Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Препоръчан отговор


Всичко започна със свалянето на една програма за ЦС hlds_console.rar...Пробвах с различни "tools" да ги премахна но без успех направо започвам с логовете

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:14:15, on 16.5.2010 г.

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Razer\Diamondback 3G\razerhid.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Razer\Diamondback 3G\razerofa.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lvsk.exe

C:\Program Files\Opera\opera.exe

C:\WINDOWS\system32\msiexec.exe

C:\HiJackThis\post.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bg/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 66.98.148.65 auto.search.msn.com

O1 - Hosts: 66.98.148.65 auto.search.msn.es

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/openapi/receivers/FMSI.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe


--

End of file - 4676 bytes

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org


Версия на базата от данни: 4105


Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702


16.5.2010 г. 10:56:36

mbam-log-2010-05-16 (10-56-36).txt


Тип сканиране: Бързо сканиране

Сканирани обекти: 111506

Изминало време: 4 минута(и), 25 секунда(и)


Заразени процеси в паметта: 0

Заразени модули в паметта: 0

Заразени ключове в регистратурата: 0

Заразени стойности в регистратурата: 0

Заразени информационни обекти в регистратурата: 2

Заразени папки: 0

Заразени файлове: 0


Заразени процеси в паметта:

(Не бяха открити зловредни обекти)


Заразени модули в паметта:

(Не бяха открити зловредни обекти)


Заразени ключове в регистратурата:

(Не бяха открити зловредни обекти)


Заразени стойности в регистратурата:

(Не бяха открити зловредни обекти)


Заразени информационни обекти в регистратурата:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.


Заразени папки:

(Не бяха открити зловредни обекти)


Заразени файлове:

(Не бяха открити зловредни обекти)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте!Моля изпълнете следното сканиране и приложете логове за анализ:

1.Изтеглете програмата AVZ и разархивирайте avz4.zip например в папка (c:\antivir).

- стартирате AVZ и обновявате базата с данни (в меню AVZ: Файл - Обновление баз - Пуск):

1500338I.jpg

- в менюто AVZPM изберете "Установить драйвер расширенного мониторинга процессов":

1500363t.jpg

2.Затворете всички програми,временно изключете антивирусната си програма,защитната стена и друг защитен софтуер (ако имате такъв),оставете запуснат само Internet Explorer.

- докато трае сканирането и формирането на логовете изключете си интернета.

3.Стартирате AVZ,(в ОС Windows Vista стартирате с десен бутон на мишката от името на администратор),избираме от Меню - Файл - Стандартные скрипты:

1500405Z.jpg

... поставете отметка на 3-ти скрипт и натискаме "Выполнить отмеченные скрипты".В резултат на изпълнение на скрипта в папката AVZ\LOG ще се създаде архив virusinfo_syscure.zip.:

1500445H.jpg

Внимание:След изпълнение на скрипта рестартирайте компютъра си!

4.Стартирате AVZ,(в ОС Windows Vista стартирате с десен бутон на мишката от името на администратор),избираме от Меню - Файл - Стандартные скрипты и поставете отметка на 2-ри скрипт,натискаме "Выполнить отмеченные скрипты".В резултат на изпълнение на скрипта в папката AVZ\LOG ще се създаде архив virusinfo_syscheck.zip.:

1500476A.jpg

5.Затворете AVZ.Включете си антивирусната програма,защитната стена и интернета.Към темата прикачете:

- virusinfo_syscure.zip

- virusinfo_syscheck.zip

Внимание!!!

  • Не бъркайте архива virusinfo_syscure.zip с virusinfo_cure.zip (втория за сега не ни е нужен)
  • Ако AVZ не се стартира преименувайте файла avz.exe в 123.com (123.pif или 123.cmd)

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

За да направите програмата на руски език:

направете shortcut на иконката на програмата (от инсталационната папка на десктопа си)

десен бутон на иконката ==>properties ==>таб shortcut

ще видите този прозорец - направете посочените корекции:

1553834B.jpg

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Като стартирам програмата се затваря след няклко секунди без еррор

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Аха....ясно!Тогава изтеглте тази специална версия Полиморфна АВЗ и сканирай с нея!След сканирането прикачете логовете в следващия си пост!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Нещата се влошиха мисля...като тръгна да разархивирам ми излиза следния еррор : "Windows cannot access the specified device,path or file. You may not

appropriate permissions to access the item."


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Хм...тогава да направим така:

Изтеглете ComboFix от тук, тук или тук и го запазете на десктопа си.

1. Внимание! Задължително затворете браузера си,временно изключете антивирусната си програма,firewall и друг защитен софтуер.Не стартирайте други програми по време на работа на ComboFix.Combofix може да изключи интернета ви след известно време от началото на стартирането и.Не го включвайте докато Combofix не завърши работата си.Ако интернета не тръгне след завършване на сканирането,рестартирайте компютъра си.По време на работата на Combofix не натискайте бутоните на мишката,това може да стане причина Combofix да увисне.

2.Старирайте combofix.exe,и когат процесът на сканиране завърши,копирайте текста от C:\ComboFix.txt и го прикачете в следвашия си пост.

- ако ComboFix не се стартира преименувайте combofix.exe в combo-fix.exe.

Само един въпрос - когато се опитвахте да стартирате и двата варианта на AVZ ,преименувахте ли я..?

Ако AVZ не се стартира преименувайте файла avz.exe в 123.com (123.pif или 123.cmd)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Нямам Task Manager и за това не мога да спра Avira AntiVirus и тя беше включена докато работи ComboFix ето лога

ComboFix 10-05-15.03 - Administrator 05.2010 г.  16:58:48.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1251.359.1033.18.3327.2857 [GMT 3:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.


.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.


-------\Legacy_ABP470N5

-------\Service_abp470n5



(((((((((((((((((((((((((   Files Created from 2010-04-16 to 2010-05-16  )))))))))))))))))))))))))))))))

.


