dian59
Потребител
-
Регистрация
-
Последно онлайн
Всичко публикувано от dian59
-
Клавиатурата изключи след инсталация на скрийн сейвър Какво да предприема за възстановяването и
-
Добър ден, г-н Администратор, Отдавна не съм влизал във форума! Имам въпрос , който не слагам в нова тема, защото не мога да го класифицирам. Имам файлове който съм криптирал на времето с FILEBARRICADER, които не мога да декриптирам, защото FILEBARRICADER беше пострадал сериозно при последния ХАЙДЖАК, Заличих го от регистрите, отново го инсталирах, обаче не работи Има ли начин ако е закован с някоя от антивирусните модули, да го даактивирам, ако не, здраве да е !
-
На първа взгляда компютъра направо стана бърз отваря и затваря като звяр Преди малко дето писах , ще поместя Програм Ремув Диалога на Картинка да ми кажете как да махна Акад 2010 за да си го инсталирам пак вижте няма бутон за махане, Изтеглих един Ашампу Анинсталер и той три три пък накрая остана това в Програмите (прилагам ЖиПеГ)
-
Здравейте, Поразгледах за Стелт режима Аз съм си пуснал една АнтиЕХЕ но съм я деактивирал, мога винаги да я изтрия , тя не е проблем. Имам и един ЛОКЕР, да не се чудите но тоя съм го турил за да не ми затриват данните Направо ги крия. Винаги мога да го деинсталирам, всичко това е в Стелт режим- не е това проблем. Проблема е че нещо трие Лицензните файлове и разни пакости като преименуване на Програмни папки. Аз и Механик Регистрито го сложих заради бавен компютър, но ЕСЕТА май току що го затри. Въпроса е в този затривач на Папки, (имаше един Генюин но уж съм го спрял), освен това съм забранил ъпдейтите. Но най-много удря по лицензите на 3ДС Мах и Акад 2010, Дори Акад 2010 се мъча да го деинсталирам но не иска, загуби се от листа Ремув Програм, но като си пусна нов казва че го има инсталиран на компютъра. 3Д Мах го допуска само до 3 дена и го мори като Райд Молец. Корел Дроуто така го отряза , че се отказах да работя на тая програма, освен това ми изтри папка с Каталози, и то така , че 6 програми за Андилит не намериха никаква следа из компютъра. Това го пиша за да конкретизирам проблема. Благодаря, сега това дето съм го писал по-долу е само информация, а сега ще проверя дали са се изчистили тия неща и пак ще Ви се обадя за резултатите
-
Досега се мъчи това ЕСЕТ Изглежда Аваста се беше включил при Рестартиране и сега довърши работата ето му го ЛОГа ESETSmartInstaller@High as downloader log: all ok DLL:pipe not connected. attempts=1 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=Unknown # api_version=3.0.2 # EOSSerial=6989675a14f6c0408c2612325b069785 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-11-30 02:01:10 # local_time=2009-11-30 04:01:10 (+0200, FLE Standard Time) # country="Serbia and Montenegro" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 5637669 5637669 0 0 # compatibility_mode=769 16775125 100 98 3670 195874261 0 0 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 3697 3697 0 0 # scanned=674726 # found=7 # cleaned=7 # scan_time=7363 C:\Downloads\Solidworks 2006\SOLIDWORKS_2006_SP0_MULTILANG_Crack.rar Win32/Tool.Embryo.A application (deleted - quarantined) 00000000000000000000000000000000 C C:\Downloads\Some Free Programs\Super_Turbo_Tango_Patcher_7_05_by_vertigosity.exe Win32/WFPDisabler.A application (deleted - quarantined) 00000000000000000000000000000000 C C:\Program Files\Registry Mechanic\RegMech.exe probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{D5FA71AE-0F3A-4075-9EFA-6A27F2EEF311}\RP38\A0008205.exe Win32/PSWTool.PWDump2 application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{D5FA71AE-0F3A-4075-9EFA-6A27F2EEF311}\RP38\A0008206.exe Win32/PSWTool.PWDump2 application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{D5FA71AE-0F3A-4075-9EFA-6A27F2EEF311}\RP38\A0008207.exe Win32/PSWTool.PWDump2 application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{D5FA71AE-0F3A-4075-9EFA-6A27F2EEF311}\RP38\A0008208.exe Win32/PSWTool.PWDump2 application (deleted - quarantined) 00000000000000000000000000000000 C Здравейте, сега какво правим нататък ?
-
Здравейте , Откакто ръчках препоръчваните Ехета, компютъра почна да реагира по-пъргавичко, което е хубаво! Между другото преди да махна Комбото, го опитах пак със скрипта и тоя път почна да инсталира Конзолата, но спря и каза , че не може да номерира РЕБУТ Партишъна,(не знам какъв е тоя номер и защо не може да го номерира но това е.....и после в неговия ЛОГ каза , че Машината Сори няма Рекавър Конзола ) Днес продължих с изпълнението на препоръките и сега ще Пейстна Логовете на Авенжера и на Есета --------------- ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows XP (build 2600, Service Pack 3) Mon Nov 30 13:49:42 2009 13:49:42: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows XP (build 2600, Service Pack 3) Mon Nov 30 13:50:08 2009 13:50:08: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows XP (build 2600, Service Pack 3) Mon Nov 30 13:50:48 2009 13:50:48: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows XP (build 2600, Service Pack 3) Mon Nov 30 13:50:55 2009 13:50:55: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\Ntf8.tmp" deleted successfully. File "C:\Ntf7.tmp" deleted successfully. File "C:\Ntf5.tmp" deleted successfully. File "C:\Ntf6.tmp" deleted successfully. File "C:\Ntf4.tmp" deleted successfully. File "C:\Ntf3.tmp" deleted successfully. File "C:\Ntf1.tmp" deleted successfully. File "C:\Ntf2.tmp" deleted successfully. File "C:\Ntf4E.tmp" deleted successfully. File "C:\Ntf4D.tmp" deleted successfully. Completed script processing. ******************* Finished! Terminate. А на ЕСЕТА на следвашата публикация , защото нещо много тежко сканира, явно голям зор има, аз ще отида да пия кафе ! --------------
-
Вече се Архивирах яко Довършвам друга работа и продължавам вероятно утре. Моля да ме изчакате.
-
ОК Първо, ще се архивирам, щото работата е сериозна по-късно , ще се обадя.
