRP76: 19.5.2013 г. 12:34:24 - Removed GTA San AndreasRP77: 19.5.2013 г. 12:35:31 - Installed GTA San AndreasRP78: 19.5.2013 г. 13:23:37 - Removed GTA San AndreasRP79: 19.5.2013 г. 14:20:57 - Installed GTA San AndreasRP80: 21.5.2013 г. 00:00:15 - System Checkpoint.==== Installed Programs ======================.µTorrent325 USB PC Camera Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAIMP Control Plugin 1.0.7AIMP3Auslogics BoostSpeedB1 Free ArchiverCracked SteamGarry's ModGOM PlayerGoogle ChromeGoogle Update HelperGTA San AndreasHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Java 7 Update 21Java Auto UpdaterMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2742597)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Minecraft Launcher version 1.0Mozilla Firefox 20.0.1 (x86 bg)Mozilla Maintenance ServiceMSXML 4.0 SP3 Parser (KB2758694)NirSoft BlueScreenViewNOPeit 1.1.0.3Notepad++NVIDIA DriversPhonetic Cyrillic for Windows 2000 v1.0REALTEK GbE & FE Ethernet PCI NIC DriverSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Windows Internet Explorer 8 (KB2797052)Security Update for Windows Internet Explorer 8 (KB2809289)Security Update for Windows Internet Explorer 8 (KB2817183)Security Update for Windows Internet Explorer 8 (KB2829530)Security Update for Windows Internet Explorer 8 (KB2847204)Skype™ 6.3Unlocker 1.9.1-x64Update for Microsoft .NET Framework 3.5 SP1 (KB963707)WebFldrs XPWinRAR 4.20 (32-битова версия)XML Paper Specification Shared Components Pack 1.0Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY.==== Event Viewer Messages From Past Week ========.20.5.2013 г. 17:48:49, error: Service Control Manager [7034]  - The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).20.5.2013 г. 17:04:53, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).20.5.2013 г. 17:04:52, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 1 time(s).20.5.2013 г. 17:04:52, error: Service Control Manager [7034]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).20.5.2013 г. 15:25:30, error: Service Control Manager [7034]  - The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).20.5.2013 г. 14:36:47, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file '49181412.sys' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.20.5.2013 г. 14:27:49, error: DCOM [10005]  - DCOM got error "%109" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58}20.5.2013 г. 14:27:45, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 1 time(s).20.5.2013 г. 14:27:45, error: Service Control Manager [7034]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).20.5.2013 г. 14:27:45, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).20.5.2013 г. 06:41:07, error: PlugPlayManager [11]  - The device RootLEGACY_UNLOCKERDRIVER50000 disappeared from the system without first being prepared for removal.19.5.2013 г. 21:08:13, error: Service Control Manager [7034]  - The Print Spooler service terminated unexpectedly.  It has done this 3 time(s).19.5.2013 г. 21:06:34, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.19.5.2013 г. 21:04:35, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 21:04:35, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 21:04:35, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.19.5.2013 г. 18:43:12, error: Service Control Manager [7034]  - The Print Spooler service terminated unexpectedly.  It has done this 3 time(s).19.5.2013 г. 18:34:16, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 18:34:15, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.19.5.2013 г. 18:31:59, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.19.5.2013 г. 16:19:33, error: Service Control Manager [7034]  - The Print Spooler service terminated unexpectedly.  It has done this 3 time(s).19.5.2013 г. 16:17:47, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.19.5.2013 г. 16:14:23, error: DCOM [10009]  - DCOM was unable to communicate with the computer system using any of the configured protocols.19.5.2013 г. 16:14:20, error: DCOM [10009]  - DCOM was unable to communicate with the computer system using any of the configured protocols.19.5.2013 г. 16:13:40, error: DCOM [10009]  - DCOM was unable to communicate with the computer system using any of the configured protocols.19.5.2013 г. 15:37:47, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 2 time(s).19.5.2013 г. 15:37:47, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 15:37:47, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.19.5.2013 г. 15:37:13, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 15:19:08, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.19.5.2013 г. 15:18:12, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 2 time(s).19.5.2013 г. 15:18:07, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 15:17:54, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 13:04:56, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 2 time(s).19.5.2013 г. 13:04:49, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 13:04:47, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.19.5.2013 г. 13:04:21, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 13:04:21, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.19.5.2013 г. 13:00:48, error: Service Control Manager [7031]  - The Remote Procedure Call (RPC) service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.19.5.2013 г. 13:00:26, error: Service Control Manager [7034]  - The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 13:00:23, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 13:00:19, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.19.5.2013 г. 12:59:59, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 12:56:04, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 12:55:46, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 1 time(s).19.5.2013 г. 12:40:57, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.19.5.2013 г. 12:36:25, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).17.5.2013 г. 19:57:06, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).16.5.2013 г. 20:56:09, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Steam Client Service service to connect.16.5.2013 г. 20:56:09, error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.16.5.2013 г. 06:07:43, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).15.5.2013 г. 19:46:45, error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 1 time(s).14.5.2013 г. 14:51:34, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s)..==== End Of File ===========================

