Bibilota

OK. Утре ще го пробвам и пак ще пиша какъв е резултата.

Много благодаря за помощта.Вече успях и компа има звук.

Няма ли да стане проблем после? Всъщност ще пробвам. Ако пак не стане - ще пиша отново.

My computer с десния бутон после device manager го отворих после в system devices намерих Microsoft UAA bus driver for high definition audio и му дадох disableл После инсталирах драйвера,всичко мина рестартирах и след това пак не го приема и нямам audio звук на компа. Това са точните ми действия.

Цитат(Nicky @ 24 Jan 2009, 16:21) * my computer –> device manager –> system devices –> disable и премахни Microsoft UAA bus driver for high definition audio. Виж дали ще стане Ето това пробвах но не стана.

Да ама не става

asrook 4core 1600twins-p35/775 ми дава че е дънцето а иначе как да го проверя - защото не съм супер наясно. Ще ме прощавате,ама не разбирам дотолкова.

Защо не иска да ми се инсталира на компа и ми дава грешка? Дава следното : Install Realtek HD Audoi Driver Failure Error code 0xE0000227

Time Module Object Name Threat Action User Information 2009-01-24 15:14 IMON file http://78.128.18.48:7802/hqpxum a variant of Win32/Conficker.AA worm NT AUTHORITY\SYSTEM 2009-01-24 15:14 AMON file C:\WINDOWS\system32\x a variant of Win32/Conficker.AA worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window. Кажете пак се появиха

