Не ми се отварят google и youtube

[yordanp]

На Internet Explorer => Tools => Internet Options => нямах поставени отметки.

 

Обнових Malwarebytes' Anti-Malware, ето резултата от сканирането:

 

Malwarebytes' Anti-Malware 1.44

Database version: 3839

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

 

09.3.2010 г. 12:20:08

mbam-log-2010-03-09 (12-20-08).txt

 

Scan type: Quick Scan

Objects scanned: 115359

Time elapsed: 4 minute(s), 21 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 3

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_1 (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_2 (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_3 (Rootkit.Agent) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\Program Files\Common Files\keylog.txt (Malware.Trace) -> Quarantined and deleted successfully.

 

..изчистих намереното.

 

При стъпка 2, първоначално ми показа една грешка, че липсва някакъв файл (вижте долу). Въпреки това стартирах сканирането, ето резултата.

 

 

/--------------------------------------------------------------\

| Trend Micro System Cleaner |

| Copyright 2009-2010, Trend Micro, Inc. |

| http://www.trendmicro.com |

\--------------------------------------------------------------/

 

 

2010-03-09, 12:55:55, Auto-clean mode specified.

2010-03-09, 12:55:55, Initialized Rootkit Driver version 2.2.0.1004.

2010-03-09, 12:55:55, Running scanner "C:\TrendMicro\TSC.BIN"...

2010-03-09, 12:56:07, Scanner "C:\TrendMicro\TSC.BIN" has finished running.

2010-03-09, 12:56:07, TSC Log:

 

яюD a m a g e C l e a n u p E n g i n e ( D C E ) 6 . 2 ( B u i l d 1 0 1 6 ) ( R C M : 2 . 2 . 0 - 1 0 0 4 )

 

 

W i n d o w s X P ( B u i l d 2 6 0 0 : S e r v i c e P a c k 2 )

 

 

 

 

S t a r t t i m e : 2B>@=8: 0@B 0 9 2 0 1 0 1 2 : 5 5 : 5 6

 

 

 

 

 

L o a d D a m a g e C l e a n u p T e m p l a t e ( D C T ) " C : \ T r e n d M i c r o \ T M R D C T . p t n " ( v e r s i o n ) [ f a i l ]

 

 

L o a d D a m a g e C l e a n u p T e m p l a t e ( D C T ) " C : \ T r e n d M i c r o \ t s c . p t n " ( v e r s i o n 1 0 7 2 ) [ s u c c e s s ]

 

 

 

 

 

C o m p l e t e t i m e : 2B>@=8: 0@B 0 9 2 0 1 0 1 2 : 5 6 : 0 7

 

 

E x e c u t e p a t t e r n c o u n t ( 3 0 6 3 ) , V i r u s f o u n d c o u n t ( 0 ) , V i r u s c l e a n c o u n t ( 0 ) , C l e a n f a i l e d c o u n t ( 0 )

 

 

 

 

 

2010-03-09, 12:56:07, Running scanner "C:\TrendMicro\VSCANTM.BIN"...

2010-03-09, 13:34:20, Scanner "C:\TrendMicro\VSCANTM.BIN" has finished running.

2010-03-09, 13:34:20, VSCANTM Log:

 

2010-03-09, 13:34:20, Files Detected:

Copyright © 1990 - 2006 Trend Micro Inc.

Report Date : 3/9/2010 12:56:07

VSAPI Engine Version : 8.950-1092

VSCANTM Version : 3.00-1018 (Official Build)

 

VSGetVirusPatternInformation is invoked

 

Virus Pattern Version : 901 (512171/512171 Patterns) (2010/03/07) (690100)

 

Command Line: C:\TrendMicro\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR C:\*.* /P=C:\TrendMicro\lpt$vpn.901

 

C:\WINDOWS\system32\7eqVRF8.exe [TROJ_AGENT.SMH]

C:\WINDOWS\system32\eDpGScl.exe [TROJ_AGENT.SMH]

C:\WINDOWS\system32\Hvm0qLX.exe [TROJ_AGENT.SMH]

C:\WINDOWS\system32\O1F6P8e.exe [TROJ_AGENT.SMH]