2010-05-16 13:56 . 2010-05-16 13:56	--------	d-----w-	c:\documents and settings\Administrator\Application Data\WinPatrol

2010-05-16 13:56 . 2010-05-16 13:56	--------	d-----w-	c:\program files\BillP Studios

2010-05-16 13:26 . 2010-05-16 13:26	9216	----a-w-	c:\windows\system32\drivers\uje5otcy.sys

2010-05-16 13:26 . 2010-05-16 13:26	11264	----a-w-	c:\windows\system32\drivers\uze5otcy.sys

2010-05-16 13:19 . 2010-05-16 13:20	--------	d-----w-	C:\avz4

2010-05-16 08:12 . 2010-05-16 08:14	--------	d-----w-	C:\HiJackThis

2010-05-16 07:46 . 2010-05-16 07:46	--------	d--h--w-	c:\windows\system32\GroupPolicy

2010-05-15 19:55 . 2008-04-14 12:00	26624	----a-w-	c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-05-15 19:55 . 2010-05-15 19:55	--------	d-----w-	c:\program files\Windows Media Connect 2

2010-05-15 19:54 . 2010-05-15 19:54	--------	d-----w-	c:\windows\system32\drivers\UMDF

2010-05-15 12:59 . 2010-05-15 13:01	--------	d-----w-	c:\documents and settings\All Users\Application Data\Blizzard Entertainment

2010-05-15 12:59 . 2010-05-15 13:01	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Blizzard Entertainment

2010-05-15 12:58 . 2010-05-15 12:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Blizzard

2010-05-15 10:03 . 2010-05-15 13:01	--------	d-----w-	c:\program files\Common Files\Blizzard Entertainment

2010-05-06 11:26 . 2010-05-06 11:26	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\storage

2010-05-06 11:11 . 2010-05-06 11:11	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Activision

2010-05-02 12:31 . 2010-05-02 12:31	--------	d-----w-	c:\documents and settings\Administrator\Application Data\IGN_DLM

2010-05-01 15:04 . 2010-05-01 15:04	--------	d-----w-	c:\program files\Lavalys

2010-05-01 07:30 . 2010-05-01 07:30	--------	d-----w-	c:\program files\Common Files\Futuremark Shared

2010-04-26 17:35 . 2010-04-29 09:42	2592768	----a-w-	c:\documents and settings\Administrator\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe

2010-04-26 17:35 . 2007-03-22 10:46	196608	----a-w-	c:\documents and settings\Administrator\Application Data\GRETECH\GomPlayer\GrLauncher.exe

2010-04-25 18:11 . 2010-04-25 18:11	--------	d-----w-	c:\program files\XZONE REACTOR Application

2010-04-22 08:07 . 2010-04-22 08:07	74	----a-w-	c:\windows\options.dat

2010-04-22 08:05 . 2010-04-22 08:13	--------	d-----w-	c:\program files\Evisoft

2010-04-22 08:04 . 2010-04-22 08:04	249856	------w-	c:\windows\Setup1.exe

2010-04-22 08:04 . 2010-04-22 08:04	73216	----a-w-	c:\windows\ST6UNST.EXE

2010-04-21 16:28 . 2010-04-21 16:29	664	----a-w-	c:\windows\system32\d3d9caps.dat

2010-04-17 07:06 . 2010-04-18 11:37	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Rockstar Games

2010-04-17 06:47 . 2010-04-17 06:47	--------	d-----w-	c:\windows\system32\xlive

2010-04-17 06:47 . 2010-04-17 06:47	--------	d-----w-	c:\program files\Microsoft Games for Windows - LIVE

2010-04-16 19:18 . 2010-04-16 19:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\TVU Networks

2010-04-16 19:18 . 2010-04-16 19:18	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\TVU Networks

2010-04-16 19:16 . 2010-04-16 19:16	--------	d-----w-	c:\documents and settings\Administrator\LocalLow

2010-04-16 19:16 . 2010-04-16 19:18	--------	d-----w-	c:\program files\TVUPlayer


.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-16 14:02 . 2010-03-28 16:41	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Skype

2010-05-16 13:00 . 2010-03-28 16:42	--------	d-----w-	c:\documents and settings\Administrator\Application Data\skypePM

2010-05-16 12:17 . 2010-04-06 15:29	137256	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys

2010-05-16 12:17 . 2010-04-06 15:28	218808	----a-w-	c:\windows\system32\PnkBstrB.exe

2010-05-16 08:08 . 2010-04-11 12:05	117760	----a-w-	c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-05-15 19:57 . 2010-03-28 17:15	--------	d-----w-	c:\documents and settings\Administrator\Application Data\uTorrent

2010-05-07 08:53 . 2010-04-02 14:45	--------	d-----w-	c:\program files\Garena

2010-05-06 11:25 . 2010-04-08 10:44	--------	d-----w-	c:\documents and settings\All Users\Application Data\Ubisoft

2010-05-05 08:41 . 2010-04-11 12:04	--------	d-----w-	c:\program files\SUPERAntiSpyware

2010-05-01 14:59 . 2010-03-28 16:40	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware

2010-05-01 07:30 . 2010-03-28 16:01	--------	d--h--w-	c:\program files\InstallShield Installation Information

2010-04-30 16:16 . 2010-04-15 10:06	--------	d-----w-	c:\program files\Opera

2010-04-29 12:39 . 2010-03-28 16:40	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 12:39 . 2010-03-28 16:40	20952	----a-w-	c:\windows\system32\drivers\mbam.sys

2010-04-23 17:14 . 2010-04-06 20:58	--------	d-----w-	c:\program files\TeamSpeak 3 Client