ComboFix 09-01-21.04 - User4e 2009-01-24 14:45:53.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.2047.1598 [GMT 2:00] Running from: c:\documents and settings\User4e\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User4e\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\User4e\Application Data\True Sword . ((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))))) . 2009-01-24 13:28 . 2009-01-24 13:28 <DIR> d-------- c:\windows\system32\xircom 2009-01-24 13:28 . 2009-01-24 13:28 <DIR> d-------- c:\windows\system32\oobe 2009-01-24 13:28 . 2009-01-24 13:28 <DIR> d-------- c:\windows\srchasst 2009-01-24 13:28 . 2009-01-24 13:28 <DIR> d-------- c:\program files\microsoft frontpage 2009-01-24 11:35 . 2009-01-24 11:35 <DIR> d-------- c:\program files\SUPERAntiSpyware 2009-01-24 11:35 . 2009-01-24 11:35 <DIR> d-------- c:\documents and settings\User4e\Application Data\SUPERAntiSpyware.com 2009-01-24 11:35 . 2009-01-24 11:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-01-23 20:09 . 2009-01-23 20:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-23 20:09 . 2009-01-23 20:09 <DIR> d-------- c:\documents and settings\User4e\Application Data\Malwarebytes 2009-01-23 20:09 . 2009-01-23 20:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-23 20:09 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-23 20:09 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-23 12:02 . 2007-09-19 11:11 1,959,832 -ra------ c:\windows\system32\drivers\RTKVHDA.sys 2009-01-23 11:13 . 2009-01-23 11:13 <DIR> d-------- c:\documents and settings\User4e\Application Data\Leadertech 2009-01-23 11:05 . 2009-01-23 11:05 <DIR> d-------- c:\program files\directx 2009-01-23 10:29 . 2009-01-23 10:29 0 --a------ c:\windows\PowerReg.dat 2009-01-22 16:13 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe 2009-01-22 07:44 . 2009-01-22 18:41 <DIR> d-------- c:\program files\ThreatFire 2009-01-22 07:44 . 2009-01-22 07:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2009-01-21 21:41 . 2009-01-22 18:41 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-01-21 21:32 . 2009-01-21 21:33 <DIR> d-------- c:\program files\True Sword 5 2009-01-21 21:02 . 2005-10-11 14:40 356,352 --a------ c:\windows\eSellerateEngine.dll 2009-01-21 21:02 . 2003-06-06 11:21 81,920 --a------ c:\windows\eSellerateControl350.dll 2009-01-21 18:57 . 2009-01-21 19:47 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-01-21 18:57 . 2009-01-21 19:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-11 19:33 . 2009-01-14 13:36 <DIR> d-------- c:\program files\GRETECH 2009-01-09 09:00 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll 2009-01-09 09:00 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll 2009-01-09 09:00 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll 2009-01-09 09:00 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll 2009-01-09 09:00 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll 2009-01-09 09:00 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll 2009-01-03 00:53 . 2009-01-12 20:19 <DIR> d-------- c:\program files\Google 2008-12-27 13:31 . 2008-12-27 13:31 <DIR> d-------- c:\program files\Neoact 2008-12-27 13:31 . 2007-02-05 13:11 139,264 --a------ c:\windows\NeoUninstall.exe 2008-12-27 13:31 . 2008-12-27 13:31 26 --a------ c:\windows\neosetup.INI 2008-12-26 21:52 . 2008-12-26 21:52 <DIR> d-------- c:\program files\VentSrv 2008-12-26 15:11 . 2008-12-26 15:11 <DIR> d-------- c:\windows\system32\LogFiles 2008-12-26 15:11 . 2008-12-27 12:48 682,280 --a------ c:\windows\system32\pbsvc.exe 2008-12-26 15:11 . 2008-12-30 08:52 138,464 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2008-12-26 15:11 . 2008-12-30 08:52 111,928 --a------ c:\windows\system32\PnkBstrB.exe 2008-12-26 15:11 . 2008-12-26 15:11 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2008-12-26 15:11 . 2008-12-27 12:48 22,328 --a------ c:\documents and settings\User4e\Application Data\PnkBstrK.sys 2008-12-25 12:00 . 2008-12-25 12:00 <DIR> d-------- c:\windows\Hired Guns . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-24 12:01 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-24 09:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-20 19:21 --------- d-----w c:\documents and settings\User4e\Application Data\Skype 2009-01-20 17:47 --------- d-----w c:\documents and settings\User4e\Application Data\skypePM 2009-01-20 11:02 --------- d-----w c:\documents and settings\User4e\Application Data\BSplayer PRO 2009-01-17 13:32 --------- d-----w c:\program files\Mv2Player 2009-01-17 12:12 --------- d-----w c:\program files\ICQToolbar 2009-01-17 11:58 --------- d-----w c:\program files\Winamp 2009-01-14 12:02 --------- d-----w c:\program files\Eset 2009-01-14 11:37 --------- d-----w