C:\WINDOWS\system32\pE0SwPa.exe [TROJ_AGENT.SMH]

C:\_OTL\MovedFiles\03082010_124037\C_WINDOWS\system32\6euNEyj.exe [TROJ_AGENT.SMH]

C:\_OTL\MovedFiles\03082010_124037\C_WINDOWS\system32\a215bc26.exe [TROJ_AGENT.SMH]

C:\_OTL\MovedFiles\03082010_124037\C_WINDOWS\system32\d0lcZ9O.exe [TROJ_AGENT.SMH]

C:\_OTL\MovedFiles\03082010_124037\C_WINDOWS\system32\lO0qoM2.exe [TROJ_AGENT.SMH]

C:\_OTL\MovedFiles\03082010_124037\C_WINDOWS\system32\TaygPy3.exe [TROJ_AGENT.SMH]

63891 files have been read.

63891 files have been checked.

63838 files have been scanned.

114475 files have been scanned. (including files in archived)

10 files containing viruses.

Found 10 viruses totally.

Maybe 0 viruses totally.

Stop At: 3/9/2010 13:34:18 38 minutes 10 seconds (2290.39 seconds) has elapsed.(35.848 msec/file)

---------*---------*---------*---------*---------*---------*---------*---------*

2010-03-09, 13:34:20, Files Clean:

Copyright © 1990 - 2006 Trend Micro Inc.

Report Date : 3/9/2010 12:56:07

VSAPI Engine Version : 8.950-1092

VSCANTM Version : 3.00-1018 (Official Build)

 

VSGetVirusPatternInformation is invoked

 

Virus Pattern Version : 901 (512171/512171 Patterns) (2010/03/07) (690100)

 

Command Line: C:\TrendMicro\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR C:\*.* /P=C:\TrendMicro\lpt$vpn.901

 

63891 files have been read.

63891 files have been checked.

63838 files have been scanned.

114475 files have been scanned. (including files in archived)

10 files containing viruses.

Found 10 viruses totally.

Maybe 0 viruses totally.

Stop At: 3/9/2010 13:34:18 38 minutes 10 seconds (2290.39 seconds) has elapsed.(35.848 msec/file)

---------*---------*---------*---------*---------*---------*---------*---------*

2010-03-09, 13:34:20, Clean Fail:

Copyright © 1990 - 2006 Trend Micro Inc.

Report Date : 3/9/2010 12:56:07

VSAPI Engine Version : 8.950-1092

VSCANTM Version : 3.00-1018 (Official Build)

 

VSGetVirusPatternInformation is invoked

 

Virus Pattern Version : 901 (512171/512171 Patterns) (2010/03/07) (690100)

 

Command Line: C:\TrendMicro\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR C:\*.* /P=C:\TrendMicro\lpt$vpn.901

 

63891 files have been read.

63891 files have been checked.

63838 files have been scanned.

114475 files have been scanned. (including files in archived)

10 files containing viruses.

Found 10 viruses totally.

Maybe 0 viruses totally.

Stop At: 3/9/2010 13:34:18 38 minutes 10 seconds (2290.39 seconds) has elapsed.(35.848 msec/file)

---------*---------*---------*---------*---------*---------*---------*---------*

2010-03-09, 13:34:20, Running scanner "C:\TrendMicro\VSCANTM.BIN"...

2010-03-09, 15:31:50, Scanner "C:\TrendMicro\VSCANTM.BIN" has finished running.

2010-03-09, 15:31:50, VSCANTM Log:

 

2010-03-09, 15:31:50, Files Detected:

Copyright © 1990 - 2006 Trend Micro Inc.

