GEORGIMV

благодаря клипа сега не се появява

ето го лога на ASW имаше 2 реда в жълто и един в червено aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software Run date: 2012-02-13 20:49:53 ----------------------------- 20:49:53.359 OS Version: Windows 5.1.2600 Service Pack 3 20:49:53.359 Number of processors: 1 586 0x2C02 20:49:53.359 ComputerName: USER-5397AF994D UserName: Administrator 20:49:54.453 Initialize success 20:57:15.359 AVAST engine defs: 12021301 20:59:18.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062 20:59:18.828 Disk 0 Vendor: ST3160215A 3.AAD Size: 152627MB BusType: 3 20:59:18.859 Disk 0 MBR read successfully 20:59:18.859 Disk 0 MBR scan 20:59:20.718 Disk 0 Windows XP default MBR code 20:59:20.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 51207 MB offset 63 20:59:22.156 Disk 0 Partition - 00 05 Extended 101418 MB offset 104872320 20:59:22.171 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 93220 MB offset 104872383 20:59:22.453 Disk 0 Partition - 00 05 Extended 8189 MB offset 295788780 20:59:22.484 Disk 0 scanning sectors +312576705 20:59:23.000 Disk 0 scanning C:\WINDOWS\system32\drivers 21:00:10.203 Service scanning 21:00:12.156 Service MpKsl47c1f531 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{434C6F01-598E-4AAB-B295-F5E28575FBA7}\MpKsl47c1f531.sys **LOCKED** 32 21:00:12.781 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32 21:00:13.531 Modules scanning 21:00:33.265 Disk 0 trace - called modules: 21:00:33.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys spbq.sys >>UNKNOWN [0x82591938]<< 21:00:33.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82524ab8] 21:00:33.281 3 CLASSPNP.SYS[f8685fd7] -> nt!IofCallDriver -> \Device\00000064[0x8251eb10] 21:00:33.296 5 ACPI.sys[f8431620] -> nt!IofCallDriver -> \Device\00000062[0x82525030] 21:00:34.406 AVAST engine scan C:\ 21:04:23.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat" 21:04:23.812 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

