Може ли да ги качиш в 4Storing.com и да ми дадеш линк, тъй като не ми зареждат линковете. ;(

Хммм направи следното:

1.Изтегли deldomains.inf, разархивирай го и избери Install с десния бутон на мишката.

2.Възстанови оригиналния файл hosts.ini

Изтегли това и го разархивирай в папка C:\windows\system32\drivers\etc.

Замести файла, който се намира там.

3.Пусни едно зануляване на интернет настройките чрез следните инструменти:

http://www.kaldata.com/forums/index.php?showtopic=39592#

А иначе ето ти линк за кръпките:

http://4storing.com/9foia/00facbb6a2a302a9...b61d92781e.html

Редактирано 22 февруари 200917 г. от B-boy[StyLe] (преглед на промените)

Като натисна в/у него и натисна ми изписва някакви букви, но не го тегли.

Пробва ли решенията от 1 до 3, преди да изтеглиш кръпките ?

Ползваш ли download manager и какъв е той ?

Пробвай с друг браузър - Opera, Mozilla Firefox, Safari, Google Chrome...

Щях да ти кажа да си видиш и настройките на защитната стена, но ти каза, че е изключена.

Няма да е зле да я включиш (не че има особена файда от нея, но колкото да не е без хич)...

FireWall e ON. Точно затова ви питах дали да е изключена.. 1) deldomains.inf неможе да се изтегли изписва някакъв текст, ако ти трябва ще ти го копирам. Използвам Mozilla Firefox. Сега ще опитам с друг браузър.

Само решение 1 неможе да се изтегли, защото не ми отваря линка.

Редактирано 22 февруари 200917 г. от XateR (преглед на промените)

А ти как го теглиш...Директно кликаш върху линка ли ?

Пробвай с десен бутон върху него (Save as).

Така или иначе съдържанието на файла е следното.

Отвори Notepad и въведи:

; DelDomains.inf © 11-28-04 | Revised 01-15-06

; Created by: Mike Burgess Microsoft MVP

; http://mvps.org/winhelp2002/

;

; Warning: Deletes all entries in the Restricted & Trusted Zone list

; http://mvps.org/winhelp2002/restricted.htm

;

; Revised to include the EscDomains key

;

; To execute this file: in Explorer - right-click (this file)

; Select Install from the Menu.

; Note: you will not see any onscreen action.

[version]

signature="$CHICAGO$"

[DefaultInstall]

DelReg=DelTemps

AddReg=AddTemps

[DelTemps]

HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"

HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"

HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"

HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"

HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains"

; Recreate the keys to avoid a restart

[AddTemps]

HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"

HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"

HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"

HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"

HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains"

Запази файла с име deldomains.inf и след това с десен бутон върху файла натисни INSTALL.

След това провери дали вече можеш да отваряш всички странички. Ей така за проба пробвай да изтеглиш кръпките, но от директните линкове към страницата на Microsoft.

Редактирано 22 февруари 200917 г. от B-boy[StyLe] (преглед на промените)

Неможе да се изтеглят направих го.

Следвай инструкциите от тази тема и пусни един лог от HijackThis в нея:

http://www.kaldata.com/forums/index.php?showtopic=102469

Ето лог файла

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:36, on 2009-02-22

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\program files\steam\steam.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\ICQ6Toolbar\ICQ Service.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\pc\Desktop\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

R3 - URLSearchHook: (no name) -  - (no file)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll

O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BlueSoleil.lnk = ?

O8 - Extra context menu item: &С&валяне &с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &С&валяне на всички с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &С&валяне на всичкото видео с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Е&кспортирай в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Изследване - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ\ICQ6.5\ICQ.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe


--

End of file - 5655 bytes

Редактирано 22 февруари 200917 г. от XateR (преглед на промените)

Стартирай HijackThis и маркирай следните неща:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - - (no file)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

Избери Fix Checked.

Изтегли LSPFix и я стартирай.

Сложи отметка пред I know what i'm doing => след това посочи файла nwprovau.dll (от лявата страна и със стрелкичките го вкарай вдясно...Избери Finish)...

c:\windows\system32\nwprovau.dll => е валиден файл, но в повечето случаи няма никаква нужда от него (Трябва главно за NetWare).

