Премини към съдържанието
15 години Kaldata.com – време е да почерпим! Прочети още... ×
RX_7

Защитната стена не може да стартира Код на грешката 80070424

Препоръчан отговор


 Здравейте ,

 Имам сериозен проблем със защитната стена  на Win7. При опит за стартиране ми излиза следния информационен прозорец

"Защитната стена неможе да промени някои настройки.Код на грешката 0x80070424.Пробвах да отстраня проблема с Центъра за решения Fix it на microsoft но отново ми излиза грешка. Също така всеки опит за изтегляне на какъвто и да е файл защитната стена ми го блокира твърдейки че е вирус.

Моля помогнете

Благодаря предварително

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Може да става въпрос за рууткит ZeroAccess...Прикачете логовете от FRST...следвайте инструкциите от темата:

Системата ми е инфектирана - Какво да правя сега?

 

PS: Ако инструмента не иска да се изтегли, тогава преименувайте папката C:Program FilesWindows Defender => на C:Program FilesWindows Defender.old и опитайте отново да изтеглите FRST.

 

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

След стъпките описани се получиха следните логове

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-02-2014
Ran by дидо (administrator) on ДИДО-PC on 24-02-2014 22:16:14
Running from C:Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Bulgarian
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:Windowssystem32nvvsvc.exe
(NVIDIA Corporation) C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe
(IDT, Inc.) C:Program FilesIDTWDMSTacSV64.exe
(AVAST Software) C:Program FilesAVAST SoftwareAvastafwServ.exe
(Andrea Electronics Corporation) C:Program FilesIDTWDMAESTSr64.exe
(Atheros) C:Program Files (x86)Dell WirelessBluetooth SuiteAth_CoexAgent.exe
(Atheros Commnucations) C:Program Files (x86)Dell WirelessBluetooth Suiteadminservice.exe
(NVIDIA Corporation) C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe
(Skype Technologies S.A.) C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe
() C:Program Files (x86)GLOBUL Connection ManagerAssistantServices.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe
(NVIDIA Corporation) C:Windowssystem32nvvsvc.exe
(Intel Corporation) C:WindowsSystem32igfxtray.exe
(Intel Corporation) C:WindowsSystem32hkcmd.exe
(Intel Corporation) C:WindowsSystem32igfxpers.exe
(Alps Electric Co., Ltd.) C:Program FilesDellTPadApoint.exe
(Atheros Communications) C:Program Files (x86)Dell WirelessBluetooth SuiteBtvStack.exe
(Atheros Commnucations) C:Program Files (x86)Dell WirelessBluetooth SuiteAthBtTray.exe
(IDT, Inc.) C:Program FilesIDTWDMsttray64.exe
(CANON INC.) C:Program FilesCanonMyPrinterBJMYPRT.EXE
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvtray.exe
(NVIDIA Corporation) C:Program Files (x86)NVIDIA CorporationNVIDIA Update CoreNvTmru.exe
(Alps Electric Co., Ltd.) C:Program FilesDellTPadApMsgFwd.exe
(DT Soft Ltd) C:Program Files (x86)DAEMON Tools ProDTAgent.exe
(Skype Technologies S.A.) C:Program Files (x86)SkypePhoneSkype.exe
(Alps Electric Co., Ltd.) C:Program FilesDellTPadHidFind.exe
(Alps Electric Co., Ltd.) C:Program FilesDellTPadApntex.exe
() C:Program Files (x86)GLOBUL Connection ManagerUIExec.exe
(Renesas Electronics Corporation) C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe
(Microsoft Corporation) C:Program FilesInternet Exploreriexplore.exe
(Microsoft Corporation) C:Program FilesInternet Exploreriexplore.exe
(Flex Anticheat) C:Program Files (x86)Flex Anticheat cs.sector.bgFlex Anticheat.ex
(Adobe Systems Incorporated) C:Windowssystem32MacromedFlashFlashUtil64_12_0_0_70_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM...Run: [Apoint] - C:Program FilesDellTPadApoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM...Run: [AtherosBtStack] - C:Program Files (x86)Dell WirelessBluetooth SuiteBtvStack.exe [627360 2011-05-20] (Atheros Communications)
HKLM...Run: [AthBtTray] - C:Program Files (x86)Dell WirelessBluetooth SuiteAthBtTray.exe [379552 2011-05-20] (Atheros Commnucations)
HKLM...Run: [sysTrayApp] - C:Program FilesIDTWDMsttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM...Run: [bCSSync] - C:Program FilesMicrosoft OfficeOffice14BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM...Run: [CanonMyPrinter] - C:Program FilesCanonMyPrinterBJMyPrt.exe [2779024 2011-03-15] (CANON INC.)
HKLM...Run: [Nvtmru] - C:Program Files (x86)NVIDIA CorporationNVIDIA Update Corenvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM-x32...Run: [uIExec] - C:Program Files (x86)GLOBUL Connection ManagerUIExec.exe [153424 2011-08-15] ()
HKLM-x32...Run: [NUSB3MON] - C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32...RunOnce: [20131224] - C:Program FilesAVAST SoftwareAvastsetupemupdateb3f2423a-e9b2-41e4-931e-9599884f5676.exe /check [181136 2014-02-24] (AVAST Software)
HKLM...Winlogon: [userinit] c:windowssystem32userinit.exe,C:WindowsSysWOW64MPKmpk.exe
WinlogonNotifyigfxcui: C:Windowssystem32igfxdev.dll (Intel Corporation)
HKUS-1-5-21-3082739448-3390296033-2022189483-1000...Run: [bitComet] - C:Program FilesBitCometBitComet.exe [20529920 2013-02-19] (www.BitComet.com)
HKUS-1-5-21-3082739448-3390296033-2022189483-1000...Run: [DAEMON Tools Pro Agent] - C:Program Files (x86)DAEMON Tools ProDTAgent.exe [4527424 2011-08-17] (DT Soft Ltd)
HKUS-1-5-21-3082739448-3390296033-2022189483-1000...Run: [skype] - C:Program Files (x86)SkypePhoneSkype.exe [19876968 2013-06-21] (Skype Technologies S.A.)
HKUS-1-5-21-3082739448-3390296033-2022189483-1000...MountPoints2: {3f864eb9-5261-11e2-8a05-3859f9053dda} - G:SETUP.EXE
HKUS-1-5-21-3082739448-3390296033-2022189483-1000...MountPoints2: {879eda86-6249-11e3-8bcf-3859f9053dda} - F:autorun.exe
AppInit_DLLs: C:Windowssystem32nvinitx.dll => C:Windowssystem32nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: c:windowssyswow64nvinit.dll => c:windowssyswow64nvinit.dll [214448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:WindowsSysWOW64nvinit.dll => C:WindowsSysWOW64nvinit.dll [214448 2013-06-21] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.bg/
HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 0x0E380A7D88DCCD01
HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = bg-BG
SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:Program FilesAVAST SoftwareAvastaswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:Program FilesMicrosoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:Program FilesBitComettoolsBitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program Files (x86)Microsoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:Program Files (x86)Dell WirelessBluetooth SuiteIEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:Program Files (x86)Microsoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:Program FilesAVAST SoftwareAvastaswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorer x64skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%system32NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%System32mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%system32NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%System32mswsock.dll"
TcpipParameters: [DhcpNameServer] 151.237.40.90 151.237.40.1
Tcpip..Interfaces{513F2379-3AFB-47AE-A56F-BDD73611FA7E}: [NameServer]192.168.0.1,8.8.8.8