-
Добре, но Авенджера нали е от дефинициите на вирусите ? Това как да го разбирам
-
Направих и пуснах Скрипта върху Комбото ето ЛОГА ComboFix 09-11-08.03 - User 09.11.2009 8:42.6.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.3583.2871 [GMT 2:00] Running from: c:\documents and settings\User\Desktop\Tool.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt AV: avast! antivirus 4.8.1282 [VPS 091108-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 ))))))))))))))))))))))))))))))) . 2009-11-05 06:27 . 2009-11-05 06:37 -------- d-----w- C:\ComboFix 2009-11-04 14:25 . 2009-11-04 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-11-04 13:35 . 2009-11-04 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-04 07:13 . 2009-11-04 07:13 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-03 12:27 . 2009-11-03 12:27 -------- d-----w- c:\documents and settings\User\DoctorWeb 2009-11-02 10:36 . 2009-11-02 10:36 -------- d-----w- c:\documents and settings\User\Application Data\MozillaControl 2009-10-23 05:05 . 2009-10-23 05:05 -------- d-----w- c:\documents and settings\User\Application Data\cadenas 2009-10-19 10:07 . 2008-04-14 02:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2009-10-12 06:50 . 1998-07-30 09:51 305152 ----a-w- c:\windows\IsUninst.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-09 06:48 . 2009-06-04 06:12 -------- d-----w- c:\documents and settings\User\Application Data\IM 2009-11-09 06:47 . 2009-11-09 06:47 67 ----a-w- C:\Ntf12.tmp 2009-11-09 06:47 . 2009-11-09 06:47 67 ----a-w- C:\Ntf11.tmp 2009-11-09 06:46 . 2009-06-10 14:05 914992 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-11-09 06:36 . 2009-06-04 07:01 -------- d-----w- c:\documents and settings\User\Application Data\SolidWorks 2009-11-09 06:20 . 2009-11-09 06:20 67 ----a-w- C:\NtfF.tmp 2009-11-09 06:20 . 2009-11-09 06:20 67 ----a-w- C:\Ntf10.tmp 2009-11-08 12:44 . 2009-06-10 12:48 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent 2009-11-08 12:42 . 2009-06-08 06:44 -------- d-----w- c:\program files\BitComet 2009-11-08 12:40 . 2009-06-04 13:45 -------- d-----w- c:\documents and settings\User\Application Data\Skype 2009-11-05 10:47 . 2009-11-05 10:47 67 ----a-w- C:\NtfE.tmp 2009-11-05 10:47 . 2009-11-05 10:47 67 ----a-w- C:\NtfD.tmp 2009-11-05 10:20 . 2009-11-05 10:20 67 ----a-w- C:\NtfC.tmp 2009-11-05 10:20 . 2009-11-05 10:20 67 ----a-w- C:\NtfB.tmp 2009-11-05 07:31 . 2009-11-05 06:34 656 ----a-w- C:\Ntf9.tmp 2009-11-05 06:34 . 2009-11-05 06:34 67 ----a-w- C:\NtfA.tmp 2009-11-04 14:50 . 2009-06-02 11:07 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-04 07:14 . 2009-06-26 11:36 -------- d-----w- c:\program files\Java 2009-11-04 06:58 . 2009-11-04 06:58 67 ----a-w- C:\Ntf8.tmp 2009-11-04 06:58 . 2009-11-04 06:58 67 ----a-w- C:\Ntf7.tmp 2009-11-03 07:46 . 2009-11-03 06:11 3736 ----a-w- C:\Ntf5.tmp 2009-11-03 06:11 . 2009-11-03 06:11 67 ----a-w- C:\Ntf6.tmp 2009-10-27 08:37 . 2009-06-08 07:12 -------- d-----w- c:\program files\MechSoft 2009-10-12 11:57 . 2009-06-04 13:45 -------- d-----w- c:\program files\Google 2009-10-12 10:39 . 2009-09-15 05:49 -------- d-----w- c:\program files\DGG 2009-10-12 10:37 . 2009-06-08 08:09 117488 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-10-12 06:48 . 2009-10-12 06:48 -------- d-----w- c:\program files\Camozzi S.p.A 2009-10-11 02:17 . 2009-06-26 11:36 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-09 06:05 . 2009-10-09 06:05 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-10-07 09:40 . 2009-10-07 09:36 -------- d-----w- c:\program files\Festo 2009-10-07 06:30 . 2009-10-07 06:30 -------- d-----w- c:\program files\PrintFile 2009-10-05 09:41 . 2009-10-05 09:41 318 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{598312E2-A807-49AD-8797-08FCB319EFEC}\NewShortcut3_3A94DDCE65094E4D88E2ACA7DB0FAFB8.exe 2009-10-05 09:41 . 2009-10-05 09:41 318 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{598312E2-A807-49AD-8797-08FCB319EFEC}\NewShortcut1_27E256CB6C9D486DBD0CF2BA79797B2C.exe 2009-10-05 09:41 . 2009-10-05 09:41 2238 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{598312E2-A807-49AD-8797-08FCB319EFEC}\NewShortcut2_09E499C971A546A98F4435DEDEE563D2.exe 2009-10-05 09:41 . 2009-10-05 09:41 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{598312E2-A807-49AD-8797-08FCB319EFEC}\ARPPRODUCTICON.exe 2009-10-05 09:41 . 2009-10-05 09:41 -------- d-----w- c:\program files\KeytoMetals 2009-10-01 06:41 . 2009-08-07 15:52 -------- d-----w- c:\program files\Lexmark X1100 Series 2009-10-01 05:17 . 2009-10-01 05:17 -------- d-----w- c:\program files\Common Files\Business Objects 2009-09-26 05:57 . 2009-09-26 05:57 -------- d-----w- c:\program files\Trend Micro 2009-09-26 05:56 . 2009-09-26 05:55 -------- d-----w- c:\program files\HJT 2009-09-26 05:11 . 2009-09-26 05:11 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes 2009-09-26 05:11 . 2009-09-26 05:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-25 05:04 . 2009-09-25 05:04 67 ----a-w- C:\Ntf4.tmp 2009-09-25 05:04 . 2009-09-25 05:04 67 ----a-w- C:\Ntf3.tmp 2009-09-17 09:09 . 2009-09-17 09:09 -------- d-----w- c:\documents and settings\User\Application Data\DassaultSystemes 2009-09-13 06:50 . 2009-09-13 06:50 -------- d-----w- c:\documents and settings\User\Application Data\Ahead 2009-09-13 06:02 . 2009-06-08 06:57 -------- d-----w- c:\program files\PowerISO 2009-09-12 07:17 . 2009-06-08 08:03 -------- d-----w- c:\program files\Autodesk 2009-09-11 12:33 . 2009-08-31 09:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-10 11:54 . 2009-09-26 05:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 11:53 . 2009-09-26 05:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-08 13:01 . 2009-09-08 07:10 4141 ----a-w- C:\Ntf1.tmp 2009-09-08 07:10 . 2009-09-08 07:10 67 ----a-w- C:\Ntf2.tmp 2009-09-02 14:17 . 2009-09-02 14:17 180224 ----a-w- c:\windows\system32\WinVd32.sys 2009-09-02 14:17 . 2009-09-02 14:17 7680 ----a-w- c:\windows\system32\WinFLsrv.exe 2009-08-31 10:57 . 2009-08-31 10:57 67 ----a-w- C:\Ntf4E.tmp 2009-08-31 10:57 . 2009-08-31 10:57 67 ----a-w- C:\Ntf4D.tmp 2009-08-31 10:32 . 2009-08-31 10:20 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2009-08-31 09:57 . 2009-09-11 12:33 2888568 ----a-w- c:\documents and settings\User\Application Data\Simply Super Software\Trojan Remover\oxp8BC.exe . ((((((((((((((((((((((((((((( SnapShot@2009-11-03_12.01.59 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-09 06:47 . 2009-11-09 06:47 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_58c.dat + 2009-11-09 06:47 . 2009-11-09 06:47 16384 c:\windows\Temp\Perflib_Perfdata_650.dat - 2009-10-09 05:30 . 2009-10-09 05:30 16384 c:\windows\Temp\Perflib_Perfdata_650.dat + 2009-11-09 06:20 . 2009-11-09 06:20 16384 c:\windows\Temp\Perflib_Perfdata_644.dat + 2009-11-09 06:47 . 2009-11-09 06:47 16384 c:\windows\Temp\Perflib_Perfdata_1b4.dat + 2009-06-02 10:59 . 2009-11-04 14:24 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2009-06-02 10:59 . 2009-11-03 11:15 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2009-06-02 10:59 . 2009-11-04 14:24 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2009-06-02 10:59 . 2009-11-03 11:15 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2009-06-02 10:59 . 2009-11-03 11:15 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2009-06-02 10:59 . 2009-11-03 11:15 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2009-06-02 10:59 . 2009-11-04 14:24 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2009-06-02 10:59 . 2009-11-04 14:24 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2009-06-02 10:59 . 2009-11-03 11:15 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2009-06-02 10:59 . 2009-11-03 11:15 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2009-06-02 10:59 . 2009-11-03 11:15 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2009-06-26 11:36 . 2009-10-11 02:17 149280 c:\windows\system32\javaws.exe - 2009-06-26 11:36 . 2009-07-25 02:23 149280 c:\windows\system32\javaws.exe + 2009-06-26 11:36 . 2009-10-11 02:17 145184 c:\windows\system32\javaw.exe - 2009-06-26 11:36 . 2009-07-25 02:23 145184 c:\windows\system32\javaw.exe + 2009-06-26 11:36 . 2009-10-11 02:17 145184 c:\windows\system32\java.exe - 2009-06-26 11:36 . 2009-07-25 02:23 145184 c:\windows\system32\java.exe + 2009-06-02 10:59 . 2009-11-04 14:24 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2009-06-02 10:59 . 2009-11-03 11:15 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2009-06-02 10:59 . 2009-11-03 11:15 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2009-06-02 10:59 . 