Проблемът ми е че от известно време, не мога да влизам в определени сайтове, пробвах mozilla, opera , chrome, IE никаква промяна. Имах проблеми с няколко троянеца преди известно време, но мисля че антивирусната се е справила с тях. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 13.8.2011 г. 21:25:03 System Uptime: 27.1.2012 г. 12:03:00 (10 hours ago) . Motherboard: | | K7VT4A+ Processor: AMD Athlon XP 2500+ | Socket-A | 1832/166mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 37 GiB total, 0,931 GiB free. D: is FIXED (NTFS) - 37 GiB total, 6,672 GiB free. E: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP119: 20.12.2011 г. 11:14:49 - System Checkpoint RP120: 20.12.2011 г. 10:43:25 - System Checkpoint RP121: 21.12.2011 г. 10:48:27 - System Checkpoint RP122: 22.12.2011 г. 16:41:59 - System Checkpoint RP123: 23.12.2011 г. 02:20:21 - Removed Ask Toolbar. RP124: 24.12.2011 г. 05:07:44 - System Checkpoint RP125: 25.12.2011 г. 05:22:48 - System Checkpoint RP126: 26.12.2011 г. 21:59:32 - System Checkpoint RP127: 28.12.2011 г. 15:13:38 - System Checkpoint RP128: 29.12.2011 г. 18:51:32 - System Checkpoint RP129: 31.12.2011 г. 15:16:53 - System Checkpoint RP130: 01.1.2012 г. 15:40:25 - System Checkpoint RP131: 02.1.2012 г. 18:49:33 - System Checkpoint RP132: 03.1.2012 г. 19:38:06 - System Checkpoint RP133: 05.1.2012 г. 05:37:10 - System Checkpoint RP134: 06.1.2012 г. 08:02:01 - System Checkpoint RP135: 07.1.2012 г. 13:16:47 - System Checkpoint RP136: 08.1.2012 г. 14:43:07 - System Checkpoint RP137: 09.1.2012 г. 15:06:34 - System Checkpoint RP138: 10.1.2012 г. 14:37:35 - Installed Counter-Strike 1.6 RP139: 11.1.2012 г. 14:46:46 - System Checkpoint RP140: 11.1.2012 г. 08:52:18 - System Checkpoint RP141: 12.1.2012 г. 16:03:06 - System Checkpoint RP142: 14.1.2012 г. 01:34:31 - System Checkpoint RP143: 15.1.2012 г. 14:10:36 - Software Distribution Service 3.0 RP144: 15.1.2012 г. 14:14:43 - Software Distribution Service 3.0 RP145: 15.1.2012 г. 15:16:27 - Software Distribution Service 3.0 RP146: 15.1.2012 г. 15:52:08 - Installed Windows XP WgaNotify. RP147: 15.1.2012 г. 15:52:24 - Software Distribution Service 3.0 RP148: 16.1.2012 г. 13:48:51 - Software Distribution Service 3.0 RP149: 16.1.2012 г. 14:30:15 - Software Distribution Service 3.0 RP150: 17.1.2012 г. 20:33:44 - System Checkpoint RP151: 17.1.2012 г. 20:58:47 - Software Distribution Service 3.0 RP152: 19.1.2012 г. 20:13:46 - System Checkpoint RP153: 21.1.2012 г. 06:57:21 - System Checkpoint RP154: 23.1.2012 г. 01:11:17 - System Checkpoint RP155: 24.1.2012 г. 20:54:34 - System Checkpoint RP156: 25.1.2012 г. 15:46:13 - Removed Java 6 Update 29 RP157: 25.1.2012 г. 15:52:02 - Installed Java 6 Update 30 RP158: 26.1.2012 г. 21:19:16 - System Checkpoint . ==== Installed Programs ====================== . Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader 9.5.0 - Bulgarian Adobe Shockwave Player AMD APP SDK Runtime AMD Catalyst Install Manager Apple Application Support Apple Mobile Device Support Apple Software Update ATI Display Driver Auslogics Disk Defrag AVG 2012 Bonjour C-Media 3D Audio Counter-Strike 1.6 D-Link VGA Webcam DAEMON Tools Lite EA SPORTS online 2008 EVEREST Home Edition v2.20 EVEREST Ultimate Edition v4.20 FIFA 08 FlexType 2K GOM Player Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB976002-v5) iTunes Java Auto Updater Java 6 Update 30 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox 9.0.1 (x86 bg) QT Lite 4.1.0 RelevantKnowledge Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2618444) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544521) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618444) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Skype™ 5.5 Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2641690) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Veetle TV VLC media player 1.1.11 WebFldrs XP Winamp Winamp Detector Plug-in Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Media Format Runtime WinRAR archiver µTorrent . ==== Event Viewer Messages From Past Week ======== . 26.1.2012 і. 01:29:48, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 26.1.2012 і. 01:28:02, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 26.1.2012 і. 01:27:42, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 24.1.2012 і. 01:21:23, error: System Error [1003] - Error code 100000d1, parameter1 85fc7184, parameter2 00000002, parameter3 00000000, parameter4 aa62027a. 23.1.2012 і. 19:19:43, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 23.1.2012 і. 19:19:39, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 23.1.2012 і. 00:38:17, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 23.1.2012 і. 00:38:12, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 23.1.2012 і. 00:26:02, error: System Error [1003] - Error code 0000007a, parameter1 00000002, parameter2 c0000005, parameter3 82d225b0, parameter4 61998890. 20.1.2012 і. 17:29:42, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 20.1.2012 і. 17:29:28, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 20.1.2012 і. 01:42:49, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 20.1.2012 і. 01:42:36, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File =========================== . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_30 Run by Administrator at 22:15:16 on 2012-01-27 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.767.206 [GMT -8:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\Ati2evxx.