2010-04-20 18:37 . 2010-03-28 16:40	--------	d-----w-	c:\program files\CCleaner

2010-04-13 07:32 . 2010-04-13 07:32	--------	d-----w-	c:\program files\CPUID

2010-04-11 12:05 . 2010-04-11 12:05	52224	----a-w-	c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-04-11 12:04 . 2010-04-11 12:04	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-04-11 12:04 . 2010-04-11 12:04	--------	d-----w-	c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2010-04-11 12:04 . 2010-04-11 12:04	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard

2010-04-10 19:32 . 2010-04-10 19:32	--------	d-----w-	c:\program files\SopCast

2010-04-08 10:44 . 2010-04-08 10:44	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Ubisoft

2010-04-08 10:43 . 2010-04-08 10:43	--------	d-----w-	c:\program files\Ubisoft

2010-04-07 18:32 . 2010-04-07 18:26	--------	d-----w-	c:\documents and settings\Administrator\Application Data\TeamViewer

2010-04-06 21:00 . 2010-04-06 20:58	--------	d-----w-	c:\documents and settings\Administrator\Application Data\TS3Client

2010-04-06 15:38 . 2010-04-06 15:38	--------	d--h--r-	c:\documents and settings\Administrator\Application Data\SecuROM

2010-04-06 15:29 . 2010-04-06 15:29	138056	----a-w-	c:\documents and settings\Administrator\Application Data\PnkBstrK.sys

2010-04-06 15:29 . 2010-04-06 15:29	138056	----a-w-	c:\documents and settings\Administrator\Application Data\PnkBstrK.sys

2010-04-06 15:28 . 2010-04-06 15:28	75064	----a-w-	c:\windows\system32\PnkBstrA.exe

2010-04-06 15:28 . 2010-04-06 15:28	2434856	----a-w-	c:\windows\system32\pbsvc_bc2.exe

2010-04-06 13:55 . 2010-04-06 13:55	--------	d-----w-	c:\program files\Common Files\Adobe

2010-04-02 19:25 . 2010-04-02 19:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\KONAMI

2010-04-02 10:51 . 2010-04-02 10:51	--------	d-sh--w-	c:\documents and settings\All Users\Application Data\SecuROM

2010-04-02 10:48 . 2010-04-02 10:48	--------	d-----w-	c:\documents and settings\All Users\Application Data\Turbine

2010-04-02 10:39 . 2010-04-02 10:39	--------	d-----w-	c:\documents and settings\Administrator\Application Data\mIRC

2010-04-02 10:29 . 2010-04-02 10:29	--------	d-----w-	c:\program files\Common Files\INCA Shared

2010-04-02 10:25 . 2010-04-02 10:25	281760	----a-w-	c:\windows\system32\drivers\atksgt.sys

2010-04-02 10:25 . 2010-04-02 10:25	25888	----a-w-	c:\windows\system32\drivers\lirsgt.sys

2010-04-02 06:37 . 2010-04-01 17:47	--------	d-----w-	c:\program files\Common Files\Adobe AIR

2010-04-02 06:37 . 2010-04-01 17:47	38784	----a-w-	c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-04-01 19:33 . 2010-04-01 19:25	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP

2010-04-01 19:25 . 2010-04-01 19:25	--------	d-----w-	c:\documents and settings\Administrator\Application Data\URSoft

2010-04-01 17:47 . 2010-04-01 17:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\EA Core

2010-04-01 17:47 . 2010-04-01 17:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\Electronic Arts

2010-04-01 17:46 . 2010-04-01 17:46	--------	d-----w-	c:\program files\Electronic Arts

2010-04-01 17:44 . 2010-03-28 16:01	--------	d-----w-	c:\program files\Common Files\InstallShield

2010-04-01 17:38 . 2010-04-01 17:38	--------	d-----w-	c:\program files\VS Revo Group

2010-04-01 09:12 . 2010-04-01 09:12	--------	d-----w-	c:\documents and settings\Administrator\Application Data\GRETECH

2010-04-01 09:10 . 2010-04-01 09:10	--------	d-----w-	c:\program files\GRETECH

2010-04-01 08:48 . 2010-04-01 08:48	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Media Player Classic

2010-03-31 19:49 . 2010-03-28 15:53	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-03-30 20:38 . 2010-04-13 07:32	20968	----a-w-	c:\windows\system32\drivers\cpuz133_x32.sys

2010-03-29 18:13 . 2010-03-29 18:13	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Ventrilo

2010-03-29 18:13 . 2010-03-29 18:13	--------	d-----w-	c:\program files\VentriloMIX

2010-03-29 16:06 . 2010-03-28 16:01	12328	----a-w-	c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-29 07:15 . 2010-03-29 07:14	--------	d-----w-	c:\documents and settings\Administrator\Application Data\GetRightToGo

2010-03-29 06:48 . 2010-03-28 20:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\NOS

2010-03-28 20:44 . 2010-03-28 20:44	2030384	----a-w-	c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe

2010-03-28 18:09 . 2010-03-28 18:09	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Avira

2010-03-28 18:05 . 2010-03-28 18:05	8992	----a-w-	c:\windows\system32\kbdbph.dll

2010-03-28 17:55 . 2010-03-28 17:54	--------	d-----w-	c:\program files\K-Lite Codec Pack

2010-03-28 17:40 . 2010-03-28 17:40	--------	d-----w-	c:\program files\PowerISO

2010-03-28 17:37 . 2010-03-28 17:37	--------	d-----w-	c:\program files\MSBuild

2010-03-28 17:37 . 2010-03-28 17:37	--------	d-----w-	c:\program files\Reference Assemblies

2010-03-28 17:00 . 2010-03-28 17:00	--------	d-----w-	c:\documents and settings\All Users\Application Data\ATI

2010-03-28 17:00 . 2010-03-28 17:00	--------	d-----w-	c:\documents and settings\Administrator\Application Data\ATI