2009-11-03 11:15 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2009-06-02 10:59 . 2009-11-03 11:15 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2009-06-02 10:59 . 2009-11-03 11:15 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2009-06-02 10:59 . 2009-11-03 11:15 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2009-06-02 10:59 . 2009-11-04 14:24 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 81000] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-11-08 1233800] "SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2008-09-15 7218472] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2009-07-14 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-17 17676288] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogonLauncher] 2006-08-29 12:59 65536 ----a-w- c:\windows\system32\LogLaun.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk] backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^SolidWorks Task Scheduler Engine.lnk] backup=c:\windows\pss\SolidWorks Task Scheduler Engine.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Autodesk\\backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\backburner\\server.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16195:TCP"= 16195:TCP:BitComet 16195 TCP "16195:UDP"= 16195:UDP:BitComet 16195 UDP "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 AeInput;AeInput;c:\windows\system32\drivers\AeInput.sys [31.8.2009 15:46 27904] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.6.2009 9:17 110160] R2 AEServ;AEServ;c:\windows\system32\AEServEx.exe [31.8.2009 15:46 295424] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.6.2009 9:17 20560] R2 KxNT;KxNT;c:\windows\system32\drivers\KxNT.sys [31.8.2009 15:46 154240] R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5.6.2009 15:41 30152] R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2.9.2009 16:17 10752] S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [9.9.2008 5:01 79144] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 6:01 2799808] --- Other Services/Drivers In Memory --- *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-11-09 c:\windows\Tasks\User_Feed_Synchronization-{D4CA7239-12D9-4F91-935C-3389C5C9B7E2}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 01:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.atcomet.com/m/ IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-09 08:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\Instal c:\windows\system32\WinFLdrv.sys 10752 bytes executable c:\windows\system32\sys_drv.dat 17068 bytes c:\windows\system32\sys_drv_2.dat 11044 bytes c:\documents and settings\User\Application Data\systemfl.$dk 990 bytes scan completed successfully hidden files: 5 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\F*i*l*e*B*a*r*r*i*c*a*d*e*r*"! *2*0*0*7* *D*r*i*v*e*B*a*r*r*i*c*a*d*e*r*"!\Settings] "Auto Start"="True" "Auto Check Updates"="True" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(804) c:\windows\system32\LogLaun.dll - - - - - - - > 'explorer.exe'(2348) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\SearchIndexer.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wscntfy.exe c:\program files\FaronicsAE\Faronics Anti-Executable\AEManager.exe c:\windows\system32\rundll32.exe c:\program files\Lexmark X1100 Series\lxbkbmon.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe . ************************************************************************** . Completion time: 2009-11-09 8:51 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-09 06:51 ComboFix2.txt 2009-11-08 12:41 ComboFix3.txt 2009-11-08 06:33 ComboFix4.txt 2009-11-05 06:37 Pre-Run: 16.127.483.904 bytes free Post-Run: 16.042.725.376 bytes free - - End Of File - - C56332D89816A011B902824B8DC5DC1E
-
Направих точно всичко , пуснах Уиндоския Бут ето Лога ComboFix 09-11-07.02 - User 08.11.2009 14:36.5.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.3583.2821 [GMT 2:00] Running from: c:\documents and settings\User\Desktop\Tool.exe Command switches used :: c:\documents and settings\User\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe AV: avast! antivirus 4.8.1282 [VPS 091107-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 ))))))))))))))))))))))))))))))) . 2009-11-05 06:27 . 2009-11-05 06:37 -------- d-----w- C:\ComboFix 2009-11-04 14:25 . 2009-11-04 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-11-04 13:35 . 2009-11-04 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-04 07:13 . 2009-11-04 07:13 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-03 12:27 . 2009-11-03 12:27 -------- d-----w- c:\documents and settings\User\DoctorWeb 2009-11-02 10:36 . 2009-11-02 10:36 -------- d-----w- c:\documents and settings\User\Application Data\MozillaControl 2009-10-23 05:05 . 2009-10-23 05:05 -------- d-----w- c:\documents and settings\User\Application Data\cadenas 2009-10-19 10:07 . 2008-04-14 02:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2009-10-12 06:50 . 1998-07-30 09:51 305152 ----a-w- c:\windows\IsUninst.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-08 12:40 . 2009-06-04 13:45 -------- d-----w- c:\documents and settings\User\Application Data\Skype 2009-11-08 12:37 . 2009-06-08 06:44 -------- d-----w- c:\program files\BitComet 2009-11-08 12:36 . 2009-06-10 12:48 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent 2009-11-08 06:40 . 2009-06-04 06:12 -------- d-----w- c:\documents and settings\User\Application Data\IM 2009-11-08 06:40 . 2009-06-04 07:01 -------- d-----w- c:\documents and settings\User\Application Data\SolidWorks 2009-11-08 06:12 . 2009-11-08 06:12 67 ----a-w- C:\NtfF.tmp 2009-11-08 06:12 . 2009-11-08 06:12 67 ----a-w- C:\Ntf10.tmp 2009-11-06 14:45 . 2009-06-10 14:05 914832 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-11-05 10:47 . 2009-11-05 10:47 67 ----a-w- C:\NtfE.tmp 2009-11-05 10:47 . 2009-11-05 10:47 67 ----a-w- C:\NtfD.tmp 2009-11-05 10:20 . 2009-11-05 10:20 67 ----a-w- C:\NtfC.tmp 2009-11-05 10:20 . 2009-11-05 10:20 67 ----a-w- C:\NtfB.tmp 2009-11-05 07:31 . 2009-11-05 06:34 656 ----a-w- C:\Ntf9.tmp 2009-11-05 06:34 . 2009-11-05 06:34 67 ----a-w- C:\NtfA.tmp 2009-11-04 14:50 . 2009-06-02 11:07 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-04 07:14 . 2009-06-26 11:36 -------- d-----w- c:\program files\Java 2009-11-04 06:58 . 2009-11-04 06:58 67 ----a-w- C:\Ntf8.tmp 2009-11-04 06:58 . 2009-11-04 06:58 67 ----a-w- C:\Ntf7.tmp 2009-11-03 07:46 . 2009-11-03 06:11 3736 ----a-w- C:\Ntf5.tmp 2009-11-03 06:11 . 2009-11-03 06:11 67 ----a-w- C:\Ntf6.tmp 2009-10-27 08:37 . 2009-06-08 07:12 -------- d-----w- c:\program files\MechSoft 2009-10-12 11:57 . 2009-06-04 13:45 -------- d-----w- c:\program files\Google 2009-10-12 10:39 . 2009-09-15 05:49 -------- d-----w- c:\program files\DGG 2009-10-12 10:37 . 2009-06-08 08:09 117488 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-10-12 06:48 . 2009-10-12 06:48 -------- d-----w- c:\program files\Camozzi S.p.A 2009-10-11 02:17 . 2009-06-26 11:36 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-09 06:05 . 2009-10-09 06:05 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-10-07 09:40 . 2009-10-07 09:36 -------- d-----w- c:\program files\Festo 2009-10-07 06:30 . 2009-10-07 06:30 -------- d-----w- c:\program files\PrintFile 2009-10-05 09:41 . 2009-10-05 09:41 318 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{598312E2-A807-49AD-8797-08FCB319EFEC}\NewShortcut3_3A94DDCE65094E4D88E2ACA7DB0FAFB8.exe 2009-10-05 09:41 . 2009-10-05 09:41 318 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{598312E2-A807-49AD-8797-08FCB319EFEC}\NewShortcut1_27E256CB6C9D486DBD0CF2BA79797B2C.exe 2009-10-05 09:41 . 2009-10-05 09:41 2238 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{598312E2-A807-49AD-8797-08FCB319EFEC}\NewShortcut2_09E499C971A546A98F4435DEDEE563D2.exe 2009-10-05 09:41 . 2009-10-05 09:41 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{598312E2-A807-49AD-8797-08FCB319EFEC}\ARPPRODUCTICON.exe 2009-10-05 09:41 . 2009-10-05 09:41 -------- d-----w- c:\program files\KeytoMetals 2009-10-01 06:41 . 2009-08-07 15:52 -------- d-----w- c:\program files\Lexmark X1100 Series 2009-10-01 05:17 . 2009-10-01 05:17 -------- d-----w- c:\program files\Common Files\Business Objects 2009-09-26 05:57 . 2009-09-26 05:57 -------- d-----w- c:\program files\Trend Micro 2009-09-26 05:56 . 2009-09-26 05:55 -------- d-----w- c:\program files\HJT 2009-09-26 05:11 . 2009-09-26 05:11 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes 2009-09-26 05:11 . 2009-09-26 05:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-25 05:04 . 2009-09-25 05:04 67 ----a-w- C:\Ntf4.tmp 2009-09-25 05:04 . 