@electric ...

Ето го и лога

ComboFix.txt

Всичко изглежда наред с изключение на това:

Отвори Notepad и въведи:

Folder::

c:\windows\usgwmt

Запази файла с име CFScript и го провлачи в ComboFix. Публикувай новия лог. Архивирай папката C:\Qoobox и я качи на адрес http://www.4storing.com След това можеш да деинсталираш Combofix с командата:

Start => Run => combofix /u

Ще се наложи да преинсталираш фонетиката си още веднъж...

И това е от мен...Колегата Fixer ако има какво да те посъветва вече там ще се разберете.

FIXER-----

ComboFix 09-06-03.04 - fgtv3 06.2009 г. 19:12.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.128.21 [GMT 3:00]

Running from: c:\documents and settings\fgtv3\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\fgtv3\Desktop\CFScript.txt

AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

"c:\windows\msmacro64.exe"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\ESET

c:\program files\ESET\ESET Online Scanner\esets_apiA.dll

c:\program files\ESET\ESET Online Scanner\esets_apiW.dll

c:\program files\ESET\ESET Online Scanner\esets_apiW_a.dll

c:\program files\ESET\ESET Online Scanner\ESETSmartInstaller.exe

c:\program files\ESET\ESET Online Scanner\log.txt

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\continuous\nod014A.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com\update.ver

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\lastupd.ver

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod0028.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod062C.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod14F8.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod16EA.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod17CE.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod19A9.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod2646.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod2D62.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod3297.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod3E7A.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod3F6A.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod4AF2.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod59BF.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod66A3.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod7358.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod743A.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod76BC.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\oldfiles\em001_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\oldfiles\em002_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em001_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em002_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\upd.ver

c:\program files\ESET\ESET Online Scanner\Modules\em000_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\em001_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\em002_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\em003_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\em004_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\em005_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\em006_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\mod_comp.dat

c:\program files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

c:\program files\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe

c:\program files\ESET\ESET Online Scanner\OnlineScanner.inf

c:\program files\ESET\ESET Online Scanner\OnlineScanner.ocx

c:\program files\ESET\ESET Online Scanner\OnlineScanner64.ocx

c:\program files\ESET\ESET Online Scanner\OnlineScannerApp.exe

c:\program files\ESET\ESET Online Scanner\OnlineScannerLang.dll

c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

c:\program files\ESET\ESET Online Scanner\unicows.dll

.

((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))

.

2009-06-05 15:00 . 2009-06-05 15:00 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-06-05 12:37 . 2009-06-05 12:37 -------- d-----w- c:\documents and settings\fgtv3\Local Settings\Application Data\Identities

2009-06-04 12:21 . 2009-06-04 12:21 -------- d-----w- c:\program files\FileZilla Server

2009-05-20 15:49 . 2009-05-20 15:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\TrojanHunter

2009-05-20 09:06 . 2009-05-20 09:06 -------- d-----w- c:\documents and settings\fgtv3\Application Data\TrojanHunter

2009-05-20 07:14 . 2009-05-20 15:54 -------- d-----w- c:\program files\TrojanHunter 5.1

2009-05-19 15:49 . 2009-05-19 15:49 -------- d-----w- c:\program files\Innovative Solutions

2009-05-19 15:20 . 2009-05-19 15:20 -------- d-----w- c:\documents and settings\fgtv3\Application Data\Panda Security

2009-05-19 14:56 . 2009-05-19 14:56 245 ----a-w- c:\windows\system32\PSUNCpl.dat

2009-05-19 14:55 . 2009-05-19 14:55 -------- d-----w- c:\program files\Panda Security

2009-05-19 14:55 . 2009-05-19 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security

2009-05-19 14:46 . 2009-04-16 10:06 6966528 ----a-w- c:\program files\Foxit Reader.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-05 15:01 . 2009-04-30 06:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-05 10:58 . 2009-05-05 05:49 -------- d-----w- c:\documents and settings\fgtv3\Application Data\Skype

2009-06-05 10:22 . 2009-05-05 05:50 -------- d-----w- c:\documents and settings\fgtv3\Application Data\skypePM

2009-05-26 11:04 . 2009-04-29 16:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-05-26 10:20 . 2009-04-30 06:29 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-26 10:19 . 2009-04-30 06:29 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-05-07 08:05 . 2009-04-29 16:11 18240 ----a-w- c:\documents and settings\fgtv3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-05 05:50 . 2009-05-05 05:50 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-05-05 05:48 . 2009-05-05 05:48 -------- d-----r- c:\program files\Skype

2009-05-05 05:48 . 2009-05-05 05:48 -------- d-----w- c:\program files\Common Files\Skype

2009-05-05 05:48 . 2009-05-05 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2009-04-30 14:06 . 2009-04-29 15:38 89783 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-04-30 06:30 . 2009-04-30 06:30 -------- d-----w- c:\documents and settings\fgtv3\Application Data\Malwarebytes

2009-04-30 06:29 . 2009-04-30 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-04-30 06:29 . 2009-04-30 06:29 -------- d-----w- c:\program files\CCleaner

2009-04-30 06:26 . 2009-04-30 06:26 -------- d-----w- c:\program files\BACL

2009-04-29 16:52 . 2009-04-29 16:52 1172 ----a-w- c:\windows\mozver.dat

2009-04-29 16:36 . 2009-04-29 16:36 0 ----a-w- c:\windows\nsreg.dat

2009-04-29 16:34 . 2009-04-29 16:34 -------- d-----w- c:\documents and settings\fgtv3\Application Data\URSoft

2009-04-29 15:43 . 2009-04-29 15:43 -------- d-----w- c:\program files\microsoft frontpage

2009-04-29 15:30 . 2009-04-29 15:30 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2009-04-23 17:15 . 2009-04-23 17:15 98056 ----a-w- c:\windows\system32\drivers\PSINProc.sys

2009-04-23 17:15 . 2009-04-23 17:15 92552 ----a-w- c:\windows\system32\drivers\PSINFile.sys

2009-04-23 17:15 . 2009-04-23 17:15 136968 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

2009-04-23 17:15 . 2009-04-23 17:15 113928 ----a-w- c:\windows\system32\drivers\PSINKNC.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2009-04-23 353536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [23.4.2009 г. 20:15 113928]

R2 NanoServiceMain;NanoServiceMain;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [23.4.2009 г. 20:14 95488]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [23.4.2009 г. 20:15 136968]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [23.4.2009 г. 20:15 92552]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [23.4.2009 г. 20:15 98056]

R3 es1969;ESS 1969 Audio Driver (WDM);c:\windows\system32\drivers\es1969.sys [29.4.2009 г. 21:17 72192]

R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [29.4.2009 г. 21:18 9344]

R3 S3Inc;S3Inc;c:\windows\system32\drivers\s3mt3d.sys [29.4.2009 г. 21:17 41216]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

IE: Е&кспортирай в Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {3283B1CD-3154-4919-A06E-FC8EC8653A55} = 91.191.216.34,91.191.216.35

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

FF - ProfilePath - c:\documents and settings\fgtv3\Application Data\Mozilla\Firefox\Profiles\bac2j927.default\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-05 19:22

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\FileZilla Server\FileZilla server.exe

.

