Kiril Nikolov_25514

ComboFix 12-04-16.04 - User 04/17/2012 21:22:51.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2047.1522 [GMT 3:00] Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\User\Application Data\Protector-tpne.exe c:\documents and settings\User\Application Data\result.db c:\windows\daemon.dll . . ((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 ))))))))))))))))))))))))))))))) . . 2012-04-17 16:40 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-04-17 16:40 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-04-17 16:40 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-04-17 16:40 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-04-17 16:40 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-04-17 16:40 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-04-17 16:40 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-04-17 16:40 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-04-17 16:40 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr 2012-04-17 16:40 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-04-17 14:21 . 2012-04-17 14:21 -------- d-sh--w- c:\documents and settings\User\PrivacIE 2012-04-17 13:49 . 2012-01-19 07:22 42864 ----a-r- c:\windows\system32\SBBD.EXE 2012-04-17 13:49 . 2012-01-12 06:26 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys 2012-04-17 13:49 . 2012-04-17 13:49 -------- d-----w- c:\program files\Common Files\iS3 2012-04-17 13:49 . 2012-04-17 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla! 2012-04-17 13:37 . 2012-04-17 16:26 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2012-04-11 08:28 . 2012-04-11 08:29 -------- d-----w- c:\documents and settings\User\Application Data\GarenaPlus 2012-04-11 08:28 . 2012-04-11 08:28 -------- d-----w- c:\program files\Garena Plus 2012-04-11 08:28 . 2012-04-11 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\GarenaMessenger 2012-04-04 10:13 . 2012-04-04 10:13 23376 ----a-r- c:\windows\system32\SZIO5.dll 2012-04-04 10:13 . 2012-04-04 10:13 546640 ----a-r- c:\windows\system32\SZComp5.dll 2012-04-04 10:13 . 2012-04-04 10:13 481104 ----a-r- c:\windows\system32\SZBase5.dll 2012-04-01 22:45 . 2012-04-01 22:45 -------- d-----w- c:\documents and settings\User\Application Data\SynthMaker 2012-03-29 18:28 . 2012-03-29 18:28 -------- d-----w- c:\program files\VirtualDJ 2012-03-29 13:36 . 2012-03-29 13:36 72080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys 2012-03-26 19:51 . 2012-03-26 19:51 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Temp 2012-03-26 19:51 . 2012-03-26 19:51 -------- d-----w- c:\documents and settings\User\Application Data\Antares 2012-03-26 19:51 . 2012-03-26 19:51 -------- d-----w- c:\program files\Antares Audio Technologies 2012-03-26 19:51 . 2012-03-26 19:51 -------- d-----w- c:\program files\Steinberg 2012-03-26 19:51 . 2003-06-20 09:28 1777664 ----a-w- c:\windows\system32\gdiplus.dll 2012-03-26 17:42 . 2012-03-27 00:25 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\WMTools Downloaded Files 2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-22 11:27 . 2012-01-21 15:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-10 16:43 . 2012-03-10 16:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2012-02-24 12:28 . 2012-02-24 12:28 99728 ----a-r- c:\windows\system32\drivers\SZKG.sys 2012-02-24 12:28 . 2012-02-24 12:28 99728 ----a-r- c:\windows\system32\drivers\is3srv.sys 2012-02-23 11:09 . 2012-02-23 11:09 29008 ----a-r- c:\windows\system32\IS3XDat5.dll 2012-02-23 11:09 . 2012-02-23 11:09 390992 ----a-r- c:\windows\system32\IS3UI5.dll 2012-02-23 11:09 . 2012-02-23 11:09 231248 ----a-r- c:\windows\system32\IS3Win325.dll 2012-02-23 11:09 . 2012-02-23 11:09 100176 ----a-r- c:\windows\system32\IS3Svc5.dll 2012-02-23 11:09 . 2012-02-23 11:09 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll 2012-02-23 11:09 . 2012-02-23 11:09 104272 ----a-r- c:\windows\system32\IS3Inet5.dll 2012-02-23 11:09 . 2012-02-23 11:09 67408 ----a-r- c:\windows\system32\IS3Hks5.dll 2012-02-23 11:09 . 2012-02-23 11:09 456528 ----a-r- c:\windows\system32\IS3DBA5.dll 2012-02-23 11:09 . 2012-02-23 11:09 808784 ----a-r- c:\windows\system32\IS3Base5.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "RTHDCPL"="RTHDCPL.EXE" [2011-08-17 20064872] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avastSvc.exe] "Debugger"=svchost.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avastUI.exe] "Debugger"=svchost.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\Opera\\opera.exe"= "d:\\FIFA 12\\Game\\fifa.exe"= "d:\\Нова папка\\cstrike.exe"= "c:\\Program Files\\Garena Plus\\room\\garena_room.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57340:TCP"= 57340:TCP:Pando Media Booster "57340:UDP"= 57340:UDP:Pando Media Booster "56509:TCP"= 56509:TCP:Pando Media Booster "56509:UDP"= 56509:UDP:Pando Media Booster . R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [10/2/2003 04:16 119552] R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [9/27/2003 15:37 5504] R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2/24/2012 15:28 99728] R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [3/29/2012 16:36 72080] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/17/2012 19:40 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/17/2012 19:40 337880] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/17/2012 16:49 101112] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/17/2012 19:40 20696] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/21/2012 14:43 119656] S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2/24/2012 15:28 99728] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/21/2012 14:39 1691480] S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?] S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [1/4/2012 17:28 16128] . Contents of the 'Scheduled Tasks' folder . 2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1284227242-1801674531-1003Core.job - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-21 11:16] . 2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1284227242-1801674531-1003UA.job - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-21 11:16] . . ------- Supplementary Scan ------- . IE: &Експортиране към Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 62.221.159.226 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Inspector - c:\documents and settings\User\Application Data\Protector-tpne.exe Notify-TPSvc - TPSvc.dll . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-17 21:26 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . Completion time: 2012-04-17 21:28:11 ComboFix-quarantined-files.txt 2012-04-17 18:28 . Pre-Run: 6 192 103 424 bytes free Post-Run: 6 175 485 952 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - A5821B0B7441298ABF5A289A3047B915