2009-09-25 05:04 67 ----a-w- C:\Ntf3.tmp 2009-09-17 09:09 . 2009-09-17 09:09 -------- d-----w- c:\documents and settings\User\Application Data\DassaultSystemes 2009-09-13 06:50 . 2009-09-13 06:50 -------- d-----w- c:\documents and settings\User\Application Data\Ahead 2009-09-13 06:02 . 2009-06-08 06:57 -------- d-----w- c:\program files\PowerISO 2009-09-12 07:17 . 2009-06-08 08:03 -------- d-----w- c:\program files\Autodesk . ((((((((((((((((((((((((((((( SnapShot@2009-11-03_12.01.59 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-08 06:12 . 2009-11-08 06:12 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_574.dat + 2009-11-06 11:02 . 2009-11-06 11:02 16384 c:\windows\Temp\Perflib_Perfdata_5d4.dat + 2009-11-08 06:12 . 2009-11-08 06:12 16384 c:\windows\Temp\Perflib_Perfdata_1c4.dat + 2009-06-02 10:59 . 2009-11-04 14:24 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2009-06-02 10:59 . 2009-11-03 11:15 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2009-06-02 10:59 . 2009-11-03 11:15 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2009-06-02 10:59 . 2009-11-04 14:24 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2009-06-02 10:59 . 2009-11-04 14:24 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2009-06-02 10:59 . 2009-11-03 11:15 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2009-06-02 10:59 . 2009-11-03 11:15 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2009-06-02 10:59 . 2009-11-03 11:15 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2009-06-02 10:59 . 2009-11-03 11:15 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2009-06-02 10:59 . 2009-11-03 11:15 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2009-06-26 11:36 . 2009-10-11 02:17 149280 c:\windows\system32\javaws.exe - 2009-06-26 11:36 . 2009-07-25 02:23 149280 c:\windows\system32\javaws.exe - 2009-06-26 11:36 . 2009-07-25 02:23 145184 c:\windows\system32\javaw.exe + 2009-06-26 11:36 . 2009-10-11 02:17 145184 c:\windows\system32\javaw.exe - 2009-06-26 11:36 . 2009-07-25 02:23 145184 c:\windows\system32\java.exe + 2009-06-26 11:36 . 2009-10-11 02:17 145184 c:\windows\system32\java.exe + 2009-06-02 10:59 . 2009-11-04 14:24 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2009-06-02 10:59 . 2009-11-03 11:15 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2009-06-02 10:59 . 2009-11-03 11:15 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2009-06-02 10:59 . 2009-11-03 11:15 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2009-06-02 10:59 . 2009-11-03 11:15 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2009-06-02 10:59 . 2009-11-03 11:15 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2009-06-02 10:59 . 2009-11-03 11:15 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2009-06-02 10:59 . 2009-11-04 14:24 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 81000] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-11-08 1233800] "SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2008-09-15 7218472] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2009-07-14 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-17 17676288] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogonLauncher] 2006-08-29 12:59 65536 ----a-w- c:\windows\system32\LogLaun.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk] backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^SolidWorks Task Scheduler Engine.lnk] backup=c:\windows\pss\SolidWorks Task Scheduler Engine.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Autodesk\\backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\backburner\\server.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16195:TCP"= 16195:TCP:BitComet 16195 TCP "16195:UDP"= 16195:UDP:BitComet 16195 UDP "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 AeInput;AeInput;c:\windows\system32\drivers\AeInput.sys [31.8.2009 15:46 27904] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.6.2009 9:17 110160] R2 AEServ;AEServ;c:\windows\system32\AEServEx.exe [31.8.2009 15:46 295424] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.6.2009 9:17 20560] R2 KxNT;KxNT;c:\windows\system32\drivers\KxNT.sys [31.8.2009 15:46 154240] R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5.6.2009 15:41 30152] R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2.9.2009 16:17 10752] S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [9.9.2008 5:01 79144] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 6:01 2799808] --- Other Services/Drivers In Memory --- *Deregistered* - mbr *Deregistered* - PROCEXP113 . Contents of the 'Scheduled Tasks' folder 2009-11-08 c:\windows\Tasks\User_Feed_Synchronization-{D4CA7239-12D9-4F91-935C-3389C5C9B7E2}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 01:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.atcomet.com/m/ IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-08 14:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\WinFLdrv.sys 10752 bytes executable c:\windows\system32\sys_drv.dat 17068 bytes c:\windows\system32\sys_drv_2.dat 11044 bytes C:\Instal c:\documents and settings\User\Application Data\systemfl.$dk 990 bytes scan completed successfully hidden files: 5 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\F*i*l*e*B*a*r*r*i*c*a*d*e*r*"! *2*0*0*7* *D*r*i*v*e*B*a*r*r*i*c*a*d*e*r*"!\Settings] "Auto Start"="True" "Auto Check Updates"="True" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(800) c:\windows\system32\LogLaun.dll - - - - - - - > 'explorer.exe'(1864) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\msi.dll . Completion time: 2009-11-08 14:41 ComboFix-quarantined-files.txt 2009-11-08 12:41 ComboFix2.txt 2009-11-08 06:33 ComboFix3.txt 2009-11-05 06:37 Pre-Run: 16.177.823.744 bytes free Post-Run: 16.148.475.904 bytes free - - End Of File - - D2A4BF7023042C62A0952CC5E449F805 ComboFix 09-11-07.02 - User 08.11.2009 14:36.5.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.3583.2821 [GMT 2:00] Running from: c:\documents and settings\User\Desktop\Tool.exe Command switches used :: c:\documents and settings\User\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe AV: avast! antivirus 4.8.1282 [VPS 091107-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 ))))))))))))))))))))))))))))))) . 2009-11-05 06:27 . 2009-11-05 06:37 -------- d-----w- C:\ComboFix 2009-11-04 14:25 . 2009-11-04 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-11-04 13:35 . 2009-11-04 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-04 07:13 . 2009-11-04 07:13 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-03 12:27 . 2009-11-03 12:27 -------- d-----w- c:\documents and settings\User\DoctorWeb 2009-11-02 10:36 . 2009-11-02 10:36 -------- d-----w- c:\documents and settings\User\Application Data\MozillaControl 2009-10-23 05:05 . 2009-10-23 05:05 -------- d-----w- c:\documents and settings\User\Application Data\cadenas 2009-10-19 10:07 . 2008-04-14 02:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2009-10-12 06:50 . 1998-07-30 09:51 305152 ----a-w- c:\windows\IsUninst.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-08 12:40 . 2009-06-04 13:45 -------- d-----w- c:\documents and settings\User\Application Data\Skype 2009-11-08 12:37 . 2009-06-08 06:44 -------- d-----w- c:\program files\BitComet 2009-11-08 12:36 . 2009-06-10 12:48 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent 2009-11-08 06:40 . 2009-06-04 06:12 -------- d-----w- c:\documents and settings\User\Application Data\IM 2009-11-08 06:40 . 2009-06-04 07:01 -------- d-----w- c:\documents and settings\User\Application Data\SolidWorks 2009-11-08 06:12 . 2009-11-08 06:12 67 ----a-w- C:\NtfF.tmp 2009-11-08 06:12 . 2009-11-08 06:12 67 ----a-w- C:\Ntf10.tmp 2009-11-06 14:45 . 2009-06-10 14:05 914832 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-11-05 10:47 . 2009-11-05 10:47 67 ----a-w- C:\NtfE.tmp 2009-11-05 10:47 . 2009-11-05 10:47 67 ----a-w- C:\NtfD.tmp 2009-11-05 10:20 . 2009-11-05 10:20 67 ----a-w- C:\NtfC.tmp 2009-11-05 10:20 . 2009-11-05 10:20 67 ----a-w- C:\NtfB.tmp 2009-11-05 07:31 . 2009-11-05 06:34 656 ----a-w- C:\Ntf9.tmp 2009-11-05 06:34 . 2009-11-05 06:34 67 ----a-w- C:\NtfA.tmp 2009-11-04 14:50 . 2009-06-02 11:07 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-04 07:14 . 2009-06-26 11:36 -------- d-----w- c:\program files\Java 2009-11-04 06:58 . 2009-11-04 06:58 67 ----a-w- C:\Ntf8.tmp 2009-11-04 06:58 . 2009-11-04 06:58 67 ----a-w- C:\Ntf7.tmp 2009-11-03 07:46 . 2009-11-03 06:11 3736 ----a-w- C:\Ntf5.tmp 2009-11-03 06:11 . 2009-11-03 06:11 67 ----a-w- C:\Ntf6.tmp 2009-10-27 08:37 . 2009-06-08 07:12 -------- d-----w- c:\program files\MechSoft 2009-10-12 11:57 . 