**************************************************************************

.

Completion time: 2009-06-05 19:28 - machine was rebooted

ComboFix-quarantined-files.txt 2009-06-05 16:28

ComboFix2.txt 2009-06-05 14:53

Pre-Run: 3 583 688 704 bytes free

Post-Run: 3 569 926 144 bytes free

161

Всичко е наред според ComboFix вече, както и според MBAM и HijackThis. Влез в Start -> Run... и напиши ComboFix /u . Това е, ако все още имате проблем трябва да го търсите другаде.

Ето го и последния лог...

Qbox

ComboFix.txt

Редактирано 5 юни 200917 г. от electric (преглед на промените)

От 2 дена доста често ми излиза прозорец със следния надпис и квово и да натисна ми затваря страниците в нета. Някви идей как да го оправя,щот е дразнещо ?

Microsoft Visual C ++ Debug library

Debug assertion failed !

Program:C:\Program files\internet explorer\iexplore.exe

File:c:\program files\microsoft visual studio8\vc\include\list line 309

Expression:list iterators incompatible

For information on how your program can cause an assertion failure,see the Visual C++ documentation on asserts

Press retry to debug the application

abort retry ignore

От 2 дена доста често ми излиза прозорец със следния надпис и квово и да натисна ми затваря страниците в нета. Някви идей как да го оправя,щот е дразнещо ?

Microsoft Visual C ++ Debug library

Debug assertion failed !

Program:C:\Program files\internet explorer\iexplore.exe

File:c:\program files\microsoft visual studio8\vc\include\list line 309

Expression:list iterators incompatible

For information on how your program can cause an assertion failure,see the Visual C++ documentation on asserts

Press retry to debug the application

abort retry ignore

Антивирусната намери ли нещо ?

Може да пуснеш едно сканиране с HijackThis (има описано във форума за антивирусна защита как се прави) и да дадеш лога.

Антивирусната намери ли нещо ?

Може да пуснеш едно сканиране с HijackThis (има описано във форума за антивирусна защита как се прави) и да дадеш лога.

нищо не намира антивирусната с bitdefender съм

bg_fenka,

Изтеглете Malwarebytes' Anti-Malware от тук

Кликнете два пъти върху mbam-setup.exe за да инсталирате програмата.

• * Уверете се, че има отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware, след това кликнете на Finish.
  * Ако има намерени по-нови обновления, тя ще ги изтегли и инсталира.
  * Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.
  * Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
  * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
  * Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
  * Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.
  

Бележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемите вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

След това:

Моля, изтеглете HijackThis от тук.

Запазете инструмента в негова собствена папка (Например в: C:\HJT).

След това, отворете HijackThis, и изберете Do a system scan and save a logfile.

Ще Ви се отвори Notepad. Моля, поставете съдържанието на Notepad.

Накрая очаквам логовете и от двете програми.

http://store.picbg.net/pubpic/1D/90/eca880cbd8431d90.jpg

http://store.picbg.net/pubpic/9A/88/f9c1cab47c5a9a88.jpg

http://store.picbg.net/pubpic/82/CE/b29c5b555a1982ce.jpg

http://store.picbg.net/pubpic/BF/97/bb0f785edeb3bf97.jpg

http://store.picbg.net/pubpic/A4/11/1798f0ea321ba411.jpg

http://store.picbg.net/pubpic/E9/37/ac0481881704e937.jpg

това са всички вируси които kaspersky откри.Кои от тях вредят на Пц-то,кой са безобидни,кои от тях да изтрия и кои не,изобщо как да процедирам преинсталирах си уиндоуса 10 пъти и то с различни уиндоуси,но все нещо се прецаква...Ако може и да ми дадете линк към няоки свестен уиндоус без модификации и по ваша преценка дали да е със СП 2 или СП 3 (windows XP) Тези файлове дето са от хард дисковете "System volume Information" може ли да се оправят,вредат ли на хард диска ?

Редактирано 11 юни 200916 г. от Glavorezo (преглед на промените)

преинсталирах си уиндоуса 10 пъти и то с различни уиндоуси,но все нещо се прецаква...Ако може и да ми дадете линк към няоки свестен уиндоус без модификации и по ваша преценка дали да е със СП 2 или СП 3 (windows XP) Тези файлове дето са от хард дисковете "System volume Information" може ли да се оправят,вредат ли на хард диска ?

Това са последиците от кракнати програми,предполагам се досещате в кого е причината и какво трябва да направите.

Редактирано 11 юни 200916 г. от mihnev_sz (преглед на промените)

нищо не разбирам от компютри,не знам какво да права ?

Malwarebytes' Anti-Malware 1.37

Версия на базата от данни: 2262

Windows 5.1.2600 Service Pack 2

6/11/2009 8:25:46 PM

mbam-log-2009-06-11 (20-25-46).txt

Тип сканиране: Пълно сканиране (C:\|D:\|E:\|F:\|)

Сканирани обекти: 197345

Изминало време: 57 minute(s), 52 second(s)

Заразени процеси в паметта: 0

Заразени модули в паметта: 0

Заразени ключове в регистратурата: 45

Заразени стойности в регистратурата: 0

Заразени информационни обекти в регистратурата: 3

Заразени папки: 20

Заразени файлове: 27

Заразени процеси в паметта:

(Не бяха открити заплахи)

Заразени модули в паметта:

(Не бяха открити заплахи)

Заразени ключове в регистратурата:

HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{37b85a2a-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{37b85a2c-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{37b85a20-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.

Заразени стойности в регистратурата:

(Не бяха открити заплахи)

Заразени информационни обекти в регистратурата:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Заразени папки:

c:\documents and settings\bear\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

c:\documents and settings\bear\application data\shoppingreport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

c:\documents and settings\bear\application data\shoppingreport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.

c:\documents and settings\bear\application data\shoppingreport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.

c:\documents and settings\bear\application data\shoppingreport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.

c:\documents and settings\bear\application data\shoppingreport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\myglobalsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\myglobalsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\myglobalsearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\myglobalsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\myglobalsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Заразени файлове:

c:\program files\k-lite codec pack\quicktime\QuickTimePlayer.exe (Rogue.Installer) -> Quarantined and deleted successfully.

c:\program files\k-lite codec pack\Real\mpclauncher.exe (Rogue.Installer) -> Quarantined and deleted successfully.

c:\program files\k-lite codec pack\Real\settings.exe (Rogue.Installer) -> Quarantined and deleted successfully.

c:\program files\k-lite codec pack\tools\fixcodecs.exe (Rogue.Installer) -> Quarantined and deleted successfully.

c:\documents and settings\bear\application data\shoppingreport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

c:\documents and settings\bear\application data\shoppingreport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

c:\documents and settings\bear\application data\shoppingreport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

c:\documents and settings\bear\application data\shoppingreport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.

c:\documents and settings\bear\application data\shoppingreport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

c:\documents and settings\bear\application data\shoppingreport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

c:\documents and settings\bear\application data\shoppingreport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\myglobalsearch\bar\Cache\00056F8A (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\myglobalsearch\bar\Cache\000571AD (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\myglobalsearch\bar\Cache\000572D6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\myglobalsearch\bar\Cache\0005749B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\myglobalsearch\bar\Cache\000575D3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\myglobalsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\myglobalsearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\myglobalsearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\screensaver\Images\00BF3344.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Редактирано 11 юни 200916 г. от bg_fenka (преглед на промените)

нищо не разбирам от компютри,не знам какво да права ?