Цитирай

21 май 201313 г.

Автор

Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.05.21.04Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702{Owner}Admincho :: GPD [administrator]Protection: Enabled21.5.2013 г. 16:37:31mbam-log-2013-05-21 (16-37-31).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 279319Time elapsed: 56 minute(s), 36 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 1HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.Folders Detected: 0(No malicious items detected)Files Detected: 1C:Documents and Settings{Owner}Adminchodesktopminecraftversionchanger.exe (Hoax.SMS) -> Quarantined and deleted successfully.(end)

Цитирай

21 май 201313 г.

Автор

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=b16b9a299e9cc648a99729e3794a9778

# engine=13881

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-05-21 03:00:29

# local_time=2013-05-21 06:00:29 (+0200, FLE Daylight Time)

# country="Bulgaria"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# scanned=11685

# found=0

# cleaned=0

# scan_time=786

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=b16b9a299e9cc648a99729e3794a9778

# engine=13881

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-05-21 06:04:58

# local_time=2013-05-21 09:04:58 (+0200, FLE Daylight Time)

# country="Bulgaria"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# scanned=134687

# found=11

# cleaned=0

# scan_time=10957

sh=3433959711E4AE92A32CAC45DF51C7EDA9E2085A ft=1 fh=79969af2f801775e vn="Win32/Delf.OGC trojan" ac=I fn="C:Documents and Settings{Owner}AdminchodesktopDaRKDDoSeR+5.6DaRKDDoSeR+5.6c+Cracked by the old warriorStub.exe"

sh=8C99ED9EC01BA425D4399E84E38A179992EA7BAE ft=1 fh=cea00df33a0281f0 vn="a variant of Win32/HackTool.CheatEngine.AB application" ac=I fn="C:System Volume Information_restore{770B5E34-8E33-4A53-AB2A-E9DAC37BDC57}RP79A0072419.exe"

sh=84E979D3116779C34EFAB1C15D98DFF41CF53B46 ft=1 fh=ef6d026a26b2a55d vn="a variant of Win32/HackTool.CheatEngine.AB application" ac=I fn="C:System Volume Information_restore{770B5E34-8E33-4A53-AB2A-E9DAC37BDC57}RP79A0072420.exe"

sh=992F7E586E95F64434E90DBFE55F277D717A7855 ft=1 fh=4f75aa06b703d10c vn="Win32/HackTool.Patcher.A application" ac=I fn="C:System Volume Information_restore{770B5E34-8E33-4A53-AB2A-E9DAC37BDC57}RP79A0072421.exe"

