Здравейте,

Мой приятел се е заразил с този новия троянец дето върви по скайпа.

Пуска го в нета само за 2 секунди затова ще пиша с моят акаунт и ще му казвам какво да прави (ако ми помогнете де).

Знам че днеска се пие ама ако има някой трезвен да помогне и да каже какво да правя.

Предварително ви благодаря.

А само да добавя че съм сканирал харда му на моя комп с касперски,Malwarebytes' Anti-Malware и Ad-Aware

Касперски намери над 800 заразени обекта а Malwarebytes' Anti-Malware над 30 и уж харда е чист пък ей сега като го вкл. към неговия комп и вика,че не можел да прави нищо.

Редактирано 31 декември 200916 г. от Big_N (преглед на промените)

Бихте ли предоставили лог файловете от Kaspersky и MalwareBytes' Anti-Malware. Искам да видя какво са открили.

Лог файла на касперски е за целият период.Предоставям и лог на OTL.ex

Extras.Txt

Kaspersky.txt

mbam-log-2009-12-31 (09-13-02).txt

OTL.Txt

Стъпка 1:

Моля, отидете на Start --> Settings --> Control Panel --> Add or Remove Programs, и деинсталирайте следните програми (Ако присъстват в списъка):

Ask Toolbar

Winamp

Деинсталираме и Winamp, защото видях в лога, че е имало проблеми с Winamp, затова е добре да го актуализирате. Можете да си изтеглите актуална версия от:

http://www.kaldata.com/comments.php?catid=1&id=46896

Стъпка 2:

• Стартирайте OTL.exe
  
• Под Custom Scans/Fixes поставете следния скрипт:
  

:OTL

IE - HKU\S-1-5-21-1390067357-1972579041-682003330-1003\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL File not found

O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL File not found

O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File not found

O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File not found

O3 - HKU\S-1-5-21-1390067357-1972579041-682003330-1003\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File not found

O4 - HKLM..\Run: [aimbnxbnwh] C:\WINDOWS\System32\qgspjbnhyrmfujimnt.exe ()

O4 - HKLM..\Run: [aoytlbldsjctgtqs] C:\Documents and Settings\Niksan\Local Settings\Temp\aoytlbldsjctgtqs.exe ()

O4 - HKLM..\Run: [My Web Search Bar] C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL File not found

O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe File not found

O4 - HKLM..\Run: [MyWebSearch Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL File not found

O4 - HKU\S-1-5-21-1390067357-1972579041-682003330-1003..\Run: [aimbnxbnwh] C:\Documents and Settings\Niksan\Local Settings\Temp\hwhdwnyrhztlznloo.exe ()

O4 - HKU\S-1-5-21-1390067357-1972579041-682003330-1003..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe File not found

O4 - HKU\S-1-5-21-1390067357-1972579041-682003330-1003..\Run: [rcjbqdkzlzpdn] C:\WINDOWS\System32\qgspjbnhyrmfujimnt.exe ()

O4 - HKLM..\RunOnce: [vejzmxcpzlz] C:\WINDOWS\System32\hwhdwnyrhztlznloo.exe ()

O4 - HKLM..\RunOnce: [virlcrarfvndpbx] C:\Documents and Settings\Niksan\Local Settings\Temp\hwhdwnyrhztlznloo.exe ()

O4 - HKU\S-1-5-21-1390067357-1972579041-682003330-1003..\RunOnce: [semfvjrhujapal] C:\WINDOWS\System32\dwllidspjfdzrjlswfnew.exe ()

O4 - HKU\S-1-5-21-1390067357-1972579041-682003330-1003..\RunOnce: [vejzmxcpzlz] C:\Documents and Settings\Niksan\Local Settings\Temp\hwhdwnyrhztlznloo.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: sciznzftergt = bsfdyrezrlhbrhhmovb.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: horfqzcnv = C:\DOCUME~1\Niksan\LOCALS~1\Temp\qgspjbnhyrmfujimnt.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\S-1-5-21-1390067357-1972579041-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.exe (Reg Error: Value error.)

O20 - HKLM Winlogon: UIHost - (C:\Documents) - File not found

O20 - HKLM Winlogon: UIHost - (and) - File not found

O20 - HKLM Winlogon: UIHost - (Settings\All) - File not found

O20 - HKLM Winlogon: UIHost - (Users\Application) - File not found

O20 - HKLM Winlogon: UIHost - (Data\TuneUp) - File not found

O20 - HKLM Winlogon: UIHost - (Software\TuneUp) - File not found

O20 - HKLM Winlogon: UIHost - (Utilities\WinStyler\tu_logonui.exe) - File not found

O32 - AutoRun File - [2010.01.03 14:21:58 | 00,000,841 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010.01.03 14:21:58 | 00,000,825 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{2ce68f22-dd75-11de-b94b-0004619e497e}\Shell\AutoRun\command - "" = H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found

O33 - MountPoints2\{2ce68f22-dd75-11de-b94b-0004619e497e}\Shell\open\command - "" = H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found

O33 - MountPoints2\{2ce68f23-dd75-11de-b94b-0004619e497e}\Shell\AutoRun\command - "" = I:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found

O33 - MountPoints2\{2ce68f23-dd75-11de-b94b-0004619e497e}\Shell\open\command - "" = I:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found

O33 - MountPoints2\{d4066d50-c898-11de-9f1e-806d6172696f}\Shell\AutoRun\command - "" = C:\qwylvdfp.bat -- [2009.04.09 04:05:11 | 00,577,536 | RHS- | M] ()

O33 - MountPoints2\{d4066d50-c898-11de-9f1e-806d6172696f}\Shell\explore\Command - "" = C:\sciznzftergt.bat -- [2009.04.09 04:05:11 | 00,577,536 | RHS- | M] ()

O33 - MountPoints2\{d4066d50-c898-11de-9f1e-806d6172696f}\Shell\open\Command - "" = C:\aimbnxbnwh.bat -- [2009.04.09 04:05:11 | 00,577,536 | RHS- | M] ()

O33 - MountPoints2\{d4066d51-c898-11de-9f1e-806d6172696f}\Shell\AutoRun\command - "" = D:\qwylvdfp.bat -- [2009.07.07 03:18:33 | 00,577,536 | RHS- | M] ()

O33 - MountPoints2\{d4066d51-c898-11de-9f1e-806d6172696f}\Shell\explore\Command - "" = D:\sciznzftergt.bat -- [2009.07.07 03:18:33 | 00,577,536 | RHS- | M] ()

O33 - MountPoints2\{d4066d51-c898-11de-9f1e-806d6172696f}\Shell\open\Command - "" = D:\aimbnxbnwh.bat -- [2009.07.07 03:18:33 | 00,577,536 | RHS- | M] ()

O33 - MountPoints2\{e8e502c7-ea1c-11de-b954-0004619e497e}\Shell\AutoRun\command - "" = H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found

O33 - MountPoints2\{e8e502c7-ea1c-11de-b954-0004619e497e}\Shell\open\command - "" = H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found

[2010.01.02 12:38:26 | 00,000,000 | -HSD | C] -- C:\found.000

[2010.01.03 15:13:34 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\horfqzcnvfrbhndyqnjoubsdfyfiwhq.emw

[2010.01.03 15:13:34 | 00,002,408 | -H-- | M] () -- C:\Program Files\horfqzcnvfrbhndyqnjoubsdfyfiwhq.emw

[2010.01.03 15:13:34 | 00,002,408 | -H-- | M] () -- C:\Documents and Settings\Niksan\Local Settings\Application Data\horfqzcnvfrbhndyqnjoubsdfyfiwhq.emw

[2010.01.03 15:13:34 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\fcvzazstrrttplrckxjea.efx

[2010.01.03 15:13:34 | 00,000,280 | -H-- | M] () -- C:\Program Files\fcvzazstrrttplrckxjea.efx

[2010.01.03 15:13:34 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\Niksan\Local Settings\Application Data\fcvzazstrrttplrckxjea.efx

[2010.01.03 15:13:29 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\uoefdzpnifebunqydnwohb.exe

[2010.01.03 15:13:29 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\qgspjbnhyrmfujimnt.exe

[2010.01.03 15:13:29 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\ogutpjxtmhezqhiorzgw.exe

[2010.01.03 15:13:29 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\dwllidspjfdzrjlswfnew.exe

[2010.01.03 15:13:29 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\bsfdyrezrlhbrhhmovb.exe

[2010.01.03 15:13:28 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\hwhdwnyrhztlznloo.exe

[2010.01.03 15:13:28 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\aoytlbldsjctgtqs.exe

[2010.01.03 15:13:14 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\System32\horfqzcnvfrbhndyqnjoubsdfyfiwhq.emw

[2010.01.03 15:13:14 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\fcvzazstrrttplrckxjea.efx

[2010.01.03 15:13:11 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\System32\sciznzftergtclecxxwenxrfkgqwnbnths.uhq

[2010.01.03 15:13:11 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\sciznzftergtclecxxwenxrfkgqwnbnths.uhq

[2010.01.03 15:13:11 | 00,000,316 | -H-- | M] () -- C:\Program Files\sciznzftergtclecxxwenxrfkgqwnbnths.uhq

[2010.01.03 15:13:11 | 00,000,316 | -H-- | M] () -- C:\Documents and Settings\Niksan\Local Settings\Application Data\sciznzftergtclecxxwenxrfkgqwnbnths.uhq

[2010.01.03 15:01:00 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010.01.03 14:21:58 | 00,000,841 | RHS- | M] () -- C:\autorun.inf

[2010.01.03 13:08:59 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\uoefdzpnifebunqydnwohb.exe

[2010.01.03 13:08:59 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\qgspjbnhyrmfujimnt.exe

[2010.01.03 13:08:59 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\ogutpjxtmhezqhiorzgw.exe

[2010.01.03 13:08:59 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\dwllidspjfdzrjlswfnew.exe

[2010.01.03 13:08:59 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\bsfdyrezrlhbrhhmovb.exe

[2010.01.03 13:08:59 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\aoytlbldsjctgtqs.exe

[2010.01.03 12:51:29 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\hwhdwnyrhztlznloo.exe

[2010.01.02 19:04:58 | 00,000,268 | -H-- | M] () -- C:\WINDOWS\System32\rcjbqdkzlzpdnxrqmnnwgrmbhepwodqxmym.qak

[2010.01.02 19:04:58 | 00,000,268 | -H-- | M] () -- C:\WINDOWS\rcjbqdkzlzpdnxrqmnnwgrmbhepwodqxmym.qak

[2010.01.02 19:04:58 | 00,000,268 | -H-- | M] () -- C:\Program Files\rcjbqdkzlzpdnxrqmnnwgrmbhepwodqxmym.qak