Като за начало,деинсталирай тази кракната пародия на Kaspersky и сложи актуална, Kaspersky Anti-Virus & Internet Security 2009 8.0.0.506.Ако не ти е на присърце има безплатни добри програми ,като Avast Home 4.8 1335 или Avira AntiVir Personal 9.0.0.403,след което обнови и направи пълно сканиране.

След това изпълни препоръките от първия пост в тази тема.

bg_fenka,

Изтеглете Malwarebytes' Anti-Malware от тук

Кликнете два пъти върху mbam-setup.exe за да инсталирате програмата.

• * Уверете се, че има отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware, след това кликнете на Finish.
  * Ако има намерени по-нови обновления, тя ще ги изтегли и инсталира.
  * Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.
  * Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
  * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
  * Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
  * Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.
  

Бележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемите вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:39:56 PM, on 6/11/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

C:\Program Files\Softwin\BitDefender9\bdoesrv.exe

C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe

C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Skype\Phone\Skype.exe

D:\Program Files\Datecs\FlexType 2K\FType2K.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Softwin\BitDefender9\vsserv.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

D:\Program Files\Hide My IP 2008\SecureSrv.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Skype\Plugin Manager\SkypePM.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=66020

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lulin-net.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66020

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66020

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66020

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66020

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

O1 - Hosts: 153.143.14.11 symantec.comsecurityresponse.symantec.com

O1 - Hosts: 95.121.157.68 www.symantec.comsecurityresponse.symantec.com

O1 - Hosts: 94.35.107.174 pandasoftware.com

O1 - Hosts: 178.54.7.246 www.pandasoftware.com

O1 - Hosts: 158.159.145.149 sophos.com

O1 - Hosts: 216.126.112.154 www.sophos.com

O1 - Hosts: 39.63.66.170 mcafee.com

O1 - Hosts: 48.6.25.69 www.mcafee.com

O1 - Hosts: 141.81.228.74 downloads-us1.kaspersky-labs.com

O1 - Hosts: 32.217.43.190 www.downloads-us1.kaspersky-labs.com

O1 - Hosts: 167.185.0.201 updates1.kaspersky-labs.com

O1 - Hosts: 144.209.50.1 www.updates1.kaspersky-labs.com

O1 - Hosts: 14.109.195.236 updates2.kaspersky-labs.com

O1 - Hosts: 108.34.156.191 www.updates2.kaspersky-labs.com

O1 - Hosts: 162.249.128.108 updates3.kaspersky-labs.com

O1 - Hosts: 38.208.63.220 www.updates3.kaspersky-labs.com

O1 - Hosts: 4.252.44.121 updates4.kaspersky-labs.com

O1 - Hosts: 49.51.208.240 www.updates4.kaspersky-labs.com

O1 - Hosts: 28.170.224.53 updates5.kaspersky-labs.com

O1 - Hosts: 135.122.109.199 www.updates5.kaspersky-labs.com

O1 - Hosts: 149.72.91.53 downloads1.kaspersky-labs.com

O1 - Hosts: 36.37.20.225 www.downloads1.kaspersky-labs.com

O1 - Hosts: 92.179.125.4 downloads2.kaspersky-labs.com

O1 - Hosts: 136.137.42.242 www.downloads2.kaspersky-labs.com

O1 - Hosts: 37.217.206.160 downloads3.kaspersky-labs.com

O1 - Hosts: 57.80.245.99 www.downloads3.kaspersky-labs.com

O1 - Hosts: 231.62.245.250 downloads4.kaspersky-labs.com

O1 - Hosts: 63.247.33.207 www.downloads4.kaspersky-labs.com

O1 - Hosts: 91.121.65.122 downloads5.kaspersky-labs.com

O1 - Hosts: 167.79.63.135 www.downloads5.kaspersky-labs.com

O1 - Hosts: 128.181.35.121 ftp.downloads1.kaspersky-labs.com

O1 - Hosts: 1.252.65.14 www.ftp.downloads1.kaspersky-labs.com

O1 - Hosts: 25.48.177.197 ftp.downloads2.kaspersky-labs.com

O1 - Hosts: 225.249.0.158 www.ftp.downloads2.kaspersky-labs.com

O1 - Hosts: 45.191.37.33 ftp.downloads3.kaspersky-labs.com

O1 - Hosts: 98.17.183.161 www.ftp.downloads3.kaspersky-labs.com

O1 - Hosts: 135.72.93.194 ftp.downloads4.kaspersky-labs.com

O1 - Hosts: 158.103.133.57 www.ftp.downloads4.kaspersky-labs.com

O1 - Hosts: 52.70.89.211 ftp.downloads5.kaspersky-labs.com

O1 - Hosts: 55.240.238.185 www.ftp.downloads5.kaspersky-labs.com

O1 - Hosts: 8.73.191.242 dnl-us3.kaspersky-labs.com

O1 - Hosts: 209.244.91.41 www.dnl-us3.kaspersky-labs.com

O1 - Hosts: 25.115.90.177 dnl-us4.kaspersky-labs.com

O1 - Hosts: 149.144.149.198 www.dnl-us4.kaspersky-labs.com

O1 - Hosts: 65.252.151.22 dnl-us5.kaspersky-labs.com

O1 - Hosts: 176.55.78.128 www.dnl-us5.kaspersky-labs.com

O1 - Hosts: 160.175.6.27 dnl-us6.kaspersky-labs.com

O1 - Hosts: 210.44.153.122 www.dnl-us6.kaspersky-labs.com

O1 - Hosts: 25.107.223.46 dnl-us7.kaspersky-labs.com

O1 - Hosts: 176.9.108.141 www.dnl-us7.kaspersky-labs.com

O1 - Hosts: 208.164.123.178 dnl-us8.kaspersky-labs.com

O1 - Hosts: 130.60.37.197 www.dnl-us8.kaspersky-labs.com

O1 - Hosts: 179.223.215.125 kaspersky.ru

O1 - Hosts: 134.133.2.226 www.kaspersky.ru

O1 - Hosts: 238.57.20.88 msk1.drweb.com

O1 - Hosts: 123.121.168.217 www.msk1.drweb.com

O1 - Hosts: 116.224.249.130 msk2.drweb.com

O1 - Hosts: 39.2.157.81 www.msk2.drweb.com

O1 - Hosts: 125.152.112.45 msk3.drweb.com

O1 - Hosts: 209.221.206.38 www.msk3.drweb.com

O1 - Hosts: 2.55.5.255 msk4.drweb.com

O1 - Hosts: 199.26.9.233 www.msk4.drweb.com

O1 - Hosts: 67.41.106.146 boss.drweb.comdrweb.com

O1 - Hosts: 218.159.132.94 www.boss.drweb.comdrweb.com

O1 - Hosts: 66.238.246.244 liveupdate.symantecliveupdate.com

O1 - Hosts: 221.166.85.253 www.liveupdate.symantecliveupdate.com

O1 - Hosts: 70.151.33.40 viruslist.com

O1 - Hosts: 42.58.247.114 www.viruslist.com

O1 - Hosts: 89.77.9.164 security.symantec.com