ComboFix 12-02-12.01 - Administrator 02.2012 г. 19:40:00.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.511.218 [GMT 2:00] Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript .txt.txt AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . FILE :: "c:\windows\Tasks\Scheduled Update for Ask Toolbar.job" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\Application Data\Notification.dll c:\documents and settings\Administrator\Application Data\rbap550.dll c:\documents and settings\Administrator\Application Data\RBInternetEncodings550.dll c:\documents and settings\Administrator\Application Data\RBShell550.dll c:\documents and settings\Administrator\Application Data\WindowsSecurity.dll c:\documents and settings\Administrator\Application Data\ZZipUtilitiesV02.dll c:\documents and settings\All Users\Application Data\TEMP c:\program files\Ask.com c:\program files\Ask.com\assets\oobe\b.png c:\program files\Ask.com\assets\oobe\bl.png c:\program files\Ask.com\assets\oobe\br.png c:\program files\Ask.com\assets\oobe\l.png c:\program files\Ask.com\assets\oobe\pointer.png c:\program files\Ask.com\assets\oobe\r.png c:\program files\Ask.com\assets\oobe\t.png c:\program files\Ask.com\assets\oobe\tl.png c:\program files\Ask.com\assets\oobe\tr.png c:\program files\Ask.com\cobrand.ico c:\program files\Ask.com\config.xml c:\program files\Ask.com\favicon.ico c:\program files\Ask.com\fv_83.ico c:\program files\Ask.com\GenericAskToolbar.dll c:\program files\Ask.com\mupcfg.xml c:\program files\Ask.com\precache.exe c:\program files\Ask.com\SaUpdate.exe c:\program files\Ask.com\Updater\config.xml c:\program files\Ask.com\Updater\Updater.exe c:\program files\Ask.com\UpdateTask.exe c:\windows\Tasks\Scheduled Update for Ask Toolbar.job . . --------------- FCopy --------------- . c:\windows\ServicePackFiles\i386\usp10.dll --> c:\windows\system32\usp10.dll . ((((((((((((((((((((((((( Files Created from 2012-01-13 to 2012-02-13 ))))))))))))))))))))))))))))))) . . 2012-02-13 17:50 . 2012-02-13 17:50 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{434C6F01-598E-4AAB-B295-F5E28575FBA7}\MpKsl47c1f531.sys 2012-02-13 17:10 . 2012-01-05 18:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{434C6F01-598E-4AAB-B295-F5E28575FBA7}\mpengine.dll 2012-02-12 18:57 . 2012-02-12 18:57 844 ---ha-w- C:\aaw7boot.cmd 2012-02-12 18:51 . 2012-02-12 18:52 -------- d-----w- c:\program files\SpybotPortable 2012-02-12 16:14 . 2012-02-12 16:14 -------- d-----w- c:\program files\KH Blocker 2012-02-12 15:55 . 2012-02-12 15:55 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2012-02-12 15:50 . 2012-02-12 20:41 -------- dc----w- c:\windows\system32\DRVSTORE 2012-02-12 15:50 . 2012-02-12 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2012-02-12 15:50 . 2012-02-12 15:50 -------- d-----w- c:\program files\Lavasoft 2012-02-12 14:59 . 2012-02-12 15:01 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2012-02-12 05:54 . 2012-02-12 09:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2012-02-11 15:00 . 2012-02-11 15:00 -------- d-----w- c:\windows\system32\wbem\Repository 2012-02-11 11:29 . 2012-02-11 11:29 -------- d-----w- c:\program files\Microsoft.NET 2012-01-15 19:06 . 2012-01-15 19:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\XBMC 2012-01-15 19:04 . 2012-01-15 19:04 -------- d-----w- c:\program files\XBMC . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-31 12:44 . 2011-05-03 20:11 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-05 18:19 . 2011-05-06 05:17 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-12-26 11:37 . 2011-12-26 11:37 33019 ----a-w- c:\windows\system32\CoreAAC-uninstall.exe 2011-11-25 21:57 . 2007-09-29 14:25 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25 . 2007-09-29 14:25 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-19 07:34 . 2011-05-18 05:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-18 12:35 . 2004-08-04 12:00 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:21 . 2007-09-29 14:24 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-16 14:21 . 2004-08-04 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2012-02-11 18:21 . 2011-09-29 17:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-02-13_13.27.15 ))))))))))))))))))))))))))))))))))))))))) . + 2012-02-13 17:06 . 2012-02-13 17:06 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\f45abd2caa9f93bb60ce92de6a885d6e\System.Windows.Presentation.ni.dll + 2012-02-13 17:05 . 2012-02-13 17:05 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\3447b1ea4537dd7a1b7796efb935f4b0\System.Web.Routing.ni.dll + 2007-09-29 14:49 . 2008-04-14 00:12 406016 c:\windows\system32\dllcache\usp10.dll + 2012-02-13 17:07 . 2012-02-13 17:07 404480 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\ecb0328b918c4a5adfbd83c946e0e196\XamlBuildTask.ni.dll + 2012-02-13 17:07 . 2012-02-13 17:07 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\b18816abd9dd59ca3f1d682a756e5745\WindowsFormsIntegration.ni.dll + 2012-02-13 17:06 . 2012-02-13 17:06 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\ee096062554a6344a49083910c0af16e\UIAutomationClient.ni.dll + 2012-02-13 17:05 . 2012-02-13 17:05 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\a863e081c9bcbaec568abe127fb1dbe3\System.Windows.Forms.DataVisualization.Design.ni.dll + 2012-02-13 17:04 . 2012-02-13 17:04 864256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\8df52ddecec26752d703df9d12236688\System.Web.Extensions.Design.ni.dll + 2012-02-13 17:07 . 2012-02-13 17:07 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\344c1e000e4158cc37a5e9068e095d40\System.Transactions.ni.dll - 2012-02-13 13:25 . 2012-02-13 13:25 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\344c1e000e4158cc37a5e9068e095d40\System.Transactions.ni.dll + 2012-02-13 17:07 . 2012-02-13 17:07 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a2baf116d3055aadb99b77e327a74907\System.EnterpriseServices.Wrapper.dll - 2012-02-13 13:25 . 2012-02-13 13:25 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a2baf116d3055aadb99b77e327a74907\System.EnterpriseServices.Wrapper.dll - 2012-02-13 13:25 . 