Jump to content

Проблем с интернет страниците

Вання
 Share

Препоръчан пост

  • Отговори 61
  • Създадена
  • Последен отговор

ТОП потребители в тази тема

Популярни дни

ТОП потребители в тази тема

Популярни дни

Публикувани изображения

leon70 Новобранец

leon70

Публикувано
Публикувано
Google Chrome-настройки-опции-основни положения-управление на търсещите машини-опции за търсене по подразбиране-Google/по подразбиране/,в полето други търсещи машини не трябва да има нищо/каквото се е набутало там го махаш-с x бутона в края/.При инсталиране на Calling ID Advisor търсеща машина по подразбиране става автоматично Calling.Макар и за кратко в RuTracker.org автоматично ми набута нейна си търсеща машина.Засега нямам наблюдения върху други сайтове за такава наглост,после защо е бавен и забива браузъра.

post-14131-0-22824300-1328896504_thumb.jpg

Link to comment
Сподели другаде
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

Здравей Ваня,

 

Не виждам нищо притеснително в лог файла освен досадния Ask тулбар.

Можем да го разкараме ефективно по този начин:

 

 

Стартирайте отново OTL, копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки пред OTL командата.

:OTL
PRC - [2012.01.03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
IE - HKU\S-1-5-21-3118922081-1402420470-1374877442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15187
IE - HKU\S-1-5-21-3118922081-1402420470-1374877442-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100010
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&apn_uid=7e435537-6536-4596-ba2c-304a4d1b8853&apn_ptnrs=RY&apn_sauid=E7BDD1B0-3756-46B0-9F16-C55EF3415E82&apn_dtid=YYYYYYYYBG&&q="
[2012.02.08 19:22:09 | 000,000,000 | ---D | M] ("KMPlayer Toolbar") -- C:\Users\Vanja\AppData\Roaming\Mozilla\Firefox\Profiles\cnknakip.default\extensions\toolbar@ask.com
[2012.02.09 21:22:45 | 000,002,572 | ---- | M] () -- C:\Users\Vanja\AppData\Roaming\Mozilla\Firefox\Profiles\cnknakip.default\searchplugins\askcom.xml
O2 - BHO: (KMPlayer Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (KMPlayer Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3118922081-1402420470-1374877442-1000\..\Toolbar\WebBrowser: (KMPlayer Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
[2012.02.08 18:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.02.04 12:20:02 | 000,087,608 | ---- | C] () -- C:\Users\Vanja\AppData\Roaming\inst.exe
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:05EE1EEF
:commands
[emptytemp]

След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

 

 

Ефективни добавки за блокиране на нежелано съдържание при Мозила са следните:

 

Adblock Plus (след инсталацията в настройките добавите филтрите на EasyList за английската и българската версия).

NoScript (трябва да се позволяват скриптовете само за доверените сайтове).

Link to comment
Сподели другаде
Вання Новобранец

Вання

Публикувано
  • Author
Публикувано

 

След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

 

 

 

 

All processes killed

========== OTL ==========

No active process named Updater.exe was found!

HKU\S-1-5-21-3118922081-1402420470-1374877442-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-3118922081-1402420470-1374877442-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.

C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.

Prefs.js: "Ask.com" removed from browser.search.defaultengine

Prefs.js: "Ask.com" removed from browser.search.defaultenginename

Prefs.js: "Ask.com" removed from browser.search.order.1

Prefs.js: toolbar@ask.com:3.14.1.100010 removed from extensions.enabledItems

Prefs.js: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&apn_uid=7e435537-6536-4596-ba2c-304a4d1b8853&apn_ptnrs=RY&apn_sauid=E7BDD1B0-3756-46B0-9F16-C55EF3415E82&apn_dtid=YYYYYYYYBG&&q=" removed from keyword.URL

C:\Users\Vanja\AppData\Roaming\Mozilla\Firefox\Profiles\cnknakip.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.

C:\Users\Vanja\AppData\Roaming\Mozilla\Firefox\Profiles\cnknakip.default\extensions\toolbar@ask.com\logs folder moved successfully.

C:\Users\Vanja\AppData\Roaming\Mozilla\Firefox\Profiles\cnknakip.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.