O1 - Hosts: 28.190.204.29 www.security.symantec.com

O1 - Hosts: 202.202.240.209 f-secure.com

O1 - Hosts: 150.102.149.146 www.f-secure.com

O1 - Hosts: 171.222.188.143 kaspersky-labs.com

O1 - Hosts: 123.188.251.26 www.kaspersky-labs.com

O1 - Hosts: 83.235.118.174 kaspersky.com

O1 - Hosts: 51.28.10.48 www.kaspersky.com

O1 - Hosts: 222.105.203.117 avp.com

O1 - Hosts: 45.56.177.5 www.avp.com

O1 - Hosts: 168.99.142.30 norman.com

O1 - Hosts: 87.150.67.252 www.norman.com

O1 - Hosts: 214.248.52.88 sandbox.norman.com

O1 - Hosts: 168.13.249.47 www.sandbox.norman.com

O1 - Hosts: 205.219.87.196 networkassociates.com

O1 - Hosts: 151.75.110.232 www.networkassociates.com

O1 - Hosts: 185.211.51.121 ca.com

O1 - Hosts: 161.82.33.41 www.ca.com

O1 - Hosts: 8.59.44.128 mast.mcafee.com

O1 - Hosts: 199.246.247.37 www.mast.mcafee.com

O1 - Hosts: 236.131.70.89 my-etrust.com

O1 - Hosts: 13.97.182.196 www.my-etrust.com

O1 - Hosts: 220.174.172.116 download.mcafee.com

O1 - Hosts: 252.143.139.35 www.download.mcafee.com

O1 - Hosts: 19.210.42.184 dispatch.mcafee.com

O1 - Hosts: 33.210.133.17 www.dispatch.mcafee.com

O1 - Hosts: 16.155.178.0 secure.nai.com

O1 - Hosts: 140.79.23.147 www.secure.nai.com

O1 - Hosts: 20.201.219.153 nai.com

O1 - Hosts: 81.127.154.97 www.nai.com

O1 - Hosts: 167.173.93.197 update.symantec.com

O1 - Hosts: 11.176.201.103 www.update.symantec.com

O1 - Hosts: 20.175.150.59 updates.symantec.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [ifcdiag] C:\WINDOWS\system32\ifcconf.exe

O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

O4 - HKLM\..\Run: [bDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"

O4 - HKLM\..\Run: [bDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [JustVoip] "D:\program files\justvoip.com\justvoip\justvoip.exe" -nosplash -minimized

O4 - HKCU\..\Run: [LowRateVoip] "C:\Documents and Settings\Administrator\Desktop\LowRateVoip.exe" -nosplash -minimized

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: FlexType 2K.lnk = D:\Program Files\Datecs\FlexType 2K\FType2K.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Make Mobile Logo - C:\PROGRA~1\MOBILE~1\MLogoContExt.html

O8 - Extra context menu item: Е&кспортирай в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Mobile Logo 123 - {1FB6C321-4DF9-4CEC-934D-A4E6CCAA9011} - C:\PROGRA~1\MOBILE~1\MLOGO1~1.DLL (file missing)

O9 - Extra 'Tools' menuitem: Mobile Logo 123 - {1FB6C321-4DF9-4CEC-934D-A4E6CCAA9011} - C:\PROGRA~1\MOBILE~1\MLOGO1~1.DLL (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173356073015

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: dbgmgr - ifcmgr32.dll (file missing)

O20 - Winlogon Notify: drmvndde - C:\WINDOWS\system32\drmvndde.dll (file missing)

O20 - Winlogon Notify: jpgmgr - jpgmgr32.dll (file missing)

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: SecureSrv - Unknown owner - D:\Program Files\Hide My IP 2008\SecureSrv.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--

End of file - 15181 bytes

След това:

Моля, изтеглете HijackThis от тук.

Запазете инструмента в негова собствена папка (Например в: C:\HJT).

След това, отворете HijackThis, и изберете Do a system scan and save a logfile.

Ще Ви се отвори Notepad. Моля, поставете съдържанието на Notepad.

Накрая очаквам логовете и от двете програми.

bg_fenka, сега:

1) Изтеглете ComboFix от: тук

2) Запазете го на работния си плот (десктоп).

3) Изключете Real-Time защитата на вашия антивирусен софтуер.

4) Кликнете два пъти върху combofix.exe

5) ComboFix ще започне да сканира вашата система, докато трае сканирането не барайте нищо. Накрая ще се рестартира компютъра Ви.

6) След рестарта изчакайте да завърши сканирането на ComboFix и да генерира лог файл. Когато сканирането завърши ще Ви изскочи Notepad, копирайте съдържанието му и го публикувайте в следващия си пост тук. Ако не Ви изскочи, влезте в C:\ и намерете файл с името combofix.txt . Отворете го, копирайте съдържанието му и го публикувайте тук.

Редактирано 11 юни 200916 г. от Fixer (преглед на промените)

http://store.picbg.net/pubpic/1D/90/eca880cbd8431d90.jpg

http://store.picbg.net/pubpic/9A/88/f9c1cab47c5a9a88.jpg

http://store.picbg.net/pubpic/82/CE/b29c5b555a1982ce.jpg

http://store.picbg.net/pubpic/BF/97/bb0f785edeb3bf97.jpg

http://store.picbg.net/pubpic/E0/9D/f2f829b12ad8e09d.jpg

http://store.picbg.net/pubpic/A4/11/1798f0ea321ba411.jpg

http://store.picbg.net/pubpic/E9/37/ac0481881704e937.jpg

това са всички вируси които kaspersky откри.Кои от тях вредят на Пц-то,кой са безобидни,кои от тях да изтрия и кои не,изобщо как да процедирам преинсталирах си уиндоуса 10 пъти и то с различни уиндоуси,но все нещо се прецаква...Ако може и да ми дадете линк към няоки свестен уиндоус без модификации и по ваша преценка дали да е със СП 2 или СП 3 (windows XP) Тези файлове дето са от хард дисковете "System volume Information" може ли да се оправят,вредат ли на хард диска ?

Такова тотално заразяване съм нямал и на виртуална машина. Виждам че имаш много инфектирани ехе-та. Защо първо не сканираш всички локални дискове с някое Live CD напр. DigiWiZ MiniPE, AntiVir Rescue System, Dr.Web LiveCD и едва тогава да правиш преинстал

bg_fenka, сега:

1) Изтеглете ComboFix от: тук

2) Запазете го на работния си плот (десктоп).

3) Изключете Real-Time защитата на вашия антивирусен софтуер.

4) Кликнете два пъти върху combofix.exe

5) ComboFix ще започне да сканира вашата система, докато трае сканирането не барайте нищо. Накрая ще се рестартира компютъра Ви.

6) След рестарта изчакайте да завърши сканирането на ComboFix и да генерира лог файл. Когато сканирането завърши ще Ви изскочи Notepad, копирайте съдържанието му и го публикувайте в следващия си пост тук. Ако не Ви изскочи, влезте в C:\ и намерете файл с името combofix.txt . Отворете го, копирайте съдържанието му и го публикувайте тук.