Report Date : 3/9/2010 13:34:20

VSAPI Engine Version : 8.950-1092

VSCANTM Version : 3.00-1018 (Official Build)

 

VSGetVirusPatternInformation is invoked

 

Virus Pattern Version : 901 (512171/512171 Patterns) (2010/03/07) (690100)

 

Command Line: C:\TrendMicro\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR D:\*.* /P=C:\TrendMicro\lpt$vpn.901

 

D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\dcmonitor.exe [Mal_MLWR-24]

D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\htmlanalyzer.exe [Mal_MLWR-24]

D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\keywordtool.exe [Mal_MLWR-24]

D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\linkchecker.exe [Mal_MLWR-24]

D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\linkexchange.exe [Mal_MLWR-24]

D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\loganalyzer.exe [Mal_MLWR-24]

D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\pranalyzer.exe [Mal_MLWR-24]

D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\rankingmonitor.exe [TROJ_Generic]

D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\semtempl.dll [WORM_SDBOT.GAV]

D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\siteindexer.exe [Mal_MLWR-24]

D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\snipviewer.exe [Mal_MLWR-24]

D:\(11) Computer\SEO\SEO\Allsubmitter\cracked_allsubmitter.exe [TROJ_GEN.0Z2011S]

D:\(8) INSTAL\0 NEW\New Folder\Download\M-torrent\utlp.exe [WORM_Generic]

D:\(8) INSTAL\0 NEW\New Folder\Download\M-torrent\utorrent_fake2x_seeder.exe [WORM_Generic]

D:\(8) INSTAL\1 Special\2 System\Uniblue Power Suite 2009\Registry Booster\patch.exe [TROJ_Generic.DIT]

D:\(8) INSTAL\1 Special\DAEMON Tools Pro\Patch\daemon.tools.pro.patch.exe [TROJ_Generic.SFB]

D:\(8) INSTAL\2 Drugi\Razni\Google Earth\Google Earth Pro v4.2.180\GEP Add-on v4.2.180.1134.exe [TROJ_DLOADER.ROS]

D:\(8) INSTAL\Audio\1 Audio programs\2 Audio edit\ADOBE AUDITION v.3.0\CRACK\adobe.audition.3.0-NoPE.exe [TROJ_AGENT.GGS]

D:\(8) INSTAL\Audio\2 Plugins\2 Plugins\Celemony Melodyne\AiR\Keygen.exe [TROJ_Generic.DIT]

D:\(8) INSTAL\Audio\3 Drugi\D-Accord-Drums-Player\crack\patch.exe [WORM_AGOBOT.NH]

D:\(8) INSTAL\Audio\3 Drugi\DAccordiChords\Patch.exe [TROJ_Generic]

D:\(8) INSTAL\Audio\3 Drugi\Winamp\Winamp 5.3.3\WinAmp-Scins\300 Winamp Skins for all versions\EPS_High-End_System_v1_test.wal (1/126 Viruses Found)

D:\(8) INSTAL\Audio\3 Drugi\Winamp\Winamp 5.3.3\WinAmp-Scins\skins\EPS_High-End_System_v1_test.wal (1/126 Viruses Found)

D:\(8) INSTAL\Download\1 Download\VideoGet 3.0.2.43\FIX\videoget.v3.0.2.43-patch.exe [TROJ_ONLINEG.BKY]

D:\(8) INSTAL\Office\ABBYY.FineReader\tozi za Kirilisa-ABBYY.FineReader.v8.x_djx\ABBYY FineReader (Version 8.x) - Crack.exe [TROJ_Generic]

D:\(8) INSTAL\Video\1 Video programs\Pinnacle Studio Ultimate\Keygen.exe [TROJ_DLOADE.LD]

D:\(8) INSTAL\Video\1 Video programs\Pinnacle Studio Ultimate\Pinnacle.Studio.Ultimate.v12.0.0.6163.Plugins.Addon-AGAiN\Keygen.exe [TROJ_DLOADE.LD]

D:\(8) INSTAL\Video\Video convertors\Xilisoft Video Converter\Keygen\Video Converter.exe [TROJ_Generic.ADV]

D:\(8) INSTAL\Web\FTP-SSH\WaterProof PHPEdit\WaterProof PHPEdit v2.12.4.5256\keygen.exe [WORM_Generic]

D:\Program files 2\Adobe Audition\adobe.audition.3.0-NoPE.exe [TROJ_AGENT.GGS]

D:\Program files 2\D'Accord Drums Player 1.0\patch.exe [WORM_AGOBOT.NH]

D:\Program files 2\D'Accord iChords 2.0\Patch.exe [TROJ_Generic]

D:\Program files 2\DAEMON Tools Pro\daemon.tools.pro.patch.exe [TROJ_Generic.SFB]