[2010.01.02 19:04:58 | 00,000,268 | -H-- | M] () -- C:\Documents and Settings\Niksan\Local Settings\Application Data\rcjbqdkzlzpdnxrqmnnwgrmbhepwodqxmym.qak

[2010.01.02 18:45:58 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\System32\aimbnxbnwhufmtkgzxuahphtwqycrdnr.mxk

[2010.01.02 18:45:58 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\aimbnxbnwhufmtkgzxuahphtwqycrdnr.mxk

[2010.01.02 18:45:58 | 00,004,248 | -H-- | M] () -- C:\Program Files\aimbnxbnwhufmtkgzxuahphtwqycrdnr.mxk

[2010.01.02 18:45:58 | 00,004,248 | -H-- | M] () -- C:\Documents and Settings\Niksan\Local Settings\Application Data\aimbnxbnwhufmtkgzxuahphtwqycrdnr.mxk

[2010.01.02 18:47:09 | 00,002,408 | -H-- | C] () -- C:\WINDOWS\System32\horfqzcnvfrbhndyqnjoubsdfyfiwhq.emw

[2010.01.02 18:47:09 | 00,002,408 | -H-- | C] () -- C:\WINDOWS\horfqzcnvfrbhndyqnjoubsdfyfiwhq.emw

[2010.01.02 18:47:09 | 00,002,408 | -H-- | C] () -- C:\Program Files\horfqzcnvfrbhndyqnjoubsdfyfiwhq.emw

[2010.01.02 18:47:09 | 00,002,408 | -H-- | C] () -- C:\Documents and Settings\Niksan\Local Settings\Application Data\horfqzcnvfrbhndyqnjoubsdfyfiwhq.emw

[2010.01.02 18:46:40 | 00,000,316 | -H-- | C] () -- C:\WINDOWS\System32\sciznzftergtclecxxwenxrfkgqwnbnths.uhq

[2010.01.02 18:46:40 | 00,000,316 | -H-- | C] () -- C:\WINDOWS\sciznzftergtclecxxwenxrfkgqwnbnths.uhq

[2010.01.02 18:46:40 | 00,000,316 | -H-- | C] () -- C:\Program Files\sciznzftergtclecxxwenxrfkgqwnbnths.uhq

[2010.01.02 18:46:40 | 00,000,316 | -H-- | C] () -- C:\Documents and Settings\Niksan\Local Settings\Application Data\sciznzftergtclecxxwenxrfkgqwnbnths.uhq

[2010.01.02 18:46:40 | 00,000,268 | -H-- | C] () -- C:\WINDOWS\System32\rcjbqdkzlzpdnxrqmnnwgrmbhepwodqxmym.qak

[2010.01.02 18:46:40 | 00,000,268 | -H-- | C] () -- C:\WINDOWS\rcjbqdkzlzpdnxrqmnnwgrmbhepwodqxmym.qak

[2010.01.02 18:46:40 | 00,000,268 | -H-- | C] () -- C:\Program Files\rcjbqdkzlzpdnxrqmnnwgrmbhepwodqxmym.qak

[2010.01.02 18:46:40 | 00,000,268 | -H-- | C] () -- C:\Documents and Settings\Niksan\Local Settings\Application Data\rcjbqdkzlzpdnxrqmnnwgrmbhepwodqxmym.qak

[2010.01.02 18:46:33 | 00,000,841 | RHS- | C] () -- C:\autorun.inf

[2010.01.02 18:45:58 | 00,004,248 | -H-- | C] () -- C:\WINDOWS\System32\aimbnxbnwhufmtkgzxuahphtwqycrdnr.mxk

[2010.01.02 18:45:58 | 00,004,248 | -H-- | C] () -- C:\WINDOWS\aimbnxbnwhufmtkgzxuahphtwqycrdnr.mxk

[2010.01.02 18:45:58 | 00,004,248 | -H-- | C] () -- C:\Program Files\aimbnxbnwhufmtkgzxuahphtwqycrdnr.mxk

[2010.01.02 18:45:58 | 00,004,248 | -H-- | C] () -- C:\Documents and Settings\Niksan\Local Settings\Application Data\aimbnxbnwhufmtkgzxuahphtwqycrdnr.mxk

[2010.01.02 18:45:58 | 00,000,280 | -H-- | C] () -- C:\WINDOWS\System32\fcvzazstrrttplrckxjea.efx

[2010.01.02 18:45:58 | 00,000,280 | -H-- | C] () -- C:\WINDOWS\fcvzazstrrttplrckxjea.efx

[2010.01.02 18:45:58 | 00,000,280 | -H-- | C] () -- C:\Program Files\fcvzazstrrttplrckxjea.efx

[2010.01.02 18:45:58 | 00,000,280 | -H-- | C] () -- C:\Documents and Settings\Niksan\Local Settings\Application Data\fcvzazstrrttplrckxjea.efx

[2010.01.02 18:45:44 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\uoefdzpnifebunqydnwohb.exe

[2010.01.02 18:45:44 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\qgspjbnhyrmfujimnt.exe

[2010.01.02 18:45:44 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\ogutpjxtmhezqhiorzgw.exe

[2010.01.02 18:45:44 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\hwhdwnyrhztlznloo.exe

[2010.01.02 18:45:44 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\dwllidspjfdzrjlswfnew.exe

[2010.01.02 18:45:44 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\bsfdyrezrlhbrhhmovb.exe

[2010.01.02 18:45:43 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\uoefdzpnifebunqydnwohb.exe

[2010.01.02 18:45:43 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\qgspjbnhyrmfujimnt.exe

[2010.01.02 18:45:43 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\ogutpjxtmhezqhiorzgw.exe

[2010.01.02 18:45:43 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\hwhdwnyrhztlznloo.exe

[2010.01.02 18:45:43 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\dwllidspjfdzrjlswfnew.exe

[2010.01.02 18:45:43 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\bsfdyrezrlhbrhhmovb.exe

[2010.01.02 18:45:43 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\aoytlbldsjctgtqs.exe

[2010.01.02 18:45:43 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\aoytlbldsjctgtqs.exe


:Commands

[purity]

[emptytemp]

[Reboot]

• След това, кликнете върху бутона Run Fix
  
• Търпеливо изчакайте, докато програмата приключи своята работа. След, като нейната работа приключи, компютърът Ви ще се рестартира.
  

След рестартирането на компютъра, стартирайте отново OTL.exe и кликнете върху бутона Quick Scan. Накрая ще бъде генериран лог файл, който е необходимо да копирате и публикувате в следващия Ви коментар в тази тема.

Извинявам се за закъснението.OTL.Txt

Изтеглете ComboFix от някой от следните линкове:

Линк 1

Линк 2

* ВАЖНО !!! Запазете ComboFix.exe на вашия десктоп

• Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

• Преименувайте ComboFix.exe на Tool.exe

• Стартирайте Tool.exe и следвайте инструкциите.

Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

• Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

• Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

Изберете Yes, за да продължи сканирането за зловреден софтуер.

Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

Бележка:

1. Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
   
2. ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
   
3. ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
   
4. ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
   
5. В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

П.П.: Само да предупредя, че съм на линия до 19:30 максимум, след това отивам да празнувам. И аз съм човек и мисля, че това е последния ми шанс да разбера нещо и аз от празниците.

Благодаря ви много за помоща инструкциите от последният ви пост ще ги изпълня след нова година.

Пожелавам ви приятно и весело изкарване на новата година.

Благодаря и на Вас!

За много години!

Ето и лога от ComboFix

ComboFix 10-01-02.05 - Niksan 01.2010 г.  18:18:58.1.1 - x86

Microsoft Windows XP Professional  5.1.2600.2.1251.359.1033.18.1023.600 [GMT 2:00]

Running from: c:\documents and settings\Niksan\Desktop\Tool.exe.exe

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\documents and settings\Niksan\Application Data\Desktopicon

c:\recycler\S-1-5-21-1935655697-484763869-725345543-1003

C:\restore

c:\windows\system32\dzgtactx.dll

c:\windows\system32\Thumbs.db

c:\windows\ZIPDLL.DLL


.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.


-------\Legacy_MYWEBSEARCHSERVICE

-------\Service_MyWebSearchService



(((((((((((((((((((((((((   Files Created from 2009-12-06 to 2010-01-06  )))))))))))))))))))))))))))))))

.


2010-01-06 16:06 . 2010-01-06 16:06	--------	d-----w-	C:\Tool

2010-01-04 19:20 . 2010-01-04 19:20	--------	d-----w-	c:\program files\Carambis

2010-01-04 18:19 . 2006-10-08 19:51	23856	----a-w-	c:\windows\system32\spupdsvc.exe

2010-01-04 18:19 . 2010-01-04 18:19	--------	d-----w-	c:\program files\Usb@nywhere DW

2010-01-04 18:19 . 2007-08-22 09:15	9856	----a-w-	c:\windows\system32\drivers\uawdwdrv.sys

2010-01-04 18:18 . 2010-01-04 18:18	--------	d-----w-	c:\program files\USB@nywhere RW

2010-01-04 18:18 . 2007-08-22 12:34	278597	----a-w-	c:\windows\system32\avusbdserver.exe

2010-01-04 18:18 . 2007-07-20 19:27	21888	----a-w-	c:\windows\system32\drivers\avusbbus.sys

2010-01-04 18:06 . 2010-01-04 18:06	--------	d-----w-	c:\documents and settings\Niksan\Application Data\PC Suite

2010-01-04 18:06 . 2010-01-04 18:07	--------	d-----w-	c:\documents and settings\Niksan\Application Data\Nokia

2010-01-04 18:06 . 2010-01-04 18:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Suite

2010-01-04 18:05 . 2010-01-04 18:05	--------	d-----w-	c:\program files\Common Files\PCSuite

2010-01-04 18:05 . 2010-01-04 18:05	--------	d-----w-	c:\program files\Common Files\Nokia

2010-01-04 18:05 . 2010-01-04 18:06	--------	d-----w-	c:\program files\DIFX

2010-01-04 18:05 . 2008-08-26 07:26	18816	----a-w-	c:\windows\system32\drivers\pccsmcfd.sys

2010-01-04 18:05 . 2010-01-04 18:05	--------	d-----w-	c:\program files\PC Connectivity Solution

2010-01-04 18:04 . 2009-10-06 09:52	91136	----a-w-	c:\windows\system32\nmwcdcls.dll

2010-01-04 18:04 . 2010-01-04 18:02	34429264	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng_web.exe

2010-01-04 18:03 . 2010-01-04 18:03	95232	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe

2010-01-04 18:03 . 2010-01-04 18:03	8192	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe

2010-01-04 18:03 . 2010-01-04 18:03	61440	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2010-01-04 18:03 . 2010-01-04 18:03	10240	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe

2010-01-04 18:02 . 2010-01-04 18:02	--------	d-----w-	c:\documents and settings\All Users\Application Data\Installations

2010-01-04 16:24 . 2010-01-04 16:24	79112	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav8exec\8.0.0.506\mzvkbd3.dll

2010-01-04 16:24 . 2010-01-04 16:24	79112	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav8exec\8.0.0.506\mzvkbd.dll

2010-01-04 16:24 . 2010-01-04 16:24	32784	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav8exec\8.0.0.506\klbg.sys

2010-01-04 16:24 . 2010-01-04 16:24	227344	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys

2010-01-04 16:24 . 2010-01-04 16:24	206088	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav8exec\8.0.0.506\avp.exe

2010-01-04 16:24 . 2010-01-04 16:24	59920	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd.dll

2010-01-04 16:24 . 2010-01-04 16:24	109072	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd3.dll

2010-01-04 16:23 . 2010-01-04 16:23	33808	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys

2010-01-04 16:23 . 2010-01-04 16:23	208616	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe

2010-01-04 16:23 . 2010-01-04 16:23	226832	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys

2010-01-04 16:18 . 2010-01-06 10:56	--------	d-----w-	c:\documents and settings\Niksan\Application Data\Spider Player

2010-01-04 16:18 . 2010-01-04 16:18	--------	d-----w-	c:\program files\Spider Player

2010-01-04 16:11 . 2010-01-04 16:11	--------	d-----w-	c:\program files\Musicnotes

2010-01-04 16:00 . 2010-01-04 16:00	--------	d-----w-	c:\documents and settings\Niksan\Application Data\Malwarebytes

2010-01-04 16:00 . 2009-12-30 12:55	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-04 16:00 . 2010-01-04 16:00	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware

2010-01-04 16:00 . 2010-01-04 16:00	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-04 16:00 . 2009-12-30 12:54	19160	----a-w-	c:\windows\system32\drivers\mbam.sys

2010-01-04 15:46 . 2010-01-04 16:24	95259	----a-w-	c:\windows\system32\drivers\klick.dat

2010-01-04 15:46 . 2010-01-04 16:24	108059	----a-w-	c:\windows\system32\drivers\klin.dat

2010-01-04 15:45 . 2010-01-06 16:22	691744	--sha-w-	c:\windows\system32\drivers\fidbox.dat

2010-01-04 15:45 . 2010-01-06 16:22	262176	--sha-w-	c:\windows\system32\drivers\fidbox2.dat

2010-01-04 15:45 . 2010-01-06 16:24	--------	d-----w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab

2010-01-04 15:45 . 2010-01-04 15:45	--------	d-----w-	c:\program files\Kaspersky Lab

2010-01-03 14:03 . 2010-01-03 14:03	--------	d-----w-	C:\_OTL

2010-01-03 12:19 . 2010-01-03 12:19	--------	d-----w-	c:\program files\TeamViewer

2010-01-03 12:19 . 2010-01-03 12:19	--------	d-----w-	c:\documents and settings\Niksan\temp

2010-01-03 11:49 . 2010-01-04 19:23	--------	d-----w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2010-01-02 17:25 . 2010-01-02 17:25	--------	d-----w-	c:\program files\Skype

2010-01-02 17:25 . 2010-01-02 17:25	--------	d-----w-	c:\program files\Common Files\Skype

2010-01-02 17:14 . 2010-01-02 17:14	--------	d-----w-	c:\documents and settings\Niksan\Application Data\URSoft

2010-01-02 17:14 . 2010-01-03 10:52	--------	d-----w-	c:\program files\Your Uninstaller

2010-01-01 20:09 . 2010-01-01 20:09	--------	d-----w-	c:\documents and settings\All Users\Application Data\Macrovision

2010-01-01 20:07 . 2003-07-30 16:28	487424	----a-w-	c:\windows\system32\msvcp70.dll

2010-01-01 20:07 . 2003-07-30 16:28	974848	----a-w-	c:\windows\system32\mfc70.dll

2010-01-01 20:06 . 2010-01-03 10:57	--------	d-----w-	c:\program files\Common Files\Macromedia

2010-01-01 20:06 . 2010-01-03 10:56	--------	d-----w-	c:\program files\Macromedia

2010-01-01 20:06 . 2010-01-02 11:13	--------	d-----w-	c:\documents and settings\Niksan\Application Data\Offline Explorer

2010-01-01 20:05 . 2010-01-01 20:07	--------	d-----w-	C:\download

2009-12-30 10:25 . 2009-12-30 10:25	--------	d-----w-	c:\documents and settings\Niksan\Local Settings\Application Data\SRS Labs

2009-12-30 10:25 . 2009-12-30 10:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\SRS Labs

2009-12-30 10:25 . 2009-12-15 12:41	268912	----a-r-	c:\windows\system32\drivers\SRS_SSCFilter_i386.sys

2009-12-30 10:25 . 2009-12-30 10:25	--------	d-----w-	c:\program files\SRS Labs

2009-12-30 10:19 . 2009-12-30 10:19	--------	d-----w-	c:\documents and settings\Niksan\Local Settings\Application Data\DFX

2009-12-30 10:19 . 2009-12-30 10:19	--------	d-----w-	c:\documents and settings\SUPPORT_388945a0

2009-12-30 10:19 . 2009-12-30 10:19	--------	d-----w-	c:\documents and settings\HelpAssistant

2009-12-30 10:19 . 2009-12-30 10:19	--------	d-----w-	c:\documents and settings\Guest

2009-12-30 10:19 . 2009-12-30 10:19	--------	d-----w-	c:\documents and settings\All Users\Application Data\DFX

2009-12-30 10:19 . 2009-12-30 10:19	--------	d-----w-	c:\documents and settings\Administrator

2009-12-30 10:19 . 2009-12-30 10:19	--------	d-----w-	c:\program files\DFX

2009-12-30 10:19 . 2009-12-30 10:19	--------	d-----w-	c:\program files\Common Files\DFX

2009-12-25 05:40 . 2009-12-25 05:40	5594624	----a-w-	c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe

2009-12-25 05:39 . 2009-12-25 05:39	2336640	----a-w-	c:\windows\system32\TUKernel.exe

2009-12-24 20:05 . 2009-12-24 20:05	--------	d-----w-	c:\documents and settings\Niksan\Application Data\TuneUp Software

2009-12-24 20:05 . 2009-12-26 08:07	--------	d-----w-	c:\program files\TuneUp Utilities 2010

2009-12-24 20:03 . 2009-12-24 20:05	--------	d-----w-	c:\documents and settings\All Users\Application Data\TuneUp Software

2009-12-24 20:03 . 2009-12-24 20:03	--------	d-sh--w-	c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2009-12-24 11:24 . 2009-12-24 11:24	--------	d-----w-	C:\DVDVideoSoft

2009-12-24 11:24 . 2010-01-03 10:53	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft

2009-12-24 11:24 . 2002-01-05 12:37	344064	----a-w-	c:\windows\system32\msvcr70.dll

2009-12-24 07:55 . 2009-12-24 07:55	--------	d-----w-	c:\program files\The Skins Factory

2009-12-23 15:46 . 2009-12-23 15:47	--------	d-----w-	c:\documents and settings\Niksan\.VirtualBox

2009-12-23 15:44 . 2009-12-23 15:44	--------	d-----w-	c:\documents and settings\Niksan\Local Settings\Application Data\ChemTable Software

2009-12-21 18:52 . 2009-12-21 18:52	--------	d-----w-	c:\program files\vbNFSMWMegaTrainer

2009-12-21 18:50 . 2009-12-21 18:52	249856	------w-	c:\windows\Setup1.exe

2009-12-21 18:50 . 2009-12-21 18:52	73216	----a-w-	c:\windows\ST6UNST.EXE

2009-12-21 18:43 . 2009-12-21 18:43	--------	d-----w-	c:\program files\Vista Drive Icon

2009-12-21 18:38 . 2009-12-21 18:45	--------	d-----w-	c:\windows\system32\VIRepair

2009-12-21 18:38 . 2009-12-21 18:38	--------	d-----w-	c:\documents and settings\Niksan\Application Data\ViSplore

2009-12-21 18:36 . 2009-12-21 18:36	--------	d-----w-	c:\program files\ViSplore

2009-12-21 18:36 . 2009-07-09 18:30	348797	----a-w-	c:\windows\system32\viwc.exe

2009-12-21 18:36 . 2009-12-21 18:36	--------	d-----w-	c:\program files\TrueTransparency

2009-12-21 18:36 . 2009-12-21 18:36	--------	d-----w-	c:\program files\WinFlip

2009-12-21 18:36 . 2009-03-18 06:46	6181376	----a-w-	c:\windows\system32\sevenui.exe

2009-12-21 18:33 . 2009-12-21 18:43	--------	d-----w-	c:\windows\system32\VITrans

2009-12-21 18:33 . 2009-12-21 18:44	--------	d-----w-	C:\VTPFiles

2009-12-21 18:33 . 2006-12-03 15:15	111104	----a-w-	c:\windows\system32\Uharc.exe

2009-12-21 18:33 . 2006-12-03 15:15	19968	----a-w-	c:\windows\system32\reico.exe

2009-12-21 18:33 . 2006-12-03 15:15	69632	----a-w-	c:\windows\system32\moveex.exe

2009-12-21 18:33 . 2006-12-03 15:14	8636	----a-w-	c:\windows\system32\modifype.exe

2009-12-21 18:33 . 2004-11-27 17:00	94208	----a-w-	c:\windows\system32\pskill.exe

2009-12-21 18:32 . 2009-03-23 15:39	20480	----a-w-	c:\windows\system32\scrnrdr.exe

2009-12-21 18:30 . 2009-12-17 13:02	123280	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys

2009-12-21 18:30 . 2010-01-04 18:06	--------	dc----w-	c:\windows\system32\DRVSTORE

2009-12-21 18:30 . 2009-12-17 13:02	41616	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys

2009-12-21 18:30 . 2009-12-23 15:44	--------	d-----w-	c:\program files\Wise Disk Cleaner

2009-12-21 18:30 . 2009-12-21 18:30	--------	d-----w-	c:\program files\Sun

2009-12-21 18:29 . 2009-12-21 18:29	--------	d-----w-	c:\documents and settings\Niksan\Application Data\ChemTable Software

2009-12-21 18:29 . 2009-12-21 18:29	--------	d-----w-	c:\program files\Reg Organizer