2009-06-04 13:45 -------- d-----w- c:\program files\Google 2009-10-12 10:39 . 2009-09-15 05:49 -------- d-----w- c:\program files\DGG 2009-10-12 10:37 . 2009-06-08 08:09 117488 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-10-12 06:48 . 2009-10-12 06:48 -------- d-----w- c:\program files\Camozzi S.p.A 2009-10-11 02:17 . 2009-06-26 11:36 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-09 06:05 . 2009-10-09 06:05 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-10-07 09:40 . 2009-10-07 09:36 -------- d-----w- c:\program files\Festo 2009-10-07 06:30 . 2009-10-07 06:30 -------- d-----w- c:\program files\PrintFile 2009-10-05 09:41 . 2009-10-05 09:41 318 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{598312E2-A807-49AD-8797-08FCB319EFEC}\NewShortcut3_3A94DDCE65094E4D88E2ACA7DB0FAFB8.exe 2009-10-05 09:41 . 2009-10-05 09:41 318 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{598312E2-A807-49AD-8797-08FCB319EFEC}\NewShortcut1_27E256CB6C9D486DBD0CF2BA79797B2C.exe 2009-10-05 09:41 . 2009-10-05 09:41 2238 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{598312E2-A807-49AD-8797-08FCB319EFEC}\NewShortcut2_09E499C971A546A98F4435DEDEE563D2.exe 2009-10-05 09:41 . 2009-10-05 09:41 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{598312E2-A807-49AD-8797-08FCB319EFEC}\ARPPRODUCTICON.exe 2009-10-05 09:41 . 2009-10-05 09:41 -------- d-----w- c:\program files\KeytoMetals 2009-10-01 06:41 . 2009-08-07 15:52 -------- d-----w- c:\program files\Lexmark X1100 Series 2009-10-01 05:17 . 2009-10-01 05:17 -------- d-----w- c:\program files\Common Files\Business Objects 2009-09-26 05:57 . 2009-09-26 05:57 -------- d-----w- c:\program files\Trend Micro 2009-09-26 05:56 . 2009-09-26 05:55 -------- d-----w- c:\program files\HJT 2009-09-26 05:11 . 2009-09-26 05:11 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes 2009-09-26 05:11 . 2009-09-26 05:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-25 05:04 . 2009-09-25 05:04 67 ----a-w- C:\Ntf4.tmp 2009-09-25 05:04 . 2009-09-25 05:04 67 ----a-w- C:\Ntf3.tmp 2009-09-17 09:09 . 2009-09-17 09:09 -------- d-----w- c:\documents and settings\User\Application Data\DassaultSystemes 2009-09-13 06:50 . 2009-09-13 06:50 -------- d-----w- c:\documents and settings\User\Application Data\Ahead 2009-09-13 06:02 . 2009-06-08 06:57 -------- d-----w- c:\program files\PowerISO 2009-09-12 07:17 . 2009-06-08 08:03 -------- d-----w- c:\program files\Autodesk . ((((((((((((((((((((((((((((( SnapShot@2009-11-03_12.01.59 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-08 06:12 . 2009-11-08 06:12 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_574.dat + 2009-11-06 11:02 . 2009-11-06 11:02 16384 c:\windows\Temp\Perflib_Perfdata_5d4.dat + 2009-11-08 06:12 . 2009-11-08 06:12 16384 c:\windows\Temp\Perflib_Perfdata_1c4.dat + 2009-06-02 10:59 . 2009-11-04 14:24 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2009-06-02 10:59 . 2009-11-03 11:15 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2009-06-02 10:59 . 2009-11-03 11:15 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2009-06-02 10:59 . 2009-11-04 14:24 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2009-06-02 10:59 . 2009-11-04 14:24 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2009-06-02 10:59 . 2009-11-03 11:15 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2009-06-02 10:59 . 2009-11-03 11:15 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2009-06-02 10:59 . 2009-11-03 11:15 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2009-06-02 10:59 . 2009-11-03 11:15 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2009-06-02 10:59 . 2009-11-03 11:15 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2009-06-26 11:36 . 2009-10-11 02:17 149280 c:\windows\system32\javaws.exe - 2009-06-26 11:36 . 2009-07-25 02:23 149280 c:\windows\system32\javaws.exe - 2009-06-26 11:36 . 2009-07-25 02:23 145184 c:\windows\system32\javaw.exe + 2009-06-26 11:36 . 2009-10-11 02:17 145184 c:\windows\system32\javaw.exe - 2009-06-26 11:36 . 2009-07-25 02:23 145184 c:\windows\system32\java.exe + 2009-06-26 11:36 . 2009-10-11 02:17 145184 c:\windows\system32\java.exe + 2009-06-02 10:59 . 2009-11-04 14:24 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2009-06-02 10:59 . 2009-11-03 11:15 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2009-06-02 10:59 . 2009-11-03 11:15 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2009-06-02 10:59 . 2009-11-03 11:15 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2009-06-02 10:59 . 2009-11-03 11:15 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2009-06-02 10:59 . 2009-11-03 11:15 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2009-06-02 10:59 . 2009-11-03 11:15 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2009-06-02 10:59 . 2009-11-04 14:24 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 81000] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-11-08 1233800] "SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2008-09-15 7218472] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2009-07-14 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-17 17676288] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogonLauncher] 2006-08-29 12:59 65536 ----a-w- c:\windows\system32\LogLaun.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk] backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^SolidWorks Task Scheduler Engine.lnk] backup=c:\windows\pss\SolidWorks Task Scheduler Engine.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Autodesk\\backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\backburner\\server.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16195:TCP"= 16195:TCP:BitComet 16195 TCP "16195:UDP"= 16195:UDP:BitComet 16195 UDP "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 AeInput;AeInput;c:\windows\system32\drivers\AeInput.sys [31.8.2009 15:46 27904] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.6.2009 9:17 110160] R2 AEServ;AEServ;c:\windows\system32\AEServEx.exe [31.8.2009 15:46 295424] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.6.2009 9:17 20560] R2 KxNT;KxNT;c:\windows\system32\drivers\KxNT.sys [31.8.2009 15:46 154240] R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5.6.2009 15:41 30152] R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2.9.2009 16:17 10752] S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [9.9.2008 5:01 79144] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 6:01 2799808] --- Other Services/Drivers In Memory --- *Deregistered* - mbr *Deregistered* - PROCEXP113 . Contents of the 'Scheduled Tasks' folder 2009-11-08 c:\windows\Tasks\User_Feed_Synchronization-{D4CA7239-12D9-4F91-935C-3389C5C9B7E2}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 01:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.atcomet.com/m/ IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-08 14:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\WinFLdrv.sys 10752 bytes executable c:\windows\system32\sys_drv.dat 17068 bytes c:\windows\system32\sys_drv_2.dat 11044 bytes C:\Instal c:\documents and settings\User\Application Data\systemfl.$dk 990 bytes scan completed successfully hidden files: 5 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\F*i*l*e*B*a*r*r*i*c*a*d*e*r*"! *2*0*0*7* *D*r*i*v*e*B*a*r*r*i*c*a*d*e*r*"!\Settings] "Auto Start"="True" "Auto Check Updates"="True" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(800) c:\windows\system32\LogLaun.dll - - - - - - - > 'explorer.exe'(1864) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\msi.dll . Completion time: 2009-11-08 14:41 ComboFix-quarantined-files.txt 2009-11-08 12:41 ComboFix2.txt 2009-11-08 06:33 ComboFix3.txt 2009-11-05 06:37 Pre-Run: 16.177.823.744 bytes free Post-Run: 16.148.475.904 bytes free - - End Of File - - D2A4BF7023042C62A0952CC5E449F805
-