==================== Services (Whitelisted) =================

R2 Atheros Bt&Wlan Coex Agent; C:Program Files (x86)Dell WirelessBluetooth SuiteAth_CoexAgent.exe [146592 2011-05-20] (Atheros)
S2 avast! Antivirus; C:Program FilesAVAST SoftwareAvastAvastSvc.exe [45248 2013-03-07] (AVAST Software)
R2 avast! Firewall; C:Program FilesAVAST SoftwareAvastafwServ.exe [136912 2013-03-07] (AVAST Software)
S3 BITCOMET_HELPER_SERVICE; C:Program FilesBitComettoolsBitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 UI Assistant Service; C:Program Files (x86)GLOBUL Connection ManagerAssistantServices.exe [270672 2011-08-15] ()
S2 *etadpug; "C:Program Files (x86)GoogleDesktopInstall{500f121f-7c3a-a85a-e836-ceecae90c1d8} ...???{500f121f-7c3a-a85a-e836-ceecae90c1d8}GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:WindowsSystem32DriversaswFsBlk.sys [33400 2013-03-07] (AVAST Software)
R1 aswFW; C:Windowssystem32driversaswFW.sys [127136 2013-03-07] (AVAST Software)
R1 aswKbd; C:WindowsSystem32DriversaswKbd.sys [22600 2013-03-07] (AVAST Software)
R2 aswMonFlt; C:Windowssystem32driversaswMonFlt.sys [80816 2013-03-07] (AVAST Software)
R0 aswNdis; C:WindowsSystem32DRIVERSaswNdis.sys [12368 2013-03-07] (ALWIL Software)
R0 aswNdis2; C:WindowsSystem32driversaswNdis2.sys [263096 2013-03-07] (AVAST Software)
R1 aswRdr; C:WindowsSystem32Driversaswrdr2.sys [70992 2013-03-07] (AVAST Software)
R0 aswRvrt; C:WindowsSystem32DriversaswRvrt.sys [65336 2013-03-07] ()
S1 aswSnx; C:WindowsSystem32DriversaswSnx.sys [1025808 2013-03-07] (AVAST Software)
R1 aswSP; C:WindowsSystem32DriversaswSP.sys [377920 2013-03-07] (AVAST Software)
R1 aswTdi; C:WindowsSystem32DriversaswTdi.sys [68920 2013-03-07] (AVAST Software)
S3 aswVmm; C:WindowsSystem32DriversaswVmm.sys [178624 2013-03-07] ()
R1 dtsoftbus01; C:WindowsSystem32DRIVERSdtsoftbus01.sys [271424 2013-01-02] (DT Soft Ltd)
S3 jrdusbser; C:WindowsSystem32DRIVERSjrdusbser.sys [119680 2009-11-17] (TCT International Mobile Ltd)
R1 nvkflt; C:WindowsSystem32DRIVERSnvkflt.sys [284448 2013-06-21] (NVIDIA Corporation)
S3 zte_cdc_acm; C:WindowsSystem32DRIVERSzte_cdc_acm.sys [79872 2011-06-01] (ZTE)
S3 zte_cpo; C:WindowsSystem32DRIVERSzte_cpo.sys [14336 2011-06-01] (ZTE)
S3 VGPU; System32driversrdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-24 22:15 - 2014-02-24 22:16 - 00000000 ____D () C:FRST
2014-02-24 19:06 - 2014-02-24 19:06 - 00000000 ___RD () C:UsersдидоAppDataRoamingMicrosoftWindowsStart MenuProgramsBT Devices
2014-02-24 17:42 - 2014-02-24 17:42 - 00000000 ____D () C:UsersдидоAppDataRoamingAVG2014