Това ми излезна,но компа не се рестартира.....

ComboFix 09-06-11.05 - Administrator 06/11/2009 22:39.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.446.133 [GMT 3:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: BitDefender 9 Professional Plus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FW: BitDefender 9 Professional Plus *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\50comupd.exe

.

((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 )))))))))))))))))))))))))))))))

.

2009-06-11 17:39 . 2009-06-11 17:39 -------- d-----w- c:\program files\Trend Micro

2009-06-11 17:38 . 2009-06-11 17:38 -------- d-----w- C:\hjt

2009-06-11 16:20 . 2009-06-11 16:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-06-11 16:19 . 2009-05-26 10:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-11 16:19 . 2009-06-11 16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-11 16:19 . 2009-06-11 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-06-11 16:19 . 2009-05-26 10:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-06 06:21 . 2005-07-15 08:48 40960 ------r- c:\windows\system32\ChCfg.exe

2009-06-06 06:21 . 2005-09-16 06:14 157184 ------r- c:\windows\system32\RtlCPAPI.dll

2009-06-06 06:21 . 2005-11-22 05:38 10475008 ------r- c:\windows\system32\RTLCPL.exe

2009-06-06 06:21 . 2005-11-22 06:44 3804416 ------r- c:\windows\system32\drivers\alcxwdm.sys

2009-06-06 06:21 . 2005-11-11 06:07 90112 ------r- c:\windows\soundman.exe

2009-06-06 06:20 . 2005-11-18 03:20 217088 ----a-r- c:\windows\Alcrmv.exe

2009-06-06 06:20 . 2005-11-18 03:14 307200 ------r- c:\windows\alcupd.exe

2009-06-05 22:16 . 2005-01-12 08:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL

2009-06-05 22:16 . 2004-09-28 08:13 526184 ----a-w- c:\windows\system32\XceedCry.dll

2009-06-05 22:16 . 2004-08-11 12:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin

2009-06-05 17:10 . 2009-06-05 21:53 -------- d-----w- c:\windows\SxsCaPendDel

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-11 19:53 . 2007-04-02 04:40 81984 ----a-w- c:\windows\system32\bdod.bin

2009-06-11 19:50 . 2007-02-08 16:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype

2009-06-11 17:31 . 2008-03-08 18:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM

2009-06-06 06:20 . 2006-12-27 14:37 -------- d-----w- c:\program files\Realtek AC97

2009-05-31 17:17 . 2008-07-19 09:52 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-05-05 21:49 . 2009-05-05 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\WNR

2009-05-04 12:51 . 2006-12-23 12:48 25456 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-04 12:51 . 2009-05-04 12:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\OLYMPUS

2009-04-28 23:14 . 2008-06-09 21:49 -------- d-----w- c:\documents and settings\bear\Application Data\Skype

2004-08-04 12:00 . 2004-08-04 12:00 94208 -csh--r- c:\windows\system32\dffvismd.exe

2004-08-04 12:00 . 2004-08-04 12:00 94208 --sh--r- c:\windows\system32\dfvvismd.exe

2004-08-04 12:00 . 2004-08-04 12:00 94208 -csh--r- c:\windows\system32\kstenbin.exe

2004-08-04 12:00 . 2004-08-04 12:00 94208 --sh--r- c:\windows\system32\kstvnbin.exe

2004-08-04 12:00 . 2004-08-04 12:00 100000 --sh--r- c:\windows\system32\lkavs3p.exe

2004-08-04 12:00 . 2004-08-04 12:00 100000 --sh--r- c:\windows\system32\netstdllp.exe

2004-08-04 12:00 . 2004-08-04 12:00 100000 --sh--r- c:\windows\system32\rdatasysp.exe

2004-08-04 12:00 . 2004-08-04 12:00 94208 -csh--r- c:\windows\system32\rscest32.exe

2004-08-04 12:00 . 2004-08-04 12:00 94208 --sh--r- c:\windows\system32\rscevt32.exe

2004-08-04 12:00 . 2004-08-04 12:00 94208 --sh--r- c:\windows\system32\winmgrsd.exe

2004-08-04 12:00 . 2004-08-04 12:00 94208 -csh--r- c:\windows\system32\winmgrsv.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-05 68856]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-11 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BDMCon"="c:\progra~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 372736]

"BDOESRV"="c:\program files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 90112]

"BDNewsAgent"="c:\progra~1\Softwin\BITDEF~1\bdnagent.exe" [2005-06-09 9728]

"BDSwitchAgent"="c:\progra~1\Softwin\BITDEF~1\bdswitch.exe" [2005-04-06 33280]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"FixCamera"="c:\windows\FixCamera.exe" [2006-06-01 20480]

"tsnp2std"="c:\windows\tsnp2std.exe" [2006-06-19 262144]

"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-07 53248]

"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2006-04-11 176128]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-11-11 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

FlexType 2K.lnk - d:\program files\Datecs\FlexType 2K\FType2K.exe [2008-10-23 95232]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\winmgrsv.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\WINDOWS\\system32\\winmgrsd.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1137:UDP"= 1137:UDP:Windows Media Format SDK (iexplore.exe)

"1136:UDP"= 1136:UDP:Windows Media Format SDK (iexplore.exe)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [1/3/2009 12:04 AM 2368]

R3 SecureSrv;SecureSrv;d:\program files\Hide My IP 2008\SecureSrv.exe [5/7/2009 12:07 AM 102704]

S0 d344prt;d344prt;c:\windows\system32\Drivers\d344prt.sys --> c:\windows\system32\Drivers\d344prt.sys [?]

S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [11/15/2006 5:08 PM 103936]

S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [2/9/2007 11:26 AM 3351]

.

Contents of the 'Scheduled Tasks' folder

2009-06-11 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-10-10 21:25]

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe

HKCU-Run-JustVoip - d:\program files\justvoip.com\justvoip\justvoip.exe

HKCU-Run-LowRateVoip - c:\documents and settings\Administrator\Desktop\LowRateVoip.exe

HKLM-Run-ifcdiag - c:\windows\system32\ifcconf.exe

HKLM-Explorer_Run-PoliciesDat - (no file)

HKLM-Explorer_Run-Options2 - (no file)

Notify-drmvndde - c:\windows\system32\drmvndde.dll

Notify-dbgmgr - ifcmgr32.dll

Notify-jpgmgr - jpgmgr32.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.lulin-net.com/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uInternet Connection Wizard,ShellNext = iexplore

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Make Mobile Logo - c:\progra~1\MOBILE~1\MLogoContExt.html

IE: Е&кспортирай в Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: {{1FB6C321-4DF9-4CEC-934D-A4E6CCAA9011} - {1FB6C321-4DF9-4CEC-934D-A4E6CCAA9011} - c:\progra~1\MOBILE~1\MLOGO1~1.DLL

LSP: c:\windows\system32\securenet.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-11 22:55

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)

c:\windows\system32\ginamsi.dll

- - - - - - - > 'lsass.exe'(756)

c:\windows\system32\securenet.dll

.