2010-03-28 16:57 . 2010-03-28 16:57	--------	d-----w-	c:\program files\DIFX

2010-03-28 16:57 . 2010-03-28 16:57	--------	d-----w-	c:\program files\Razer

2010-03-28 16:57 . 2010-03-28 16:57	--------	d-----w-	c:\documents and settings\Administrator\Application Data\InstallShield

2010-03-28 16:47 . 2010-03-28 16:47	--------	d-----w-	c:\program files\AMD

2010-03-28 16:42 . 2010-03-28 16:42	56	---ha-w-	c:\windows\system32\ezsidmv.dat

2010-03-28 16:41 . 2010-03-28 16:41	--------	d-----r-	c:\program files\Skype

2010-03-28 16:41 . 2010-03-28 16:41	--------	d-----w-	c:\program files\Common Files\Skype

2010-03-28 16:40 . 2010-03-28 16:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype

2010-03-28 16:40 . 2010-03-28 16:40	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-03-28 16:40 . 2010-03-28 16:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-28 16:20 . 2010-03-28 16:20	319488	----a-w-	c:\windows\HideWin.exe

2010-03-28 16:10 . 2010-03-28 16:06	--------	d-----w-	c:\program files\ATI

2010-03-28 16:09 . 2010-03-28 16:09	--------	d-----w-	c:\program files\Avira

2010-03-28 16:09 . 2010-03-28 16:09	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira

2010-03-01 06:05 . 2010-03-28 16:09	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys

2010-02-25 19:55 . 2010-03-28 16:07	201875	----a-w-	c:\windows\system32\atiicdxx.dat

2010-02-25 06:24 . 2008-04-14 12:00	916480	----a-w-	c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2008-04-14 12:00	455680	----a-w-	c:\windows\system32\drivers\mrxsmb.sys

2010-02-22 14:57 . 2010-03-28 16:01	358944	----a-w-	c:\windows\vncutil.exe

2010-02-22 14:56 . 2010-03-28 16:01	51232	----a-w-	c:\windows\system32\RtkCoInstXP.dll

2010-02-22 14:56 . 2010-03-28 16:01	129568	----a-w-	c:\windows\RtkAudioService.exe

2010-02-16 14:08 . 2008-04-14 12:00	2146304	----a-w-	c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25 . 2008-04-14 00:01	2024448	----a-w-	c:\windows\system32\ntkrnlpa.exe

2010-02-16 10:24 . 2010-03-28 16:09	60936	----a-w-	c:\windows\system32\drivers\avgntflt.sys

.


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-07 26211624]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 163840]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 155648]

"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]

"Task Catcher"="c:\program files\BillP Studios\Task Catcher\tasktrap.exe" [2006-08-15 210488]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)


[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 12:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 10:43	69632	------r-	c:\windows\Alcmtr.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

2007-04-17 04:59	2953216	----a-w-	c:\program files\Electronic Arts\EA Link\Core.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2009-11-09 03:17	258048	----a-w-	c:\program files\PowerISO\PWRISOVM.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2008-04-10 08:52	16861184	------r-	c:\windows\RTHDCPL.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"idsvc"=3 (0x3)

"IDriverT"=3 (0x3)


[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"d:\\games\\cs1.6nonsteam\\hl.exe"=

"c:\\Program Files\\Garena\\Garena.exe"=

"d:\\games\\cs1.6nonsteam\\hlds.exe"=

"d:\\games\\bfbc2\\BFBC2Updater.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"d:\\games\\bfbc2\\BFBC2Game.exe"=

"d:\\utdownload\\uTorrent.exe"=

"c:\\Documents and Settings\\Administrator\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Documents and Settings\\Administrator\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=

"d:\\utorrent2folder\\TeamViewer 5.0 Build 8081 + Portable\\TeamViewerPortable_en\\TeamViewer.exe"=

"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=

"d:\\games\\ac2\\AssassinsCreedIIGame.exe"=

"d:\\games\\ac2\\AssassinsCreedII.exe"=

"d:\\games\\ac2\\UPlayBrowser.exe"=

"c:\\Documents and Settings\\Administrator\\Desktop\\gamess\\Server\\server.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

"d:\\utorrent2folder\\gta iv episodes from liberty city\\gta iv episodes from liberty city\\EFLC\\EFLC.exe"=

"d:\\games\\cod4\\iw3mp.exe"=

"d:\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=

"d:\\games\\cod5waw\\CoDWaWmp.exe"=

"d:\\games\\css 2009\\CSS\\hl2.exe"=

"d:\\Steam\\steamapps\\sotisbg\\counter-strike\\hl.exe"=

"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724


R1 AVZRK;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uze5otcy.sys [16.5.2010 г. 16:26 11264]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 г. 11:25 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2010 г. 11:15 66632]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [13.4.2010 г. 10:32 20968]

R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [28.3.2010 г. 19:57 13225]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.3.2010 г. 19:01 1691480]

S3 AVZSG;AVZ-SG Kernel Driver;c:\windows\system32\drivers\uje5otcy.sys [16.5.2010 г. 16:26 9216]

S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\NNC1A0.tmp --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\NNC1A0.tmp [?]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2010 г. 11:15 12872]

S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [28.3.2010 г. 19:09 135336]


--- Other Services/Drivers In Memory ---


*NewlyCreated* - ABP470N5

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.bg/

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-16 17:02

Windows 5.1.2600 Service Pack 3 NTFS


scanning hidden processes ...  


scanning hidden autostart entries ... 


scanning hidden files ...  


scan completed successfully

hidden files: 0


**************************************************************************


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\NNC1A0.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------


[HKEY_USERS\S-1-5-21-1844237615-492894223-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,70,08,b8,08,b4,61,42,a2,4b,8c,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,70,08,b8,08,b4,61,42,a2,4b,8c,\


[HKEY_USERS\S-1-5-21-1844237615-492894223-1801674531-500\Software\SecuROM\License information*]

"datasecu"=hex:7a,90,93,77,35,fd,99,ed,d6,d5,26,25,4a,02,8a,ec,b9,24,9e,fc,5f,

   18,5c,8e,60,6c,0d,3d,b6,18,ba,03,38,72,d9,69,58,bf,ea,99,57,e9,bc,e3,d1,a1,\

"rkeysecu"=hex:70,70,37,bc,15,01,49,7d,2b,f1,1c,58,dd,56,c0,2d

.