КОМБОТО му писах ДА на началния диалог, после ме пита дали да го ъпдейтвам писах му НЕ и като стартира дада тоз ЛОГ: ComboFix 09-11-05.01 - User 08.11.2009 8:27.4.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.3583.3057 [GMT 2:00] Running from: c:\documents and settings\User\Desktop\Tool.exe AV: avast! antivirus 4.8.1282 [VPS 091107-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\User\Application Data\.# . ((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 ))))))))))))))))))))))))))))))) . 2009-11-05 06:27 . 2009-11-05 06:37 -------- d-----w- C:\ComboFix 2009-11-04 14:25 . 2009-11-04 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-11-04 13:35 . 2009-11-04 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-04 07:13 . 2009-11-04 07:13 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-03 12:27 . 2009-11-03 12:27 -------- d-----w- c:\documents and settings\User\DoctorWeb 2009-11-02 10:36 . 2009-11-02 10:36 -------- d-----w- c:\documents and settings\User\Application Data\MozillaControl 2009-10-23 05:05 . 2009-10-23 05:05 -------- d-----w- c:\documents and settings\User\Application Data\cadenas 2009-10-19 10:07 . 2008-04-14 02:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2009-10-12 06:50 . 1998-07-30 09:51 305152 ----a-w- c:\windows\IsUninst.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-08 06:12 . 2009-06-04 06:12 -------- d-----w- c:\documents and settings\User\Application Data\IM 2009-11-08 06:12 . 2009-11-08 06:12 67 ----a-w- C:\NtfF.tmp 2009-11-08 06:12 . 2009-11-08 06:12 67 ----a-w- C:\Ntf10.tmp 2009-11-06 14:45 . 2009-06-10 14:05 914832 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-11-06 12:14 . 2009-06-04 07:01 -------- d-----w- c:\documents and settings\User\Application Data\SolidWorks 2009-11-05 10:47 . 2009-11-05 10:47 67 ----a-w- C:\NtfE.tmp 2009-11-05 10:47 . 2009-11-05 10:47 67 ----a-w- C:\NtfD.tmp 2009-11-05 10:20 . 2009-11-05 10:20 67 ----a-w- C:\NtfC.tmp 2009-11-05 10:20 . 2009-11-05 10:20 67 ----a-w- C:\NtfB.tmp 2009-11-05 07:31 . 2009-11-05 06:34 656 ----a-w- C:\Ntf9.tmp 2009-11-05 06:34 . 2009-11-05 06:34 67 ----a-w- C:\NtfA.tmp 2009-11-05 06:26 . 2009-06-08 06:44 -------- d-----w- c:\program files\BitComet 2009-11-04 14:50 . 2009-06-02 11:07 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-04 11:57 . 2009-06-10 12:48 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent 2009-11-04 07:14 . 2009-06-26 11:36 -------- d-----w- c:\program files\Java 2009-11-04 06:58 . 2009-11-04 06:58 67 ----a-w- C:\Ntf8.tmp 2009-11-04 06:58 . 2009-11-04 06:58 67 ----a-w- C:\Ntf7.tmp 2009-11-03 11:46 . 2009-06-04 13:45 -------- d-----w- c:\documents and settings\User\Application Data\Skype 2009-11-03 07:46 . 2009-11-03 06:11 3736 ----a-w- C:\Ntf5.tmp 2009-11-03 06:11 . 2009-11-03 06:11 67 ----a-w- C:\Ntf6.tmp 2009-10-27 08:37 . 2009-06-08 07:12 -------- d-----w- c:\program files\MechSoft 2009-10-12 11:57 . 2009-06-04 13:45 -------- d-----w- c:\program files\Google 2009-10-12 10:39 . 2009-09-15 05:49 -------- d-----w- c:\program files\DGG 2009-10-12 10:37 . 2009-06-08 08:09 117488 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-10-12 06:48 . 2009-10-12 06:48 -------- d-----w- c:\program files\Camozzi S.p.A 2009-10-11 02:17 . 2009-06-26 11:36 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-09 06:05 . 2009-10-09 06:05 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-10-07 09:40 . 2009-10-07 09:36 -------- d-----w- c:\program files\Festo 2009-10-07 06:30 . 2009-10-07 06:30 -------- d-----w- c:\program files\PrintFile 2009-10-05 09:41 . 2009-10-05 09:41 318 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{598312E2-A807-49AD-8797-08FCB319EFEC}\NewShortcut3_3A94DDCE65094E4D88E2ACA7DB0FAFB8.exe 2009-10-05 09:41 . 2009-10-05 09:41 318 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{598312E2-A807-49AD-8797-08FCB319EFEC}\NewShortcut1_27E256CB6C9D486DBD0CF2BA79797B2C.exe 2009-10-05 09:41 . 2009-10-05 09:41 2238 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{598312E2-A807-49AD-8797-08FCB319EFEC}\NewShortcut2_09E499C971A546A98F4435DEDEE563D2.exe 2009-10-05 09:41 . 2009-10-05 09:41 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{598312E2-A807-49AD-8797-08FCB319EFEC}\ARPPRODUCTICON.exe 2009-10-05 09:41 . 2009-10-05 09:41 -------- d-----w- c:\program files\KeytoMetals 2009-10-01 06:41 . 2009-08-07 15:52 -------- d-----w- c:\program files\Lexmark X1100 Series 2009-10-01 05:17 . 2009-10-01 05:17 -------- d-----w- c:\program files\Common Files\Business Objects 2009-09-26 05:57 . 2009-09-26 05:57 -------- d-----w- c:\program files\Trend Micro 2009-09-26 05:56 . 2009-09-26 05:55 -------- d-----w- c:\program files\HJT 2009-09-26 05:11 . 2009-09-26 05:11 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes 2009-09-26 05:11 . 2009-09-26 05:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-25 05:04 . 2009-09-25 05:04 67 ----a-w- C:\Ntf4.tmp 2009-09-25 05:04 . 2009-09-25 05:04 67 ----a-w- C:\Ntf3.tmp 2009-09-17 09:09 . 2009-09-17 09:09 -------- d-----w- c:\documents and settings\User\Application Data\DassaultSystemes 2009-09-13 06:50 . 2009-09-13 06:50 -------- d-----w- c:\documents and settings\User\Application Data\Ahead 2009-09-13 06:02 . 2009-06-08 06:57 -------- d-----w- c:\program files\PowerISO 2009-09-12 07:17 . 2009-06-08 08:03 -------- d-----w- c:\program files\Autodesk . ((((((((((((((((((((((((((((( SnapShot@2009-11-03_12.01.59 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-08 06:12 . 2009-11-08 06:12 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_574.dat + 2009-11-06 11:02 . 2009-11-06 11:02 16384 c:\windows\Temp\Perflib_Perfdata_5d4.dat + 2009-11-08 06:12 . 2009-11-08 06:12 16384 c:\windows\Temp\Perflib_Perfdata_1c4.dat + 2009-06-02 10:59 . 2009-11-04 14:24 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2009-06-02 10:59 . 2009-11-03 11:15 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2009-06-02 10:59 . 2009-11-03 11:15 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2009-06-02 10:59 . 2009-11-04 14:24 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2009-06-02 10:59 . 2009-11-04 14:24 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2009-06-02 10:59 . 2009-11-03 11:15 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2009-06-02 10:59 . 2009-11-03 11:15 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2009-06-02 10:59 . 2009-11-03 11:15 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2009-06-02 10:59 . 2009-11-03 11:15 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2009-06-02 10:59 . 2009-11-03 11:15 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2009-06-26 11:36 . 2009-10-11 02:17 149280 c:\windows\system32\javaws.exe - 2009-06-26 11:36 . 2009-07-25 02:23 149280 c:\windows\system32\javaws.exe - 2009-06-26 11:36 . 2009-07-25 02:23 145184 c:\windows\system32\javaw.exe + 2009-06-26 11:36 . 2009-10-11 02:17 145184 c:\windows\system32\javaw.exe - 2009-06-26 11:36 . 2009-07-25 02:23 145184 c:\windows\system32\java.exe + 2009-06-26 11:36 . 2009-10-11 02:17 145184 c:\windows\system32\java.exe + 2009-06-02 10:59 . 2009-11-04 14:24 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2009-06-02 10:59 . 2009-11-03 11:15 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2009-06-02 10:59 . 2009-11-03 11:15 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2009-06-02 10:59 . 2009-11-03 11:15 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2009-06-02 10:59 . 2009-11-03 11:15 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2009-06-02 10:59 . 2009-11-03 11:15 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2009-06-02 10:59 . 2009-11-03 11:15 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2009-06-02 10:59 . 2009-11-04 14:24 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 81000] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-11-08 1233800] "SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2008-09-15 7218472] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2009-07-14 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-17 17676288] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogonLauncher] 2006-08-29 12:59 65536 ----a-w- c:\windows\system32\LogLaun.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk] backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^SolidWorks Task Scheduler Engine.lnk] backup=c:\windows\pss\SolidWorks Task Scheduler Engine.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Autodesk\\backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\backburner\\server.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16195:TCP"= 16195:TCP:BitComet 16195 TCP "16195:UDP"= 16195:UDP:BitComet 16195 UDP "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 AeInput;AeInput;c:\windows\system32\drivers\AeInput.sys [31.8.2009 15:46 27904] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.6.2009 9:17 110160] R2 AEServ;AEServ;c:\windows\system32\AEServEx.exe [31.8.2009 15:46 295424] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.6.2009 9:17 20560] R2 KxNT;KxNT;c:\windows\system32\drivers\KxNT.sys [31.8.2009 15:46 154240] R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5.6.2009 15:41 30152] R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2.9.2009 16:17 10752] S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [9.9.2008 5:01 79144] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 6:01 2799808] --- Other Services/Drivers In Memory --- *Deregistered* - mbr *Deregistered* - PROCEXP113 . Contents of the 'Scheduled Tasks' folder 2009-11-08 c:\windows\Tasks\User_Feed_Synchronization-{D4CA7239-12D9-4F91-935C-3389C5C9B7E2}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 01:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.atcomet.com/m/ IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-08 08:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\WinFLdrv.sys 10752 bytes executable c:\windows\system32\sys_drv.dat 17068 bytes c:\windows\system32\sys_drv_2.dat 11044 bytes C:\Instal c:\documents and settings\User\Application Data\systemfl.$dk 990 bytes scan completed successfully hidden files: 5 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\F*i*l*e*B*a*r*r*i*c*a*d*e*r*"! *2*0*0*7* *D*r*i*v*e*B*a*r*r*i*c*a*d*e*r*"!\Settings] "Auto Start"="True" "Auto Check Updates"="True" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(800) c:\windows\system32\LogLaun.dll - - - - - - - > 'explorer.exe'(3184) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\msi.dll . Completion time: 2009-11-08 8:33 ComboFix-quarantined-files.txt 2009-11-08 06:33 ComboFix2.txt 2009-11-05 06:37 Pre-Run: 16.232.214.528 bytes free Post-Run: 16.237.658.112 bytes free - - End Of File - - 0F0EA7BE7552FD6AFBE6FEAC9C312508