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Program Files\RelevantKnowledge\rlvknlg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\Datecs\Flex2K.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.zamunda.net/ uSearch Bar = hxxp://dts.search-results.com/sidebar.html?src=ssb&appid=102&systemid=406&sr=0 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} mSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} mWinlogon: Taskman=c:\recycler\r-1-5-21-1482476501-1644491937-682003330-1013\scleaner.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\window~4\datamngr\toolbar\searchqudtx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\window~4\datamngr\toolbar\searchqudtx.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flexty~1.lnk - c:\windows\datecs\Flex2K.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: Interfaces\{24D9296D-B790-4466-A1CA-DFFAC2EEABB8} : NameServer = 95.87.194.4,95.87.255.190 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: RelevantKnowledge - c:\program files\relevantknowledge\rlls.dll AppInit_DLLs: . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\4s3m8gh3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406 FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q= FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-6 232512] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720] . =============== Created Last 30 ================ . 2012-01-25 23:52:39 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-01-25 23:44:48 426430 ----a-w- c:\program files\mozilla firefox\uninstall\uninstaller.exe 2012-01-18 00:19:13 -------- d-----w- c:\documents and settings\administrator\application data\Auslogics 2012-01-17 23:36:43 -------- d-----w- c:\program files\Auslogics 2012-01-16 22:13:47 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2012-01-16 22:13:46 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2012-01-16 22:13:44 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll 2012-01-16 22:13:44 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2012-01-16 22:13:41 6076416 -c----w- c:\windows\system32\dllcache\ieframe.dll 2012-01-16 22:13:37 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll 2012-01-16 22:13:36 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat 2012-01-16 22:13:34 63488 -c----w- c:\windows\system32\dllcache\icardie.dll 2012-01-15 23:55:43 1446264 ----a-w- c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll 2012-01-15 23:23:46 221184 ----a-w- c:\windows\system32\wmpns.dll 2012-01-15 23:15:16 -------- d-----w- c:\program files\AMD APP 2012-01-15 23:14:48 -------- d-----w- c:\program files\ATI 2012-01-15 22:49:57 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2012-01-15 22:49:57 272128 ------w- c:\windows\system32\drivers\bthport.sys 2012-01-15 22:47:16 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2012-01-15 22:33:00 293376 ------w- c:\windows\system32\browserchoice.exe 2012-01-15 22:16:36 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2012-01-15 22:12:11 -------- d-----w- c:\windows\system32\PreInstall 2012-01-15 22:12:10 26488 ----a-w- c:\windows\system32\spupdsvc.exe 2012-01-15 22:12:08 -------- d--h--w- c:\windows\$hf_mig$ 2012-01-15 22:05:59 -------- d-----w- c:\windows\system32\SoftwareDistribution 2012-01-14 03:35:30 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Google 2012-01-11 00:34:28 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll 2012-01-11 00:34:28 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll 2012-01-11 00:34:28 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll 2012-01-11 00:34:28 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll 2012-01-10 22:37:12 724992 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iKernel.dll 2012-01-10 22:37:12 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\ctor.dll 2012-01-10 22:37:12 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\DotNetInstaller.exe 2012-01-10 22:37:12 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll 2012-01-10 22:37:12 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iscript.dll 2012-01-10 22:37:12 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iuser.dll 2012-01-10 22:37:06 184452 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iGdi.dll 2012-01-10 22:37:05 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\Setup.dll 2012-01-03 16:22:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2012-01-03 16:22:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll . ==================== Find3M ==================== . 2012-01-25 23:52:20 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-12-22 22:26:33 193 ----a-w- c:\documents and settings\administrator\vfrewd.exe 2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-10 06:39:44 59904 ----a-w- c:\windows\system32\OpenVideo.dll 2011-11-10 06:39:32 54784 ----a-w- c:\windows\system32\OVDecode.dll 2011-11-10 06:38:40 14375936 ----a-w- c:\windows\system32\amdocl.dll 2011-11-10 06:37:46 44032 ----a-w- c:\windows\system32\OpenCL.dll 2011-11-07 01:10:09 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-31 23:43:21 832512 ----a-w- c:\windows\system32\wininet.dll 2011-10-31 23:43:21 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-10-31 23:43:21 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-10-31 23:43:20 17408 ----a-w- c:\windows\system32\corpol.dll . ============= FINISH: 22:17:04,21 ===============