C:\Users\Vanja\AppData\Roaming\Mozilla\Firefox\Profiles\cnknakip.default\extensions\toolbar@ask.com\defaults folder moved successfully.

C:\Users\Vanja\AppData\Roaming\Mozilla\Firefox\Profiles\cnknakip.default\extensions\toolbar@ask.com\datastore folder moved successfully.

C:\Users\Vanja\AppData\Roaming\Mozilla\Firefox\Profiles\cnknakip.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-08-Feb-2012-17-22-09-GMT folder moved successfully.

C:\Users\Vanja\AppData\Roaming\Mozilla\Firefox\Profiles\cnknakip.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-09-Feb-2012-19-22-44-GMT folder moved successfully.

C:\Users\Vanja\AppData\Roaming\Mozilla\Firefox\Profiles\cnknakip.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.

C:\Users\Vanja\AppData\Roaming\Mozilla\Firefox\Profiles\cnknakip.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.

C:\Users\Vanja\AppData\Roaming\Mozilla\Firefox\Profiles\cnknakip.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.

C:\Users\Vanja\AppData\Roaming\Mozilla\Firefox\Profiles\cnknakip.default\extensions\toolbar@ask.com\chrome folder moved successfully.

C:\Users\Vanja\AppData\Roaming\Mozilla\Firefox\Profiles\cnknakip.default\extensions\toolbar@ask.com folder moved successfully.

C:\Users\Vanja\AppData\Roaming\Mozilla\Firefox\Profiles\cnknakip.default\searchplugins\askcom.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_USERS\S-1-5-21-3118922081-1402420470-1374877442-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.

C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.

C:\Program Files\Ask.com\Updater folder moved successfully.

C:\Program Files\Ask.com\assets\oobe folder moved successfully.

C:\Program Files\Ask.com\assets folder moved successfully.

C:\Program Files\Ask.com folder moved successfully.

C:\Users\Vanja\AppData\Roaming\inst.exe moved successfully.

ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56475 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Vanja

->Temp folder emptied: 190242425 bytes

->Temporary Internet Files folder emptied: 14977374 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 121466105 bytes

->Flash cache emptied: 5784 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 231678 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 312,00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 02102012_215232

 

Files\Folders moved on Reboot...

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

Link to comment
Сподели другаде
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

Супер.

 

След това стартирайте OTL.exe още веднъж и натиснете бутона CleanUp!

http://i47.tinypic.com/35hfp21.jpg

Рестартирайте компютъра, ако ви попита!

 

Изтрихме Ask toolbar + някои зловредни обекти.

Почистихме и кеша на браузърите + временните файлове в системата.

Как е сега положението и наблюдавате ли още проблеми с Mozilla ?

Link to comment
Сподели другаде
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

аз все още имам нищо не се е променило

 

Изтеглете OTL.exe и го запазете на десктопа.

  • Стартирайте OTL (ако е необходимо, потвърдете през UAC).
  • Направете следните настройки:
  • Сложете отметка пред Scan All Users http://img408.imageshack.us/img408/1442/46625204.png
  • Под менюто File Age изберете 90 days
  • Под менюто Standard Registryпроменете на ALL
  • Сложете отметки пред LOP и Purity Check

Под http://store.picbg.net/pubpic/0A/C1/c814d031472c0ac1.png с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):

netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\Application Data\*.*
%USERPROFILE%\Local Settings\Application Data\*.*
%AllUsersProfile%\*.*
%AllUsersProfile%\Application Data\*.*
%USERPROFILE%\My Documents\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\config\systemprofile\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*
%windir%\temp*.*
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\assembly\GAC_MSIL\*.* /S /MD5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
/md5start
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
atapi.sys
iaStor.sys
serial.sys
disk.sys
volsnap.sys
redbook.sys
i8042prt.sys
afd.sys
netbt.sys
tcpip.sys
ipsec.sys
hlp.dat
/md5stop

  • Натиснете маркираният в синьо бутон: Run Scan.
  • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

 

Никакви проблеми! Всичко е точно! Мн. благодаря за помощта :bravo:

 

 

Радвам се ! Приятна вечер ! ;)

Link to comment
Сподели другаде
valyo_93 Новобранец

valyo_93

Публикувано
Публикувано
следвах инструкциите но като свърши сканирането не ми излязоха дневниците и неможех да вляза в никоя програма навсякъде ми даваше грешка рестартирах и се оправи.Къде мога да намеря дневниците
Link to comment
Сподели другаде
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

следвах инструкциите но като свърши сканирането не ми излязоха дневниците и неможех да вляза в никоя програма навсякъде ми даваше грешка рестартирах и се оправи.Къде мога да намеря дневниците

 

Обикновенно в папката от която си стартирал OTL.exe (ако си го запазил на десктопа, би трябвало и дневниците да са там).