sh=3E6F451A2BA12A28F9991695D1F949A7BFEF8916 ft=1 fh=0019471943794b38 vn="a variant of Win32/HackTool.CheatEngine.AB application" ac=I fn="C:System Volume Information_restore{770B5E34-8E33-4A53-AB2A-E9DAC37BDC57}RP79A0072424.EXE"

sh=DC4BC06B4779B308B6F4BF17016BFF93893C9AB1 ft=1 fh=e58f1315ae340aaf vn="a variant of Win32/HackTool.CheatEngine.AB application" ac=I fn="C:System Volume Information_restore{770B5E34-8E33-4A53-AB2A-E9DAC37BDC57}RP79A0072426.EXE"

sh=1F50D311C77D2C477525E755F534D0096F8A87F7 ft=1 fh=dedf159666e3d15e vn="a variant of Win32/HackTool.CheatEngine.AB application" ac=I fn="C:System Volume Information_restore{770B5E34-8E33-4A53-AB2A-E9DAC37BDC57}RP79A0072427.exe"

sh=D03FB2F36539640C5C3C84686CBE465E6E466316 ft=1 fh=6ee776d5f517fb67 vn="a variant of Win32/KillProc.A application" ac=I fn="C:WINDOWSFixCamera.exe"

sh=E5C1B3205258D1EF96F5851B297283264C6332F4 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BH application" ac=I fn="E:Documents and SettingsAdminch0My DocumentsDownloadscr-psew9.iso"

sh=5C67716C4776E8109271EE84B17B285F7A4CD486 ft=1 fh=845370fd32de6804 vn="a variant of Win32/Keygen.DO application" ac=I fn="E:Documents and SettingsAdminch0My DocumentsDownloadsAdobe.Photoshop.Elements.v11.0.Multilingual.Incl.Keymaker-COREkeygen.exe"

sh=1B58FF30A5E1154FFA3534C63D022280F1C9F424 ft=1 fh=76651ed960f69a42 vn="a variant of Win32/CoinMiner.BJ trojan" ac=I fn="E:Documents and SettingsAdminch0My DocumentsDownloadsSubway SurfersSubway_Surfers_ENG.exe"

Цитирай

21 май 201313 г.

Oтворете notepad и с copy/paste поставете следната информация:

File::
C:Documents and Settings{Owner}AdminchodesktopDaRKDDoSeR+5.6DaRKDDoSeR+5.6c+Cracked by the old warriorStub.exe
E:Documents and SettingsAdminch0My DocumentsDownloadsSubway SurfersSubway_Surfers_ENG.exe

Запазете файла с име CFScript и го провлачете и пуснете в Combofix (както на картинката отдолу):

Публикувайте лог файл в следващия си пост.

След това пишете как е положението.

Цитирай

21 май 201313 г.

Автор

Цитирай

21 май 201313 г.

Изтрийте тези два файла ръчно, че нещо не са се изтрили:

C:Documents and Settings{Owner}AdminchodesktopDaRKDDoSeR+5.6DaRKDDoSeR+5.6c+Cracked by the old warriorStub.exe
E:Documents and SettingsAdminch0My DocumentsDownloadsSubway SurfersSubway_Surfers_ENG.exe

Вируси не мисля, че сте имали...досега оправяхме поражения в Windows причинени, кой знае от какво.

Defogger = спряхме драйвъра на виртуалното устройство, който обърка MBR скенера на DDS, че имате TDL4 рууткит...в последния лог няма такива индикации и лога на TDSSKiller е чист.

Заместихме scfiles.dll файла с чисто копие...вашето бе без цифров подпис, а този файл е важен, защото отговаря за Windows File Protection (sfc /scannow).

Изтрихме няколко ключа от регистрите (остатъци от някаква инфекция).

Поправихме настройките за интернета за всеки случай за да видим дали още ще ви отваря бавно страниците.

Проверихме с MBAM + Eset за да проверим за бацили...засечените файлове от ESET повечето са кейгенератори и са безобидни, а останалите са вече в System Restore Points и не могат да навредят на системата...другите ги изтрихме.