Здравейте,

Временно деинсталирайте AVG от Add/Remove Programs от Control Panel-a.

След това изтеглете и стартирайте този инструмент за да почистите остатъците от AVG => AVG Remover(32bit) 2012

(avg_remover_stf_x86_2012_1796.exe)

Рестартирайте машината...

След това:

1. Изтеглете ComboFix от BleepingComputer

и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:

След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:

2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива.

3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.

4. ComboFix ще провери дали Windows Recovery Console e инсталиранa.

*Ако Windows Recovery Console не е инсталирана, ще е необходимо да използвате YES за инсталация на Windows Recovery Console

*Ако Windows Recovery Console е инсталирана, ComboFix ще продължи работата си.

Забележка: Необходимо е да сте свързани към Интернет за да може Windows Recovery Console да се изтегли.

След инсталация на Windows Recovery Console потвърдете с YES, за да продължите напред. Снимка:

5. ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на ComboFix, моля да прочетете това: Manually restoring the Internet connection section.

6. Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:

Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

ComboFix 12-01-27.01 - Administrator 01.2012 г. 0:07.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.767.533 [GMT -8:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\vfrewd.exe c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk c:\program files\RelevantKnowledge c:\program files\RelevantKnowledge\asmcf.dat c:\program files\RelevantKnowledge\chrome.manifest c:\program files\RelevantKnowledge\components\rlxg.dll c:\program files\RelevantKnowledge\components\rlxh.dll c:\program files\RelevantKnowledge\components\rlxi.dll c:\program files\RelevantKnowledge\components\rlxj.dll c:\program files\RelevantKnowledge\components\rlxk.dll c:\program files\RelevantKnowledge\install.rdf c:\program files\RelevantKnowledge\ncncf.dat c:\program files\RelevantKnowledge\nscf.dat c:\program files\RelevantKnowledge\rlcm.crx c:\program files\RelevantKnowledge\rlcm.txt c:\program files\RelevantKnowledge\rlls.dll c:\program files\RelevantKnowledge\rlls64.dll c:\program files\RelevantKnowledge\rloci.bin c:\program files\RelevantKnowledge\rlph.dll c:\program files\RelevantKnowledge\rlservice.exe c:\program files\RelevantKnowledge\rlvknlg.exe c:\program files\RelevantKnowledge\rlvknlg64.exe c:\program files\RelevantKnowledge\rlxf.dll c:\windows\system32\roboot.exe . . ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-28 ))))))))))))))))))))))))))))))) . . 2012-01-25 23:53 . 2012-01-25 23:53 -------- d-----w- c:\program files\Common Files\Java 2012-01-25 23:52 . 2012-01-25 23:52 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-01-25 23:44 . 2012-01-25 23:44 426430 ----a-w- c:\program files\Mozilla Firefox\uninstall\uninstaller.exe 2012-01-18 00:19 . 2012-01-18 01:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Auslogics 2012-01-17 23:36 . 2012-01-18 01:54 -------- d-----w- c:\program files\Auslogics 2012-01-16 22:13 . 2011-10-31 23:43 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2012-01-16 22:13 . 2011-10-31 23:43 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2012-01-16 22:13 . 2011-10-31 23:43 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll 2012-01-16 22:13 . 2011-10-27 13:50 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2012-01-16 22:13 . 2011-10-31 23:43 6076416 -c----w- c:\windows\system32\dllcache\ieframe.dll 2012-01-16 22:13 . 2011-10-31 23:43 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll 2012-01-16 22:13 . 2010-02-22 22:04 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat 2012-01-16 22:13 . 2011-10-31 23:43 63488 -c----w- c:\windows\system32\dllcache\icardie.dll 2012-01-15 23:55 . 2009-06-25 21:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll 2012-01-15 23:23 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll 2012-01-15 23:15 . 2012-01-15 23:15 -------- d-----w- c:\program files\AMD APP 2012-01-15 23:14 . 2012-01-15 23:14 -------- d-----w- c:\program files\ATI 2012-01-15 22:49 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2012-01-15 22:49 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys 2012-01-15 22:47 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2012-01-15 22:33 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2012-01-15 22:16 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2012-01-15 22:12 . 2011-08-12 21:51 26488 ----a-w- c:\windows\system32\spupdsvc.exe 2012-01-15 22:12 . 2012-01-18 04:58 -------- d--h--w- c:\windows\$hf_mig$ 2012-01-14 03:35 . 2012-01-17 23:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google 2012-01-11 00:34 . 2012-01-11 00:34 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-11 00:34 . 2012-01-11 00:34 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-11 00:34 . 2012-01-11 00:34 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2012-01-11 00:34 . 2012-01-11 00:34 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-10 22:37 . 