Link to comment
Сподели другаде
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

Да пробваме с DDS.

Има нещо гнило в твоята система - MBR-то не може да бъде сканирано с MBRCheck, OTL забива и използваш Service Pack 2, който е аут от поддръжка от доста отдавна !

 

  • Изтеглете DDS (създаден от sUBs) от BleepingComputer.
  • След изтегляне на инструмента е необходимо да бъде запаметен (чрез менюто File => Save As...) на вашия работен плот.
    http://i46.tinypic.com/2exprgh.jpg
  • След като изтеглите DDS на вашия работен плот, иконката на програмата би трябвало да изглежда по този начин: http://i49.tinypic.com/rvwlll.jpg
  • Прекратете временно защитата в реално време на антивирусния ви софтуер. След това стартирайте DDS с двоен клик на иконката, като потвърдите намерението си с кликане върху бутона Run.
  • След приключване на работата на DDS, ще се появят два текстови файла в Notepad, наречени: DDS.txt и Attach.txt и ги запазете (чрез менюто File => Save As...) на вашия работен плот.
  • Копирайте и поставете съдържанието на DDS.txt и Attach.txt директно във вашата тема. Моля, не ги прикачвайте!

Link to comment
Сподели другаде
valyo_93 Новобранец

valyo_93

Публикувано
Публикувано

получих само DDS.txt защо не ми излиза и другия това добре лие или зле

 

 

DDS (Ver_2011-09-30.01) - NTFS_x86

Internet Explorer: 7.0.5730.11

Run by V@lyo0o at 14:18:52 on 2012-02-11

Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.1975.1321 [GMT 2:00]

.

AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Disabled*

.

============== Running Processes ================

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\program files\relevantknowledge\rlvknlg.exe

C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\V@lyo0o\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\V@lyo0o\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\V@lyo0o\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\V@lyo0o\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Documents and Settings\V@lyo0o\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.callingid.com/search.aspx

uSearch Bar = hxxp://search.searchcompletion.com?si=10188&bs=true&q=

uSearch Page = hxxp://search.searchcompletion.com?si=10188&bs=true&q=

uDefault_Search_URL = hxxp://search.searchcompletion.com?si=10188&bs=true&q=

mStart Page = hxxp://www.searchcompletion.com?si=10188&home=true

mSearch Bar = hxxp://search.searchcompletion.com?si=10188&bs=true&q=

mSearch Page = hxxp://search.searchcompletion.com?si=10188&bs=true&q=

mDefault_Search_URL = hxxp://search.searchcompletion.com?si=10188&bs=true&q=

mSearchAssistant = hxxp://start.funmoods.com/results.php?f=4&a=w7th2&q={searchTerms}

uURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>

dURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>

BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - c:\documents and settings\v@lyo0o\application data\complitly\Complitly.dll

BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Auslogics Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>

TB: Auslogics Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: Auslogics Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\v@lyo0o\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [RelevantKnowledge] c:\program files\relevantknowledge\rlvknlg.exe -boot

mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [WinampAgent] c:\program files\winamp\winampa.exe

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32

dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f

dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f

StartupFolder: c:\docume~1\v@lyo0o\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdockfree\ObjectDock.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Explorer: HonorAutoRunSetting = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: c:\program files\vmware\vmware workstation\vsocklib.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: Interfaces\{F4BAA7B1-7EAA-4516-A0FD-AC4050B20CA5} : NameServer = 156.154.70.1,156.154.74.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

STS: ObjectDockShlExt Class - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - c:\program files\stardock\objectdockfree\ODMenu.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\v@lyo0o\application data\mozilla\firefox\profiles\xsw67yzv.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ALSV5&o=1665&locale=en_EU&apn_uid=b45eed8c-7453-4f92-ac9f-e7f2e32a8459&apn_ptnrs=AU&apn_sauid=8ED61AFD-BC29-4DA7-AD20-32A7421E4583&apn_dtid=YYYYYYYYBG&&q=