2014-02-24 17:41 - 2014-02-24 17:41 - 00000000 ____D () C:UsersдидоAppDataRoamingTuneUp Software
2014-02-24 17:40 - 2014-02-24 17:41 - 00000000 ____D () C:ProgramDataAVG2014
2014-02-24 17:40 - 2014-02-24 17:40 - 00000000 ___HD () C:$AVG
2014-02-24 17:39 - 2014-02-24 17:39 - 00000000 ____D () C:Program Files (x86)AVG
2014-02-24 17:24 - 2014-02-24 19:00 - 00000000 ____D () C:ProgramDataMFAData
2014-02-24 17:24 - 2014-02-24 17:50 - 00000000 ____D () C:UsersдидоAppDataLocalAvg2014
2014-02-24 17:24 - 2014-02-24 17:24 - 00000000 ____D () C:UsersдидоAppDataLocalMFAData
2014-02-24 17:09 - 2014-02-24 17:09 - 00000150 _____ () C:UsersдидоDesktopFF3_collection.htm
2014-02-24 16:21 - 2014-02-24 16:21 - 00000000 ____D () C:GAMES
2014-02-17 17:23 - 2014-02-17 17:23 - 00000000 ____D () C:UsersдидоAppDataRoamingNVIDIA
2014-02-17 17:21 - 2014-02-17 17:21 - 00002560 _____ () C:WindowsSysWOW64SecuredImage32.dll
2014-02-17 17:19 - 2014-02-17 17:21 - 00000000 ____D () C:Program Files (x86)Flex Anticheat cs.sector.bg
2014-02-17 17:19 - 2014-02-17 17:19 - 00001277 _____ () C:UsersдидоDesktopFlex Anticheat cs.sector.bg.lnk
2014-02-12 09:53 - 2014-02-12 09:53 - 00000000 ____D () C:UsersдидоDesktopфондан
2014-02-11 08:31 - 2014-02-11 08:52 - 00000000 ____D () C:UsersдидоDesktopорифлейм
2014-02-10 16:26 - 2014-02-10 16:26 - 00000000 ____D () C:UsersдидоDesktopм
2014-02-10 10:10 - 2014-02-10 15:50 - 00000000 ____D () C:UsersдидоDesktopо
2014-02-10 09:59 - 2014-02-10 10:02 - 00000000 ____D () C:UsersдидоDesktopл
2014-02-05 19:24 - 2014-02-05 19:25 - 00000000 ____D () C:UsersдидоDesktopcstrike
2014-02-05 19:24 - 2014-02-05 19:24 - 00001948 _____ () C:UsersдидоDesktopCounter Strike 1.6 Non Steam.lnk
2014-02-05 19:24 - 2014-02-05 19:24 - 00001948 _____ () C:UsersUpdatusUserDesktopCounter Strike 1.6 Non Steam.lnk
2014-02-05 19:24 - 2014-02-05 19:24 - 00001928 _____ () C:UsersдидоDesktopDedicated Server.lnk
2014-02-05 19:24 - 2014-02-05 19:24 - 00001928 _____ () C:UsersUpdatusUserDesktopDedicated Server.lnk
2014-02-05 19:22 - 2014-02-24 22:05 - 00000000 ____D () C:Program Files (x86)Valve
2014-02-05 19:22 - 2014-02-05 19:22 - 00001670 _____ () C:UsersPublicDesktopCounter-Strike 1.6.lnk
2014-02-05 09:19 - 2014-02-05 09:21 - 00000000 ____D () C:UsersдидоDesktopд2
2014-02-05 09:15 - 2014-02-20 19:16 - 00000000 ____D () C:UsersдидоDesktopд
2014-02-05 09:00 - 2014-02-20 19:17 - 00000000 ____D () C:UsersдидоDesktopди
2014-02-03 17:01 - 2014-02-03 18:16 - 00000000 ____D () C:UsersдидоDesktopДидка
2014-01-27 15:37 - 2014-02-24 18:54 - 00000000 ____D () C:Program Files (x86)Renesas Electronics