--------------------- DLLs Loaded Under Running Processes ---------------------


- - - - - - - > 'winlogon.exe'(788)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll


- - - - - - - > 'explorer.exe'(2416)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Skype\Phone\Skype.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\program files\Razer\Diamondback 3G\razerofa.exe

.

**************************************************************************

.

Completion time: 2010-05-16  17:03:26 - machine was rebooted

ComboFix-quarantined-files.txt  2010-05-16 14:03


Pre-Run: 13 958 606 848 bytes free

Post-Run: 14 182 690 816 bytes free


WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer


- - End Of File - - 6DE203C641C303B7473D12762E380DAE

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изключително ми е неприятно...но системата ви е заразена с полиморфен вирус Sality.Борбата с него е загубена кауза.Затова ви препоръчвам ФОРМАТИРАНЕ И ПРЕИНСТАЛИРАНЕ НА LOCAL DISK C .Още веднъж съжалявам!sad.gif

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
публикувано (редактирано)

Sality и други вируси [РЕШЕН] http://www.kaldata.com/forums/index.php?showtopic=152496 ???

Става дума за тема с мое участие. В тази тема, която си посочил имаше само един файл, който беше заподозрян от MBAM за следа от Sality (A0090334.dll). За разлика от този случай при теб има услуга abp470n5, което прави нещата доста по-различни.

P.S. icotonev, извинявай, че се намесвам.

Редактирано от nologo (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

И все пак не може нищо да се направи поне да не форматирам .. sad.gif

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Няма проблеми!Това е вариант,който в този случай мисля че няма да помогне!sotkata още веднъж съжалявам!

И все пак ако искате пробвайте:

1.Изтеглете Dr.Web CureIt

- стартирате я.

- натиснете клавиш F9 и направете следните настройки:

- В категория проверка се придвижете до списък с изключени файлове.

- Маркирайте всичките и изберете Изтрий. Потвърдете с Apply.

Намалено до 98% (от616 x 387) - Щракнете за да увеличите1544185S.jpg

- Придвижете се до категория действия.

- Приложете настройките от снимката и натиснете Apply.

Намалено до 98% (от614 x 385) - Щракнете за да увеличите1544189I.jpg

- Пуснете пълна проверка на системата.

- Публикувайте лог файла (DrWeb.csv) от проверката в следващия си пост.

Сканирането ще отнеме време!Бъдете търпеливи!

2.Изтеглете инструмента SalityKiller

- разархивирате го и стартирате файла SalityKiller.exe.

- необходимо е да изтеглите и инструмента Sality_RegKeys

Toй позволява да възстановите безопасния режим и да изключите Autorun от сменяеми носители.

Пълно описание на инструментите и методиката за работа с тях можете да намерите тук

3.Третия метод е с използване на LiveCD

В нашия случай(заразяване с файлов вирус) ви препоръчвам Dr.Web LiveCD или Avira AntiVir Rescue System

- Dr.Web LiveCD ще възстанови работоспособноста на системата,ще почисти компютъра ви от заразени и подозрителни файлове,ще се опита да излекува заразени обекти.Директен линк за изтегляне

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Аз от преди много време съм го пуснал да сканира до сега е открило доста файлове заразени с Win32.Sector.19 ще изчакам и после ще пробвам с SalityKiller

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сканирането ще отнеме време!Бъдете търпеливи!Дано има ефект..!sad.gif

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ок ще пиша какво е станало след сканирането...

От тук ли го дръпна?

Файла е заразен със Sality!

Внимание,предоставя се връзка към опасен файл!

http://cs-bg.info/forum/viewtopic.php?f=10&t=42709

Sality проявява апетит към всички файлове с разширения .exe и .scr.Така,че внимавай кои файлове пренасяш и запазваш,след пре-инсталацията.Внимавай също и с преносими/външни памети,които си ползвал,те също може да са заразени.

P.s. И другия път когато ти покаже Avira съобщение, че файла е заразен,не го игнорирай ами го качи тук там ,преди да му дадеш пълна свобода,ако мислиш че е FP.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Аз съм модератор там и след решение на екипа как да се подходи в случая ще бъдат взети мерки. Много съжалявам!

П.П.: Файлът е премахнат!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Вече мога да отварям Task Manager и Regedit но все още имам проблеми с отварянето на някой програми...все пак ще дам един лог от HJT да се види състоянието на машината

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:09:45, on 17.5.2010 г.

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Razer\Diamondback 3G\razerhid.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\a-squared Free\a2service.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Razer\Diamondback 3G\razerofa.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\HJT\Trend Micro\HiJackThis\post.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bg/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe

O4 - HKLM\..\Run: [Task Catcher] C:\Program Files\BillP Studios\Task Catcher\tasktrap.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: setup_9.0.0.722_16.05.2010_19-23.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\setup_9.0.0.722_16.05.2010_19-23\startup.exe

O8 - Extra context menu item: Добави към Защитата от банери - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

O9 - Extra button: &Виртуална клавиатура - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: Сканиране на вр&ъзки - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/openapi/receivers/FMSI.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


--

End of file - 5623 bytes

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

ComboFix 10-05-16.01 - Administrator 05.2010 г. 10:25:26.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.3327.2791 [GMT 3:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ABP470N5

((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))

.