Completion time: 2009-06-11 22:58

ComboFix-quarantined-files.txt 2009-06-11 19:58

Pre-Run: 1,588,948,992 bytes free

Post-Run: 3,596,599,296 bytes free

148

Сега като сложих аваст при стартирането ми дава този вирус http://4storing.com/74dwng/bc3f25d107ceafb...19f0a2e450.html (това е снимка)

Ако го изтрия или преместа в клетката се появява CLI.exe грешката...Сега да сканирам със аваст целия комп и после от другата тема с другата програма така ли ?

Сега като сложих аваст при стартирането ми дава този вирус http://4storing.com/74dwng/bc3f25d107ceafb...19f0a2e450.html (това е снимка)

Ако го изтрия или преместа в клетката се появява CLI.exe грешката...Сега да сканирам със аваст целия комп и после от другата тема с другата програма така ли ?

В другата тема изпълнете ==Препоръчителни действия, преди да анализирате с HiJackThis == ,може и да не се наложи пре-инсталация,ако стриктно спазите препоръките дадени там.

е то пък след "cleanmgr" ми дава това http://store.picbg.net/pubpic/A7/6A/42bb6c026995a76a.JPG никаде не виждам Start => run => cleanmgr => More Options => System Restore => Clean UP какво да права ?

е то пък след "cleanmgr" ми дава това http://store.picbg.net/pubpic/A7/6A/42bb6c026995a76a.JPG никаде не виждам Start => run => cleanmgr => More Options => System Restore => Clean UP какво да права ?

Виждам, че ти е излязло това прозорче

Сега просто натискаш ОК. Преминаваш на таба More Options (При мен е Още опции), цъкаш на подчертаното долу, а именно Почистване (Clean Up ), както е на картинката долу.

На всичко друго даваш ОК (При мен е "ДА):

bg_fenka, добре. Отвори Start -> Run... и напиши ComboFix /u и накрая OK.

Моля, отворете HijackThis, и изберете Do a system scan only.

Сложете отметки на следните редове:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=66020