c:\program files\Nokia 2009-01-11 15:30 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite 2009-01-04 17:21 --------- d-----w c:\program files\sms 2008-11-27 16:47 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-11-27 16:34 --------- d-----w c:\documents and settings\User4e\Application Data\Nokia 2008-11-27 16:32 --------- d-----w c:\documents and settings\User4e\Application Data\PC Suite 2008-11-27 16:28 --------- d-----w c:\program files\PC Connectivity Solution 2008-11-27 16:28 --------- d-----w c:\program files\DIFX 2008-11-27 16:27 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations 2008-11-27 16:25 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2008-03-13 18:39 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2008-03-17 08:54 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat 2008-03-06 15:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat 2008-03-17 08:54 16,384 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2008-03-17 08:54 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-24_13.34.03.62 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-24 11:33:20 53,248 ----a-w c:\windows\temp\catchme.dll + 2009-01-24 12:46:36 53,248 ----a-w c:\windows\temp\catchme.dll . ((((((((((((((((((((((((((((((((((((((( System Restore ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\HideWin.exe 2009-01-23 12:32 315392 {16542E06-83A1-4737-8BEA-76BA5C34B5E0}\RP221\A0077846.exe 2009-01-24 14:01 319488 {16542E06-83A1-4737-8BEA-76BA5C34B5E0}\RP222\A0077847.exe c:\windows\RtlExUpd.dll 2008-08-25 16:17 528384 {16542E06-83A1-4737-8BEA-76BA5C34B5E0}\RP222\A0077848.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-12 39408] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-22 344064] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152] "DAEMON Tools-1033"="d:\install programs\daemon\daemon.exe" [2003-10-02 81920] "HotKey"="c:\program files\HotKey\hotkey.exe" [2006-11-03 81920] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-04-26 949376] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2008-03-06 131584] Logitech SetPoint.lnk - d:\install programs\Logitech G3 Software\SetPoint\SetPoint.exe [2008-03-13 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideRunAsVerb"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Install Programs\\ICQ\\ICQ.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12177:TCP"= 12177:TCP:BitComet 12177 TCP "12177:UDP"= 12177:UDP:BitComet 12177 UDP [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) "AllowInboundTimestampRequest"= 1 (0x1) R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2003-10-02 119552] R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [2003-09-27 5504] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-04-26 15424] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] S3 autorun;autorun; [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00 . . ------- Supplementary Scan ------- . uStart Page = hxxp://mystart.incredimail.com/english IE: &D&ownload &with BitComet - d:\install programs\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - d:\install programs\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - d:\install programs\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: {{60237576-b24c-4ba9-9740-c9f3ec9db557} - {EAADF17C-B6EA-4511-8549-A67CFD406EAF} - d:\instal~1\WEBTRA~1\wt2ie.dll LSP: c:\windows\system32\imon.dll TCP: {9B994A48-1E82-4C52-8FC0-250730B7AC0F} = 193.200.15.155,193.200.15.156 FF - ProfilePath - c:\documents and settings\User4e\Application Data\Mozilla\Firefox\Profiles\6bzxc9lj.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/ FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=HWFSSep08FFAB&search= FF - component: d:\install programs\Mozilla\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-24 14:46:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49 ,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00 ,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49 ,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00 ,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49 ,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00 ,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49 ,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00 ,79,00,73,00,00,00" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(748) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'lsass.exe'(804) c:\windows\system32\imon.dll . Completion time: 2009-01-24 14:47:20 ComboFix-quarantined-files.txt 2009-01-24 12:47:15 ComboFix2.txt 2009-01-24 12:24:08 ComboFix3.txt 2009-01-24 11:34:36 Pre-Run: 25,140,248,576 bytes free Post-Run: 25,131,393,024 bytes free 215 --- E O F --- 2008-03-16 14:44:47 Qoobox.rar