2012-02-13 13:25 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a2baf116d3055aadb99b77e327a74907\System.EnterpriseServices.ni.dll + 2012-02-13 17:07 . 2012-02-13 17:07 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a2baf116d3055aadb99b77e327a74907\System.EnterpriseServices.ni.dll + 2012-02-13 17:06 . 2012-02-13 17:06 1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\0d8b512be71d0a491131dac4bada85cf\UIAutomationClientsideProviders.ni.dll + 2012-02-13 17:06 . 2012-02-13 17:06 1208320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\8cd2807d50c15dc7d4dc310407fafe72\System.WorkflowServices.ni.dll + 2012-02-13 17:06 . 2012-02-13 17:06 1969152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\4aac053a6c7c2a0f21903f3ded15ed62\System.Workflow.Runtime.ni.dll + 2012-02-13 17:06 . 2012-02-13 17:06 4461568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\45b3e62f518b41959dc57f78d303c7d2\System.Workflow.ComponentModel.ni.dll + 2012-02-13 17:06 . 2012-02-13 17:06 2871808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\efbaa12cf2e60ab74689afa58e80dc3c\System.Workflow.Activities.ni.dll + 2012-02-13 17:05 . 2012-02-13 17:05 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\ee16a1514cffb8d75d96c2d3a182732a\System.Windows.Forms.DataVisualization.ni.dll + 2012-02-13 17:05 . 2012-02-13 17:05 1897472 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\c6516ac5143b590c0b4a4e4206921345\System.Web.Services.ni.dll - 2012-02-13 13:21 . 2012-02-13 13:21 1897472 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\c6516ac5143b590c0b4a4e4206921345\System.Web.Services.ni.dll + 2012-02-13 17:04 . 2012-02-13 17:04 2334720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\49b986837197982c6ffb3654b4efeb98\System.Web.Mobile.ni.dll + 2012-02-13 17:07 . 2012-02-13 17:07 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\494945003f729a5d6ec21324dff8c7b9\System.Data.ni.dll - 2012-02-13 13:25 . 2012-02-13 13:25 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\494945003f729a5d6ec21324dff8c7b9\System.Data.ni.dll + 2012-02-13 17:06 . 2012-02-13 17:06 1193984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\9d1b8d3b4009e1006852a61c281e53b2\System.Data.OracleClient.ni.dll - 2012-02-13 13:24 . 2012-02-13 13:24 1193984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\9d1b8d3b4009e1006852a61c281e53b2\System.Data.OracleClient.ni.dll - 2012-02-13 13:25 . 2012-02-13 13:25 12076032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\022bb29a475db0110dfa955f319b7f07\System.Web.ni.dll + 2012-02-13 17:06 . 2012-02-13 17:06 12076032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\022bb29a475db0110dfa955f319b7f07\System.Web.ni.dll - 2012-02-13 13:05 . 2012-02-13 13:05 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\8f98e8e2739c6887f5721b8482767479\System.ServiceModel.ni.dll + 2012-02-13 17:04 . 2012-02-13 17:04 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\8f98e8e2739c6887f5721b8482767479\System.ServiceModel.ni.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440] "KH Blocker"="c:\program files\KH Blocker\khb.exe" [2007-02-13 3039978] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\Administrator\\Desktop\\ПРОГРАМИ\\WinGrabZ.exe"= "d:\\САТЕЛИТ\\Dreambox 500s\\DCC.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "d:\\САТЕЛИТ\\Dreambox 500s\\dreamset.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\enigma2tool\\enigma2tool.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "10950:TCP"= 10950:TCP:Inhatch P2P Streaming "10951:TCP"= 10951:TCP:Inhatch P2P Streaming "10952:TCP"= 10952:TCP:Inhatch P2P Streaming "10953:TCP"= 10953:TCP:Inhatch P2P Streaming "49780:UDP"= 49780:UDP:Inhatch P2P Streaming . R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [04.5.2011 г. 00:30 16640] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01.8.2011 г. 17:43 691696] R1 MpKsl47c1f531;MpKsl47c1f531;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{434C6F01-598E-4AAB-B295-F5E28575FBA7}\MpKsl47c1f531.sys [13.2.2012 г. 19:50 29904] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [29.12.2011 г. 19:07 632792] R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [06.9.2011 г. 12:28 66944] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 г. 13:16 130384] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 г. 10:15 31125880] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.1.2010 г. 20:37 4640000] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 г. 13:16 753504] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL47C1F531 . Contents of the 'Scheduled Tasks' folder . 2012-02-13 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 12:39] . 2012-02-13 c:\windows\Tasks\RMSchedule.job - c:\program files\Registry Mechanic\RegMech.exe [2011-12-29 08:02] . 2012-02-13 c:\windows\Tasks\RMSmartUpdate.job - c:\program files\Registry Mechanic\Update.exe [2011-12-29 11:23] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.bg/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.168.1 88.80.96.7 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mkizihfl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.data.bg/ FF - user.js: browser.blink_allowed - true FF - user.js: network.prefetch-next - true FF - user.js: nglayout.initialpaint.delay - 50 FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-TaskTray - (no file) AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-13 19:50 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(824) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(7676) c:\windows\system32\WININET.dll c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\windows\system32\Ati2evxx.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe c:\program files\Photodex\ProShowProducer\ScsiAccess.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Completion time: 2012-02-13 19:57:48 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-13 17:57 ComboFix2.txt 2012-02-13 13:33 . Pre-Run: 35 544 014 848 bytes free Post-Run: 35 536 338 944 bytes free . - - End Of File - - E9C1947234E5918BF5F02C3D793A4F7A