FF - plugin: c:\documents and settings\v@lyo0o\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_160.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.funmoods_i.hmpg - true

FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=w7th2

FF - user.js: extensions.funmoods_i.dfltSrch - true

FF - user.js: extensions.funmoods_i.srchPrvdr - Search

FF - user.js: extensions.funmoods_i.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=w7th2

FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=w7th2&q=

FF - user.js: extensions.funmoods_i.id - ac4307e1000000000000101111111111

FF - user.js: extensions.funmoods_i.instlDay - 15375

FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1619:31:34

FF - user.js: extensions.funmoods_i.prtnrId - funmoods

FF - user.js: extensions.funmoods_i.prdct - funmoods

FF - user.js: extensions.funmoods_i.aflt - w7th2

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods_i.tlbrId - base

FF - user.js: extensions.funmoods_i.instlRef -

FF - user.js: extensions.funmoods_i.dfltLng -

FF - user.js: extensions.funmoods_i.excTlbr - false

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2012-1-25 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2012-1-25 192984]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2012-1-25 102232]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-25 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-25 307928]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-25 19544]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-25 42184]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-1-25 2320920]

R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-11-11 70768]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-11-11 539248]

S2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2012-1-25 121000]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Услуга на Google Актуализация (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-29 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-2-1 253600]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-1-25 1691480]

S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-29 136176]

S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\drivers\procexp151.sys --> c:\windows\system32\drivers\PROCEXP151.SYS [?]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"

.

=============== Created Last 30 ================

.

2012-02-10 17:54:25 -------- d-----w- c:\windows\pss

2012-02-10 12:49:10 -------- d-----w- c:\documents and settings\v@lyo0o\application data\ChemTable Software

2012-02-10 12:48:29 -------- d-----w- c:\documents and settings\v@lyo0o\local settings\application data\ChemTable Software

2012-02-10 12:48:27 -------- d-----w- c:\documents and settings\v@lyo0o\local settings\application data\AnVir

2012-02-08 19:53:27 -------- d-----w- c:\documents and settings\v@lyo0o\local settings\application data\VMware

2012-02-08 19:46:18 334448 ----a-w- c:\windows\system32\vmnetdhcp.exe

2012-02-08 19:46:14 404080 ----a-w- c:\windows\system32\vmnat.exe

2012-02-08 19:46:13 26352 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys

2012-02-08 19:46:09 760432 ----a-w- c:\windows\system32\vnetlib.dll

2012-02-08 19:45:59 24688 ----a-w- c:\windows\system32\drivers\VMkbd.sys

2012-02-08 19:45:23 -------- d-----w- c:\program files\common files\VMware

2012-02-08 19:44:24 -------- d-----w- c:\program files\VMware

2012-02-08 17:54:38 -------- d-----w- C:\symbols

2012-02-08 17:51:26 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)

2012-02-07 20:55:15 -------- d-----w- c:\documents and settings\v@lyo0o\application data\Rainmeter

2012-02-07 20:54:34 -------- d-----w- c:\program files\Rainmeter

2012-02-07 20:53:42 -------- d-----w- c:\documents and settings\all users\application data\r2 Studios

2012-02-07 20:48:39 -------- d-----w- c:\documents and settings\v@lyo0o\application data\DonationCoder

2012-02-07 20:48:23 -------- d-----w- c:\program files\ScreenshotCaptor

2012-02-07 20:42:05 -------- d-----w- c:\program files\RelevantKnowledge

2012-02-07 20:41:18 -------- d-----w- c:\program files\Complitly

2012-02-07 20:41:18 -------- d-----w- c:\documents and settings\v@lyo0o\application data\Complitly

2012-02-07 20:16:58 -------- d-----w- c:\documents and settings\v@lyo0o\local settings\application data\PassMark

2012-02-07 20:16:39 -------- d-----w- c:\documents and settings\all users\application data\PassMark

2012-02-07 13:34:00 -------- d-----w- c:\program files\Geeks3D

2012-02-07 13:26:48 -------- d-----w- C:\TEMP

2012-02-07 11:21:11 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2012-02-06 20:09:11 -------- d-----w- c:\program files\Seagate