D:\Program files 2\FL Studio\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll [TROJ_Generic.DIS]

D:\Program files 2\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll [TROJ_Generic.DIS]

D:\Program files 2\VideoGet\videoget.v3.0.2.43-patch.exe [TROJ_ONLINEG.BKY]

D:\upload\Drugi\Magic_ISO_Maker_v5.3_build_0229_Rus\MagicISO.Maker.5.5.Build.265.keygen.read.nfo-SND\MagicISOMakerKeygen.exe [TROJ_VUNDO.VXX]

D:\upload\Drugi\Magic_ISO_Maker_v5.3_build_0229_Rus\Setup_MagicISO\Keygen\keygen.exe [TROJ_Generic.DIT]

D:\upload\Drugi\Video\2 Video convertor\Xilisoft Video Converter\Keygen\Video Converter.exe [TROJ_Generic.ADV]

D:\upload\New Folder\CINEMA11.zip (1/4539 Viruses Found)

109161 files have been read.

109161 files have been checked.

109138 files have been scanned.

326593 files have been scanned. (including files in archived)

40 files containing viruses.

Found 40 viruses totally.

Maybe 0 viruses totally.

Stop At: 3/9/2010 15:31:49 1 hour 57 minutes 27 seconds (7046.61 seconds) has elapsed.(64.552 msec/file)

---------*---------*---------*---------*---------*---------*---------*---------*

2010-03-09, 15:31:50, Files Clean:

Copyright © 1990 - 2006 Trend Micro Inc.

Report Date : 3/9/2010 13:34:20

VSAPI Engine Version : 8.950-1092

VSCANTM Version : 3.00-1018 (Official Build)

 

VSGetVirusPatternInformation is invoked

 

Virus Pattern Version : 901 (512171/512171 Patterns) (2010/03/07) (690100)

 

Command Line: C:\TrendMicro\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR D:\*.* /P=C:\TrendMicro\lpt$vpn.901

 

Fail to Clean [ Mal_MLWR-24]( 1) from D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\dcmonitor.exe

Fail to Clean [ Mal_MLWR-24]( 1) from D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\htmlanalyzer.exe

Fail to Clean [ Mal_MLWR-24]( 1) from D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\keywordtool.exe

Fail to Clean [ Mal_MLWR-24]( 1) from D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\linkchecker.exe

Fail to Clean [ Mal_MLWR-24]( 1) from D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\linkexchange.exe

Fail to Clean [ Mal_MLWR-24]( 1) from D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\loganalyzer.exe

Fail to Clean [ Mal_MLWR-24]( 1) from D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\pranalyzer.exe

Fail to Clean [ Mal_MLWR-24]( 1) from D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\siteindexer.exe

Fail to Clean [ Mal_MLWR-24]( 1) from D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\snipviewer.exe

109161 files have been read.

109161 files have been checked.

109138 files have been scanned.

326593 files have been scanned. (including files in archived)

40 files containing viruses.

Found 40 viruses totally.

Maybe 0 viruses totally.

Stop At: 3/9/2010 15:31:49 1 hour 57 minutes 27 seconds (7046.61 seconds) has elapsed.(64.552 msec/file)

---------*---------*---------*---------*---------*---------*---------*---------*

2010-03-09, 15:31:50, Clean Fail:

Copyright © 1990 - 2006 Trend Micro Inc.

Report Date : 3/9/2010 13:34:20

VSAPI Engine Version : 8.950-1092

VSCANTM Version : 3.00-1018 (Official Build)

 

VSGetVirusPatternInformation is invoked

 

Virus Pattern Version : 901 (512171/512171 Patterns) (2010/03/07) (690100)

 

Command Line: C:\TrendMicro\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR D:\*.* /P=C:\TrendMicro\lpt$vpn.901

 

Fail to Clean [ Mal_MLWR-24]( 1) from D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\dcmonitor.exe

Fail to Clean [ Mal_MLWR-24]( 1) from D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\htmlanalyzer.exe

Fail to Clean [ Mal_MLWR-24]( 1) from D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\keywordtool.exe

Fail to Clean [ Mal_MLWR-24]( 1) from D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\linkchecker.exe

Fail to Clean [ Mal_MLWR-24]( 1) from D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\linkexchange.exe

Fail to Clean [ Mal_MLWR-24]( 1) from D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\loganalyzer.exe

Fail to Clean [ Mal_MLWR-24]( 1) from D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\pranalyzer.exe

Fail to Clean [ Mal_MLWR-24]( 1) from D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\siteindexer.exe

Fail to Clean [ Mal_MLWR-24]( 1) from D:\(11) Computer\SEO\2 SEO Toolkit\New\Semonitor\Semonitor 3.6\Semonitor_3.6_crack\Semonitor crack\snipviewer.exe

109161 files have been read.