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66020

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66020

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66020

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66020

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

O1 - Hosts: 153.143.14.11 symantec.comsecurityresponse.symantec.com

O1 - Hosts: 95.121.157.68 www.symantec.comsecurityresponse.symantec.com

O1 - Hosts: 94.35.107.174 pandasoftware.com

O1 - Hosts: 178.54.7.246 www.pandasoftware.com

O1 - Hosts: 158.159.145.149 sophos.com

O1 - Hosts: 216.126.112.154 www.sophos.com

O1 - Hosts: 39.63.66.170 mcafee.com

O1 - Hosts: 48.6.25.69 www.mcafee.com

O1 - Hosts: 141.81.228.74 downloads-us1.kaspersky-labs.com

O1 - Hosts: 32.217.43.190 www.downloads-us1.kaspersky-labs.com

O1 - Hosts: 167.185.0.201 updates1.kaspersky-labs.com

O1 - Hosts: 144.209.50.1 www.updates1.kaspersky-labs.com

O1 - Hosts: 14.109.195.236 updates2.kaspersky-labs.com

O1 - Hosts: 108.34.156.191 www.updates2.kaspersky-labs.com

O1 - Hosts: 162.249.128.108 updates3.kaspersky-labs.com

O1 - Hosts: 38.208.63.220 www.updates3.kaspersky-labs.com

O1 - Hosts: 4.252.44.121 updates4.kaspersky-labs.com

O1 - Hosts: 49.51.208.240 www.updates4.kaspersky-labs.com

O1 - Hosts: 28.170.224.53 updates5.kaspersky-labs.com

O1 - Hosts: 135.122.109.199 www.updates5.kaspersky-labs.com

O1 - Hosts: 149.72.91.53 downloads1.kaspersky-labs.com

O1 - Hosts: 36.37.20.225 www.downloads1.kaspersky-labs.com

O1 - Hosts: 92.179.125.4 downloads2.kaspersky-labs.com

O1 - Hosts: 136.137.42.242 www.downloads2.kaspersky-labs.com

O1 - Hosts: 37.217.206.160 downloads3.kaspersky-labs.com

O1 - Hosts: 57.80.245.99 www.downloads3.kaspersky-labs.com

O1 - Hosts: 231.62.245.250 downloads4.kaspersky-labs.com

O1 - Hosts: 63.247.33.207 www.downloads4.kaspersky-labs.com

O1 - Hosts: 91.121.65.122 downloads5.kaspersky-labs.com

O1 - Hosts: 167.79.63.135 www.downloads5.kaspersky-labs.com

O1 - Hosts: 128.181.35.121 ftp.downloads1.kaspersky-labs.com

O1 - Hosts: 1.252.65.14 www.ftp.downloads1.kaspersky-labs.com

O1 - Hosts: 25.48.177.197 ftp.downloads2.kaspersky-labs.com

O1 - Hosts: 225.249.0.158 www.ftp.downloads2.kaspersky-labs.com

O1 - Hosts: 45.191.37.33 ftp.downloads3.kaspersky-labs.com

O1 - Hosts: 98.17.183.161 www.ftp.downloads3.kaspersky-labs.com

O1 - Hosts: 135.72.93.194 ftp.downloads4.kaspersky-labs.com

O1 - Hosts: 158.103.133.57 www.ftp.downloads4.kaspersky-labs.com

O1 - Hosts: 52.70.89.211 ftp.downloads5.kaspersky-labs.com

O1 - Hosts: 55.240.238.185 www.ftp.downloads5.kaspersky-labs.com

O1 - Hosts: 8.73.191.242 dnl-us3.kaspersky-labs.com

O1 - Hosts: 209.244.91.41 www.dnl-us3.kaspersky-labs.com

O1 - Hosts: 25.115.90.177 dnl-us4.kaspersky-labs.com

O1 - Hosts: 149.144.149.198 www.dnl-us4.kaspersky-labs.com

O1 - Hosts: 65.252.151.22 dnl-us5.kaspersky-labs.com

O1 - Hosts: 176.55.78.128 www.dnl-us5.kaspersky-labs.com

O1 - Hosts: 160.175.6.27 dnl-us6.kaspersky-labs.com

O1 - Hosts: 210.44.153.122 www.dnl-us6.kaspersky-labs.com

O1 - Hosts: 25.107.223.46 dnl-us7.kaspersky-labs.com

O1 - Hosts: 176.9.108.141 www.dnl-us7.kaspersky-labs.com

O1 - Hosts: 208.164.123.178 dnl-us8.kaspersky-labs.com

O1 - Hosts: 130.60.37.197 www.dnl-us8.kaspersky-labs.com

O1 - Hosts: 179.223.215.125 kaspersky.ru

O1 - Hosts: 134.133.2.226 www.kaspersky.ru

O1 - Hosts: 238.57.20.88 msk1.drweb.com

O1 - Hosts: 123.121.168.217 www.msk1.drweb.com

O1 - Hosts: 116.224.249.130 msk2.drweb.com

O1 - Hosts: 39.2.157.81 www.msk2.drweb.com

O1 - Hosts: 125.152.112.45 msk3.drweb.com

O1 - Hosts: 209.221.206.38 www.msk3.drweb.com

O1 - Hosts: 2.55.5.255 msk4.drweb.com

O1 - Hosts: 199.26.9.233 www.msk4.drweb.com

O1 - Hosts: 67.41.106.146 boss.drweb.comdrweb.com

O1 - Hosts: 218.159.132.94 www.boss.drweb.comdrweb.com

O1 - Hosts: 66.238.246.244 liveupdate.symantecliveupdate.com

O1 - Hosts: 221.166.85.253 www.liveupdate.symantecliveupdate.com

O1 - Hosts: 70.151.33.40 viruslist.com

O1 - Hosts: 42.58.247.114 www.viruslist.com

O1 - Hosts: 89.77.9.164 security.symantec.com

O1 - Hosts: 28.190.204.29 www.security.symantec.com

O1 - Hosts: 202.202.240.209 f-secure.com

O1 - Hosts: 150.102.149.146 www.f-secure.com

O1 - Hosts: 171.222.188.143 kaspersky-labs.com

O1 - Hosts: 123.188.251.26 www.kaspersky-labs.com

O1 - Hosts: 83.235.118.174 kaspersky.com

O1 - Hosts: 51.28.10.48 www.kaspersky.com

O1 - Hosts: 222.105.203.117 avp.com

O1 - Hosts: 45.56.177.5 www.avp.com

O1 - Hosts: 168.99.142.30 norman.com

O1 - Hosts: 87.150.67.252 www.norman.com

O1 - Hosts: 214.248.52.88 sandbox.norman.com

O1 - Hosts: 168.13.249.47 www.sandbox.norman.com

O1 - Hosts: 205.219.87.196 networkassociates.com

O1 - Hosts: 151.75.110.232 www.networkassociates.com

O1 - Hosts: 185.211.51.121 ca.com

O1 - Hosts: 161.82.33.41 www.ca.com

O1 - Hosts: 8.59.44.128 mast.mcafee.com

O1 - Hosts: 199.246.247.37 www.mast.mcafee.com

O1 - Hosts: 236.131.70.89 my-etrust.com

O1 - Hosts: 13.97.182.196 www.my-etrust.com

O1 - Hosts: 220.174.172.116 download.mcafee.com

O1 - Hosts: 252.143.139.35 www.download.mcafee.com

O1 - Hosts: 19.210.42.184 dispatch.mcafee.com

O1 - Hosts: 33.210.133.17 www.dispatch.mcafee.com

O1 - Hosts: 16.155.178.0 secure.nai.com

O1 - Hosts: 140.79.23.147 www.secure.nai.com

O1 - Hosts: 20.201.219.153 nai.com

O1 - Hosts: 81.127.154.97 www.nai.com

O1 - Hosts: 167.173.93.197 update.symantec.com

O1 - Hosts: 11.176.201.103 www.update.symantec.com

O1 - Hosts: 20.175.150.59 updates.symantec.com

O9 - Extra button: Mobile Logo 123 - {1FB6C321-4DF9-4CEC-934D-A4E6CCAA9011} - C:\PROGRA~1\MOBILE~1\MLOGO1~1.DLL (file missing)

O9 - Extra 'Tools' menuitem: Mobile Logo 123 - {1FB6C321-4DF9-4CEC-934D-A4E6CCAA9011} - C:\PROGRA~1\MOBILE~1\MLOGO1~1.DLL (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O20 - Winlogon Notify: dbgmgr - ifcmgr32.dll (file missing)

O20 - Winlogon Notify: drmvndde - C:\WINDOWS\system32\drmvndde.dll (file missing)

O20 - Winlogon Notify: jpgmgr - jpgmgr32.dll (file missing)

След това, затворете всички отворени прозорци, освен този на HiJackThis, и изберете Fix checked.

Моля, отидете на Start --> Settings --> Control Panel --> Add or Remove Programs, и деинсталирайте следните програми (Ако присъстват в списъка):

Adobe Reader

Всички Toolbars

Накрая рестартирайте компютъра си.

След рестарта:

Изтегли LSPFix и я стартирай.

Сложи отметка пред I know what i'm doing и след това посочи файла securenet.dll (от лявата страна и със стрелкичките го вкарай вдясно...Избери Finish)...

Отново ще се рестартира компютъра. След рестарта:

Сега, изтеглете ATF Cleaner

Запазете го на вашия десктоп.

• Кликнете два пъти върху ATF-Cleaner.exe , за да стартирате програмата.
  
• Кликнете на Select All, който се намира в най-долната част на списъка.
  
• Кликнете на бутона Empty Selected.
  

Ако използвате браузъра Mozilla Firefox, направете следното:

• Кликнете върху Firefox, който се намира в началото и изберете Select All от списъка.
  
• Кликнете на бутона Empty Selected.
  
• Бележка: Ако искате да съхраните запазените пароли, моля кликнете на No от новопоявилия се прозорец.
  

Ако използвате браузъра Opera, направете следното:

• Кликнете върху Opera който се намира в началото и изберете Select All от списъка.
  
• Кликнете на бутона Empty Selected.
  
• Бележка: Ако искате да съхраните запазените пароли, моля кликнете на No от новопоявилия се прозорец.
  

Кликнете на бутона Exit, който се намира в главното меню, за да затворите програмата.

И накрая пуснете един нов лог файл от HiJAckThis, за да видя какво е положението.

Последните 3 на които каза да сложа отметйа,тия с 020 ги нямам !

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:45:16 PM, on 6/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

C:\Program Files\Softwin\BitDefender9\bdoesrv.exe

C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe

C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Skype\Phone\Skype.exe

D:\Program Files\Datecs\FlexType 2K\FType2K.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Softwin\BitDefender9\vsserv.exe

D:\Program Files\Hide My IP 2008\SecureSrv.exe

C:\Program Files\Skype\Plugin Manager\SkypePM.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: 84.129.67.70 www.updates.symantec.com