ComboFix 09-01-21.04 - User4e 2009-01-24 14:20:56.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.2047.1567 [GMT 2:00] Running from: c:\documents and settings\User4e\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User4e\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))))) . 2009-01-24 13:28 . 2009-01-24 13:28 <DIR> d-------- c:\windows\system32\xircom 2009-01-24 13:28 . 2009-01-24 13:28 <DIR> d-------- c:\windows\system32\oobe 2009-01-24 13:28 . 2009-01-24 13:28 <DIR> d-------- c:\windows\srchasst 2009-01-24 13:28 . 2009-01-24 13:28 <DIR> d-------- c:\program files\microsoft frontpage 2009-01-24 11:35 . 2009-01-24 11:35 <DIR> d-------- c:\program files\SUPERAntiSpyware 2009-01-24 11:35 . 2009-01-24 11:35 <DIR> d-------- c:\documents and settings\User4e\Application Data\SUPERAntiSpyware.com 2009-01-24 11:35 . 2009-01-24 11:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-01-23 20:09 . 2009-01-23 20:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-23 20:09 . 2009-01-23 20:09 <DIR> d-------- c:\documents and settings\User4e\Application Data\Malwarebytes 2009-01-23 20:09 . 2009-01-23 20:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-23 20:09 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-23 20:09 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-23 12:02 . 2007-09-19 11:11 1,959,832 -ra------ c:\windows\system32\drivers\RTKVHDA.sys 2009-01-23 11:13 . 2009-01-23 11:13 <DIR> d-------- c:\documents and settings\User4e\Application Data\Leadertech 2009-01-23 11:05 . 2009-01-23 11:05 <DIR> d-------- c:\program files\directx 2009-01-23 10:29 . 2009-01-23 10:29 0 --a------ c:\windows\PowerReg.dat 2009-01-22 16:13 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe 2009-01-22 07:44 . 2009-01-22 18:41 <DIR> d-------- c:\program files\ThreatFire 2009-01-22 07:44 . 2009-01-22 07:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2009-01-21 21:41 . 2009-01-22 18:41 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-01-21 21:32 . 2009-01-21 21:33 <DIR> d-------- c:\program files\True Sword 5 2009-01-21 21:02 . 2005-10-11 14:40 356,352 --a------ c:\windows\eSellerateEngine.dll 2009-01-21 21:02 . 2003-06-06 11:21 81,920 --a------ c:\windows\eSellerateControl350.dll 2009-01-21 20:42 . 2009-01-21 20:42 <DIR> d-------- c:\documents and settings\User4e\Application Data\True Sword 2009-01-21 18:57 . 2009-01-21 19:47 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-01-21 18:57 . 2009-01-21 19:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-11 19:33 . 2009-01-14 13:36 <DIR> d-------- c:\program files\GRETECH 2009-01-09 09:00 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll 2009-01-09 09:00 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll 2009-01-09 09:00 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll 2009-01-09 09:00 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll 2009-01-09 09:00 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll 2009-01-09 09:00 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll 2009-01-03 00:53 . 2009-01-12 20:19 <DIR> d-------- c:\program files\Google 2008-12-27 13:31 . 2008-12-27 13:31 <DIR> d-------- c:\program files\Neoact 2008-12-27 13:31 . 2007-02-05 13:11 139,264 --a------ c:\windows\NeoUninstall.exe 2008-12-27 13:31 . 2008-12-27 13:31 26 --a------ c:\windows\neosetup.INI 2008-12-26 21:52 . 2008-12-26 21:52 <DIR> d-------- c:\program files\VentSrv 2008-12-26 15:11 . 2008-12-26 15:11 <DIR> d-------- c:\windows\system32\LogFiles 2008-12-26 15:11 . 2008-12-27 12:48 682,280 --a------ c:\windows\system32\pbsvc.exe 2008-12-26 15:11 . 2008-12-30 08:52 138,464 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2008-12-26 15:11 . 2008-12-30 08:52 111,928 --a------ c:\windows\system32\PnkBstrB.exe 2008-12-26 15:11 . 2008-12-26 15:11 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2008-12-26 15:11 . 2008-12-27 12:48 22,328 --a------ c:\documents and settings\User4e\Application Data\PnkBstrK.sys 2008-12-25 12:00 . 2008-12-25 12:00 <DIR> d-------- c:\windows\Hired Guns . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-24 12:01 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-24 09:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-20 19:21 --------- d-----w c:\documents and settings\User4e\Application Data\Skype 2009-01-20 17:47 --------- d-----w c:\documents and settings\User4e\Application Data\skypePM 2009-01-20 11:02 --------- d-----w c:\documents and settings\User4e\Application Data\BSplayer PRO 2009-01-17 13:32 --------- d-----w c:\program files\Mv2Player 2009-01-17 12:12 --------- d-----w c:\program files\ICQToolbar 2009-01-17 11:58 --------- d-----w c:\program files\Winamp 2009-01-14 12:02 --------- d-----w c:\program files\Eset 2009-01-14 11:37 --------- d-----w c:\program files\Nokia 2009-01-11 15:30 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite 2009-01-04 17:21 --------- d-----w c:\program files\sms 2008-11-27 16:47 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-11-27 16:34 --------- d-----w c:\documents and settings\User4e\Application Data\Nokia 2008-11-27 16:32 --------- d-----w c:\documents and settings\User4e\Application Data\PC Suite 2008-11-27 16:28 --------- d-----w c:\program files\PC Connectivity Solution 2008-11-27 16:28 --------- d-----w c:\program files\DIFX 2008-11-27 16:27 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations 2008-11-27 16:25 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2008-03-13 18:39 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2008-03-17 08:54 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat 2008-03-06 15:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat 2008-03-17 08:54 16,384 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2008-03-17 08:54 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-24_13.34.03.62 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-24 11:33:20 53,248 ----a-w c:\windows\temp\catchme.dll + 2009-01-24 12:22:58 53,248 ----a-w c:\windows\temp\catchme.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-12 39408] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-22 344064] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152] "DAEMON Tools-1033"="d:\install programs\daemon\daemon.exe" [2003-10-02 81920] "HotKey"="c:\program files\HotKey\hotkey.exe" [2006-11-03 81920] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-04-26 949376] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2008-03-06 131584] Logitech SetPoint.lnk - d:\install programs\Logitech G3 Software\SetPoint\SetPoint.exe [2008-03-13 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideRunAsVerb"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Install Programs\\ICQ\\ICQ.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12177:TCP"= 12177:TCP:BitComet 12177 TCP "12177:UDP"= 12177:UDP:BitComet 12177 UDP [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) "AllowInboundTimestampRequest"= 1 (0x1) R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2003-10-02 119552] R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [2003-09-27 5504] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-04-26 15424] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] S3 autorun;autorun; [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00 . . ------- Supplementary Scan ------- . uStart Page = hxxp://mystart.incredimail.com/english IE: &D&ownload &with BitComet - d:\install programs\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - d:\install programs\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - d:\install programs\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: {{60237576-b24c-4ba9-9740-c9f3ec9db557} - {EAADF17C-B6EA-4511-8549-A67CFD406EAF} - d:\instal~1\WEBTRA~1\wt2ie.dll LSP: c:\windows\system32\imon.dll TCP: {9B994A48-1E82-4C52-8FC0-250730B7AC0F} = 193.200.15.155,193.200.15.156 FF - ProfilePath - c:\documents and settings\User4e\Application Data\Mozilla\Firefox\Profiles\6bzxc9lj.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/ FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=HWFSSep08FFAB&search= FF - component: d:\install programs\Mozilla\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-24 14:22:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49 ,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00 ,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49 ,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00 ,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49 ,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00 ,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49 ,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00 ,79,00,73,00,00,00" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(748) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'lsass.exe'(804) c:\windows\system32\imon.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Eset\nod32krn.exe c:\windows\system32\PnkBstrA.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe . ************************************************************************** . Completion time: 2009-01-24 14:24:07 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-24 12:24:01 ComboFix2.txt 2009-01-24 11:34:36 Pre-Run: 25,164,546,048 bytes free Post-Run: 25,155,833,856 bytes free 213 --- E O F --- 2008-03-16 14:44:47