2009-12-21 18:29 . 2009-12-21 18:29	--------	d-----w-	c:\program files\FastStone Soft

2009-12-19 15:01 . 2009-12-23 18:53	18368	---ha-w-	c:\windows\system32\mlfcache.dat

2009-12-19 15:01 . 2009-12-19 15:01	--------	d-----w-	c:\documents and settings\Niksan\Application Data\Apple Computer

2009-12-19 15:01 . 2009-12-19 15:01	--------	d-----w-	c:\program files\Safari

2009-12-19 15:01 . 2009-12-19 15:01	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple Computer

2009-12-19 15:00 . 2009-12-19 15:00	--------	d-----w-	c:\program files\Common Files\Apple

2009-12-19 14:57 . 2009-12-19 14:57	79144	----a-w-	c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe

2009-12-17 13:02 . 2009-12-17 13:02	99152	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys

2009-12-17 13:02 . 2009-12-17 13:02	133648	----a-w-	c:\windows\system32\VBoxNetFltNotify.dll

2009-12-17 13:02 . 2009-12-17 13:02	110096	----a-w-	c:\windows\system32\drivers\VBoxNetFlt.sys

2009-12-15 14:50 . 2009-12-15 14:50	--------	d-----w-	c:\program files\Spider Video Downloader

2009-12-15 14:50 . 2009-12-15 14:50	--------	d-----w-	c:\program files\VirtualDJ

2009-12-13 15:08 . 2009-12-13 15:08	--------	d-----w-	C:\SoundBase


.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-06 16:25 . 2009-11-04 16:27	--------	d-----w-	c:\documents and settings\Niksan\Application Data\Skype

2010-01-06 16:25 . 2010-01-04 15:45	3052	--sha-w-	c:\windows\system32\drivers\fidbox2.idx

2010-01-06 16:25 . 2009-11-04 17:15	--------	d-----w-	c:\documents and settings\Niksan\Application Data\skypePM

2010-01-06 16:22 . 2010-01-04 15:45	7532	--sha-w-	c:\windows\system32\drivers\fidbox.idx

2010-01-06 11:17 . 2009-11-04 15:47	--------	d-----w-	c:\documents and settings\Niksan\Application Data\uTorrent

2010-01-04 19:20 . 2009-11-04 15:35	--------	d--h--w-	c:\program files\InstallShield Installation Information

2010-01-04 18:05 . 2009-12-07 05:43	--------	d-----w-	c:\program files\Nokia

2010-01-04 16:54 . 2009-11-04 16:07	22016	----a-w-	c:\documents and settings\Niksan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-01-04 16:24 . 2008-01-29 15:29	33808	----a-w-	c:\windows\system32\drivers\klbg.sys

2010-01-03 11:08 . 2009-11-29 06:41	--------	d-----w-	c:\program files\TopDesk

2010-01-03 10:53 . 2009-11-08 17:15	--------	d-----w-	c:\program files\Active WebCam

2010-01-03 10:52 . 2009-11-08 17:18	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP

2010-01-02 17:25 . 2009-11-04 16:27	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype

2009-12-26 08:13 . 2009-11-28 17:46	--------	d-----w-	c:\program files\Google

2009-12-24 11:23 . 2009-11-08 17:15	--------	d-----w-	c:\program files\vloader

2009-12-20 15:06 . 2009-12-02 16:18	--------	d-----w-	c:\program files\Video Desktop Company

2009-12-20 15:06 . 2009-12-02 12:11	--------	d-----w-	c:\program files\Theme Maker

2009-12-20 15:05 . 2009-12-02 12:14	--------	d-----w-	c:\program files\Ocean Coast Themes

2009-12-20 15:05 . 2009-11-28 17:46	--------	d-----w-	c:\program files\PhotoScape

2009-12-20 15:05 . 2009-11-26 12:40	--------	d-----w-	c:\program files\Desktop Activity Recorder

2009-12-20 15:05 . 2009-11-08 17:16	--------	d-----w-	c:\program files\Counter-Strike 1.6

2009-12-13 15:08 . 2009-11-24 14:11	--------	d-----w-	c:\program files\soundbase

2009-12-11 23:06 . 2009-11-26 11:50	36864	----a-w-	c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe

2009-12-02 16:18 . 2009-12-02 16:18	796672	----a-w-	c:\windows\GPInstall.exe

2009-12-02 12:17 . 2009-12-02 12:17	--------	d-----w-	c:\program files\SESoftware

2009-12-02 12:17 . 2009-12-02 12:17	--------	d-----w-	c:\program files\Plus!

2009-12-02 12:06 . 2009-12-02 12:06	--------	d-----w-	c:\program files\Sony Ericsson

2009-11-29 14:25 . 2009-11-29 14:25	--------	d-----w-	c:\program files\Common Files\Adobe

2009-11-29 10:44 . 2009-11-26 11:52	--------	d-----w-	c:\program files\QuickTime

2009-11-29 10:09 . 2009-11-29 10:09	--------	d-----w-	c:\documents and settings\All Users\Application Data\QuickTime

2009-11-29 10:08 . 2009-11-04 14:35	--------	d-----w-	c:\program files\Common Files\InstallShield

2009-11-29 06:40 . 2009-11-29 06:40	--------	d-----w-	c:\program files\Datecs

2009-11-28 17:33 . 2009-11-28 17:32	--------	d-----w-	c:\program files\skinner

2009-11-26 19:31 . 2009-11-26 11:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\CyberLink

2009-11-26 13:14 . 2009-11-08 17:18	--------	d-----w-	c:\program files\Skype Recorder

2009-11-26 13:07 . 2009-11-26 13:06	118383	----a-w-	c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\2B83EECD4CF4910A0260B914BA281BA\wimood-plugins-uninstall.exe

2009-11-26 13:06 . 2009-11-26 13:06	1457664	----a-w-	c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\2B83EECD4CF4910A0260B914BA281BA\WiMood.exe

2009-11-26 13:06 . 2009-11-26 13:06	13312	----a-w-	c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\2B83EECD4CF4910A0260B914BA281BA\iTunesCollector.dll

2009-11-26 13:06 . 2009-11-26 13:06	1146820	----a-w-	c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\2B83EECD4CF4910A0260B914BA281BA\wimood-plugins-setup.exe

2009-11-26 12:24 . 2009-11-26 11:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\SmartSound Software Inc

2009-11-26 11:58 . 2009-11-26 11:58	--------	d-----w-	c:\documents and settings\Niksan\Application Data\CyberLink

2009-11-26 11:53 . 2009-11-26 11:53	--------	d-----w-	c:\program files\SmartSound Software

2009-11-26 11:52 . 2009-11-26 11:52	--------	d-----w-	c:\program files\Apple Software Update

2009-11-26 11:52 . 2009-11-26 11:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple

2009-11-26 11:51 . 2009-11-26 11:51	--------	d-----w-	c:\program files\Cyberlink

2009-11-25 14:54 . 2009-11-25 14:48	--------	d-----w-	c:\documents and settings\Niksan\Application Data\PhotoFiltre Studio X

2009-11-24 15:03 . 2009-11-24 15:03	--------	d-----w-	c:\program files\Vimicro

2009-11-24 14:15 . 2009-11-24 14:10	--------	d-----w-	c:\documents and settings\Niksan\Application Data\GetRightToGo

2009-11-24 14:12 . 2009-11-24 14:10	--------	d-----w-	c:\program files\My Drives

2009-11-24 13:07 . 2009-11-24 13:07	--------	d-----w-	c:\program files\Karaoke5

2009-11-24 13:07 . 2009-11-24 13:07	--------	d-----w-	c:\program files\ASIO4ALL v2

2009-11-24 12:57 . 2009-11-24 12:57	--------	d-----w-	c:\documents and settings\Niksan\Application Data\Syntrillium

2009-11-24 12:57 . 2009-11-24 12:55	--------	d-----w-	c:\program files\coolpro2

2009-11-24 12:34 . 2009-11-24 12:34	--------	d-----w-	c:\documents and settings\All Users\Application Data\The Skins Factory

2009-11-24 12:31 . 2009-11-24 12:28	--------	d-----w-	c:\program files\The KMPlayer

2009-11-24 12:12 . 2009-11-24 12:12	--------	d-----w-	c:\program files\Tuning Car Studio

2009-11-24 11:54 . 2009-11-24 11:54	--------	d-----w-	c:\documents and settings\Niksan\Application Data\Skinux

2009-11-17 17:01 . 2009-11-24 13:07	83456	----a-w-	c:\windows\system32\Kara_K.dll

2009-11-14 13:06 . 2009-11-14 13:06	59992	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe

2009-11-08 19:46 . 2009-11-08 19:46	--------	d-----w-	c:\documents and settings\Niksan\Application Data\SkypeCap

2009-11-08 17:18 . 2009-11-08 17:18	--------	d-----w-	c:\program files\Common Files\GeoVid

2009-11-08 17:17 . 2009-11-08 17:17	--------	d-----w-	c:\program files\FormatFactory

2009-11-08 17:15 . 2009-11-08 17:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\PY_Software

2009-11-06 15:54 . 2009-11-03 15:45	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-11-05 15:05 . 2009-11-05 15:05	721904	----a-w-	c:\windows\system32\drivers\sptd.sys

2009-11-04 17:15 . 2009-11-04 17:15	56	---ha-w-	c:\windows\system32\ezsidmv.dat

2009-11-04 15:41 . 2009-11-04 15:41	0	----a-w-	c:\windows\nsreg.dat

2009-11-03 15:42 . 2009-11-03 15:42	21640	----a-w-	c:\windows\system32\emptyregdb.dat

2009-10-27 18:00 . 2009-11-05 15:03	85504	----a-w-	c:\windows\system32\ff_vfw.dll

2009-10-20 13:34 . 2009-11-24 13:07	15936	----a-w-	c:\windows\system32\Kara_ww.dll

2009-10-20 13:32 . 2009-11-24 13:07	14456	----a-w-	c:\windows\system32\Kara_v.dll

2009-10-20 13:28 . 2009-11-24 13:07	17472	----a-w-	c:\windows\system32\Kara_C.dll

2009-10-20 13:20 . 2009-11-24 13:07	11840	----a-w-	c:\windows\system32\Kara__E.dll

2009-10-20 13:02 . 2009-11-24 13:07	28760	----a-w-	c:\windows\system32\Kara_K5.dll

2009-10-20 12:44 . 2009-11-24 13:07	16448	----a-w-	c:\windows\system32\Kara_mx.dll

2009-10-13 10:47 . 2009-11-24 13:07	98872	----a-w-	c:\windows\system32\Bass.dll

2009-10-10 08:57 . 2009-11-24 13:07	12864	----a-w-	c:\windows\system32\kara__ao.dll

2010-01-02 11:08 . 2009-12-26 08:13	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.