==================== One Month Modified Files and Folders =======

2014-02-24 22:16 - 2014-02-24 22:15 - 00000000 ____D () C:FRST
2014-02-24 22:05 - 2014-02-05 19:22 - 00000000 ____D () C:Program Files (x86)Valve
2014-02-24 21:54 - 2012-12-17 22:52 - 00000830 _____ () C:WindowsTasksAdobe Flash Player Updater.job
2014-02-24 19:54 - 2012-12-17 22:52 - 00692616 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerApp.exe
2014-02-24 19:54 - 2012-12-17 22:52 - 00071048 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerCPLApp.cpl
2014-02-24 19:54 - 2012-12-17 22:52 - 00003768 _____ () C:WindowsSystem32TasksAdobe Flash Player Updater
2014-02-24 19:47 - 2012-12-17 22:52 - 00000000 ____D () C:UsersдидоAppDataRoamingBitComet
2014-02-24 19:12 - 2009-07-14 06:45 - 00021072 ____H () C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-24 19:12 - 2009-07-14 06:45 - 00021072 ____H () C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-24 19:11 - 2009-07-14 07:13 - 00781790 _____ () C:Windowssystem32PerfStringBackup.INI
2014-02-24 19:06 - 2014-02-24 19:06 - 00000000 ___RD () C:UsersдидоAppDataRoamingMicrosoftWindowsStart MenuProgramsBT Devices
2014-02-24 19:05 - 2012-12-17 20:43 - 00000000 ____D () C:ProgramDataNVIDIA
2014-02-24 19:05 - 2012-12-17 20:00 - 00000000 ____D () C:Usersдидо
2014-02-24 19:05 - 2009-07-14 07:08 - 00000006 ____H () C:WindowsTasksSA.DAT
2014-02-24 19:05 - 2009-07-14 06:51 - 00072907 _____ () C:Windowssetupact.log
2014-02-24 19:02 - 2009-07-14 07:32 - 00000000 ____D () C:Program FilesWindows Portable Devices
2014-02-24 19:02 - 2009-07-14 05:20 - 00000000 ____D () C:Windowssystem32NDF
2014-02-24 19:01 - 2013-10-28 18:54 - 00000000 ____D () C:Program FilesAVAST Software
2014-02-24 19:01 - 2013-10-28 18:52 - 00000000 ____D () C:ProgramDataAVAST Software
2014-02-24 19:01 - 2013-10-22 20:17 - 00000000 ____D () C:UsersдидоAppDataRoamingmIRC
2014-02-24 19:01 - 2012-12-17 20:52 - 00000000 ____D () C:ProgramDataAtheros
2014-02-24 19:01 - 2012-12-17 20:42 - 00000000 ____D () C:Program FilesNVIDIA Corporation
2014-02-24 19:01 - 2012-12-17 20:41 - 00000000 ____D () C:Program FilesDellTPad
2014-02-24 19:01 - 2009-07-14 05:20 - 00000000 ____D () C:WindowsAppCompat
2014-02-24 19:00 - 2014-02-24 17:24 - 00000000 ____D () C:ProgramDataMFAData
2014-02-24 19:00 - 2014-01-23 09:46 - 00000000 ____D () C:Program Files (x86)GLOBUL Connection Manager
2014-02-24 19:00 - 2012-12-17 20:42 - 00000000 ____D () C:Program Files (x86)NVIDIA Corporation
2014-02-24 18:59 - 2013-01-02 19:41 - 00000000 ___HD () C:Windowssystem32CanonIJ Uninstaller Information
2014-02-24 18:59 - 2012-12-17 22:52 - 00000000 ____D () C:Windowssystem32Macromed
2014-02-24 18:59 - 2009-07-14 07:32 - 00000000 ____D () C:WindowsPerformance
2014-02-24 18:59 - 2009-07-14 06:45 - 00000000 ____D () C:WindowsSetup
2014-02-24 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:Windowssystem32MUI
2014-02-24 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:Windowssystem32Msdtc
2014-02-24 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:Windowssystem32migwiz