-
Като стартирах Тоолс от Десктопа излезе това нещо писах му НЕ и дотам Атачмънт е КОМБО ТХТ , но има само картинка COMBO.rtf
-
ДОПЪЛНЕНИЕ Освен,че преименува имената на папките, Много обича да изтрива лицензни файлове, и три до четири дена, след инсталиране на програма, излиза съобщение че няма лицензния файл и пак преинсталирам и така през три , четири дена. Предполагам че затрива лицензните файлове пак чрез промяна на имената им. Те най-често са в Документс анд Сетингс/ Алл Юзер / Апл.Дата / или из Систем32 или Юзер/Локал Сетингс - там трие яко лицензните
-
Написах файла но като го хвърлих на Комбото Комбото иска да ме праща в хом сайт да го обновявам или преинсталирам и като кажа не май спира и не получих лог после пуснах Комбото от Ран с КилАл и пелучих Лог сега пращам тоз Лог ТУКА ГО ПЕЙСТВАМ ComboFix 09-11-04.02 - User 05.11.2009 8:28.3.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.3583.3103 [GMT 2:00] Running from: c:\documents and settings\User\desktop\ComboFix.exe Command switches used :: /KillAll AV: avast! antivirus 4.8.1282 [VPS 091104-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\User\Application Data\.# . ((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 ))))))))))))))))))))))))))))))) . 2009-11-02 10:36 . 2009-11-02 10:36 -------- d-----w- c:\documents and settings\User\Application Data\MozillaControl 2009-10-23 05:05 . 2009-10-23 05:05 -------- d-----w- c:\documents and settings\User\Application Data\cadenas 2009-10-19 10:07 . 2008-04-14 02:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2009-10-12 06:50 . 1998-07-30 09:51 305152 ----a-w- c:\windows\IsUninst.exe 2009-10-09 06:05 . 2009-10-09 06:05 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-10-07 09:36 . 2009-10-07 09:40 -------- d-----w- c:\program files\Festo 2009-10-07 06:33 . 2009-10-07 06:33 -------- d-----w- C:\spoolerlogs 2009-10-07 06:30 . 2009-10-07 06:30 -------- d-----w- c:\program files\PrintFile . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-05 06:34 . 2009-06-04 06:12 -------- d-----w- c:\documents and settings\User\Application Data\IM 2009-11-05 06:34 . 2009-11-05 06:34 67 ----a-w- C:\NtfA.tmp 2009-11-05 06:34 . 2009-11-05 06:34 67 ----a-w- C:\Ntf9.tmp 2009-11-05 06:26 . 2009-06-08 06:44 -------- d-----w- c:\program files\BitComet 2009-11-04 14:54 . 2009-06-10 14:05 914592 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-11-04 14:50 . 2009-06-02 11:07 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-04 14:25 . 2009-11-04 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-11-04 13:36 . 2009-06-04 07:01 -------- d-----w- c:\documents and settings\User\Application Data\SolidWorks 2009-11-04 13:35 . 2009-11-04 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-04 11:57 . 2009-06-10 12:48 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent 2009-11-04 07:14 . 2009-06-26 11:36 -------- d-----w- c:\program files\Java 2009-11-04 07:13 . 2009-11-04 07:13 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-04 06:58 . 2009-11-04 06:58 67 ----a-w- C:\Ntf8.tmp 2009-11-04 06:58 . 2009-11-04 06:58 67 ----a-w- C:\Ntf7.tmp 2009-11-03 11:46 . 2009-06-04 13:45 -------- d-----w- c:\documents and settings\User\Application Data\Skype 2009-11-03 07:46 . 2009-11-03 06:11 3736 ----a-w- C:\Ntf5.tmp 2009-11-03 06:11 . 2009-11-03 06:11 67 ----a-w- C:\Ntf6.tmp 2009-10-27 08:37 . 2009-06-08 07:12 -------- d-----w- c:\program files\MechSoft 2009-10-12 11:57 . 2009-06-04 13:45 -------- d-----w- c:\program files\Google 2009-10-12 10:39 . 2009-09-15 05:49 -------- d-----w- c:\program files\DGG 2009-10-12 10:37 . 2009-06-08 08:09 117488 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-10-12 06:48 . 2009-10-12 06:48 -------- d-----w- c:\program files\Camozzi S.p.A 2009-10-11 02:17 . 2009-06-26 11:36 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-05 09:41 . 2009-10-05 09:41 318 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{598312E2-A807-49AD-8797-08FCB319EFEC}\NewShortcut3_3A94DDCE65094E4D88E2ACA7DB0FAFB8.exe 2009-10-05 09:41 . 2009-10-05 09:41 318 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{598312E2-A807-49AD-8797-08FCB319EFEC}\NewShortcut1_27E256CB6C9D486DBD0CF2BA79797B2C.exe 2009-10-05 09:41 . 2009-10-05 09:41 2238 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{598312E2-A807-49AD-8797-08FCB319EFEC}\NewShortcut2_09E499C971A546A98F4435DEDEE563D2.exe 2009-10-05 09:41 . 2009-10-05 09:41 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{598312E2-A807-49AD-8797-08FCB319EFEC}\ARPPRODUCTICON.exe 2009-10-05 09:41 . 2009-10-05 09:41 -------- d-----w- c:\program files\KeytoMetals 2009-10-01 06:41 . 2009-08-07 15:52 -------- d-----w- c:\program files\Lexmark X1100 Series 2009-10-01 05:17 . 2009-10-01 05:17 -------- d-----w- c:\program files\Common Files\Business Objects 2009-09-26 05:57 . 2009-09-26 05:57 -------- d-----w- c:\program files\Trend Micro 2009-09-26 05:56 . 2009-09-26 05:55 -------- d-----w- c:\program files\HJT 2009-09-26 05:11 . 2009-09-26 05:11 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes 2009-09-26 05:11 . 2009-09-26 05:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-25 05:04 . 2009-09-25 05:04 67 ----a-w- C:\Ntf4.tmp 2009-09-25 05:04 . 2009-09-25 05:04 67 ----a-w- C:\Ntf3.tmp 2009-09-17 09:09 . 2009-09-17 09:09 -------- d-----w- c:\documents and settings\User\Application Data\DassaultSystemes 2009-09-13 06:50 . 2009-09-13 06:50 -------- d-----w- c:\documents and settings\User\Application Data\Ahead 2009-09-13 06:02 . 2009-06-08 06:57 -------- d-----w- c:\program files\PowerISO 2009-09-12 07:17 . 2009-06-08 08:03 -------- d-----w- c:\program files\Autodesk . ((((((((((((((((((((((((((((( SnapShot@2009-11-03_12.01.59 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-05 06:34 . 2009-11-05 06:34 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_580.dat + 2009-11-04 15:02 . 2009-11-04 15:02 16384 c:\windows\Temp\Perflib_Perfdata_5f8.dat + 2009-11-05 06:34 . 2009-11-05 06:34 16384 c:\windows\Temp\Perflib_Perfdata_184.dat + 2009-06-02 10:59 . 2009-11-04 14:24 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2009-06-02 10:59 . 2009-11-03 11:15 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2009-06-02 10:59 . 2009-11-03 11:15 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2009-06-02 10:59 . 2009-11-04 14:24 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2009-06-02 10:59 . 2009-11-04 14:24 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2009-06-02 10:59 . 2009-11-03 11:15 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2009-06-02 10:59 . 2009-11-03 11:15 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2009-06-02 10:59 . 2009-11-03 11:15 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2009-06-02 10:59 . 2009-11-03 11:15 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2009-06-02 10:59 . 2009-11-03 11:15 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2009-06-26 11:36 . 2009-10-11 02:17 149280 c:\windows\system32\javaws.exe - 2009-06-26 11:36 . 2009-07-25 02:23 149280 c:\windows\system32\javaws.exe - 2009-06-26 11:36 . 2009-07-25 02:23 145184 c:\windows\system32\javaw.exe + 2009-06-26 11:36 . 2009-10-11 02:17 145184 c:\windows\system32\javaw.exe - 2009-06-26 11:36 . 2009-07-25 02:23 145184 c:\windows\system32\java.exe + 2009-06-26 11:36 . 2009-10-11 02:17 145184 c:\windows\system32\java.exe + 2009-06-02 10:59 . 