2012-02-06 11:29:48 9216 -c--a-w- c:\windows\system32\dllcache\kbdnecat.dll

2012-02-05 21:23:31 -------- d-----w- c:\documents and settings\v@lyo0o\application data\TuneUp Software

2012-02-05 21:23:10 -------- d-----w- c:\documents and settings\all users\application data\TuneUp Software

2012-02-05 21:22:59 -------- d-sh--w- c:\documents and settings\all users\application data\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-02-05 21:01:39 -------- d-----w- c:\program files\CCleaner

2012-02-05 20:10:24 -------- d-----w- c:\documents and settings\v@lyo0o\application data\SUPERAntiSpyware.com

2012-02-05 20:10:24 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2012-02-05 20:08:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-05 20:08:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-05 18:52:21 -------- d-----w- c:\program files\HD Tune

2012-02-05 17:30:18 -------- d-----w- c:\program files\QuestBasic

2012-02-05 17:30:18 -------- d-----w- c:\documents and settings\all users\application data\QuestBasic

2012-02-05 17:30:12 -------- d-----w- c:\program files\themexp.org

2012-02-05 11:02:42 -------- d-----w- c:\documents and settings\v@lyo0o\application data\CallingID

2012-02-05 11:02:39 -------- d-----w- c:\program files\CallingID

2012-02-05 09:08:43 -------- d-----w- c:\documents and settings\v@lyo0o\vw

2012-02-05 09:08:42 -------- d-----w- c:\documents and settings\v@lyo0o\VisualRoute

2012-02-05 09:08:36 -------- d-----w- c:\program files\VisualRoute

2012-02-05 09:07:14 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-03 20:31:43 -------- d-----w- c:\documents and settings\v@lyo0o\local settings\application data\adaware

2012-02-03 19:23:58 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-02-03 17:47:39 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2012-02-03 17:42:53 -------- d-----w- c:\program files\Unlocker

2012-02-03 17:13:51 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-02-03 17:07:56 -------- d-----w- c:\program files\Toolbar Cleaner

2012-02-03 16:40:34 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2012-02-03 07:37:30 -------- d-----w- c:\documents and settings\v@lyo0o\local settings\application data\Identities

2012-02-02 05:34:39 -------- d-----w- c:\program files\CPUID

2012-02-01 18:38:27 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll

2012-02-01 18:38:27 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll

2012-02-01 12:10:37 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-01 12:10:37 417440 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-01-31 13:23:39 -------- d--h--w- c:\windows\$hf_mig$

2012-01-31 13:15:27 -------- d-----w- c:\documents and settings\v@lyo0o\SecurityScans

2012-01-30 16:05:26 -------- d-----w- c:\program files\Ask.com

2012-01-30 16:05:24 -------- d-----w- c:\documents and settings\v@lyo0o\local settings\application data\AskToolbar

2012-01-30 16:05:19 -------- d-----w- c:\documents and settings\v@lyo0o\local settings\application data\APN

2012-01-30 16:05:15 -------- d-----w- c:\documents and settings\v@lyo0o\application data\Auslogics

2012-01-30 07:35:49 -------- d-----w- c:\program files\EASEUS

2012-01-29 19:32:26 -------- d-----w- c:\documents and settings\v@lyo0o\local settings\application data\ODUI

2012-01-29 19:32:22 -------- d-----w- c:\documents and settings\v@lyo0o\local settings\application data\Stardock

2012-01-29 19:31:51 -------- d-----w- c:\documents and settings\v@lyo0o\application data\Stardock

2012-01-29 19:31:47 -------- dc-h--w- c:\documents and settings\all users\application data\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}

2012-01-29 19:31:45 -------- d-----w- c:\program files\Stardock

2012-01-29 19:31:35 -------- d-----w- c:\documents and settings\v@lyo0o\local settings\application data\PackageAware