2014-02-24 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:Windowssystem32IME
2014-02-24 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:Windowssystem32Dism
2014-02-24 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:Windowssystem32com
2014-02-24 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:Windowssystem32bg-BG
2014-02-24 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:WindowsSpeech
2014-02-24 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:Windowsservicing
2014-02-24 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:Windowssecurity
2014-02-24 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:Windowsschemas
2014-02-24 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:WindowsResources
2014-02-24 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:Windowsrescache
2014-02-24 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:Windowsregistration
2014-02-24 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:WindowsPolicyDefinitions
2014-02-24 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:WindowsPLA
2014-02-24 18:58 - 2013-10-28 19:37 - 00000000 ____D () C:WindowsERUNT
2014-02-24 18:58 - 2013-06-05 07:30 - 00000000 ____D () C:WindowsDownloaded Installations
2014-02-24 18:58 - 2012-12-28 13:55 - 00000000 ____D () C:UsersдидоAppDataRoamingSkype
2014-02-24 18:58 - 2009-07-14 05:20 - 00000000 __RSD () C:WindowsMedia
2014-02-24 18:58 - 2009-07-14 05:20 - 00000000 ____D () C:WindowsIME
2014-02-24 18:58 - 2009-07-14 05:20 - 00000000 ____D () C:WindowsHelp
2014-02-24 18:58 - 2009-07-14 05:20 - 00000000 ____D () C:WindowsGlobalization
2014-02-24 18:58 - 2009-07-14 05:20 - 00000000 ____D () C:WindowsBranding
2014-02-24 18:55 - 2013-05-27 15:57 - 00000000 ____D () C:Program FilesMicrosoft Silverlight
2014-02-24 18:55 - 2013-01-02 19:42 - 00000000 ____D () C:Program FilesCanon
2014-02-24 18:55 - 2013-01-02 19:41 - 00000000 ___HD () C:Program FilesCanonBJ
2014-02-24 18:55 - 2013-01-02 14:57 - 00000000 ____D () C:Program FilesMicrosoft Synchronization Services
2014-02-24 18:55 - 2013-01-02 14:57 - 00000000 ____D () C:Program FilesMicrosoft Sync Framework
2014-02-24 18:55 - 2013-01-02 14:57 - 00000000 ____D () C:Program FilesMicrosoft SQL Server Compact Edition
2014-02-24 18:55 - 2013-01-02 14:55 - 00000000 ____D () C:Program FilesMicrosoft Office
2014-02-24 18:55 - 2013-01-02 14:55 - 00000000 ____D () C:Program FilesMicrosoft Analysis Services
2014-02-24 18:55 - 2012-12-17 22:57 - 00000000 ____D () C:Program FilesWinRAR
2014-02-24 18:55 - 2012-12-17 22:52 - 00000000 ____D () C:Program FilesBitComet
2014-02-24 18:55 - 2012-12-17 20:49 - 00000000 ____D () C:Program FilesIDT
2014-02-24 18:55 - 2012-12-17 20:41 - 00000000 ____D () C:Program FilesCommon FilesIntel
2014-02-24 18:55 - 2011-04-12 10:28 - 00000000 ____D () C:Program FilesWindows Journal
2014-02-24 18:55 - 2009-07-14 07:32 - 00000000 ____D () C:Program FilesWindows Sidebar
2014-02-24 18:55 - 2009-07-14 07:32 - 00000000 ____D () C:Program FilesWindows Photo Viewer
2014-02-24 18:55 - 2009-07-14 07:32 - 00000000 ____D () C:Program FilesReference Assemblies