Стартирай HijackThis и маркирай следните неща:

Избери Fix Checked.

Изтегли LSPFix и я стартирай.

Сложи отметка пред I know what i'm doing => след това посочи файла nwprovau.dll (от лявата страна и със стрелкичките го вкарай вдясно...Избери Finish)...

c:\windows\system32\nwprovau.dll => е валиден файл, но в повечето случаи няма никаква нужда от него (Трябва главно за NetWare).

Направих го ))

Е има ли подобрение ?

За финал можеш да изтеглиш този фикс.

Разархивирай го и го стартирай.

Избери YES на появилия се диалогов прозорец.

Рестартирай машината.

Conficker_registry_fix.zip

Не ми зарежда линка. :/

Не ми зарежда линка. :/

Отвори Notepad и въведи:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]

"CheckedValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]

@="@SYS:DoesNotExist"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"NoDriveTypeAutoRun"=dword:000000ff

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Parameters]

"AutoShareServer"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\Parameters]

"AutoShareWks"=dword:00000000

Запази файла с име registryfix.reg и го стартирай. Избери YES на появилия се диалогов прозорец.

Странно е това, че още нямаш достъп до определени сайтове...

Отвори Notepad и въведи:

Запази файла с име registryfix.reg и го стартирай. Избери YES на появилия се диалогов прозорец.

Странно е това, че още нямаш достъп до определени сайтове...

Готово. Изписа ми, че се е добавило към моя registry файл.

Провери с Malwarebytes Anti-Malware 1.34 и SUPERAntiSpyware 4.25.0.1014 Beta и публикувай логовете.

PS: логовете на SUPERAntispyware се намират в Preferences => Statistics/Logs.

Пак чрез SUPERAntispyware можеш да опиташ да възстановиш някои неща => Preferences => Repairs

избери следните поправки (една по една) и натисни Perform Repair

*Home Page Reset

*Internet Zone Security Reset

*Local Page Reset

*Repair Broken Network Connection (WinSock LSP Chain)

*Reset URL Prefix

*Reset Web Settings

*Reset ZoneMap Settings

За финал изтегли HostsXpert.

Разархивирай програмата и стартирай файла HostsXpert.exe и натисни Make Hosts Writable

Сега натисни Restore MS Hosts File и потвърди с YES.

Затвори приложението.

Няма индикации за зараза вече, но е странно, че още нямаш достъп до определени страници...

Къде се намира това нещо "Make Hosts Writable" ?

http://img3.imageshack.us/img3/1137/dasda.jpg

След като изтрих един Троянец и преди да ми зареди всички програми ми изписа следното

http://img100.imageshack.us/img100/760/basiii.jpg

Какво трябва да направя?

Редактирано 23 февруари 200917 г. от XateR (преглед на промените)

Ами при теб няма нужда от Make Hosts Writable => катинара е отключен.

Hosts файла също изглежда наред, но все пак натисни за всеки случай Restore MS Hosts File и потвърди с YES.

А за втория проблем можеш да дадеш нов лог от HijackThis. (Autoruns също би се справила, но както и да е).

А за втория проблем можеш да дадеш нов лог от HijackThis. (Autoruns също би се справила, но както и да е).

Ето лог файла

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:00, on 2009-02-23

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\ICQ6Toolbar\ICQ Service.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\program files\steam\steam.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Documents and Settings\pc\Desktop\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll

O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BlueSoleil.lnk = ?

O8 - Extra context menu item: &С&валяне &с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &С&валяне на всички с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &С&валяне на всичкото видео с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Е&кспортирай в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Изследване - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ\ICQ6.5\ICQ.exe

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe


--

End of file - 5240 bytes

Не намирам нищо подозрително в лога.

Деинсталирай NOD32 и инсталирай Avira AntiVir Personal 8.2.0.337

Направи следните настройки и пусни пълна проверка на компютъра:

http://www.kaldata.com/forums/index.php?s=...t&p=1017686

Malwarebytes' Anti-Malware 1.34

Database version: 1749

Windows 5.1.2600 Service Pack 2

2009-02-23 14:30:15

mbam-log-2009-02-23 (14-30-15).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 102179

Time elapsed: 20 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\pc\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Не си обновил програмата...Актуалните дефиниции са 1795.Направи един UPDATE и сканирай отново...Но не пускай FULL Scan. Quick scan е напълно достатъчно.Провери и с SUPERantispyware и накрая с Avira (като първо и направиш правилните настройки)...