2010-05-17 07:08 . 2010-05-17 07:08 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-05-17 07:08 . 2010-05-17 07:08 -------- d-----w- c:\program files\HJT

2010-05-17 06:26 . 2010-05-17 06:34 -------- d-----w- c:\program files\a-squared Free

2010-05-17 06:26 . 2010-05-17 06:47 113933 ----a-w- c:\windows\system32\drivers\klin.dat

2010-05-17 06:26 . 2010-05-17 06:47 97549 ----a-w- c:\windows\system32\drivers\klick.dat

2010-05-17 06:25 . 2010-05-17 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2010-05-17 06:25 . 2010-05-17 06:37 -------- d-----w- c:\program files\Kaspersky Lab

2010-05-17 06:09 . 2010-05-17 06:09 7168 ----a-w- c:\windows\system32\drivers\ute5otcy.sys

2010-05-16 16:31 . 2009-10-22 10:54 37392 ----a-w- c:\windows\system32\drivers\07627402.sys

2010-05-16 16:31 . 2009-10-09 20:31 315408 ----a-w- c:\windows\system32\drivers\0762740.sys

2010-05-16 16:31 . 2009-09-25 14:59 128016 ----a-w- c:\windows\system32\drivers\07627401.sys

2010-05-16 14:27 . 2010-05-16 14:27 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb

2010-05-16 14:20 . 2010-05-16 14:26 -------- d-----w- c:\program files\Exterminate It!

2010-05-16 13:56 . 2010-05-16 13:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\WinPatrol

2010-05-16 13:56 . 2010-05-16 13:56 -------- d-----w- c:\program files\BillP Studios

2010-05-16 13:26 . 2010-05-16 13:26 9216 ----a-w- c:\windows\system32\drivers\uje5otcy.sys

2010-05-16 13:26 . 2010-05-16 13:26 11264 ----a-w- c:\windows\system32\drivers\uze5otcy.sys

2010-05-16 13:19 . 2010-05-16 13:20 -------- d-----w- C:\avz4

2010-05-16 07:46 . 2010-05-16 07:46 -------- d--h--w- c:\windows\system32\GroupPolicy

2010-05-15 19:55 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-05-15 19:55 . 2010-05-15 19:55 -------- d-----w- c:\program files\Windows Media Connect 2

2010-05-15 19:54 . 2010-05-15 19:54 -------- d-----w- c:\windows\system32\drivers\UMDF

2010-05-15 12:59 . 2010-05-15 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment

2010-05-15 12:59 . 2010-05-15 13:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Blizzard Entertainment

2010-05-15 12:58 . 2010-05-15 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard

2010-05-15 10:03 . 2010-05-15 13:01 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2010-05-06 11:26 . 2010-05-06 11:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\storage

2010-05-06 11:11 . 2010-05-06 11:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Activision

2010-05-02 12:31 . 2010-05-02 12:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\IGN_DLM

2010-05-01 15:04 . 2010-05-01 15:04 -------- d-----w- c:\program files\Lavalys

2010-05-01 07:30 . 2010-05-01 07:30 -------- d-----w- c:\program files\Common Files\Futuremark Shared

2010-04-26 17:35 . 2010-04-29 09:42 2519221 ----a-w- c:\documents and settings\Administrator\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe

2010-04-26 17:35 . 2007-03-22 10:46 127560 ----a-w- c:\documents and settings\Administrator\Application Data\GRETECH\GomPlayer\GrLauncher.exe

2010-04-25 18:11 . 2010-04-25 18:11 -------- d-----w- c:\program files\XZONE REACTOR Application

2010-04-22 08:07 . 2010-04-22 08:07 74 ----a-w- c:\windows\options.dat

2010-04-22 08:05 . 2010-04-22 08:13 -------- d-----w- c:\program files\Evisoft

2010-04-22 08:04 . 2010-04-22 08:04 249856 ------w- c:\windows\Setup1.exe

2010-04-22 08:04 . 2010-04-22 08:04 73216 ----a-w- c:\windows\ST6UNST.EXE

2010-04-21 16:28 . 2010-04-21 16:29 664 ----a-w- c:\windows\system32\d3d9caps.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-17 07:29 . 2010-03-28 16:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype

2010-05-17 07:03 . 2010-04-06 15:28 218808 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-05-17 06:59 . 2010-04-06 15:29 137256 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-05-17 06:27 . 2010-03-28 17:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent

2010-05-17 05:19 . 2010-03-28 16:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM

2010-05-16 08:08 . 2010-04-11 12:05 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-05-07 08:53 . 2010-04-02 14:45 -------- d-----w- c:\program files\Garena

2010-05-06 11:25 . 2010-04-08 10:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft

2010-05-05 08:41 . 2010-04-11 12:04 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-05-01 14:59 . 2010-03-28 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-01 07:30 . 2010-03-28 16:01 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-04-30 16:16 . 2010-04-15 10:06 -------- d-----w- c:\program files\Opera

2010-04-29 12:39 . 2010-03-28 16:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 12:39 . 2010-03-28 16:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-23 17:14 . 2010-04-06 20:58 -------- d-----w- c:\program files\TeamSpeak 3 Client

2010-04-20 18:37 . 2010-03-28 16:40 -------- d-----w- c:\program files\CCleaner

2010-04-17 06:47 . 2010-04-17 06:47 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

2010-04-16 19:18 . 2010-04-16 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks

2010-04-16 19:18 . 2010-04-16 19:16 -------- d-----w- c:\program files\TVUPlayer

2010-04-13 07:32 . 2010-04-13 07:32 -------- d-----w- c:\program files\CPUID

2010-04-11 12:05 . 2010-04-11 12:05 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-04-11 12:04 . 2010-04-11 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-04-11 12:04 . 2010-04-11 12:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2010-04-11 12:04 . 2010-04-11 12:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-04-10 19:32 . 2010-04-10 19:32 -------- d-----w- c:\program files\SopCast