2014-02-24 18:55 - 2009-07-14 07:32 - 00000000 ____D () C:Program FilesMSBuild
2014-02-24 18:55 - 2009-07-14 07:32 - 00000000 ____D () C:Program FilesMicrosoft Games
2014-02-24 18:55 - 2009-07-14 07:32 - 00000000 ____D () C:Program FilesDVD Maker
2014-02-24 18:55 - 2009-07-14 05:20 - 00000000 ____D () C:Program FilesWindows NT
2014-02-24 18:55 - 2009-07-14 05:20 - 00000000 ____D () C:Program FilesCommon FilesSystem
2014-02-24 18:55 - 2009-07-14 05:20 - 00000000 ____D () C:Program FilesCommon FilesSpeechEngines
2014-02-24 18:55 - 2009-07-14 05:20 - 00000000 ____D () C:Program FilesCommon FilesMicrosoft Shared
2014-02-24 18:54 - 2014-01-27 15:37 - 00000000 ____D () C:Program Files (x86)Renesas Electronics
2014-02-24 18:54 - 2013-10-28 20:37 - 00000000 ____D () C:Program Files (x86)ESET
2014-02-24 18:54 - 2013-10-22 20:17 - 00000000 ____D () C:Program Files (x86)mIRC
2014-02-24 18:54 - 2013-06-23 13:10 - 00000000 ___RD () C:Program Files (x86)Skype
2014-02-24 18:54 - 2013-05-27 15:57 - 00000000 ____D () C:Program Files (x86)Microsoft Silverlight
2014-02-24 18:54 - 2013-04-16 16:55 - 00000000 ____D () C:Program Files (x86)3DO
2014-02-24 18:54 - 2013-01-03 20:27 - 00000000 ____D () C:Program Files (x86)Adobe
2014-02-24 18:54 - 2013-01-02 19:40 - 00000000 ____D () C:Program Files (x86)Canon
2014-02-24 18:54 - 2013-01-02 14:56 - 00000000 ____D () C:Program Files (x86)Microsoft Visual Studio 8
2014-02-24 18:54 - 2013-01-02 14:55 - 00000000 ____D () C:Program Files (x86)Microsoft Office
2014-02-24 18:54 - 2013-01-02 14:55 - 00000000 ____D () C:Program Files (x86)Microsoft Analysis Services
2014-02-24 18:54 - 2013-01-02 14:50 - 00000000 ____D () C:Program Files (x86)DAEMON Tools Pro
2014-02-24 18:54 - 2012-12-28 13:53 - 00000000 ____D () C:Program Files (x86)Google
2014-02-24 18:54 - 2012-12-17 22:47 - 00000000 ____D () C:Program Files (x86)K-Lite Codec Pack
2014-02-24 18:54 - 2012-12-17 20:57 - 00000000 ____D () C:Program Files (x86)Realtek
2014-02-24 18:54 - 2012-12-17 20:45 - 00000000 ____D () C:Program Files (x86)Dell Wireless
2014-02-24 18:54 - 2012-12-17 20:44 - 00000000 ___HD () C:Program Files (x86)InstallShield Installation Information
2014-02-24 18:54 - 2012-12-17 20:41 - 00000000 ____D () C:Program Files (x86)Intel
2014-02-24 18:54 - 2012-12-17 20:40 - 00000000 ____D () C:dell
2014-02-24 18:54 - 2009-07-14 07:32 - 00000000 ____D () C:Program Files (x86)Windows Sidebar
2014-02-24 18:54 - 2009-07-14 07:32 - 00000000 ____D () C:Program Files (x86)Windows Photo Viewer
2014-02-24 18:54 - 2009-07-14 07:32 - 00000000 ____D () C:Program Files (x86)Windows Defender.old
2014-02-24 18:54 - 2009-07-14 07:32 - 00000000 ____D () C:Program Files (x86)Reference Assemblies
2014-02-24 18:54 - 2009-07-14 07:32 - 00000000 ____D () C:Program Files (x86)MSBuild
2014-02-24 18:54 - 2009-07-14 05:20 - 00000000 ____D () C:Program Files (x86)Windows NT
2014-02-24 17:50 - 2014-02-24 17:24 - 00000000 ____D () C:UsersдидоAppDataLocalAvg2014
2014-02-24 17:47 - 2009-07-14 05:20 - 00000000 ____D () C:Windowstracing