Защо не си инсталирал Serivice Pack 3 за Windows ?

http://www.kaldata.com/comments.php?id=319...=service+pack+3

Редактирано 23 февруари 200917 г. от B-boy[StyLe] (преглед на промените)

Защо не си инсталирал Serivice Pack 3 за Windows ?

http://www.kaldata.com/comments.php?id=319...=service+pack+3

Би ли ми дал линк към тях в 4Storing, тъй като не ми отваря линковете. :X

Ето това ми изписва, когато се опитам да изтегля Avira AntiVir Personal 8.2.0.337 ( http://img98.imageshack.us/img98/8764/dsadsadsa.jpg )

А това изписва когато се опитам да UnInstall NOD32 ( http://img23.imageshack.us/img23/1024/error1m.jpg ; http://img511.imageshack.us/img511/8826/error2.jpg )

Би ли ми дал линк към тях в 4Storing, тъй като не ми отваря линковете. :X

Ето това ми изписва, когато се опитам да изтегля Avira AntiVir Personal 8.2.0.337 ( http://img98.imageshack.us/img98/8764/dsadsadsa.jpg )

А това изписва когато се опитам да UnInstall NOD32 ( http://img23.imageshack.us/img23/1024/error1m.jpg ; http://img511.imageshack.us/img511/8826/error2.jpg )

Работата не е на добре...Service Pack 3 е прекалено голям (за моята връзка), но поне Avira ще се опитам да ти я кача...

http://4storing.com/gmkbt/e7e1155c5223467c...2b2a441d03.html

За деинсталацията на NOD32 => явно имаш увреден MSI пакет. изтегли Windows Installer CleanUp Utility и го стартирай. От менюто посочи NOD32 и избери Remove. След това няма да е лошо да я инсталираш отново и този път да я деинсталираш по правилния начин.

Не е на-добре, че не можеш да обновиш и MBAM...

Затвори приложението. Изтегли този файл и го стартирай:

http://4storing.com/free/hytcq/7cee1780c93...d1cec83204.html

Сега можеш да провериш с Avira и обновен Malwarebytes.

PS: Ще пиша довечера, че заминавам на бачкане.

Ето лога, който направих с Malwarebytes

Malwarebytes' Anti-Malware 1.34

Database version: 1793

Windows 5.1.2600 Service Pack 2


2009-02-23 15:52:30

mbam-log-2009-02-23 (15-52-30).txt


Scan type: Quick Scan

Objects scanned: 57031

Time elapsed: 1 minute(s), 45 second(s)


Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0


Memory Processes Infected:

(No malicious items detected)


Memory Modules Infected:

(No malicious items detected)


Registry Keys Infected:

(No malicious items detected)


Registry Values Infected:

(No malicious items detected)


Registry Data Items Infected:

(No malicious items detected)


Folders Infected:

(No malicious items detected)


Files Infected:

(No malicious items detected)

С Avira открих много троянски коне и други заплахи за компютъра, но ги поставих в карантина, защото може да сбъркам, ако ги изтрия. Затова ще дам лога и ми кажете дали да ги изтрия.

Avira AntiVir Personal

Report file date: 2009-02-23  16:12


Scanning for 1262312 virus strains and unwanted programs.


Licensed to:	  Avira AntiVir PersonalEdition Classic

Serial number:	0000149996-ADJIE-0001

Platform:		 Windows XP

Windows version:  (Service Pack 2)  [5.1.2600]

Boot mode:		Normally booted

Username:		 SYSTEM

Computer name:	PC-7BEBC471BE85


Version information:

BUILD.DAT	 : 8.2.0.337	  16934 Bytes  2008-11-18 13:05:00

AVSCAN.EXE	: 8.1.4.10	  315649 Bytes  2008-11-18 07:21:26

AVSCAN.DLL	: 8.1.4.0		40705 Bytes  2008-05-26 06:56:40

LUKE.DLL	  : 8.1.4.5	   164097 Bytes  2008-06-12 11:44:19

LUKERES.DLL   : 8.1.4.0		12033 Bytes  2008-05-26 06:58:52

ANTIVIR0.VDF  : 7.1.0.0	 15603712 Bytes  2008-10-27 10:30:36

ANTIVIR1.VDF  : 7.1.2.12	 3336192 Bytes  2009-02-11 14:02:40

ANTIVIR2.VDF  : 7.1.2.55	  248832 Bytes  2009-02-20 14:02:44

ANTIVIR3.VDF  : 7.1.2.67	   61440 Bytes  2009-02-23 14:02:47

Engineversion : 8.2.0.87  

AEVDF.DLL	 : 8.1.1.0	   106868 Bytes  2009-02-23 14:03:30

AESCRIPT.DLL  : 8.1.1.47	  348539 Bytes  2009-02-23 14:03:27

AESCN.DLL	 : 8.1.1.7	   127347 Bytes  2009-02-23 14:03:25

AERDL.DLL	 : 8.1.1.3	   438645 Bytes  2008-11-04 12:58:38

AEPACK.DLL	: 8.1.3.8	   397684 Bytes  2009-02-23 14:03:23

AEOFFICE.DLL  : 8.1.0.33	  196987 Bytes  2009-02-23 14:03:18

AEHEUR.DLL	: 8.1.0.97	 1610103 Bytes  2009-02-23 14:03:16

AEHELP.DLL	: 8.1.2.0	   119159 Bytes  2009-02-23 14:02:54

AEGEN.DLL	 : 8.1.1.20	  336245 Bytes  2009-02-23 14:02:53

AEEMU.DLL	 : 8.1.0.9	   393588 Bytes  2008-10-14 09:05:56

AECORE.DLL	: 8.1.6.6	   176501 Bytes  2009-02-23 14:02:49

AEBB.DLL	  : 8.1.0.3		53618 Bytes  2008-10-14 09:05:56

AVWINLL.DLL   : 1.0.0.12	   15105 Bytes  2008-07-09 07:40:05

AVPREF.DLL	: 8.0.2.0		38657 Bytes  2008-05-16 08:28:01

AVREP.DLL	 : 8.0.0.2		98344 Bytes  2008-07-31 11:02:15

AVREG.DLL	 : 8.0.0.1		33537 Bytes  2008-05-09 10:26:40

AVARKT.DLL	: 1.0.0.23	  307457 Bytes  2008-02-12 07:29:23

AVEVTLOG.DLL  : 8.0.0.16	  119041 Bytes  2008-06-12 11:27:49

SQLITE3.DLL   : 3.3.17.1	  339968 Bytes  2008-01-22 16:28:02

SMTPLIB.DLL   : 1.2.0.23	   28929 Bytes  2008-06-12 11:49:40

NETNT.DLL	 : 8.0.0.1		 7937 Bytes  2008-01-25 11:05:10

RCIMAGE.DLL   : 8.0.0.51	 2371841 Bytes  2008-06-12 12:48:07

RCTEXT.DLL	: 8.0.52.0	   86273 Bytes  2008-06-27 12:34:37


Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:, 

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium


Start of the scan: 2009-02-23  16:12


The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'skypePM.exe' - '1' Module(s) have been scanned

Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'ICQ Service.exe' - '1' Module(s) have been scanned

Scan process 'ekrn.exe' - '1' Module(s) have been scanned

Scan process 'BTNtService.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'Steam.exe' - '1' Module(s) have been scanned

Scan process 'Skype.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'egui.exe' - '1' Module(s) have been scanned

Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

30 processes with 30 modules were scanned


Starting master boot sector scan:

Master boot sector HD0

	[INFO]	  No virus was found!


Start scanning boot sectors:

Boot sector 'C:\'

	[INFO]	  No virus was found!

Boot sector 'D:\'

	[INFO]	  No virus was found!


Starting to scan the registry.

The registry was scanned ( '60' files ).



Starting the file scan:


Begin scan in 'C:\'

C:\pagefile.sys

	[WARNING]   The file could not be opened!

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G2VVBUHC\owsmdehe[1].bmp

	[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

	[NOTE]	  The file was moved to '4a15af63.qua'!