2010-04-08 10:44 . 2010-04-08 10:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ubisoft

2010-04-08 10:43 . 2010-04-08 10:43 -------- d-----w- c:\program files\Ubisoft

2010-04-07 18:32 . 2010-04-07 18:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\TeamViewer

2010-04-06 21:00 . 2010-04-06 20:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\TS3Client

2010-04-06 15:38 . 2010-04-06 15:38 -------- d--h--r- c:\documents and settings\Administrator\Application Data\SecuROM

2010-04-06 15:29 . 2010-04-06 15:29 138056 ----a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys

2010-04-06 15:29 . 2010-04-06 15:29 138056 ----a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys

2010-04-06 15:28 . 2010-04-06 15:28 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2010-04-06 15:28 . 2010-04-06 15:28 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe

2010-04-06 13:55 . 2010-04-06 13:55 -------- d-----w- c:\program files\Common Files\Adobe

2010-04-02 19:25 . 2010-04-02 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI

2010-04-02 10:51 . 2010-04-02 10:51 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM

2010-04-02 10:48 . 2010-04-02 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Turbine

2010-04-02 10:39 . 2010-04-02 10:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\mIRC

2010-04-02 10:29 . 2010-04-02 10:29 -------- d-----w- c:\program files\Common Files\INCA Shared

2010-04-02 10:25 . 2010-04-02 10:25 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys

2010-04-02 10:25 . 2010-04-02 10:25 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys

2010-04-02 06:37 . 2010-04-01 17:47 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-04-02 06:37 . 2010-04-01 17:47 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-04-01 19:33 . 2010-04-01 19:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-04-01 19:25 . 2010-04-01 19:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\URSoft

2010-04-01 17:47 . 2010-04-01 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\EA Core

2010-04-01 17:47 . 2010-04-01 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts

2010-04-01 17:46 . 2010-04-01 17:46 -------- d-----w- c:\program files\Electronic Arts

2010-04-01 17:44 . 2010-03-28 16:01 -------- d-----w- c:\program files\Common Files\InstallShield

2010-04-01 17:38 . 2010-04-01 17:38 -------- d-----w- c:\program files\VS Revo Group

2010-04-01 09:12 . 2010-04-01 09:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\GRETECH

2010-04-01 09:10 . 2010-04-01 09:10 -------- d-----w- c:\program files\GRETECH

2010-04-01 08:48 . 2010-04-01 08:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic

2010-03-31 19:49 . 2010-03-28 15:53 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-03-30 20:38 . 2010-04-13 07:32 20968 ----a-w- c:\windows\system32\drivers\cpuz133_x32.sys

2010-03-29 18:13 . 2010-03-29 18:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ventrilo

2010-03-29 18:13 . 2010-03-29 18:13 -------- d-----w- c:\program files\VentriloMIX

2010-03-29 16:06 . 2010-03-28 16:01 12328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-29 07:15 . 2010-03-29 07:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo

2010-03-29 06:48 . 2010-03-28 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-03-28 20:44 . 2010-03-28 20:44 1957463 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe

2010-03-28 18:05 . 2010-03-28 18:05 8992 ----a-w- c:\windows\system32\kbdbph.dll

2010-03-28 17:55 . 2010-03-28 17:54 -------- d-----w- c:\program files\K-Lite Codec Pack

2010-03-28 17:40 . 2010-03-28 17:40 -------- d-----w- c:\program files\PowerISO

2010-03-28 17:37 . 2010-03-28 17:37 -------- d-----w- c:\program files\MSBuild

2010-03-28 17:37 . 2010-03-28 17:37 -------- d-----w- c:\program files\Reference Assemblies

2010-03-28 17:00 . 2010-03-28 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI

2010-03-28 17:00 . 2010-03-28 17:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI

2010-03-28 16:57 . 2010-03-28 16:57 -------- d-----w- c:\program files\DIFX

2010-03-28 16:57 . 2010-03-28 16:57 -------- d-----w- c:\program files\Razer

2010-03-28 16:57 . 2010-03-28 16:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield

2010-03-28 16:47 . 2010-03-28 16:47 -------- d-----w- c:\program files\AMD

2010-03-28 16:42 . 2010-03-28 16:42 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-03-28 16:41 . 2010-03-28 16:41 -------- d-----r- c:\program files\Skype

2010-03-28 16:41 . 2010-03-28 16:41 -------- d-----w- c:\program files\Common Files\Skype

2010-03-28 16:40 . 2010-03-28 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2010-03-28 16:40 . 2010-03-28 16:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-03-28 16:40 . 2010-03-28 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-28 16:20 . 2010-03-28 16:20 319488 ----a-w- c:\windows\HideWin.exe

2010-03-28 16:10 . 2010-03-28 16:06 -------- d-----w- c:\program files\ATI

2010-02-25 06:24 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-22 14:57 . 2010-03-28 16:01 358944 ----a-w- c:\windows\vncutil.exe

2010-02-22 14:56 . 2010-03-28 16:01 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll

2010-02-22 14:56 . 2010-03-28 16:01 129568 ----a-w- c:\windows\RtkAudioService.exe

2010-02-16 14:08 . 2008-04-14 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

((((((((((((((((((((((((((((( [email protected]_14.02.23 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-05-17 07:29 . 2010-05-17 07:29 16384 c:\windows\temp\Perflib_Perfdata_dc0.dat

+ 2009-09-09 16:01 . 2009-09-09 16:01 27675 c:\windows\system32\drivers\klopp.dat

+ 2009-10-02 16:39 . 2009-10-02 16:39 19472 c:\windows\system32\drivers\klmouflt.sys

+ 2009-09-14 11:42 . 2009-09-14 11:42 32272 c:\windows\system32\drivers\klim5.sys