2012-01-29 19:24:48 -------- d-----w- c:\program files\RocketDock

2012-01-28 14:50:11 880640 ----a-w- c:\windows\system32\UniBox10.ocx

2012-01-28 14:50:11 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx

2012-01-28 14:50:11 115920 ----a-w- c:\windows\system32\msinet.ocx

2012-01-28 14:50:11 1101824 ----a-w- c:\windows\system32\UniBox210.ocx

2012-01-28 14:50:11 108336 ----a-w- c:\windows\system32\MSWINSCK.OCX

2012-01-28 14:50:10 -------- d-----w- c:\program files\uGet

2012-01-28 14:50:10 -------- d-----w- c:\documents and settings\all users\application data\uGet_VGI

2012-01-28 11:01:06 -------- d-----w- c:\documents and settings\v@lyo0o\local settings\application data\Ahead

2012-01-27 11:26:49 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2012-01-26 18:48:37 -------- d-----w- c:\documents and settings\v@lyo0o\application data\Malwarebytes

2012-01-26 18:44:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-01-26 18:12:11 -------- d-----w- c:\documents and settings\v@lyo0o\local settings\application data\CrashRpt

2012-01-26 17:52:07 -------- d-----w- c:\documents and settings\v@lyo0o\local settings\application data\Mozilla

2012-01-26 14:32:20 -------- d-----w- c:\documents and settings\v@lyo0o\application data\ACD Systems

2012-01-26 12:45:10 -------- d-----w- c:\windows\system32\appmgmt

2012-01-26 08:12:15 -------- d-----w- c:\documents and settings\v@lyo0o\application data\MathWorks

.

==================== Find3M ====================

.

2012-01-25 19:47:28 0 ----a-w- c:\windows\ativpsrm.bin

.

============= FINISH: 14:19:23,04 ===============

Link to comment
Сподели другаде
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

Временно деинсталирайте avast! и след това направете следното:

 

1. Изтеглете ComboFix от BleepingComputer

и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:

http://i46.tinypic.com/2exprgh.jpg

След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:

http://i46.tinypic.com/29eqjuq.jpg

 

2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива.

 

 

3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.

 

 

4. ComboFix ще провери дали Windows Recovery Console e инсталиранa.

 

 

*Ако Windows Recovery Console не е инсталирана, ще е необходимо да използвате YES за инсталация на Windows Recovery Console

*Ако Windows Recovery Console е инсталирана, ComboFix ще продължи работата си.

http://i46.tinypic.com/33wr6us.jpg

 

 

Забележка: Необходимо е да сте свързани към Интернет за да може Windows Recovery Console да се изтегли.

 

 

След инсталация на Windows Recovery Console потвърдете с YES, за да продължите напред. Снимка:

http://i45.tinypic.com/m9lvnk.jpg

 

 

5. ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на ComboFix, моля да прочетете това: Manually restoring the Internet connection section.

 

 

6. Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:

http://i49.tinypic.com/157m978.jpg

 

Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

Link to comment
Сподели другаде
valyo_93 Новобранец

valyo_93

Публикувано
Публикувано

програмата рестартира компютъра и не получих дневника и затова сканирах втори път и тогава получих дневника

 

 

ComboFix 12-02-11.02 - V@lyo0o 02.2012 г. 16:40:50.2.4 - x86

Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.1975.1361 [GMT 2:00]

Running from: c:\documents and settings\V@lyo0o\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk

c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk

c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk

c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk

c:\documents and settings\V@lyo0o\Local Settings\Temporary Internet Files\CIDLinkAdvisor.12632093.exe

c:\program files\QuestBasic\uninstall.exe

c:\program files\RelevantKnowledge\ncncf.dat

c:\program files\RelevantKnowledge\nscf.dat

c:\program files\RelevantKnowledge\rlls.dll

c:\program files\RelevantKnowledge\rlls64.dll

c:\program files\RelevantKnowledge\rloci.bin

c:\program files\RelevantKnowledge\rlservice.exe

c:\program files\RelevantKnowledge\rlvknlg.exe

c:\program files\RelevantKnowledge\rlvknlg64.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))

.

.