C:\System Volume Information\_restore{554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP1\A0000017.exe

	[DETECTION] Is the TR/Trash.Gen Trojan

	[NOTE]	  The file was moved to '49d2b0c9.qua'!

C:\System Volume Information\_restore{554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0001049.dll

	[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

	[NOTE]	  The file was moved to '49d2b0cf.qua'!

C:\WINDOWS\SoftwareDistribution\Download\a4eec31189780c76a955690dc00fbe64\BIT9F.tmp

	[0] Archive type: CAB (Microsoft)

	--> WindowsXP-KB908531-v2-x86-ENU.psm

	  [WARNING]   No further files can be extracted from this archive. The archive will be closed

C:\WINDOWS\system32\drivers\sptd.sys

	[WARNING]   The file could not be opened!

Begin scan in 'D:\'

D:\Small Scr1pt\addon\es\update.exe

	[DETECTION] Contains a recognition pattern of the (harmful) BDS/Delf.nud back-door program

	[NOTE]	  The file was moved to '4a06b29b.qua'!

D:\System Volume Information\_restore{22869DA5-8A2F-42FE-A8D2-06ECE6A7D303}\RP38\A0041770.exe

	  [DETECTION] Contains HEUR/Malware suspicious code

	[NOTE]	  The file was moved to '49d2b26e.qua'!

D:\System Volume Information\_restore{22869DA5-8A2F-42FE-A8D2-06ECE6A7D303}\RP39\A0041786.exe

	  [DETECTION] Contains HEUR/Malware suspicious code

	[NOTE]	  The file was moved to '49d2b270.qua'!

D:\System Volume Information\_restore{22869DA5-8A2F-42FE-A8D2-06ECE6A7D303}\RP42\A0044008.exe

	  [DETECTION] Is the TR/Dropper.Gen Trojan

	[NOTE]	  The file was moved to '49d2b27d.qua'!

D:\System Volume Information\_restore{22869DA5-8A2F-42FE-A8D2-06ECE6A7D303}\RP42\A0044011.exe

	  [DETECTION] Is the TR/Hijacker.Gen Trojan

	[NOTE]	  The file was moved to '49d2b27f.qua'!

D:\System Volume Information\_restore{22869DA5-8A2F-42FE-A8D2-06ECE6A7D303}\RP87\A0089076.exe

	  [DETECTION] Is the TR/Dropper.Gen Trojan

	[NOTE]	  The file was moved to '49d2b2bc.qua'!

D:\System Volume Information\_restore{22869DA5-8A2F-42FE-A8D2-06ECE6A7D303}\RP93\A0089372.exe

	  [DETECTION] Is the TR/Dropper.Gen Trojan

	[NOTE]	  The file was moved to '49d2b2c2.qua'!

D:\System Volume Information\_restore{554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP4\A0001028.exe

	[DETECTION] Is the TR/Packed.2322 Trojan

	[NOTE]	  The file was moved to '49d2b3ca.qua'!

D:\System Volume Information\_restore{554DA4AA-D4F3-4640-A848-7113A5B2A850}\RP6\A0001051.exe

	[DETECTION] Contains a recognition pattern of the (harmful) BDS/Delf.nud back-door program

	[NOTE]	  The file was moved to '49d2b3cc.qua'!



End of the scan: 2009-02-23  16:33

Used time: 20:32 Minute(s)


The scan has been done completely.


   3743 Scanning directories

 150604 Files were scanned

	 10 viruses and/or unwanted programs were found

	  2 Files were classified as suspicious:

	  0 files were deleted

	  0 files were repaired

	 12 files were moved to quarantine

	  0 files were renamed

	  2 Files cannot be scanned

 150590 Files not concerned

	640 Archives were scanned

	  3 Warnings

	 12 Notes

Това значи ли, че успя да деинсталираш правилно и НАПЪЛНО НОД32.

Повечето от намерените зарази са в System Restore , затова спри тази функция.

и почисти временните файлове и кеша на браузъра: (първа и втора стъпка от този пост)

http://www.kaldata.com/forums/index.php?s=...t&p=1293057

Ако проблемите с нета продължават, няма да е лошо да говориш и с екипа по подръжката на Интернет доставчика си.

Редактирано 23 февруари 200917 г. от B-boy[StyLe] (преглед на промените)