ok

ето това излезна ето това излезна ComboFix 12-02-12.01 - Administrator 02.2012 г. 15:15:24.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.511.190 [GMT 2:00] Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\Application Data\Notification.dll c:\documents and settings\Administrator\Application Data\rbap550.dll c:\documents and settings\Administrator\Application Data\RBInternetEncodings550.dll c:\documents and settings\Administrator\Application Data\RBShell550.dll c:\documents and settings\Administrator\Application Data\WindowsSecurity.dll c:\documents and settings\Administrator\Application Data\ZZipUtilitiesV02.dll c:\documents and settings\All Users\Application Data\TEMP . . ((((((((((((((((((((((((( Files Created from 2012-01-13 to 2012-02-13 ))))))))))))))))))))))))))))))) . . 2012-02-12 18:57 . 2012-02-12 18:57 844 ---ha-w- C:\aaw7boot.cmd 2012-02-12 18:51 . 2012-02-12 18:52 -------- d-----w- c:\program files\SpybotPortable 2012-02-12 16:14 . 2012-02-12 16:14 -------- d-----w- c:\program files\KH Blocker 2012-02-12 15:55 . 2012-02-12 15:55 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2012-02-12 15:50 . 2012-02-12 20:41 -------- dc----w- c:\windows\system32\DRVSTORE 2012-02-12 15:50 . 2012-02-12 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2012-02-12 15:50 . 2012-02-12 15:50 -------- d-----w- c:\program files\Lavasoft 2012-02-12 15:14 . 2012-01-05 18:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{94A7E69E-596A-4E83-B0CE-BCAA1132D612}\mpengine.dll 2012-02-12 14:59 . 2012-02-12 15:01 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2012-02-12 05:54 . 2012-02-12 09:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2012-02-11 15:00 . 2012-02-11 15:00 -------- d-----w- c:\windows\system32\wbem\Repository 2012-02-11 11:29 . 2012-02-11 11:29 -------- d-----w- c:\program files\Microsoft.NET 2012-01-15 19:06 . 2012-01-15 19:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\XBMC 2012-01-15 19:04 . 2012-01-15 19:04 -------- d-----w- c:\program files\XBMC . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-31 12:44 . 2011-05-03 20:11 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-05 18:19 . 2011-05-06 05:17 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-12-26 11:37 . 2011-12-26 11:37 33019 ----a-w- c:\windows\system32\CoreAAC-uninstall.exe 2011-11-25 21:57 . 2007-09-29 14:25 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25 . 2007-09-29 14:25 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-19 07:34 . 2011-05-18 05:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-18 12:35 . 2004-08-04 12:00 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:21 . 2007-09-29 14:24 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-16 14:21 . 2004-08-04 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2012-02-11 18:21 . 2011-09-29 17:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . <pre> c:\program files\luft4sat.eu\CCcam-info\CCcamInfo V.1.2 .exe </pre> . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll [-] 2007-09-29 . A2F03ADFB6C17E732FC42D51352EDCC3 . 502784 . . [1.0626.6000.20581] . . c:\windows\system32\usp10.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-12-14 13:51 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "TaskTray"="" [N/A] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440] "KH Blocker"="c:\program files\KH Blocker\khb.exe" [2007-02-13 3039978] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\Administrator\\Desktop\\ПРОГРАМИ\\WinGrabZ.exe"= "d:\\САТЕЛИТ\\Dreambox 500s\\DCC.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "d:\\САТЕЛИТ\\Dreambox 500s\\dreamset.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\enigma2tool\\enigma2tool.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "10950:TCP"= 10950:TCP:Inhatch P2P Streaming "10951:TCP"= 10951:TCP:Inhatch P2P Streaming "10952:TCP"= 10952:TCP:Inhatch P2P Streaming "10953:TCP"= 10953:TCP:Inhatch P2P Streaming "49780:UDP"= 49780:UDP:Inhatch P2P Streaming . R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [04.5.2011 г. 00:30 16640] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01.8.2011 г. 17:43 691696] R1 MpKsl3e067377;MpKsl3e067377;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{94A7E69E-596A-4E83-B0CE-BCAA1132D612}\MpKsl3e067377.sys [13.2.2012 г. 15:28 29904] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 г. 13:16 130384] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [29.12.2011 г. 19:07 632792] R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [06.9.2011 г. 12:28 66944] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 г. 10:15 31125880] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.1.2010 г. 20:37 4640000] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 г. 13:16 753504] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL3E067377 . Contents of the 'Scheduled Tasks' folder . 2012-02-13 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 12:39] . 2012-02-12 c:\windows\Tasks\RMSchedule.job - c:\program files\Registry Mechanic\RegMech.exe [2011-12-29 08:02] . 2012-02-13 c:\windows\Tasks\RMSmartUpdate.job - c:\program files\Registry Mechanic\Update.exe [2011-12-29 11:23] . 2012-02-13 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2011-12-14 13:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.bg/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.168.1 88.80.96.7 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mkizihfl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.data.bg/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&SearchSource=2&q= FF - user.js: browser.blink_allowed - true FF - user.js: network.prefetch-next - true FF - user.js: nglayout.initialpaint.delay - 50 FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-13 15:28 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1417001333-1177238915-725345543-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,85,e2,a7,81,0a,8a,4c,89,11,1a,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,84,3d,8b,a8,6c,cc,4e,a7,0b,e6,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,85,e2,a7,81,0a,8a,4c,89,11,1a,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(828) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(4684) c:\windows\system32\WININET.dll c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\windows\system32\Ati2evxx.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe c:\program files\Photodex\ProShowProducer\ScsiAccess.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Completion time: 2012-02-13 15:33:54 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-13 13:33 . Pre-Run: 35 840 053 248 bytes free Post-Run: 35 773 956 096 bytes free . - - End Of File - - 0B7FE137E553EC2597733983663B668F