Няма такава програма в Control Panel

Не ги намира тези файлове. А и тази папка ми липсва Application Data. На какво може да се дължи?

Мисля че се изчисти вече всичко.Сканирах с Nod32 и не откри вируси вече. Много ти благодаря, Maniac .c:\windows\HideWin.exe c:\documents and settings\All Users\Application Data\ezsid.dat Смяташ ли че е изчистено вече всичко? И това,което трябва да прикача към поста си - в предния ли трябваше?

ComboFix 09-01-21.04 - User4e 2009-01-24 13:30:56.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.2047.1696 [GMT 2:00] Running from: c:\documents and settings\User4e\desktop\combofix.exe Command switches used :: /killall * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))))) . 2009-01-24 13:28 . 2009-01-24 13:28 <DIR> d-------- c:\windows\system32\xircom 2009-01-24 13:28 . 2009-01-24 13:28 <DIR> d-------- c:\windows\system32\oobe 2009-01-24 13:28 . 2009-01-24 13:28 <DIR> d-------- c:\windows\srchasst 2009-01-24 13:28 . 2009-01-24 13:28 <DIR> d-------- c:\program files\microsoft frontpage 2009-01-24 11:35 . 2009-01-24 11:35 <DIR> d-------- c:\program files\SUPERAntiSpyware 2009-01-24 11:35 . 2009-01-24 11:35 <DIR> d-------- c:\documents and settings\User4e\Application Data\SUPERAntiSpyware.com 2009-01-24 11:35 . 2009-01-24 11:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-01-23 20:09 . 2009-01-23 20:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-23 20:09 . 2009-01-23 20:09 <DIR> d-------- c:\documents and settings\User4e\Application Data\Malwarebytes 2009-01-23 20:09 . 2009-01-23 20:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-23 20:09 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-23 20:09 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-23 12:02 . 2007-09-19 11:11 1,959,832 -ra------ c:\windows\system32\drivers\RTKVHDA.sys 2009-01-23 11:13 . 2009-01-23 11:13 <DIR> d-------- c:\documents and settings\User4e\Application Data\Leadertech 2009-01-23 11:05 . 2009-01-23 11:05 <DIR> d-------- c:\program files\directx 2009-01-23 10:29 . 2009-01-23 10:29 0 --a------ c:\windows\PowerReg.dat 2009-01-22 16:13 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe 2009-01-22 07:44 . 2009-01-22 18:41 <DIR> d-------- c:\program files\ThreatFire 2009-01-22 07:44 . 2009-01-22 07:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2009-01-21 21:41 . 2009-01-22 18:41 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-01-21 21:32 . 2009-01-21 21:33 <DIR> d-------- c:\program files\True Sword 5 2009-01-21 21:02 . 2005-10-11 14:40 356,352 --a------ c:\windows\eSellerateEngine.dll 2009-01-21 21:02 . 2003-06-06 11:21 81,920 --a------ c:\windows\eSellerateControl350.dll 2009-01-21 20:42 . 2009-01-21 20:42 <DIR> d-------- c:\documents and settings\User4e\Application Data\True Sword 2009-01-21 18:57 . 2009-01-21 19:47 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-01-21 18:57 . 2009-01-21 19:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-11 19:33 . 2009-01-14 13:36 <DIR> d-------- c:\program files\GRETECH 2009-01-09 09:00 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll 2009-01-09 09:00 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll 2009-01-09 09:00 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll 2009-01-09 09:00 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll 2009-01-09 09:00 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll 2009-01-09 09:00 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll 2009-01-03 00:53 . 2009-01-12 20:19 <DIR> d-------- c:\program files\Google 2008-12-27 13:31 . 2008-12-27 13:31 <DIR> d-------- c:\program files\Neoact 2008-12-27 13:31 . 2007-02-05 13:11 139,264 --a------ c:\windows\NeoUninstall.exe 2008-12-27 13:31 . 2008-12-27 13:31 26 --a------ c:\windows\neosetup.INI 2008-12-26 21:52 . 2008-12-26 21:52 <DIR> d-------- c:\program files\VentSrv 2008-12-26 15:11 . 2008-12-26 15:11 <DIR> d-------- c:\windows\system32\LogFiles 2008-12-26 15:11 . 2008-12-27 12:48 682,280 --a------ c:\windows\system32\pbsvc.exe 2008-12-26 15:11 . 2008-12-30 08:52 138,464 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2008-12-26 15:11 . 2008-12-30 08:52 111,928 --a------ c:\windows\system32\PnkBstrB.exe 2008-12-26 15:11 . 2008-12-26 15:11 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2008-12-26 15:11 . 2008-12-27 12:48 22,328 --a------ c:\documents and settings\User4e\Application Data\PnkBstrK.sys 2008-12-25 12:00 . 2008-12-25 12:00 <DIR> d-------- c:\windows\Hired Guns . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-24 09:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-23 10:33 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-23 10:32 315,392 ----a-w c:\windows\HideWin.exe 2009-01-20 19:21 --------- d-----w c:\documents and settings\User4e\Application Data\Skype 2009-01-20 17:47 --------- d-----w c:\documents and settings\User4e\Application Data\skypePM 2009-01-20 11:02 --------- d-----w c:\documents and settings\User4e\Application Data\BSplayer PRO 2009-01-17 13:32 --------- d-----w c:\program files\Mv2Player 2009-01-17 12:12 --------- d-----w c:\program files\ICQToolbar 2009-01-17 11:58 --------- d-----w c:\program files\Winamp 2009-01-14 12:02 --------- d-----w c:\program files\Eset 2009-01-14 11:37 --------- d-----w c:\program files\Nokia 2009-01-11 15:30 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite 2009-01-04 17:21 --------- d-----w c:\program files\sms 2008-11-27 16:47 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-11-27 16:34 --------- d-----w c:\documents and settings\User4e\Application Data\Nokia 2008-11-27 16:32 --------- d-----w c:\documents and settings\User4e\Application Data\PC Suite 2008-11-27 16:28 --------- d-----w c:\program files\PC Connectivity Solution 2008-11-27 16:28 --------- d-----w c:\program files\DIFX 2008-11-27 16:27 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations 2008-11-27 16:25 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2008-03-13 18:39 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2008-03-17 08:54 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat 2008-03-06 15:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat 2008-03-17 08:54 16,384 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2008-03-17 08:54 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-12 39408] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-22 344064] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152] "DAEMON Tools-1033"="d:\install programs\daemon\daemon.exe" [2003-10-02 81920] "HotKey"="c:\program files\HotKey\hotkey.exe" [2006-11-03 81920] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-04-26 949376] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2007-12-07 c:\windows\system32\advpack.dll] c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2008-03-06 131584] Logitech SetPoint.lnk - d:\install programs\Logitech G3 Software\SetPoint\SetPoint.exe [2008-03-13 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideRunAsVerb"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Install Programs\\ICQ\\ICQ.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12177:TCP"= 12177:TCP:BitComet 12177 TCP "12177:UDP"= 12177:UDP:BitComet 12177 UDP [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) "AllowInboundTimestampRequest"= 1 (0x1) R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2003-10-02 119552] R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [2003-09-27 5504] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-04-26 15424] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00 . . ------- Supplementary Scan ------- . uStart Page = hxxp://mystart.incredimail.com/english IE: &D&ownload &with BitComet - d:\install programs\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - d:\install programs\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - d:\install programs\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: {{60237576-b24c-4ba9-9740-c9f3ec9db557} - {EAADF17C-B6EA-4511-8549-A67CFD406EAF} - d:\instal~1\WEBTRA~1\wt2ie.dll LSP: c:\windows\system32\imon.dll TCP: {9B994A48-1E82-4C52-8FC0-250730B7AC0F} = 193.200.15.155,193.200.15.156 FF - ProfilePath - c:\documents and settings\User4e\Application Data\Mozilla\Firefox\Profiles\6bzxc9lj.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/ FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=HWFSSep08FFAB&search= FF - component: d:\install programs\Mozilla\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-24 13:33:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49 ,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,0 0 ,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49 ,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,0 0 ,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\autorun] "ImagePath"="\??\C:\huadio.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49 ,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,0 0 ,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49 ,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,0 0 ,79,00,73,00,00,00" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(752) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'lsass.exe'(808) c:\windows\system32\imon.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Eset\nod32krn.exe c:\windows\system32\PnkBstrA.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe . ************************************************************************** . Completion time: 2009-01-24 13:34:35 - machine was rebooted [user4e] ComboFix-quarantined-files.txt 2009-01-24 11:34:30 Pre-Run: 25,185,214,464 bytes free Post-Run: 25,176,813,568 bytes free 212 --- E O F --- 2008-03-16 14:44:47 c:\windows\HideWin.exe c:\documents and settings\All Users\Application Data\ezsid.dat Eto tova mi dade