2014-02-24 17:42 - 2014-02-24 17:42 - 00000000 ____D () C:UsersдидоAppDataRoamingAVG2014
2014-02-24 17:41 - 2014-02-24 17:41 - 00000000 ____D () C:UsersдидоAppDataRoamingTuneUp Software
2014-02-24 17:41 - 2014-02-24 17:40 - 00000000 ____D () C:ProgramDataAVG2014
2014-02-24 17:40 - 2014-02-24 17:40 - 00000000 ___HD () C:$AVG
2014-02-24 17:39 - 2014-02-24 17:39 - 00000000 ____D () C:Program Files (x86)AVG
2014-02-24 17:24 - 2014-02-24 17:24 - 00000000 ____D () C:UsersдидоAppDataLocalMFAData
2014-02-24 17:09 - 2014-02-24 17:09 - 00000150 _____ () C:UsersдидоDesktopFF3_collection.htm
2014-02-24 16:21 - 2014-02-24 16:21 - 00000000 ____D () C:GAMES
2014-02-23 10:08 - 2012-12-17 20:46 - 00000000 ____D () C:UsersдидоDocumentsBluetooth Folder
2014-02-20 20:06 - 2013-05-31 06:27 - 00000000 ____D () C:UsersдидоDesktopdokumenti
2014-02-20 19:17 - 2014-02-05 09:00 - 00000000 ____D () C:UsersдидоDesktopди
2014-02-20 19:16 - 2014-02-05 09:15 - 00000000 ____D () C:UsersдидоDesktopд
2014-02-20 19:09 - 2013-09-11 08:31 - 00000000 ____D () C:UsersдидоDesktopбеба
2014-02-20 11:55 - 2013-01-03 14:30 - 00000000 ____D () C:UsersдидоAppDataLocalCrashDumps
2014-02-17 17:23 - 2014-02-17 17:23 - 00000000 ____D () C:UsersдидоAppDataRoamingNVIDIA
2014-02-17 17:21 - 2014-02-17 17:21 - 00002560 _____ () C:WindowsSysWOW64SecuredImage32.dll
2014-02-17 17:21 - 2014-02-17 17:19 - 00000000 ____D () C:Program Files (x86)Flex Anticheat cs.sector.bg
2014-02-17 17:19 - 2014-02-17 17:19 - 00001277 _____ () C:UsersдидоDesktopFlex Anticheat cs.sector.bg.lnk
2014-02-12 09:53 - 2014-02-12 09:53 - 00000000 ____D () C:UsersдидоDesktopфондан
2014-02-11 08:52 - 2014-02-11 08:31 - 00000000 ____D () C:UsersдидоDesktopорифлейм
2014-02-10 16:26 - 2014-02-10 16:26 - 00000000 ____D () C:UsersдидоDesktopм
2014-02-10 15:50 - 2014-02-10 10:10 - 00000000 ____D () C:UsersдидоDesktopо
2014-02-10 10:02 - 2014-02-10 09:59 - 00000000 ____D () C:UsersдидоDesktopл
2014-02-10 09:52 - 2013-11-14 12:41 - 00000000 ____D () C:UsersдидоDocumentsooooooooooo
2014-02-09 18:52 - 2013-09-30 09:52 - 00000000 ____D () C:UsersдидоDocumentsPKR
2014-02-09 18:28 - 2013-10-28 12:14 - 00000000 ____D () C:UsersдидоDocumentsOneNote Notebooks
2014-02-05 19:25 - 2014-02-05 19:24 - 00000000 ____D () C:UsersдидоDesktopcstrike
2014-02-05 19:24 - 2014-02-05 19:24 - 00001948 _____ () C:UsersдидоDesktopCounter Strike 1.6 Non Steam.lnk
2014-02-05 19:24 - 2014-02-05 19:24 - 00001948 _____ () C:UsersUpdatusUserDesktopCounter Strike 1.6 Non Steam.lnk
2014-02-05 19:24 - 2014-02-05 19:24 - 00001928 _____ () C:UsersдидоDesktopDedicated Server.lnk
2014-02-05 19:24 - 2014-02-05 19:24 - 00001928 _____ () C:UsersUpdatusUserDesktopDedicated Server.lnk
2014-02-05 19:22 - 2014-02-05 19:22 - 00001670 _____ () C:UsersPublicDesktopCounter-Strike 1.6.lnk
2014-02-05 09:21 - 2014-02-05 09:19 - 00000000 ____D () C:UsersдидоDesktopд2
2014-02-03 18:16 - 2014-02-03 17:01 - 00000000 ____D () C:UsersдидоDesktopДидка
2014-02-03 18:10 - 2014-01-13 07:58 - 00000000 ____D () C:UsersдидоDesktopРазходка с Диди
ZeroAccess:
C:Program Files (x86)GoogleDesktopInstall