------- Sigcheck -------


[-] 2004-08-04 . E35F8A13B4C77138B5D75131383C8496 . 3380224 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll

[7] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll

[7] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\system32\VITrans\mshtml.dll


[-] 2004-08-04 . 9FEA4A129359A91860193C77325DD3AE . 2189696 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe

[7] 2004-08-04 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\system32\VITrans\ntoskrnl.exe


[-] 2004-08-04 . 951B0BBFEB96511AAA1F10ABF0392F25 . 1430016 . . [6.00.2900.2180] . . c:\windows\explorer.exe

[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe

[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\system32\VITrans\explorer.exe


[-] 2004-08-04 . 3F6B2C022519D817355589545B21445A . 2065536 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe

[7] 2004-08-04 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\system32\VITrans\ntkrnlpa.exe

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-07-02 2215960]


[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

2009-07-02 08:18	2215960	----a-w-	c:\program files\PHPNukeEN\tbPHPN.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-07-02 2215960]


[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-07-02 2215960]


[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

"ViSplore"="c:\program files\ViSplore\ViSplore.exe" [2009-02-04 389120]

"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2009-12-22 3216664]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

"Driver Updater"="c:\program files\Carambis\Driver Updater\dupdater.exe" [2009-12-04 4822016]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-14 7630848]

"nwiz"="nwiz.exe" [2007-02-14 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-14 86016]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]

"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-01-02 30192]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2010-01-04 208616]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]


c:\documents and settings\All Users\Start Menu\Programs\Startup\

FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2009-11-29 95232]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableInstallerDetection"= 0 (0x0)

"EnableSecureUIAPaths"= 0 (0x0)

"EnableVirtualization"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MaxRecentDocs"= 15 (0xf)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=""


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1892:TCP"= 1892:TCP:zijzlo


R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.1.2008 і. 17:29 33808]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05.11.2009 і. 17:05 721904]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [21.12.2009 і. 20:30 123280]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [21.12.2009 і. 20:30 41616]

R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe [23.7.2008 і. 20:27 106496]

R3 avusbbus;AlarIT Virtual USB Root Hub;c:\windows\system32\drivers\avusbbus.sys [04.1.2010 і. 20:18 21888]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30.4.2008 і. 17:06 24592]

R3 NTProcDrv;Process creation detector for NT.;c:\windows\temp\drv1.tmp [06.1.2010 і. 18:23 3584]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [17.12.2009 і. 15:02 99152]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [17.12.2009 і. 15:02 110096]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [24.11.2009 і. 16:15 17792]

S2 pvkudqxqj;Helper Support;c:\windows\system32\svchost.exe -k netsvcs [04.8.2004 і. 14:00 14336]

S3 AVUSBDServer;AVUSBDServer;c:\windows\system32\avusbdserver.exe [04.1.2010 і. 20:18 278597]

S3 GoogleDesktopManager-110309-193829;фёсїµчµр Ѕ° Google Desktop 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [26.12.2009 і. 10:13 30192]

S3 uawdwserv;uawdwserv;c:\program files\Usb@nywhere DW\uawdwserv.exe [22.8.2007 і. 10:26 172098]

S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [24.11.2009 і. 17:03 392444]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

pvkudqxqj

.

Contents of the 'Scheduled Tasks' folder


2010-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: &Search

FF - ProfilePath - c:\documents and settings\Niksan\Application Data\Mozilla\Firefox\Profiles\cwrvjk7f.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://google.bg/

FF - prefs.js: keyword.URL - 

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll

FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll


---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - fales

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

- - - - ORPHANS REMOVED - - - -


WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-sl1000 - c:\docume~1\Niksan\LOCALS~1\TempImages\sl1000.exe

AddRemove-KasperskyLab - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\uninstall_bg.exe

AddRemove-PhotoFiltre Studio X - c:\documents and settings\Niksan\Desktop\PhotoFiltre Studio X\Uninst.exe




**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-06 18:25

Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...  


scanning hidden autostart entries ... 


HKLM\Software\Microsoft\Windows\CurrentVersion\Run

  BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@?????????????? 


scanning hidden files ...  


scan completed successfully

hidden files: 0


**************************************************************************


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net


device: opened successfully

user: MBR read successfully

called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86B701F8]<< 

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbfc3

\Driver\ACPI -> ACPI.sys @ 0xf7325cb8

\Driver\atapi -> 0x86be01f8

IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a1afe

 ParseProcedure -> TUKERNEL.EXE @ 0x80570a6e

\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a1afe

 ParseProcedure -> TUKERNEL.EXE @ 0x80570a6e

NDIS: NVIDIA nForce 10/100/1000 Mbps Ethernet  -> SendCompleteHandler -> NDIS.sys @ 0xf719fba0

 PacketIndicateHandler -> NDIS.sys @ 0xf71acb21

 SendHandler -> NDIS.sys @ 0xf718a87b

Warning: possible MBR rootkit infection !

user & kernel MBR OK 


**************************************************************************


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]

"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------


- - - - - - - > 'winlogon.exe'(1552)

c:\windows\system32\cscui.dll


- - - - - - - > 'explorer.exe'(2556)

c:\windows\system32\msi.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\browselc.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\program files\K-Lite Codec Pack\Filters\Haali\mmfinfo.dll

c:\program files\K-Lite Codec Pack\Filters\Haali\mkunicode.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\Cyberlink\Shared files\RichVideo.exe

c:\windows\system32\wscntfy.exe

c:\windows\SOUNDMAN.EXE

c:\windows\system32\rundll32.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Completion time: 2010-01-06  18:27:11 - machine was rebooted

ComboFix-quarantined-files.txt  2010-01-06 16:27


Pre-Run: 41 139 064 832 bytes free

Post-Run: 41 155 366 912 bytes free


WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=TQ0AXN /Kernel=TUKernel.exe

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=TQ0AXN-BAK


- - End Of File - - 97D224A438EDB09AC715A94EDFFDE6D0

За много години!

Отворете Notepad и чрез комбинацията copy/paste поставете следния текст:

Killall::


SRPeek::

C:\WINDOWS\system32\drivers\atapi.sys


FCopy::

c:\windows\system32\dllcache\mshtml.dll | c:\windows\system32\mshtml.dll

c:\windows\system32\VITrans\ntoskrnl.exe | c:\windows\system32\ntoskrnl.exe

c:\windows\system32\dllcache\explorer.exe | c:\windows\explorer.exe

c:\windows\system32\VITrans\ntkrnlpa.exe | c:\windows\system32\ntkrnlpa.exe


NetSvc::

pvkudqxqj


Driver::

zijzlo

pvkudqxqj


Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1892:TCP"=-


DDS::

FF - prefs.js: keyword.URL -

Запазете файла с името CFScript.txt и го поставете върху ComboFix.

След като, програмата приключи ще Ви изведе лог файла. Отново чрез комбинацията от Copy/Paste поставете информацията тук.

ComboFix 10-01-02.05 - Niksan 01.2010 г.  18:50:58.2.1 - x86

Microsoft Windows XP Professional  5.1.2600.2.1251.359.1033.18.1023.780 [GMT 2:00]

Running from: c:\documents and settings\Niksan\Desktop\Tool.exe.exe

Command switches used :: c:\documents and settings\Niksan\Desktop\CFScript.txt.txt

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.


.

--------------- FCopy ---------------


c:\windows\system32\dllcache\mshtml.dll --> c:\windows\system32\mshtml.dll

c:\windows\system32\VITrans\ntoskrnl.exe --> c:\windows\system32\ntoskrnl.exe

c:\windows\system32\dllcache\explorer.exe --> c:\windows\explorer.exe

c:\windows\system32\VITrans\ntkrnlpa.exe --> c:\windows\system32\ntkrnlpa.exe

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.


-------\Legacy_PVKUDQXQJ

-------\Service_pvkudqxqj



(((((((((((((((((((((((((   Files Created from 2009-12-06 to 2010-01-06  )))))))))))))))))))))))))))))))

.


2010-01-06 16:06 . 2010-01-06 16:06	--------	d-----w-	C:\Tool

2010-01-04 19:20 . 2010-01-04 19:20	--------	d-----w-	c:\program files\Carambis

2010-01-04 18:19 . 2006-10-08 19:51	23856	----a-w-	c:\windows\system32\spupdsvc.exe

2010-01-04 18:19 . 2010-01-04 18:19	--------	d-----w-	c:\program files\Usb@nywhere DW

2010-01-04 18:19 . 2007-08-22 09:15	9856	----a-w-	c:\windows\system32\drivers\uawdwdrv.sys

2010-01-04 18:18 . 2010-01-04 18:18	--------	d-----w-	c:\program files\USB@nywhere RW

2010-01-04 18:18 . 2007-08-22 12:34	278597	----a-w-	c:\windows\system32\avusbdserver.exe

2010-01-04 18:18 . 2007-07-20 19:27	21888	----a-w-	c:\windows\system32\drivers\avusbbus.sys

2010-01-04 18:06 . 2010-01-04 18:06	--------	d-----w-	c:\documents and settings\Niksan\Application Data\PC Suite

2010-01-04 18:06 . 2010-01-04 18:07	--------	d-----w-	c:\documents and settings\Niksan\Application Data\Nokia

2010-01-04 18:06 . 2010-01-04 18:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Suite

2010-01-04 18:05 . 2010-01-04 18:05	--------	d-----w-	c:\program files\Common Files\PCSuite

2010-01-04 18:05 . 2010-01-04 18:05	--------	d-----w-	c:\program files\Common Files\Nokia

2010-01-04 18:05 . 2010-01-04 18:06	--------	d-----w-	c:\program files\DIFX

2010-01-04 18:05 . 2008-08-26 07:26	18816	----a-w-	c:\windows\system32\drivers\pccsmcfd.sys

2010-01-04 18:05 . 2010-01-04 18:05	--------	d-----w-	c:\program files\PC Connectivity Solution

2010-01-04 18:04 . 2009-10-06 09:52	91136	----a-w-	c:\windows\system32\nmwcdcls.dll

2010-01-04 18:04 . 2010-01-04 18:02	34429264	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng_web.exe

2010-01-04 18:03 . 2010-01-04 18:03	95232	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe

2010-01-04 18:03 . 2010-01-04 18:03	8192	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe

2010-01-04 18:03 . 2010-01-04 18:03	61440	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2010-01-04 18:03 . 2010-01-04 18:03	10240	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe

2010-01-04 18:02 . 2010-01-04 18:02	--------	d-----w-	c:\documents and settings\All Users\Application Data\Installations