109161 files have been checked.

109138 files have been scanned.

326593 files have been scanned. (including files in archived)

40 files containing viruses.

Found 40 viruses totally.

Maybe 0 viruses totally.

Stop At: 3/9/2010 15:31:49 1 hour 57 minutes 27 seconds (7046.61 seconds) has elapsed.(64.552 msec/file)

---------*---------*---------*---------*---------*---------*---------*---------*

2010-03-09, 15:31:50, Running SSAPI scanner ""...

2010-03-09, 16:25:29, SSAPI Log:

 

SSAPI Scanner Version: 1.0.1003

SSAPI Engine Version: 5.2.1032

SSAPI Pattern Version: 8.71

SSAPI Anti-Rootkit Version: 2.2.0.1004

 

Spyware Scan Started: 03/09/2010 15:31:55

 

 

SSAPI requires the system to reboot.

Detected Items:

[CLEAN SUCCESS][Adware_FasterXP] S-1-5-21-1644491937-2000478354-839522115-1003\Software\Softwrap\

[CLEAN SUCCESS][CrackingApps_Kaiser] D:\(8) INSTAL\0 NEW\New Folder\1 Gotovi\Audio\Dfx for winamp 7 (plugin)\CR-DWP75.EXE,D:\(8)INS~1\0NEW~1\NEWFOL~1\1GOTOV~1\Audio\DFXFOR~1\CR-DWP75.EXE,9442

[CLEAN SUCCESS][CrackingApps_Winvi] D:\(8) INSTAL\0 NEW\New Folder\2 Video convertor\WinAVI Video Converter\Crack\WinAVIVideoConverterv76_Crack.exe,D:\(8)INS~1\0NEW~1\NEWFOL~1\2VIDEO~1\WINAVI~1\Crack\WINAVI~1.EXE,9454

[CLEAN SUCCESS][Dialer_PlayGames] D:\(8) INSTAL\0 NEW\New Folder\Video\WM Recorder-Online video capture\Crack\keygen.exe,D:\(8)INS~1\0NEW~1\NEWFOL~1\Video\WMRECO~1\Crack\keygen.exe,7741

[CLEAN SUCCESS][CrackingApps_WinDVD] D:\(8) INSTAL\0 NEW\WinDVD Platinum 6.0.6.42\keygen.exe,D:\(8)INS~1\0NEW~1\WINDVD~1.42\keygen.exe,9553

[CLEAN SUCCESS][HKTL_PATCH] D:\(8) INSTAL\1 Special\2 System\Uniblue Power Suite 2009\Driver Scanner\Patch.exe,D:\(8)INS~1\1SPECI~1\2SYSTE~1\UNIBLU~1\DRIVER~1\Patch.exe,9658

[CLEAN SUCCESS][CRCK_KEYGEN] D:\(8) INSTAL\1 Special\3 Burn\Nero 8 Ultra Edition\keymaker.exe,D:\(8)INS~1\1SPECI~1\3BURN~1\NERO8U~1\keymaker.exe,9684

[CLEAN SUCCESS][CrackingApps_Kaiser] D:\(8) INSTAL\Audio\3 Drugi\Winamp\Winamp 5.3.3\Plugins\Dfx for winamp 7\CR-DWP75.EXE,D:\(8)INS~1\Audio\3DRUGI~1\Winamp\WINAMP~1.3\Plugins\DFXFOR~1\CR-DWP75.EXE,9442

[CLEAN SUCCESS][CrackingApps_Keygen] D:\upload\Drugi\Magic_ISO_Maker_v5.3_build_0229_Rus\Keygen.exe,D:\upload\Drugi\MAGIC_~1.3_B\Keygen.exe,7270

[CLEAN SUCCESS][CRCK_KEYGEN] D:\upload\Drugi\Video\1 Video edit\SonyVegas\1 Programs\Sony Vegas Pro 8.0c\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI\Keygen.exe,D:\upload\Drugi\Video\1VIDEO~1\SONYVE~1\1PROGR~1\SONYVE~1.0C\SONYPR~1.NFO\SONYPR~1.NFO\Keygen.exe,9684

Detected: 10 items.