Мерси братле , жив и здрав. Целувки. Дано с тази тема да си полезен и на други.

Windows XP Professional Service pack 3 пак не мога да го отворя.

Няма активация за код , иска ми кредитна карта , пароли адрес имена и прочее.

Изтеглих я от сайта който ти ми даде , и от официалния сайт но след като я инсталирам , не се отваря .Пробвах и в Safe Mode да я отворя , но не стана. Явно вируса я блокира.

Имам проблем с вируса Widows Safety Manager , когато се опитам да отворя browser-a си и ми излиза че не ми е защитена системата , имам много вируси , отдоло има копче за премахване , когато го натисна ме кара да си купя програмата . Иска повече данни от колкото са необходими и това ме накара да се зачудя . Оказа се че е доста разпространен вирус но не намерих как да го махна. Ако някой има опит с премахването на Widows Safety Manager моля да сподели. Ще съм му благодарен.

Пробвах , пак монитора не се включва .... Хаха преди не стана , като се зачудих викам тряа да стане .. сложих 2гб и стана , много мерси и се извинявам че ви занимавах с мойте глупости.

На еднакви цветове 2те по 512.. но пак не тръгва монитора ,

Gigabyte GA-945P-S3 .

Имам 2х512 ддр2 рам памет , вчера взех още 2gb от един приятел , сложих я и вървеше добре ... Днес се сабудих и компютърът тръгна но не се пускаше екрана , махнах почката от 2gb , нещо май изгоря в дънната платка и компютърът се изключи , махнах и другата плочка от 512mb и се включи ... върви нормално но 512мб не са ми достатачни тъй като играя игри... имам 4 слота за рам 2 жълти и 2 червени .. някой ако може да ми помогне ще съм благодарен.. Когато сложа още 512мб или 2гб мониторът не се включва.