2010-01-04 16:24 . 2010-01-04 16:24	79112	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav8exec\8.0.0.506\mzvkbd3.dll

2010-01-04 16:24 . 2010-01-04 16:24	79112	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav8exec\8.0.0.506\mzvkbd.dll

2010-01-04 16:24 . 2010-01-04 16:24	32784	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav8exec\8.0.0.506\klbg.sys

2010-01-04 16:24 . 2010-01-04 16:24	227344	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys

2010-01-04 16:24 . 2010-01-04 16:24	206088	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav8exec\8.0.0.506\avp.exe

2010-01-04 16:24 . 2010-01-04 16:24	59920	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd.dll

2010-01-04 16:24 . 2010-01-04 16:24	109072	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd3.dll

2010-01-04 16:23 . 2010-01-04 16:23	33808	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys

2010-01-04 16:23 . 2010-01-04 16:23	208616	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe

2010-01-04 16:23 . 2010-01-04 16:23	226832	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys

2010-01-04 16:18 . 2010-01-06 10:56	--------	d-----w-	c:\documents and settings\Niksan\Application Data\Spider Player

2010-01-04 16:18 . 2010-01-04 16:18	--------	d-----w-	c:\program files\Spider Player

2010-01-04 16:11 . 2010-01-04 16:11	--------	d-----w-	c:\program files\Musicnotes

2010-01-04 16:00 . 2010-01-04 16:00	--------	d-----w-	c:\documents and settings\Niksan\Application Data\Malwarebytes

2010-01-04 16:00 . 2009-12-30 12:55	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-04 16:00 . 2010-01-04 16:00	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware

2010-01-04 16:00 . 2010-01-04 16:00	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-04 16:00 . 2009-12-30 12:54	19160	----a-w-	c:\windows\system32\drivers\mbam.sys

2010-01-04 15:46 . 2010-01-04 16:24	95259	----a-w-	c:\windows\system32\drivers\klick.dat

2010-01-04 15:46 . 2010-01-04 16:24	108059	----a-w-	c:\windows\system32\drivers\klin.dat

2010-01-04 15:45 . 2010-01-06 16:54	691744	--sha-w-	c:\windows\system32\drivers\fidbox.dat

2010-01-04 15:45 . 2010-01-06 16:54	278560	--sha-w-	c:\windows\system32\drivers\fidbox2.dat

2010-01-04 15:45 . 2010-01-06 17:00	--------	d-----w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab

2010-01-04 15:45 . 2010-01-04 15:45	--------	d-----w-	c:\program files\Kaspersky Lab

2010-01-03 14:03 . 2010-01-03 14:03	--------	d-----w-	C:\_OTL

2010-01-03 12:19 . 2010-01-03 12:19	--------	d-----w-	c:\program files\TeamViewer

2010-01-03 12:19 . 2010-01-03 12:19	--------	d-----w-	c:\documents and settings\Niksan\temp

2010-01-03 11:49 . 2010-01-04 19:23	--------	d-----w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2010-01-02 17:25 . 2010-01-02 17:25	--------	d-----w-	c:\program files\Skype

2010-01-02 17:25 . 2010-01-02 17:25	--------	d-----w-	c:\program files\Common Files\Skype

2010-01-02 17:14 . 2010-01-02 17:14	--------	d-----w-	c:\documents and settings\Niksan\Application Data\URSoft

2010-01-02 17:14 . 2010-01-03 10:52	--------	d-----w-	c:\program files\Your Uninstaller

2010-01-01 20:09 . 2010-01-01 20:09	--------	d-----w-	c:\documents and settings\All Users\Application Data\Macrovision

2010-01-01 20:07 . 2003-07-30 16:28	487424	----a-w-	c:\windows\system32\msvcp70.dll

2010-01-01 20:07 . 2003-07-30 16:28	974848	----a-w-	c:\windows\system32\mfc70.dll

2010-01-01 20:06 . 2010-01-03 10:57	--------	d-----w-	c:\program files\Common Files\Macromedia

2010-01-01 20:06 . 2010-01-03 10:56	--------	d-----w-	c:\program files\Macromedia

2010-01-01 20:06 . 2010-01-02 11:13	--------	d-----w-	c:\documents and settings\Niksan\Application Data\Offline Explorer

2010-01-01 20:05 . 2010-01-01 20:07	--------	d-----w-	C:\download

2009-12-30 10:25 . 2009-12-30 10:25	--------	d-----w-	c:\documents and settings\Niksan\Local Settings\Application Data\SRS Labs

2009-12-30 10:25 . 2009-12-30 10:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\SRS Labs

2009-12-30 10:25 . 2009-12-15 12:41	268912	----a-r-	c:\windows\system32\drivers\SRS_SSCFilter_i386.sys

2009-12-30 10:25 . 2009-12-30 10:25	--------	d-----w-	c:\program files\SRS Labs

2009-12-30 10:19 . 2009-12-30 10:19	--------	d-----w-	c:\documents and settings\Niksan\Local Settings\Application Data\DFX

2009-12-30 10:19 . 2009-12-30 10:19	--------	d-----w-	c:\documents and settings\SUPPORT_388945a0

2009-12-30 10:19 . 2009-12-30 10:19	--------	d-----w-	c:\documents and settings\HelpAssistant

2009-12-30 10:19 . 2009-12-30 10:19	--------	d-----w-	c:\documents and settings\Guest

2009-12-30 10:19 . 2009-12-30 10:19	--------	d-----w-	c:\documents and settings\All Users\Application Data\DFX

2009-12-30 10:19 . 2009-12-30 10:19	--------	d-----w-	c:\documents and settings\Administrator

2009-12-30 10:19 . 2009-12-30 10:19	--------	d-----w-	c:\program files\DFX

2009-12-30 10:19 . 2009-12-30 10:19	--------	d-----w-	c:\program files\Common Files\DFX

2009-12-25 05:40 . 2009-12-25 05:40	5594624	----a-w-	c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe

2009-12-25 05:39 . 2009-12-25 05:39	2336640	----a-w-	c:\windows\system32\TUKernel.exe

2009-12-24 20:05 . 2009-12-24 20:05	--------	d-----w-	c:\documents and settings\Niksan\Application Data\TuneUp Software

2009-12-24 20:05 . 2009-12-26 08:07	--------	d-----w-	c:\program files\TuneUp Utilities 2010

2009-12-24 20:03 . 2009-12-24 20:05	--------	d-----w-	c:\documents and settings\All Users\Application Data\TuneUp Software

2009-12-24 20:03 . 2009-12-24 20:03	--------	d-sh--w-	c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2009-12-24 11:24 . 2009-12-24 11:24	--------	d-----w-	C:\DVDVideoSoft

2009-12-24 11:24 . 2010-01-03 10:53	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft

2009-12-24 11:24 . 2002-01-05 12:37	344064	----a-w-	c:\windows\system32\msvcr70.dll

2009-12-24 07:55 . 2009-12-24 07:55	--------	d-----w-	c:\program files\The Skins Factory

2009-12-23 15:46 . 2009-12-23 15:47	--------	d-----w-	c:\documents and settings\Niksan\.VirtualBox

2009-12-23 15:44 . 2009-12-23 15:44	--------	d-----w-	c:\documents and settings\Niksan\Local Settings\Application Data\ChemTable Software

2009-12-21 18:52 . 2009-12-21 18:52	--------	d-----w-	c:\program files\vbNFSMWMegaTrainer

2009-12-21 18:50 . 2009-12-21 18:52	249856	------w-	c:\windows\Setup1.exe

2009-12-21 18:50 . 2009-12-21 18:52	73216	----a-w-	c:\windows\ST6UNST.EXE

2009-12-21 18:43 . 2009-12-21 18:43	--------	d-----w-	c:\program files\Vista Drive Icon

2009-12-21 18:38 . 2009-12-21 18:45	--------	d-----w-	c:\windows\system32\VIRepair

2009-12-21 18:38 . 2009-12-21 18:38	--------	d-----w-	c:\documents and settings\Niksan\Application Data\ViSplore

2009-12-21 18:36 . 2009-12-21 18:36	--------	d-----w-	c:\program files\ViSplore

2009-12-21 18:36 . 2009-07-09 18:30	348797	----a-w-	c:\windows\system32\viwc.exe

2009-12-21 18:36 . 2009-12-21 18:36	--------	d-----w-	c:\program files\TrueTransparency

2009-12-21 18:36 . 2009-12-21 18:36	--------	d-----w-	c:\program files\WinFlip

2009-12-21 18:36 . 2009-03-18 06:46	6181376	----a-w-	c:\windows\system32\sevenui.exe

2009-12-21 18:33 . 2009-12-21 18:43	--------	d-----w-	c:\windows\system32\VITrans

2009-12-21 18:33 . 2009-12-21 18:44	--------	d-----w-	C:\VTPFiles

2009-12-21 18:33 . 2006-12-03 15:15	111104	----a-w-	c:\windows\system32\Uharc.exe

2009-12-21 18:33 . 2006-12-03 15:15	19968	----a-w-	c:\windows\system32\reico.exe

2009-12-21 18:33 . 2006-12-03 15:15	69632	----a-w-	c:\windows\system32\moveex.exe

2009-12-21 18:33 . 2006-12-03 15:14	8636	----a-w-	c:\windows\system32\modifype.exe

2009-12-21 18:33 . 2004-11-27 17:00	94208	----a-w-	c:\windows\system32\pskill.exe

2009-12-21 18:32 . 2009-03-23 15:39	20480	----a-w-	c:\windows\system32\scrnrdr.exe

2009-12-21 18:30 . 2009-12-17 13:02	123280	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys

2009-12-21 18:30 . 2010-01-04 18:06	--------	dc----w-	c:\windows\system32\DRVSTORE

2009-12-21 18:30 . 2009-12-17 13:02	41616	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys

2009-12-21 18:30 . 2009-12-23 15:44	--------	d-----w-	c:\program files\Wise Disk Cleaner

2009-12-21 18:30 . 2009-12-21 18:30	--------	d-----w-	c:\program files\Sun

2009-12-21 18:29 . 2009-12-21 18:29	--------	d-----w-	c:\documents and settings\Niksan\Application Data\ChemTable Software

2009-12-21 18:29 . 2009-12-21 18:29	--------	d-----w-	c:\program files\Reg Organizer

2009-12-21 18:29 . 2009-12-21 18:29	--------	d-----w-	c:\program files\FastStone Soft

2009-12-19 15:01 . 2009-12-23 18:53	18368	---ha-w-	c:\windows\system32\mlfcache.dat

2009-12-19 15:01 . 2009-12-19 15:01	--------	d-----w-	c:\documents and settings\Niksan\Application Data\Apple Computer