Cleaned Success: 10 items.

Clean Failed: 0 items.

 

Spyware Scan Ended: 03/09/2010 16:25:29

Scan Complete. Time=3218.175781.

 

По време на сканирането на 2 пъти НОД ми засече някакви опасности (вижте долу).

 

След направеното, не виждам да има подобрение.

[B-boy/StyLe/]

*. Временно спрете защитата на антивирусната си програма в реално време!.

 

*. Изтеглете Combofix.

 

*. Запазете го на десктопа.

 

*. Стартирайте го с двукратен клик на мишката.

 

*. По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !

 

*. Публикувайте лог файла, който ще се създаде след рестарта на компютъра в следващия си пост.

[yordanp]

Спрях напълно НОД32, но остава един процес, който не мога да спра-nod32krn.exe. Какъв е този поцес и защо не може да се спре(пробвах през windows task manager)?

[B-boy/StyLe/]

Пробвайте да стартирате Combofix въпреки този процес.

"Нашили" сте си доста сериозна и НОВА инфекция:

 

http://forums.malwarebytes.org/index.php?showtopic=42641

[yordanp]

Пробвах да сканирам. Излезе ми първоначалн-combofix has detected.... (вижте долу)

Продължих, но малко по-късно се появи множество пъти някаква грешка която не ми даде да се завърши процеса.(вижте долу)

 

В този случай как да процедирам с тази инфекция - nod32krn.exe?

[B-boy/StyLe/]

Пробвайте временно да деинсталирате NOD32 от Control Panel => Add or Remove Programs.

 

След това изтеглете този файл и го поставете в C:\Windows\system32

 

http://www.dlldump.com/download-dll-files_new.php/dllfiles/A/aclui.dll/5.1.2600.2180/download.html

 

За финал изтрийте вашата версия на Combofix и изтеглете нова оттук.

 

Стартирайте приложението и публикувайте лог файла, който ще се генерира след рестарта на системата.

[yordanp]

ComboFix-log

ComboFix 10-03-08.02 - Jordan 03.2010 г. 19:18:26.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.1023.705 [GMT 2:00]

Running from: c:\documents and settings\Jordan\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\Jordan\Application Data\AdSubscribe

c:\documents and settings\Jordan\Application Data\AdSubscribe\AdSubscribe.dat

c:\documents and settings\Jordan\Application Data\AdSubscribe\Uninstall.exe

c:\documents and settings\Jordan\Application Data\Microsoft\Internet Explorer\qiPSearchbar.dll

c:\windows\a3kebook.ini

c:\windows\akebook.ini

c:\windows\ANS2000.INI

c:\windows\system32\Data

 

.

((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))

.

 

2010-03-09 17:06 . 2010-03-09 17:06 114688 -c--a-w- c:\windows\system32\dllcache\aclui.dll

2010-03-09 17:06 . 2010-03-09 17:06 114688 ----a-w- c:\windows\system32\aclui.dll

2010-03-09 10:01 . 2010-03-09 14:36 -------- d-----w- C:\TrendMicro

2010-03-08 10:40 . 2010-03-08 10:40 -------- d-----w- C:\_OTL

2010-03-06 17:39 . 2010-03-06 17:39 52224 ----a-w- c:\documents and settings\Jordan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-03-06 17:19 . 2010-03-06 17:21 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-03-06 17:19 . 2010-03-06 17:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-03-06 12:06 . 2010-03-06 12:06 -------- d-----w- c:\program files\Common Files\wm

2010-03-06 12:06 . 2010-03-06 12:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-03-02 10:52 . 2010-03-02 10:52 -------- d-----w- c:\program files\Common Files\PCSuite