O1 - Hosts: 232.203.8.165 us.mcafee.com

O1 - Hosts: 78.105.13.208 www.us.mcafee.com

O1 - Hosts: 119.16.217.32 liveupdate.symantec.com

O1 - Hosts: 29.49.13.143 www.liveupdate.symantec.com

O1 - Hosts: 87.32.82.192 customer.symantec.com

O1 - Hosts: 107.117.144.63 www.customer.symantec.com

O1 - Hosts: 227.179.97.9 rads.mcafee.com

O1 - Hosts: 227.39.197.79 www.rads.mcafee.com

O1 - Hosts: 185.19.23.119 trendmicro.com

O1 - Hosts: 182.12.63.100 www.trendmicro.com

O1 - Hosts: 60.161.42.247 grisoft.com

O1 - Hosts: 25.61.119.213 www.grisoft.com

O1 - Hosts: 19.79.115.107 esaugumas.lt

O1 - Hosts: 196.167.72.48 www.esaugumas.lt

O1 - Hosts: 169.35.113.42 antivirus.esaugumas.lt

O1 - Hosts: 117.140.113.180 www.antivirus.esaugumas.lt

O1 - Hosts: 171.187.197.126 esecurity.lt

O1 - Hosts: 107.0.23.213 www.esecurity.lt

O1 - Hosts: 140.196.180.37 virustotal.com

O1 - Hosts: 236.108.64.188 www.virustotal.com

O1 - Hosts: 4.129.169.208 windowsupdate.microsoft.com

O1 - Hosts: 192.14.89.196 www.windowsupdate.microsoft.com

O1 - Hosts: 141.74.176.167 microsoft.com

O1 - Hosts: 179.119.177.254 www.microsoft.com

O1 - Hosts: 229.10.251.195 virusscan.jotti.org

O1 - Hosts: 22.12.251.173 www.virusscan.jotti.org

O1 - Hosts: 143.192.97.178 bkav.com.vn

O1 - Hosts: 63.134.208.203 www.bkav.com.vn

O1 - Hosts: 82.255.218.247 grisoft.czfree.grisoft.com

O1 - Hosts: 5.114.43.130 www.grisoft.czfree.grisoft.com

O1 - Hosts: 184.111.4.135 bitdefender.com

O1 - Hosts: 68.178.236.180 www.bitdefender.com

O1 - Hosts: 144.73.162.77 aonealarm.com

O1 - Hosts: 95.250.85.115 www.aonealarm.com

O1 - Hosts: 108.223.23.167 barracudanetworks.com

O1 - Hosts: 185.83.144.138 www.barracudanetworks.com

O1 - Hosts: 36.18.239.230 free-av.com

O1 - Hosts: 59.155.38.242 www.free-av.com

O1 - Hosts: 81.217.87.210 avast.com

O1 - Hosts: 210.3.137.94 www.avast.com

O1 - Hosts: 211.193.160.36 pandasecurity.com

O1 - Hosts: 237.144.140.176 www.pandasecurity.com

O1 - Hosts: 76.103.192.11 nod32-es.com

O1 - Hosts: 3.155.230.129 www.nod32-es.com

O1 - Hosts: 162.0.209.167 nod32.com

O1 - Hosts: 11.81.179.157 www.nod32.com

O1 - Hosts: 129.209.144.145 eset.com

O1 - Hosts: 2.51.242.132 www.eset.com

O1 - Hosts: 215.183.223.81 nod32.it

O1 - Hosts: 105.151.8.235 www.nod32.it

O1 - Hosts: 86.161.67.230 nod32.de

O1 - Hosts: 196.37.59.57 www.nod32.de

O1 - Hosts: 246.17.102.66 nod32.nl

O1 - Hosts: 29.91.56.10 www.nod32.nl

O1 - Hosts: 112.159.151.203 nod32.datsec.de

O1 - Hosts: 126.10.142.175 www.nod32.datsec.de

O1 - Hosts: 195.118.69.219 download0.avast.com

O1 - Hosts: 122.214.49.172 sl0.avast.com

O1 - Hosts: 179.213.136.64 rs0.avast.com

O1 - Hosts: 165.186.248.57 download1.avast.com

O1 - Hosts: 69.143.152.189 sl1.avast.com

O1 - Hosts: 24.130.31.193 rs1.avast.com

O1 - Hosts: 69.139.84.136 download2.avast.com

O1 - Hosts: 238.79.197.102 sl2.avast.com

O1 - Hosts: 192.69.188.202 rs2.avast.com

O1 - Hosts: 201.23.111.124 download3.avast.com

O1 - Hosts: 138.75.119.34 sl3.avast.com

O1 - Hosts: 78.34.131.9 rs3.avast.com

O1 - Hosts: 186.192.78.34 download4.avast.com

O1 - Hosts: 164.142.206.75 sl4.avast.com

O1 - Hosts: 41.221.175.208 rs4.avast.com

O1 - Hosts: 249.204.255.50 download5.avast.com

O1 - Hosts: 246.107.43.39 sl5.avast.com

O1 - Hosts: 254.32.42.225 rs5.avast.com

O1 - Hosts: 4.74.248.147 download6.avast.com

O1 - Hosts: 102.37.70.50 sl6.avast.com

O1 - Hosts: 122.238.112.121 rs6.avast.com

O1 - Hosts: 106.71.175.47 download7.avast.com

O1 - Hosts: 67.220.144.172 sl7.avast.com

O1 - Hosts: 72.71.164.154 rs7.avast.com

O1 - Hosts: 140.49.121.249 download8.avast.com

O1 - Hosts: 192.186.202.101 sl8.avast.com

O1 - Hosts: 73.27.243.156 rs8.avast.com

O1 - Hosts: 150.138.167.59 download9.avast.com

O1 - Hosts: 176.95.229.200 sl9.avast.com

O1 - Hosts: 18.116.40.245 rs9.avast.com

O1 - Hosts: 188.209.223.35 download10.avast.com

O1 - Hosts: 131.137.28.38 sl10.avast.com

O1 - Hosts: 171.223.144.72 rs10.avast.com

O1 - Hosts: 183.173.183.144 download11.avast.com

O1 - Hosts: 128.7.80.68 sl11.avast.com

O1 - Hosts: 133.27.16.172 rs11.avast.com

O1 - Hosts: 130.91.151.25 download12.avast.com

O1 - Hosts: 68.223.163.38 sl12.avast.com

O1 - Hosts: 187.4.132.62 rs12.avast.com

O1 - Hosts: 81.90.208.94 download13.avast.com

O1 - Hosts: 122.189.87.28 sl13.avast.com

O1 - Hosts: 140.193.89.233 rs13.avast.com

O1 - Hosts: 210.84.247.147 download14.avast.com

O1 - Hosts: 219.158.232.14 sl14.avast.com

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

O4 - HKLM\..\Run: [bDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"

O4 - HKLM\..\Run: [bDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: FlexType 2K.lnk = D:\Program Files\Datecs\FlexType 2K\FType2K.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Make Mobile Logo - C:\PROGRA~1\MOBILE~1\MLogoContExt.html

O8 - Extra context menu item: Е&кспортирай в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173356073015

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: SecureSrv - Unknown owner - D:\Program Files\Hide My IP 2008\SecureSrv.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--

End of file - 10208 bytes

Редактирано 13 юни 200916 г. от mihnev_sz
Избягвайте прекомерно дългите цитати (преглед на промените)

От няколко дена насам имам, така да го нарека, проблем, който много ме дразни. Потребител на Опера съм и, ако някой я ползва знае, че тя има вградена поща * към опциите *. Та значи за проблема - от скоро без да бутам абсолютно нищо ми излиза тази поща като подпрозорец. Първоначално реших може да бутам нещо и рестартирах, но след това продължи... Дори да затворя подпрозореца той отново се появява от самосебе си .. Както си пиша някъде и изведнъж си се появява. Ако цъкна на друг * без да го затварям * често пак сам си става така да се каже "главен". Много е дразнещо ! Но не е само това ! Когато затворя операта започва същото със Outlook-a ! Пак така отначало ми искаше да го инсталирам .. реших да го инсталирам, но не спря почна сам да се отваря - пак и пак и пак и пак .... Махнах Офис пакета * въпреки че не виждах какво може да причинява той и на операта * но не спря ... Операта продължи да прави така. Сканирах няколко пъти за вируси и нищо не намира ?!?! Не мога да разбера какво става ? Някой да има идея какво може да е и как да го оправя ? Или май пак ще трябва да преинсталирам ...

Редактирано 13 юни 200916 г. от Scater (преглед на промените)