какво следва сега ???????

ето го файлаOTL.Txt

windows XP интересното е че това се появява само при опит да влезна в facebook

проблема е следния получих един клип и при опита да го отворя се зареди идна страница с един xxx клип и иске инсталирането на pic uploader сега при всяко влизане в facebook ми се появява този клеп на стената и искане за инсталиране на програмата и лошото е че се препраща на приетелите ми кажете как да спра това чудо

значи от 4-5 дена ми спира компютъра и се показва един син екран на който пише това значи от 4-5 дена ми спира компютъра и се показва един син екран на който пише това a problem has detected and Windows has been shutdown to prevent damge to your coputer The problem seen to be caused by te following file:ati2dvag if this is the first time you ve seen this error screen restart your computer if the screen appears agin falow these steps The divace driver got stuck in an infinite loop.This usually indicates problem with device itself or with the device driver progrraming the hardware incorrectly Please chek with your hardware devise vendor for any driver updates Tehnical information: ***STOP:0x000000EA( 0x821C58B8,0x822BFA80,0xF8A9CCB4,0x00000001 )ati2dvag Beginning dump of physical memory кажете как да го оправя кажете как да го оправя

значи в последно време като пусна някой програма като virtualdub или някоя друга компа ми се товари много и дори започва да забива кожете от какво може да се получава това товарене и то при полажение че преди съм ползвал по две три приложения без проблеми

Велиславчо ето ти файла мой човек ако потрябва и на друг да знае че ги оправя тези грешки ето

ето това се оправяше с този файл

проверих във форума но не можах да намеря файла който оправяше грешките във photoshop ако някой се сеща за какво става на въпрос моля да ми го даде

мерси приятел ще му мисля какво да правя