+ 2009-10-14 18:18 . 2009-10-14 18:18 36880 c:\windows\system32\drivers\klbg.sys

+ 2010-05-17 06:42 . 2010-05-17 06:36 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2010-05-17 06:42 . 2010-05-17 06:36 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2010-05-17 06:42 . 2010-05-17 06:36 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-10-20 17:34 . 2009-10-20 17:34 219664 c:\windows\system32\klogon.dll

+ 2010-05-17 06:25 . 2010-05-17 06:47 315408 c:\windows\system32\drivers\klif.sys

+ 2009-09-01 12:29 . 2009-09-01 12:29 128016 c:\windows\system32\drivers\kl1.sys

+ 2010-05-17 06:26 . 2010-05-17 06:26 3419136 c:\windows\Installer\4541c.msi

+ 2010-05-17 07:08 . 2010-05-17 07:08 1094656 c:\windows\Installer\12502e.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-07 26211624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98423]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77875]

"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]

"Task Catcher"="c:\program files\BillP Studios\Task Catcher\tasktrap.exe" [2006-08-15 141575]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

setup_9.0.0.722_16.05.2010_19-23.lnk - c:\documents and settings\Administrator\Desktop\programs\Virus Removal Tool\setup_9.0.0.722_16.05.2010_19-23\startup.exe [2010-5-16 72208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

2007-04-17 04:59 2888059 ----a-w- c:\program files\Electronic Arts\EA Link\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2009-11-09 03:17 181071 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2008-04-10 08:52 16861184 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"idsvc"=3 (0x3)

"IDriverT"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"d:\\games\\cs1.6nonsteam\\hl.exe"=

"c:\\Program Files\\Garena\\Garena.exe"=

"d:\\games\\cs1.6nonsteam\\hlds.exe"=

"d:\\games\\bfbc2\\BFBC2Updater.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"d:\\games\\bfbc2\\BFBC2Game.exe"=

"d:\\utdownload\\uTorrent.exe"=

"c:\\Documents and Settings\\Administrator\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Documents and Settings\\Administrator\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=

"d:\\utorrent2folder\\TeamViewer 5.0 Build 8081 + Portable\\TeamViewerPortable_en\\TeamViewer.exe"=

"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=

"d:\\games\\ac2\\AssassinsCreedIIGame.exe"=

"d:\\games\\ac2\\AssassinsCreedII.exe"=

"d:\\games\\ac2\\UPlayBrowser.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

"d:\\utorrent2folder\\gta iv episodes from liberty city\\gta iv episodes from liberty city\\EFLC\\EFLC.exe"=

"d:\\games\\cod4\\iw3mp.exe"=

"d:\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=

"d:\\games\\cod5waw\\CoDWaWmp.exe"=

"d:\\games\\css 2009\\CSS\\hl2.exe"=

"d:\\Steam\\steamapps\\sotisbg\\counter-strike\\hl.exe"=

"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 07627402;07627402 Boot Guard Driver;c:\windows\system32\drivers\07627402.sys [16.5.2010 г. 19:31 37392]

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14.10.2009 г. 21:18 36880]

R1 07627401;07627401;c:\windows\system32\drivers\07627401.sys [16.5.2010 г. 19:31 128016]

R1 AVZRK;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uze5otcy.sys [16.5.2010 г. 16:26 11264]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 г. 11:25 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2010 г. 11:15 66632]

R1 setup_9.0.0.722_16.05.2010_19-23drv;setup_9.0.0.722_16.05.2010_19-23drv;c:\windows\system32\drivers\0762740.sys [16.5.2010 г. 19:31 315408]

R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [17.5.2010 г. 09:26 1872320]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [13.4.2010 г. 10:32 20968]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.9.2009 г. 14:42 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02.10.2009 г. 19:39 19472]

R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [28.3.2010 г. 19:57 13225]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.3.2010 г. 19:01 1691480]

S3 AVZSG;AVZ-SG Kernel Driver;c:\windows\system32\drivers\uje5otcy.sys [16.5.2010 г. 16:26 9216]

S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\NNC1A0.tmp --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\NNC1A0.tmp [?]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2010 г. 11:15 12872]

S3 ute5otcy;AVZ Kernel Driver;c:\windows\system32\drivers\ute5otcy.sys [17.5.2010 г. 09:09 7168]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.bg/

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-17 10:29

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\NNC1A0.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-492894223-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,70,08,b8,08,b4,61,42,a2,4b,8c,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,70,08,b8,08,b4,61,42,a2,4b,8c,\

[HKEY_USERS\S-1-5-21-1844237615-492894223-1801674531-500\Software\SecuROM\License information*]

"datasecu"=hex:d6,60,26,d0,a2,94,d5,b0,60,17,7e,50,58,e3,21,12,5e,77,f1,3f,05,

a7,3d,5b,70,5f,09,3f,11,91,37,28,d7,74,d9,07,49,42,d4,26,2a,f2,91,c6,a9,52,\

"rkeysecu"=hex:2d,29,ad,26,62,ab,0a,ac,32,49,3e,29,b6,10,33,ab

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1136)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

- - - - - - - > 'explorer.exe'(196)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\program files\Razer\Diamondback 3G\razerofa.exe

.

**************************************************************************

.

Completion time: 2010-05-17 10:30:54 - machine was rebooted

ComboFix-quarantined-files.txt 2010-05-17 07:30

Pre-Run: 13 439 594 496 bytes free

Post-Run: 13 396 590 592 bytes free

- - End Of File - - 9F6A57089E68C111392F07FE0B755D6B

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Sorry..! Sality!Вие кои варианти използвахте....имам впредвид пост 12..?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сканирах с Dr.Web CruteIt и Kaspersky Removal Tool явно ще се прави преинстал..Все пак благодаря

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

А варианта с LiveCD......?

За най - голямо съжаление (въпреки че подкрепяме един отбор)....нещата въвят към формат..!sad.gif

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Добави ново...