2010-03-02 10:51 . 2010-03-02 10:51 -------- d-----w- c:\program files\Common Files\Nokia

2010-03-02 10:51 . 2010-03-02 10:51 -------- d-----w- c:\program files\PC Connectivity Solution

2010-03-02 10:51 . 2010-03-02 10:51 -------- d-----w- c:\program files\Nokia

2010-03-02 10:50 . 2010-03-02 10:47 34429264 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng_web.exe

2010-03-02 10:50 . 2010-03-02 10:50 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe

2010-03-02 10:50 . 2010-03-02 10:50 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe

2010-03-02 10:50 . 2010-03-02 10:50 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2010-03-02 10:50 . 2010-03-02 10:50 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe

2010-03-01 14:18 . 2010-03-01 14:19 -------- d-----w- c:\program files\MP3 Remix

2010-02-20 09:22 . 2010-02-20 10:01 -------- d-----w- c:\documents and settings\All Users\Application Data\YoGen

2010-02-18 14:00 . 2010-02-18 14:00 -------- d-----w- c:\documents and settings\Jordan\.tuxguitar-1.2

2010-02-12 18:18 . 2010-02-12 18:19 -------- dc-h--w- c:\windows\ie8

2010-02-12 07:37 . 2010-01-29 08:41 511488 ----a-w- c:\documents and settings\Jordan\Application Data\Mozilla\Firefox\Profiles\jgpgki6l.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll

2010-02-11 19:42 . 2010-02-12 08:34 -------- d-----w- c:\program files\Mixed In Key 4

2010-02-11 00:21 . 2010-02-11 00:21 -------- d-----w- c:\program files\u-he

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-09 17:17 . 2009-07-10 16:29 -------- d-----w- c:\program files\Eset

2010-03-09 17:06 . 2008-12-01 07:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-03-09 15:47 . 2008-12-10 20:03 -------- d-----w- c:\documents and settings\Jordan\Application Data\QIP.Online

2010-03-09 15:41 . 2008-05-18 18:40 -------- d-----w- c:\documents and settings\Jordan\Application Data\Skype

2010-03-09 14:04 . 2008-11-25 12:48 -------- d-----w- c:\documents and settings\Jordan\Application Data\skypePM

2010-03-07 18:20 . 2009-11-14 21:59 -------- d-----w- c:\program files\Opera

2010-03-06 17:39 . 2009-08-28 18:46 117760 ----a-w- c:\documents and settings\Jordan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-03-06 15:44 . 2009-12-07 16:41 -------- d-----w- c:\documents and settings\Jordan\Application Data\FileZilla

2010-03-03 21:48 . 2008-05-18 15:06 74632 ----a-w- c:\documents and settings\Jordan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-02 11:07 . 2009-11-10 00:27 -------- d-----w- c:\documents and settings\Jordan\Application Data\Nokia

2010-03-02 10:50 . 2009-11-09 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations

2010-02-22 12:44 . 2008-05-19 09:29 -------- d-----w- c:\documents and settings\Jordan\Application Data\VSO

2010-02-13 00:05 . 2009-12-07 12:01 366168 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-02-12 08:34 . 2010-01-28 21:30 -------- d-----w- c:\program files\Mixed In Key

2010-02-10 08:19 . 2008-12-21 10:32 10 -c--a-w- c:\documents and settings\All Users\Application Data\VYAAUFMZPWQQ.SYS

2010-02-10 08:19 . 2008-12-21 10:32 10 -c--a-w- c:\documents and settings\All Users\Application Data\VYAAUFMZPWQQ.SYS

2010-02-05 08:39 . 2010-02-05 08:39 251376 ----a-w- c:\documents and settings\Jordan\Application Data\Mozilla\plugins\npgoogletalk.dll

2010-02-02 14:59 . 2009-02-22 19:46 -------- d-----w- c:\program files\Google

2010-02-02 10:15 . 2010-02-01 22:01 -------- d-----w- c:\program files\AMR Player

2010-02-01 13:53 . 2010-01-30 20:44 -------- d-----w- c:\program files\LingvoSoft

2010-02-01 12:59 . 2010-02-01 12:58 -------- d-----w- c:\program files\Lex!