Проверихме състоянието на Windows услугите, събитията в EventViewer и т.н за проблеми, но такива не открих...помислих, че LSP са прецакани, но Minitoolbox не показа проблеми, явно е било някакъв бъг на DDS.

Колкото до бързодействието, не винаги се дължи на зловреден код.

Отворете Start => run => msconfig => натиснете Enter => отидете до startup и премахнете отметките пред:

uTorrent => можете да си пускате торент клиент ръчно
UnlockerAssistant => няма нужда да зарежда с Windows, защото има опция да работи от контекстното меню (десен бутон на мишката върху файл или папка)
NvCplDaemon => няма нужда за работата на видеокартата
nwiz => няма нужда за работата на видеокартата

NvMediaCenter => няма нужда за работата на видеокартата

Остава само да почистим:

Start => run => въведете Combofix /Uninstall => натиснете Enter (това ще деинсталира Combofix).

Изтеглете OTC.exe и го стартирайте. Натиснете бутона CleanUp!.
Рестартирайте компютъра, ако ви попита!

Изтеглете Delfix.exe и го стартирайте. Сложете отметка пред Remove disinfection tools => натиснете бутона Run

Инструмента ще се самоизтрие след като приключи своята задача!

Деинсталирайте вече Eset Online Scaner-a от Control Panel-a и премахнете остатъците от Eset в Program Files, ако има такива.

Изтрийте всички останали инструменти, тяхните файлове, папки и логове, които не са се изтрили при гореспоменатите процедури.

За финал е добре да направите една пълна дефрагментация на системния дял с MyDefrag

Изберете System Disk Monthly => Посочете системния и recovery дяловете и натиснете Run

Може да отнеме доста време...след като приключи ще изпише Finished и можете да затворите програмата от X-са

След това рестартирайте и вижте дали има промяна в бързодействието на системата.

Цитирай

22 май 201313 г.

Автор

Какво да правя с C:SP3

За дефрагментация съм използвал два програми и няма разлика едната е вградената на ОС др е Auslogics BoostSpeed

но пак ще пробвам.

мога ли да използвам спокойно CCleaner за почистване и останали те му опции

и нещо стана
като пусна CS и както работи се затваря както и някои други приложения

а относно
uTorrent =>спирам го като не ми трябва
UnlockerAssistant => къде ще търся като може да излиза автоматично
NvCplDaemon => страдал съм доста по тези процеси почва да бъгват самите драйвери
nwiz => страдал съм доста по тези процеси почва да бъгват самите драйвери
NvMediaCenter => страдал съм доста по тези процеси почва да бъгват самите драйвери

Цитирай

22 май 201313 г.

Автор

това ми излиза в дириякторията на играта като се затвори

http://dox.bg/files/dw?a=c3de825849

Редактирано 22 май 201313 г. от rokis (преглед на промените)

Цитирай

25 май 201313 г.

Можете да изтриете C:SP3 папката.

За дефрагментацията - MyDefrag е най-добрата за целта (гарантирам).

CCleaner е относително безопасен така че можете да го използвате (все пак правете бекъп преди да премахнете грешки в регистрите с вградените му опции като ви попита).

За CS-a нещо не мога да отворя файла, който сте ми пратили - снимайте съобщението за грешка или пробвайте да преинсталирате играта. (Може да е заради това, че combofix премахна WinPCap - може да се наложи да преинсталирате и това приложение).

UnlockerAssistant => къде ще търся като може да излиза автоматично (как къде - десен бутон върху дадена папка или файл - той си е вграден в контекстното меню, но ако желаете си го оставете да се стартира с Windows).

NvCplDaemon => страдал съм доста по тези процеси почва да бъгват самите драйвери nwiz => страдал съм доста по тези процеси почва да бъгват самите драйвери NvMediaCenter => страдал съм доста по тези процеси почва да бъгват самите драйвери

Това как да го разбирам? Страдали сте, ако ги спрете или ако не ги спрете? Самите процеси са излишни за работата на драйвърите и видеокартата ако не ви трябва достъп от контекстното меню или от system tray до настройките на nVidia. Можете и да си ги оставите - въпрос на личен избор.