2009-11-04 14:24 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2009-06-02 10:59 . 2009-11-03 11:15 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2009-06-02 10:59 . 2009-11-03 11:15 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2009-06-02 10:59 . 2009-11-03 11:15 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2009-06-02 10:59 . 2009-11-03 11:15 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2009-06-02 10:59 . 2009-11-04 14:24 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2009-06-02 10:59 . 2009-11-03 11:15 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2009-06-02 10:59 . 2009-11-03 11:15 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2009-06-02 10:59 . 2009-11-04 14:24 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 81000] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-11-08 1233800] "SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2008-09-15 7218472] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2009-07-14 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-17 17676288] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogonLauncher] 2006-08-29 12:59 65536 ----a-w- c:\windows\system32\LogLaun.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk] backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^SolidWorks Task Scheduler Engine.lnk] backup=c:\windows\pss\SolidWorks Task Scheduler Engine.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Autodesk\\backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\backburner\\server.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16195:TCP"= 16195:TCP:BitComet 16195 TCP "16195:UDP"= 16195:UDP:BitComet 16195 UDP "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 AeInput;AeInput;c:\windows\system32\drivers\AeInput.sys [31.8.2009 15:46 27904] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.6.2009 9:17 110160] R2 AEServ;AEServ;c:\windows\system32\AEServEx.exe [31.8.2009 15:46 295424] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.6.2009 9:17 20560] R2 KxNT;KxNT;c:\windows\system32\drivers\KxNT.sys [31.8.2009 15:46 154240] R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5.6.2009 15:41 30152] R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2.9.2009 16:17 10752] S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [9.9.2008 5:01 79144] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 6:01 2799808] --- Other Services/Drivers In Memory --- *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-11-05 c:\windows\Tasks\User_Feed_Synchronization-{D4CA7239-12D9-4F91-935C-3389C5C9B7E2}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 01:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.atcomet.com/m/ IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-05 08:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\Instal c:\windows\system32\WinFLdrv.sys 10752 bytes executable c:\windows\system32\sys_drv.dat 17068 bytes c:\windows\system32\sys_drv_2.dat 11044 bytes c:\documents and settings\User\Application Data\systemfl.$dk 990 bytes scan completed successfully hidden files: 5 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\F*i*l*e*B*a*r*r*i*c*a*d*e*r*"! *2*0*0*7* *D*r*i*v*e*B*a*r*r*i*c*a*d*e*r*"!\Settings] "Auto Start"="True" "Auto Check Updates"="True" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(800) c:\windows\system32\LogLaun.dll - - - - - - - > 'explorer.exe'(2652) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\msi.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\SearchIndexer.exe c:\program files\FaronicsAE\Faronics Anti-Executable\AEManager.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\Lexmark X1100 Series\lxbkbmon.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe . ************************************************************************** . Completion time: 2009-11-05 8:37 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-05 06:37 Pre-Run: 16.408.784.896 bytes free Post-Run: 16.367.489.024 bytes free Да знаете, че проблема е от месец Юли (Август), програмите след това няма да са причина за вируса, дето преименува папките в Програм Файлс Мисълта ми е да ги игнорирате като по-безобидни Ако е БакДор както писахте, може ли ръчно да ги преименува някой или да ги изтрива ?
-
Сега публикувам Лог Файл на КОМБОФИКС след изтриването на Даемон Туулс ComboFix.txt
-
Атачмънт на Лог Файл на Д-р УЕБ DrWeb.txt
-
ОК, още Сканирам с Д-р УЕБ, после ще продължа!
-
Здравейте, Ще кача лог атачмънт от КОМБОФИКС ComboFix.txt
-
Изпълних всичко, само дето при "Руут Рипеал" след ОК след СКАН бутон, не излезе втори прозорец да избирам дяловете С/D ....ами направо изкара лога на сканирането Ето ги логовете: ...................................................... ..................................................... І-во От Чекапа Results of screen317's Security Check version 0.99.0 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````````````````````````` Anti-malware/Other Utilities Check: Free Anti-SPY Guard 1.0 Trojan Remover 6.7.4 HijackThis 2.0.2 Java 6 Update 15 Adobe Flash Player 10 Adobe Reader 8 Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent Alwil Software Avast4 aswUpdSv.exe Alwil Software Avast4 ashServ.exe Alwil Software Avast4 ashDisp.exe Alwil Software Avast4 ashMaiSv.exe Alwil Software Avast4 ashWebSv.exe `````````````````````````````` DNS Vulnerability Check: `````````End of Log``````````` ........................................................... .......................................................... 2 ро от Руут Рипиала ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/12 15:05 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\windows\System32\Drivers\dump_atapi.sys Address: 0xB57B9000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\windows\System32\Drivers\dump_WMILIB.SYS Address: 0xBA618000 Size: 8192 File Visible: No Signed: - Status: - Name: PCI_PNP2190 Image Path: \Driver\PCI_PNP2190 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\windows\system32\drivers\rootrepeal.sys Address: 0xB375E000 Size: 49152 File Visible: No Signed: - Status: - Name: sppa.sys Image Path: sppa.sys Address: 0xB9EA7000 Size: 1048576 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - SSDT ------------------- #: 025 Function Name: NtClose Status: Hooked by "C:\windows\System32\Drivers\KxNT.SYS" at address 0xb53b8b00 #: 037 Function Name: NtCreateFile Status: Hooked by "C:\windows\System32\Drivers\KxNT.SYS" at address 0xb53b86f0 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\windows\System32\Drivers\KxNT.SYS" at address 0xb53bb3a0 #: 062 Function Name: NtDeleteFile Status: Hooked by "C:\windows\System32\Drivers\KxNT.SYS" at address 0xb53b91c0 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\windows\System32\Drivers\KxNT.SYS" at address 0xb53bb4e0 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xb57d9098 #: 071 Function Name: NtEnumerateKey Status: Hooked by "sppa.sys" at address 0xb9ec6ca2 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "sppa.sys" at address 0xb9ec7030 #: 116 Function Name: NtOpenFile Status: Hooked by "C:\windows\System32\Drivers\KxNT.SYS" at address 0xb53b83a0 #: 119 Function Name: NtOpenKey Status: Hooked by "C:\windows\System32\Drivers\KxNT.SYS" at address 0xb53bb450 #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xb57d8fd8 #: 128 Function Name: NtOpenThread Status: Hooked by "C:\windows\System32\Drivers\KxNT.SYS" at address 0xb53b9840 #: 160 Function Name: NtQueryKey Status: Hooked by "sppa.sys" at address 0xb9ec7108 #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xb57d96ba #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xb57d967a #: 224 Function Name: NtSetInformationFile Status: Hooked by "C:\windows\System32\Drivers\KxNT.SYS" at address 0xb53b9200 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\windows\System32\Drivers\KxNT.SYS" at address 0xb53bb6c0 #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\windows\System32\Drivers\KxNT.SYS" at address 0xb53b9700 #: 274 Function Name: NtWriteFile Status: Hooked by "C:\windows\System32\Drivers\KxNT.SYS" at address 0xb53b8950 ==EOF==
-
Значи, вирусът изтрива или променя имената на всички лицензни файлове, освен това преименува папките в Програм Файлс или ги копира с променено име (добавя цифра в скоби) и изтрива съдържанието на оригиналнитее папки. Програмите не работят и искат преинсталиране. Тук помествам лог Файловете от МалУеарБитс и НайДжакДис, според инструкцията на Б.Иванов С атачмънти са логовете ! mbam-log-2009-09-26 (08-45-06).txt hijackthis.txt
Разглеждащи това в момента 0
- Няма регистрирани потребители разглеждащи тази страница.