ZeroAccess:
C:WindowsassemblyGAC_32Desktop.ini

ZeroAccess:
C:WindowsassemblyGAC_64Desktop.ini

Some content of TEMP:
====================
C:UsersдидоAppDataLocalTempSkypeSetup.exe

==================== Bamital & volsnap Check =================

C:WindowsSystem32winlogon.exe => MD5 is legit
C:WindowsSystem32wininit.exe => MD5 is legit
C:WindowsSysWOW64wininit.exe => MD5 is legit
C:Windowsexplorer.exe => MD5 is legit
C:WindowsSysWOW64explorer.exe => MD5 is legit
C:WindowsSystem32svchost.exe => MD5 is legit
C:WindowsSysWOW64svchost.exe => MD5 is legit
C:WindowsSystem32services.exe => MD5 is legit
C:WindowsSystem32User32.dll => MD5 is legit
C:WindowsSysWOW64User32.dll => MD5 is legit
C:WindowsSystem32userinit.exe => MD5 is legit
C:WindowsSysWOW64userinit.exe => MD5 is legit
C:WindowsSystem32rpcss.dll => MD5 is legit
C:WindowsSystem32Driversvolsnap.sys => MD5 is legit

LastRegBack: 2014-02-21 11:56

==================== End Of Log ============================

Addition.txt

Редактирано от RX_7 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

Както и предполагах си имате ZeroAccess рууткит...

 

Преди да продължим деинсталирайте Avast или AVG...Използването на две антивирусни едновременно е недопустимо!

 

24-02-2014 15:29:45 avast! Internet Security Инсталация
24-02-2014 15:39:15 Installed AVG 2014

 

Ако решите да деинсталирате Avast след деинсталацията използвайте следния инструмент => avastclear.exe

 

  • [*]Заредете Windows в Safe Mode [*]Стартирайте инструмента avastclear.exe [*]Посочете папката в която е инсталиран avast C:Program FilesAVAST Software (забележка бъдете сигурен, че сте посочили правилната папка, защото всяка посочена папка ще бъде изтрита от инструмента) [*]Натиснете REMOVE [*]Рестартирайте компютъра в нормален режим.

Ако решите да деинсталирате AVG, тогава използвайте следния инструмент => според версията използвайте 32 битовия или 64 битовия деинсталатор:

 

AVG Remover(32bit) 2014

AVG Remover(64bit) 2014

 

Стартирайте инструмента след деинсталацията на AVG и след като приключи рестартирайте системата.

 

 

Също така пишете дали вие сте инсталирали Refog Keylogger-a , защото в лога на FRST има индикации от него в системата!

 

 

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

  Здравейте,

Keyloger-a го бях слагал доста отдавна и от около 5 месеца трябваше да бъде деинсталиран(поне си мислех че съм го махнал)..

Преди да инсталирам AVG премагнах AVAST ,тъй като самия инсталатор на първата спомената ми поиска премахването.

Номера с преименуването Windows defendar.old помогна но половин час след това машината се ресна и след повторно зареждане отказаха да работят 90 % от приложенията (COM, explorer, driver за видеото и много други)


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Номера с преименуването на папката бе само за да можете да сваляте файлове от интернет, не за лекуване на заразата...чака ни доста работа.

 

 

Изтеглете следния файл и го запазете в папката от която стартирахте FRST.exe.

Стартирайте FRST.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата.

 

 

 

Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.