2012-02-08 17:54 . 2012-02-11 14:21 -------- d-----w- C:\symbols

2012-02-07 13:26 . 2012-02-07 13:26 -------- d-----w- C:\TEMP

2012-02-05 21:14 . 2012-02-05 21:14 -------- d-----w- C:\CIMTEMP

2012-02-05 17:31 . 2012-02-05 17:31 50 ----a-w- C:\user.js

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-08 07:27 . 2012-01-26 17:51 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-01-03 14:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-22 98304]

"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-11-11 129648]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="shell32" [X]

"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]

"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]

.

c:\documents and settings\V@lyo0o\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2012-1-25 1183744]

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-2-5 105160]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"AdobeBridge"=

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"25985:TCP"= 25985:TCP:BitComet 25985 TCP

"25985:UDP"= 25985:UDP:BitComet 25985 UDP

.

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [25.1.2012 г. 21:39 2320920]

R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [11.11.2010 г. 13:48 70768]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [11.11.2010 г. 12:31 539248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 г. 13:16 130384]

S2 gupdate;Услуга на Google Актуализация (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.1.2012 г. 19:17 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [01.2.2012 г. 14:10 253600]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25.1.2012 г. 21:39 1691480]

S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29.1.2012 г. 19:17 136176]

S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 г. 13:37 517096]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 г. 13:16 753504]

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-01 20:49]

.

2012-01-25 c:\windows\Tasks\AdobeAAMUpdater-1.0-V-29C820A3C4E94-V@lyo0o.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-25 15:42]

.

2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-29 17:17]

.

2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-29 17:17]

.

2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-682003330-1003Core.job

- c:\documents and settings\V@lyo0o\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-10 12:54]

.

2012-02-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 14:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.callingid.com/search.aspx

uDefault_Search_URL = hxxp://search.searchcompletion.com?si=10188&bs=true&q=

mStart Page = hxxp://www.searchcompletion.com?si=10188&home=true

mSearch Bar = hxxp://search.searchcompletion.com?si=10188&bs=true&q=

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll

TCP: Interfaces\{F4BAA7B1-7EAA-4516-A0FD-AC4050B20CA5}: NameServer = 156.154.70.1,156.154.74.1

FF - ProfilePath - c:\documents and settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ALSV5&o=1665&locale=en_EU&apn_uid=b45eed8c-7453-4f92-ac9f-e7f2e32a8459&apn_ptnrs=AU&apn_sauid=8ED61AFD-BC29-4DA7-AD20-32A7421E4583&apn_dtid=YYYYYYYYBG&&q=

FF - user.js: extensions.funmoods_i.hmpg - true

FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=w7th2

FF - user.js: extensions.funmoods_i.dfltSrch - true

FF - user.js: extensions.funmoods_i.srchPrvdr - Search

FF - user.js: extensions.funmoods_i.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=w7th2

FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=w7th2&q=

FF - user.js: extensions.funmoods_i.id - ac4307e1000000000000101111111111

FF - user.js: extensions.funmoods_i.instlDay - 15375

FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1619:31

FF - user.js: extensions.funmoods_i.prtnrId - funmoods

FF - user.js: extensions.funmoods_i.prdct - funmoods

FF - user.js: extensions.funmoods_i.aflt - w7th2

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods_i.tlbrId - base

FF - user.js: extensions.funmoods_i.instlRef -

FF - user.js: extensions.funmoods_i.dfltLng -

FF - user.js: extensions.funmoods_i.excTlbr - false

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)

AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\relevantknowledge\rlvknlg.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-11 16:42

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]

@DACL=(02 0000)

@SACL=

"WinSock_Registry_Version"="2.0"

"Current_NameSpace_Catalog"="NameSpace_Catalog5"

"Current_Protocol_Catalog"="Protocol_Catalog9"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1112)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'explorer.exe'(2240)

c:\program files\Stardock\ObjectDockFree\DockShellHook.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\program files\Stardock\ObjectDockFree\ODMenu.dll

c:\windows\system32\browselc.dll

c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

c:\program files\Microsoft Office\OFFICE11\msohev.dll

.

Completion time: 2012-02-11 16:43:30

ComboFix-quarantined-files.txt 2012-02-11 14:43

.

Pre-Run: 45 001 977 856 bytes free

Post-Run: 44 955 635 712 bytes free

.

- - End Of File - - 44384114D0A5436ECB242C426D408E49

Link to comment
Сподели другаде

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гост
Отговори на тази тема

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   Не можете да качите директно снимка. Качете или добавете изображението от линк (URL)

Loading...
×
 Share
Иди на предишната тема
×
×
  • Създай ново...