2009-12-19 15:01 . 2009-12-19 15:01	--------	d-----w-	c:\program files\Safari

2009-12-19 15:01 . 2009-12-19 15:01	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple Computer

2009-12-19 15:00 . 2009-12-19 15:00	--------	d-----w-	c:\program files\Common Files\Apple

2009-12-19 14:57 . 2009-12-19 14:57	79144	----a-w-	c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe

2009-12-17 13:02 . 2009-12-17 13:02	99152	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys

2009-12-17 13:02 . 2009-12-17 13:02	133648	----a-w-	c:\windows\system32\VBoxNetFltNotify.dll

2009-12-17 13:02 . 2009-12-17 13:02	110096	----a-w-	c:\windows\system32\drivers\VBoxNetFlt.sys

2009-12-15 14:50 . 2009-12-15 14:50	--------	d-----w-	c:\program files\Spider Video Downloader

2009-12-15 14:50 . 2009-12-15 14:50	--------	d-----w-	c:\program files\VirtualDJ

2009-12-13 15:08 . 2009-12-13 15:08	--------	d-----w-	C:\SoundBase


.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-06 17:01 . 2009-11-04 16:27	--------	d-----w-	c:\documents and settings\Niksan\Application Data\Skype

2010-01-06 16:54 . 2010-01-04 15:45	7532	--sha-w-	c:\windows\system32\drivers\fidbox.idx

2010-01-06 16:54 . 2010-01-04 15:45	3080	--sha-w-	c:\windows\system32\drivers\fidbox2.idx

2010-01-06 16:25 . 2009-11-04 17:15	--------	d-----w-	c:\documents and settings\Niksan\Application Data\skypePM

2010-01-06 11:17 . 2009-11-04 15:47	--------	d-----w-	c:\documents and settings\Niksan\Application Data\uTorrent

2010-01-04 19:20 . 2009-11-04 15:35	--------	d--h--w-	c:\program files\InstallShield Installation Information

2010-01-04 18:05 . 2009-12-07 05:43	--------	d-----w-	c:\program files\Nokia

2010-01-04 16:54 . 2009-11-04 16:07	22016	----a-w-	c:\documents and settings\Niksan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-01-04 16:24 . 2008-01-29 15:29	33808	----a-w-	c:\windows\system32\drivers\klbg.sys

2010-01-03 11:08 . 2009-11-29 06:41	--------	d-----w-	c:\program files\TopDesk

2010-01-03 10:53 . 2009-11-08 17:15	--------	d-----w-	c:\program files\Active WebCam

2010-01-03 10:52 . 2009-11-08 17:18	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP

2010-01-02 17:25 . 2009-11-04 16:27	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype

2009-12-26 08:13 . 2009-11-28 17:46	--------	d-----w-	c:\program files\Google

2009-12-24 11:23 . 2009-11-08 17:15	--------	d-----w-	c:\program files\vloader

2009-12-20 15:06 . 2009-12-02 16:18	--------	d-----w-	c:\program files\Video Desktop Company

2009-12-20 15:06 . 2009-12-02 12:11	--------	d-----w-	c:\program files\Theme Maker

2009-12-20 15:05 . 2009-12-02 12:14	--------	d-----w-	c:\program files\Ocean Coast Themes

2009-12-20 15:05 . 2009-11-28 17:46	--------	d-----w-	c:\program files\PhotoScape

2009-12-20 15:05 . 2009-11-26 12:40	--------	d-----w-	c:\program files\Desktop Activity Recorder

2009-12-20 15:05 . 2009-11-08 17:16	--------	d-----w-	c:\program files\Counter-Strike 1.6

2009-12-13 15:08 . 2009-11-24 14:11	--------	d-----w-	c:\program files\soundbase

2009-12-11 23:06 . 2009-11-26 11:50	36864	----a-w-	c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe

2009-12-02 16:18 . 2009-12-02 16:18	796672	----a-w-	c:\windows\GPInstall.exe

2009-12-02 12:17 . 2009-12-02 12:17	--------	d-----w-	c:\program files\SESoftware

2009-12-02 12:17 . 2009-12-02 12:17	--------	d-----w-	c:\program files\Plus!

2009-12-02 12:06 . 2009-12-02 12:06	--------	d-----w-	c:\program files\Sony Ericsson

2009-11-29 14:25 . 2009-11-29 14:25	--------	d-----w-	c:\program files\Common Files\Adobe

2009-11-29 10:44 . 2009-11-26 11:52	--------	d-----w-	c:\program files\QuickTime

2009-11-29 10:09 . 2009-11-29 10:09	--------	d-----w-	c:\documents and settings\All Users\Application Data\QuickTime

2009-11-29 10:08 . 2009-11-04 14:35	--------	d-----w-	c:\program files\Common Files\InstallShield

2009-11-29 06:40 . 2009-11-29 06:40	--------	d-----w-	c:\program files\Datecs

2009-11-28 17:33 . 2009-11-28 17:32	--------	d-----w-	c:\program files\skinner

2009-11-26 19:31 . 2009-11-26 11:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\CyberLink

2009-11-26 13:14 . 2009-11-08 17:18	--------	d-----w-	c:\program files\Skype Recorder

2009-11-26 13:07 . 2009-11-26 13:06	118383	----a-w-	c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\2B83EECD4CF4910A0260B914BA281BA\wimood-plugins-uninstall.exe

2009-11-26 13:06 . 2009-11-26 13:06	1457664	----a-w-	c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\2B83EECD4CF4910A0260B914BA281BA\WiMood.exe

2009-11-26 13:06 . 2009-11-26 13:06	13312	----a-w-	c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\2B83EECD4CF4910A0260B914BA281BA\iTunesCollector.dll

2009-11-26 13:06 . 2009-11-26 13:06	1146820	----a-w-	c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\2B83EECD4CF4910A0260B914BA281BA\wimood-plugins-setup.exe

2009-11-26 12:24 . 2009-11-26 11:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\SmartSound Software Inc

2009-11-26 11:58 . 2009-11-26 11:58	--------	d-----w-	c:\documents and settings\Niksan\Application Data\CyberLink

2009-11-26 11:53 . 2009-11-26 11:53	--------	d-----w-	c:\program files\SmartSound Software

2009-11-26 11:52 . 2009-11-26 11:52	--------	d-----w-	c:\program files\Apple Software Update

2009-11-26 11:52 . 2009-11-26 11:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple

2009-11-26 11:51 . 2009-11-26 11:51	--------	d-----w-	c:\program files\Cyberlink

2009-11-25 14:54 . 2009-11-25 14:48	--------	d-----w-	c:\documents and settings\Niksan\Application Data\PhotoFiltre Studio X

2009-11-24 15:03 . 2009-11-24 15:03	--------	d-----w-	c:\program files\Vimicro

2009-11-24 14:15 . 2009-11-24 14:10	--------	d-----w-	c:\documents and settings\Niksan\Application Data\GetRightToGo

2009-11-24 14:12 . 2009-11-24 14:10	--------	d-----w-	c:\program files\My Drives

2009-11-24 13:07 . 2009-11-24 13:07	--------	d-----w-	c:\program files\Karaoke5

2009-11-24 13:07 . 2009-11-24 13:07	--------	d-----w-	c:\program files\ASIO4ALL v2

2009-11-24 12:57 . 2009-11-24 12:57	--------	d-----w-	c:\documents and settings\Niksan\Application Data\Syntrillium

2009-11-24 12:57 . 2009-11-24 12:55	--------	d-----w-	c:\program files\coolpro2

2009-11-24 12:34 . 2009-11-24 12:34	--------	d-----w-	c:\documents and settings\All Users\Application Data\The Skins Factory

2009-11-24 12:31 . 2009-11-24 12:28	--------	d-----w-	c:\program files\The KMPlayer

2009-11-24 12:12 . 2009-11-24 12:12	--------	d-----w-	c:\program files\Tuning Car Studio

2009-11-24 11:54 . 2009-11-24 11:54	--------	d-----w-	c:\documents and settings\Niksan\Application Data\Skinux

2009-11-17 17:01 . 2009-11-24 13:07	83456	----a-w-	c:\windows\system32\Kara_K.dll

2009-11-14 13:06 . 2009-11-14 13:06	59992	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe

2009-11-08 19:46 . 2009-11-08 19:46	--------	d-----w-	c:\documents and settings\Niksan\Application Data\SkypeCap

2009-11-08 17:18 . 2009-11-08 17:18	--------	d-----w-	c:\program files\Common Files\GeoVid

2009-11-08 17:17 . 2009-11-08 17:17	--------	d-----w-	c:\program files\FormatFactory

2009-11-08 17:15 . 2009-11-08 17:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\PY_Software

2009-11-06 15:54 . 2009-11-03 15:45	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-11-05 15:05 . 2009-11-05 15:05	721904	----a-w-	c:\windows\system32\drivers\sptd.sys

2009-11-04 17:15 . 2009-11-04 17:15	56	---ha-w-	c:\windows\system32\ezsidmv.dat

2009-11-04 15:41 . 2009-11-04 15:41	0	----a-w-	c:\windows\nsreg.dat

2009-11-03 15:42 . 2009-11-03 15:42	21640	----a-w-	c:\windows\system32\emptyregdb.dat

2009-10-27 18:00 . 2009-11-05 15:03	85504	----a-w-	c:\windows\system32\ff_vfw.dll

2009-10-20 13:34 . 2009-11-24 13:07	15936	----a-w-	c:\windows\system32\Kara_ww.dll

2009-10-20 13:32 . 2009-11-24 13:07	14456	----a-w-	c:\windows\system32\Kara_v.dll

2009-10-20 13:28 . 2009-11-24 13:07	17472	----a-w-	c:\windows\system32\Kara_C.dll

2009-10-20 13:20 . 2009-11-24 13:07	11840	----a-w-	c:\windows\system32\Kara__E.dll

2009-10-20 13:02 . 2009-11-24 13:07	28760	----a-w-	c:\windows\system32\Kara_K5.dll

2009-10-20 12:44 . 2009-11-24 13:07	16448	----a-w-	c:\windows\system32\Kara_mx.dll

2009-10-13 10:47 . 2009-11-24 13:07	98872	----a-w-	c:\windows\system32\Bass.dll

2009-10-10 08:57 . 2009-11-24 13:07	12864	----a-w-	c:\windows\system32\kara__ao.dll

2010-01-02 11:08 . 2009-12-26 08:13	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.