Как е сега положението?

Цитирай

25 май 201313 г.

Автор

еми крепи се за нещата на nVidia получава се бъг не винаги но ако не се заредат ми минава на най-ниската резолюция и на 8-бита цветова система....

за CS др. не мога да ти дам :С

имам бъг с java но знам от какво е и си го оправям

но след време както CS така стана и AIMP

ще сложа WinPCap да видим какво ще стане

иначе има някои неща които в сравнение преди е доста по добре

Цитирай

25 май 201313 г.

Ами щом е така си ги оставете нещата на nVidia.

За CS-а го отворих - явно е някакъв dmp файл...Анализа показва грешки в hl.exe, hw.dll и steam.dll (все свързани с half life и CS-a).

DEFAULT_BUCKET_ID: NULL_INSTRUCTION_PTR PROCESS_NAME: hl.exe ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
BUGCHECK_STR: APPLICATION_FAULT_NULL_INSTRUCTION_PTR_NULL_POINTER_READ

FAILURE_BUCKET_ID: NULL_INSTRUCTION_PTR_c0000005_hw.dll!Unknown

Unable to load image E:Program FilesLongHornCounter-Strike LH 2011Steam.dll, Win32 error 0n2

Image path: E:Program FilesLongHornCounter-Strike LH 2011hw.dll

*** WARNING: Unable to verify timestamp for Steam.dll
*** ERROR: Module load completed but symbols could not be loaded for Steam.dll

За бъговете защо просто не преинсталирате AIMP, CS, Java?

Също така стартирайте DeFogger с двоен клик на иконата и натиснете бутона Enable, за да стартирате отново CD емулиращите драйвери (да не би заради това да ви прави проблеми с игрите).

Пишете дали има след това подобрение за да маркирам случая като приключен.

Поздрави!

Цитирай

26 май 201313 г.

Автор

буга с AIMP си остава не зависимо какво правя java се оправи след като е махнах и пак е сложих а за ЦС ще пробвам с др В.

състоянието е добро може да е маркирате за приключена.

Цитирай

26 май 201313 г.

Ок, темата е маркирана...каква грешка дава AIMP?

Пробвайте да я деинсталитате с Revo и почистете остатъците от нея напълно и я качете наново...

Цитирай

26 май 201313 г.

Автор

като го пусна нищо не излиза на екрана от него а трябва да мо излезе логото + 1 ред които показва какво зарежда

от това няма и следа

пускам я минава известно време 1~2 сек и изкача в TaskManager след това минава време и почва да твари процесора стига най-много до 50% и по някое време се затваря без нищо да излезе нито да има някаква промяна на каквото и да е било

сега ще пробвам с Revo thx за съвета

Цитирай

26 май 201313 г.

Автор

така пак го инсталирах но няма промяна все същто няма грам промяна ето и снимки

untitled.bmp

untitled2.bmp

untitled3.bmp

Цитирай

26 май 201313 г.

Пробвайте с тази версия:

Изтегли: AIMP 3.50.1259 RC1 (6.31 MB)

Цитирай

26 май 201313 г.

Автор

Същия ***.

утре имам работа и няма да правя нищо свързано с компа най-вероятно няма да съм и на него затова да не мислите че съм ви зарязал

Цитирай

Добре дошли!

Съмнение за вирус

Featured Replies

Архивирана тема

Разглеждащи това в момента 0

Дарение

Бюлетин

Профил

Навигация

Търсене

Конфигуриране на push известия в браузъра

Chrome (Android)

Chrome (Desktop)

Safari (iOS 16.4+)

Safari (macOS)

Edge (Android)

Edge (Desktop)

Firefox (Android)

Firefox (Desktop)