2003-09-03 10:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll 2012-01-10 22:37 . 2003-09-03 10:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll 2012-01-10 22:37 . 2003-09-03 10:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll 2012-01-10 22:37 . 2003-09-03 10:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll 2012-01-10 22:37 . 2003-09-03 10:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe 2012-01-10 22:37 . 2003-09-03 10:23 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2012-01-10 22:37 . 2012-01-10 22:37 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll 2012-01-10 22:37 . 2012-01-10 22:37 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll 2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-25 23:52 . 2011-12-01 14:52 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-25 21:57 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35 . 2008-04-14 12:00 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-10 06:39 . 2011-11-10 06:39 59904 ----a-w- c:\windows\system32\OpenVideo.dll 2011-11-10 06:39 . 2011-11-10 06:39 54784 ----a-w- c:\windows\system32\OVDecode.dll 2011-11-10 06:38 . 2011-11-10 06:38 14375936 ----a-w- c:\windows\system32\amdocl.dll 2011-11-10 06:37 . 2011-11-10 06:37 44032 ----a-w- c:\windows\system32\OpenCL.dll 2011-11-07 01:10 . 2011-11-07 01:10 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-11-03 15:28 . 2008-04-14 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:28 . 2008-04-14 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll 2011-11-01 16:07 . 2008-04-14 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-31 23:43 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2011-10-31 23:43 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-10-31 23:43 . 2008-04-14 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-10-31 23:43 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2012-01-11 00:34 . 2011-08-14 04:36 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-08-14 399224] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2011-8-15 151552] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\EA SPORTS\\FIFA 08\\FIFA08.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Valve\\hl.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [06.11.2011 і. 17:10 232512] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2011-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.zamunda.net/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: Interfaces\{24D9296D-B790-4466-A1CA-DFFAC2EEABB8}: NameServer = 95.87.194.4,95.87.255.190 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4s3m8gh3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406 FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q= . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-Cmaudio - cmicnfg.cpl AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-28 00:13 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(724) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(2776) c:\windows\system32\WININET.dll c:\windows\system32\newdll.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RunDll32.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2012-01-28 00:17:18 - machine was rebooted ComboFix-quarantined-files.txt 2012-01-28 08:17 . Pre-Run: 2 645 196 800 bytes free Post-Run: 3 142 189 056 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=signature(28ad28ac)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug signature(28ad28ac)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - DF3BBBDF444F221A6CBE45A04178ACB5

СТЪПКА 1

• Отворете notepad.exe и с copy/paste въведете следната информация:

  Registry::
  [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
  "EnableFirewall"=dword:00000001
  [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileIcmpSettings]
  "AllowInboundEchoRequest"=dword:00000000
  DDS::
  uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
  Firefox::
  FF - ProfilePath - c:documents and settingsAdministratorApplication DataMozillaFirefoxProfiles4s3m8gh3.default
  FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
  FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=
  

• Запазете файла с име CFScript и го провлачете и пуснете в Combofix (както е показано на картинката отдолу).

  

• По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !
• Публикувайте лог файла, който ще се създаде след рестарта на компютъра в следващия си пост.

СТЪПКА 2

• Отворете Notepad и c copy/paste въведете

  reg export "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon" "%USERPROFILE%"desktopexport.reg

• Запазете файла с името export.bat и го стартирайте.
• В резултат на стартирането на Export.bat на десктопа ще се появи файл с име export.reg
• Архивирайте export.reg и го прикачете в следващия си коментар.

Пише ми - Грешка Не можете да качвате такъв тип файл .

Затова съм писал да го архивирате. Ок, направете следното: кликнете с десен бутон на файла export.reg и изберете Edit. Копирайте съдържанието на лог файла. PS: Не забравяйте да копирате и лог файла от новия лог на Combofix (след изпълнението на CFScript).