((((((((((((((((((((((((((((((((((((((((((   SR_Search   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

(((((((((((((((((((((((((((((   SnapShot@2010-01-06_16.24.47   )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-01-06 17:00 . 2010-01-06 17:00	16384              c:\windows\temp\Perflib_Perfdata_390.dat

- 2010-01-04 16:28 . 2010-01-06 16:23	32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2010-01-04 16:28 . 2010-01-06 16:56	32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2009-11-03 15:49 . 2010-01-06 16:56	32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2009-11-03 15:49 . 2010-01-06 16:23	32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2009-11-03 15:49 . 2010-01-06 16:23	16384              c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2010-01-06 16:56 . 2010-01-06 16:56	16384              c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2004-08-04 12:00 . 2004-08-04 12:00	2180992              c:\windows\system32\dllcache\ntoskrnl.exe

+ 2004-08-03 22:59 . 2004-08-04 12:00	2056832              c:\windows\system32\dllcache\ntkrnlpa.exe

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-07-02 2215960]


[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

2009-07-02 08:18	2215960	----a-w-	c:\program files\PHPNukeEN\tbPHPN.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-07-02 2215960]


[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-07-02 2215960]


[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

"ViSplore"="c:\program files\ViSplore\ViSplore.exe" [2009-02-04 389120]

"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2009-12-22 3216664]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

"Driver Updater"="c:\program files\Carambis\Driver Updater\dupdater.exe" [2009-12-04 4822016]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-14 7630848]

"nwiz"="nwiz.exe" [2007-02-14 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-14 86016]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]

"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-01-02 30192]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2010-01-04 208616]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]


c:\documents and settings\All Users\Start Menu\Programs\Startup\

FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2009-11-29 95232]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableInstallerDetection"= 0 (0x0)

"EnableSecureUIAPaths"= 0 (0x0)

"EnableVirtualization"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MaxRecentDocs"= 15 (0xf)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=""


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=


R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.1.2008 і. 17:29 33808]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05.11.2009 і. 17:05 721904]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [21.12.2009 і. 20:30 123280]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [21.12.2009 і. 20:30 41616]

R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe [23.7.2008 і. 20:27 106496]

R3 avusbbus;AlarIT Virtual USB Root Hub;c:\windows\system32\drivers\avusbbus.sys [04.1.2010 і. 20:18 21888]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30.4.2008 і. 17:06 24592]

R3 NTProcDrv;Process creation detector for NT.;c:\windows\temp\drv1.tmp [06.1.2010 і. 18:56 3584]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [17.12.2009 і. 15:02 99152]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [17.12.2009 і. 15:02 110096]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [24.11.2009 і. 16:15 17792]

S3 AVUSBDServer;AVUSBDServer;c:\windows\system32\avusbdserver.exe [04.1.2010 і. 20:18 278597]

S3 GoogleDesktopManager-110309-193829;фёсїµчµр Ѕ° Google Desktop 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [26.12.2009 і. 10:13 30192]

S3 uawdwserv;uawdwserv;c:\program files\Usb@nywhere DW\uawdwserv.exe [22.8.2007 і. 10:26 172098]

S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [24.11.2009 і. 17:03 392444]

.

Contents of the 'Scheduled Tasks' folder


2010-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: &Search

FF - ProfilePath - c:\documents and settings\Niksan\Application Data\Mozilla\Firefox\Profiles\cwrvjk7f.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://google.bg/

FF - prefs.js: keyword.URL - 

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll


---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - fales

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-06 19:00

Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...  


scanning hidden autostart entries ... 


HKLM\Software\Microsoft\Windows\CurrentVersion\Run

  BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@?????????????? 


scanning hidden files ...  


scan completed successfully

hidden files: 0


**************************************************************************


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net


device: opened successfully

user: MBR read successfully

called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86B701F8]<< 

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbfc3

\Driver\ACPI -> ACPI.sys @ 0xf7325cb8

\Driver\atapi -> 0x86be01f8

IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a1afe

 ParseProcedure -> TUKERNEL.EXE @ 0x80570a6e

\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a1afe

 ParseProcedure -> TUKERNEL.EXE @ 0x80570a6e

NDIS: NVIDIA nForce 10/100/1000 Mbps Ethernet  -> SendCompleteHandler -> NDIS.sys @ 0xf719fba0

 PacketIndicateHandler -> NDIS.sys @ 0xf71acb21

 SendHandler -> NDIS.sys @ 0xf718a87b

Warning: possible MBR rootkit infection !

user & kernel MBR OK 


**************************************************************************


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]

"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------


- - - - - - - > 'winlogon.exe'(1552)

c:\windows\system32\cscui.dll


- - - - - - - > 'explorer.exe'(2108)

c:\windows\system32\msi.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\NETSHELL.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\Cyberlink\Shared files\RichVideo.exe

c:\windows\system32\wscntfy.exe

c:\windows\SOUNDMAN.EXE

c:\windows\system32\rundll32.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Completion time: 2010-01-06  19:02:25 - machine was rebooted

ComboFix-quarantined-files.txt  2010-01-06 17:02

ComboFix2.txt  2010-01-06 16:27


Pre-Run: 41 165 496 320 bytes free

Post-Run: 41 102 565 376 bytes free


- - End Of File - - B7A5AE2D546878176A7D645DF076357D

Стъпка 1:

Моля, изтеглете mbr.exe и го запазете C:\ . Това обикновено е C:\ (Важно е да го направите!).

• Отворете Start -> Run и напишете: cmd.exe
  
• Потвърдете с OK.
  
• В Command Prompt, напишете: C:\mbr.exe>>"C:\mbr.log"
  
• Потвърдете с клавишния бутон Enter
  
• Процесът е автоматизиран... черния DOS процорец бързо ще се отвори и затвори. Това е нормално.
  
• Лог файлът, наречен mbr.log ще бъде създаден в диск C:\ .
  
• Копирайте и поставете резултата от mbr.log в следващия Ви пост в тази тема.
  

Ако имате проблем с използването на Command Prompt, Вие можете да кликнете два пъти върху mbr.exe , за да стартирате инструмента.

Стъпка 2:

1) Изтеглете: ESET Online Scanner

2) Стартирайте esetsmartinstaller_enu.exe

3) Сложете отметка на YES, I accept the Terms of Use и изберете Start

4) Скенерът ще започне да изтегля компонентите, които са му необходими.

5) Уверете се, че има отметки на следните редове, включително и тези от менюто Advanced Settings:

• 
  
• Remove found threats
  
• Scan archives
  
• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
  
• Enable Anti-Stealth technology
  

И накрая изберете Start

6) Скенерът ще започне да изтегля последните дефиниции.

7) След, като сканирането завърши изберете Finish.

8) Отидете в:

C:\Program Files\ESET\ESET Online Scanner

Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си пост тук.

Само да питам това ли трябва да е лога на mbr.exe?

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net


device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

След малко ще постна лога и от ESET Online Scanner.

Редактирано 3 януари 201016 г. от Big_N (преглед на промените)

Да, точно това е!

Ето и лога от ESET Online Scanner.

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=f11ca5886df50f46955bee04fcf598af

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-01-06 07:09:34

# local_time=2010-01-06 09:09:34 (+0200, FLE Standard Time)

# country="Bulgaria"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=1280 16777195 100 0 183623 183623 0 0

# compatibility_mode=8192 67108863 100 0 5013 5013 0 0

# scanned=114642

# found=30

# cleaned=30

# scan_time=5189

C:\Documents and Settings\Niksan\Desktop\other\DesktopActivityRecorderSetup.exe	Win32/TrojanClicker.Agent.NIF trojan (deleted - quarantined)	00000000000000000000000000000000	C

C:\System Volume Information\_restore{EFE02280-B551-4070-9196-0D4EA40319F8}\RP82\A0027618.exe	Win32/TrojanClicker.Agent.NIF trojan (deleted - quarantined)	00000000000000000000000000000000	C

C:\WINDOWS\Installer\1f39a44.msi	a variant of Win32/Adware.ADON application (deleted - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_\aimbnxbnwh.bat	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_\autorun.inf	INF/Autorun.Gen virus (deleted - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_\qwylvdfp.bat	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_\sciznzftergt.bat	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_Documents and Settings\Niksan\Local Settings\Temp\aoytlbldsjctgtqs.exe	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_Documents and Settings\Niksan\Local Settings\Temp\hwhdwnyrhztlznloo.exe	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_Documents and Settings\Niksan\Local Settings\Temp\qgspjbnhyrmfujimnt.exe	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_WINDOWS\aoytlbldsjctgtqs.exe	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_WINDOWS\bsfdyrezrlhbrhhmovb.exe	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_WINDOWS\dwllidspjfdzrjlswfnew.exe	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_WINDOWS\hwhdwnyrhztlznloo.exe	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_WINDOWS\ogutpjxtmhezqhiorzgw.exe	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_WINDOWS\qgspjbnhyrmfujimnt.exe	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_WINDOWS\uoefdzpnifebunqydnwohb.exe	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_WINDOWS\system32\aoytlbldsjctgtqs.exe	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_WINDOWS\system32\bsfdyrezrlhbrhhmovb.exe	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_WINDOWS\system32\dwllidspjfdzrjlswfnew.exe	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_WINDOWS\system32\hwhdwnyrhztlznloo.exe	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_WINDOWS\system32\ogutpjxtmhezqhiorzgw.exe	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_WINDOWS\system32\qgspjbnhyrmfujimnt.exe	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\C_WINDOWS\system32\uoefdzpnifebunqydnwohb.exe	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\D_\aimbnxbnwh.bat	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\D_\autorun.inf	INF/Autorun.Gen virus (deleted - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\D_\qwylvdfp.bat	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

C:\_OTL\MovedFiles\01032010_160330\D_\sciznzftergt.bat	Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

D:\Kartinki Snimki\Snimki LENITO\leenito\razni gotini kartinki\12.exe	probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

D:\Movie\SRS Audio Sandbox 1.10.1.0+Keygen CORE\CORE\keygen.exe	probably a variant of Win32/SdBot trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

Как работи системата в момента?

Сега системата работи перфектно.

Ако е това много ви благодаря за помоща.

п.п.

Опцията с OTCleanIt е направена за което отново ви благодаря.

Лека вечер!

Редактирано 4 януари 201016 г. от Big_N (преглед на промените)

Моля, само....

За да премахнете всички инструменти, коити използвахме, а също файловете и папките, които те създават, моля, направете следното:

Моля, изтеглете OTCleanIt създаден от OldTimer:

Запезете го на вашия десктоп.

Кликнете два пъти върху OTCleanIt.exe.

Кликнете на бутона CleanUp!.

Ако по време на почистването Ви се появи предложение за рестартиране на компютъра, изберете Yes. Инструментът ще се премахне сам, след като почистването приключи.

За да се изчистят някои инструменти.