2010-02-01 10:13 . 2009-12-13 22:44 -------- d-----w- c:\documents and settings\Jordan\Application Data\ImgBurn

2010-01-30 22:20 . 2010-01-30 22:20 -------- d-----w- c:\documents and settings\Jordan\Application Data\Ectaco

2010-01-28 17:36 . 2010-01-28 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-01-28 17:36 . 2010-01-28 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan

2010-01-26 16:45 . 2009-12-07 12:26 -------- d-----w- c:\documents and settings\Jordan\Application Data\Sony

2010-01-25 08:01 . 2008-05-18 14:51 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-24 21:56 . 2010-01-24 21:56 -------- d-----w- c:\documents and settings\Jordan\Application Data\Sony Creative Software

2010-01-24 12:33 . 2008-09-28 15:12 54304 ----a-w- c:\windows\system32\drivers\PhTVTune.sys

2010-01-24 12:33 . 2008-09-28 15:12 110592 ----a-w- c:\windows\system32\Prop7134.dll

2010-01-24 12:33 . 2008-09-28 15:12 346304 ----a-w- c:\windows\system32\drivers\Cap7134.sys

2010-01-23 15:45 . 2008-12-02 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle

2010-01-22 22:41 . 2009-11-27 20:27 -------- d-----w- c:\program files\Sony

2010-01-22 20:11 . 2008-08-03 05:45 -------- d-----w- c:\documents and settings\Jordan\Application Data\DivX

2010-01-22 20:01 . 2010-01-22 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate

2010-01-22 18:34 . 2009-03-27 07:43 -------- d-----w- c:\program files\ArcSoft

2010-01-22 10:16 . 2009-06-18 22:06 -------- d-----w- c:\program files\VstPlugins

2010-01-19 16:50 . 2010-01-10 12:24 -------- d-----w- c:\program files\Evisoft

2010-01-17 11:18 . 2010-01-17 10:54 -------- d-----w- c:\documents and settings\Jordan\Application Data\Rapid Evolution 2

2010-01-17 10:52 . 2010-01-17 10:52 411368 ------w- c:\windows\system32\deploytk.dll

2010-01-15 14:54 . 2010-01-17 18:05 1793838 ----a-w- c:\documents and settings\Jordan\Application Data\Kana Solution\Kana Launcher\Menus\Web\site-auditor.exe

2010-01-13 09:00 . 2010-01-13 09:00 8854 ----a-r- c:\documents and settings\Jordan\Application Data\Microsoft\Installer\{4513F51E-3D1B-4791-B652-4C8B263ACD07}\Uninstall_EasyStudio_2FA333E9845C4292870E7E41F38443CA.exe

2010-01-13 09:00 . 2010-01-13 09:00 10134 ----a-r- c:\documents and settings\Jordan\Application Data\Microsoft\Installer\{4513F51E-3D1B-4791-B652-4C8B263ACD07}\ARPPRODUCTICON.exe

2010-01-12 08:51 . 2009-06-18 22:05 -------- d-----w- c:\program files\Image-Line

2010-01-09 23:35 . 2010-01-09 23:35 -------- d-----w- c:\program files\MSXML 6.0

2010-01-07 14:07 . 2009-08-28 18:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 14:07 . 2009-08-28 18:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-15 19:40 . 2009-01-03 19:18 22 -c----w- c:\windows\system32\winStudio.bin

2008-05-18 16:46 . 2008-05-18 16:46 86414 ----a-w- c:\program files\18 May 2008.JPG

.

 

((((((((((((((((((((((((((((( SnapShot@2010-03-09_16.32.37 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-09 17:17 . 2010-03-09 17:17 16384 c:\windows\temp\Perflib_Perfdata_58c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QIP.Online"="c:\program files\QIP.Online\qiponline.exe" [2009-10-26 3393024]

"Kana Launcher"="c:\program files\Kana Launcher\Launcher.exe" [2003-01-05 283136]

"12Voip"="d:\program files 2\12Voip\12Voip.exe" [2010-01-29 9081640]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2007-01-16 53760]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoSecurityTab"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSecurityTab"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]

backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Jordan^Start Menu^Programs^Startup^Adobe Gamma.lnk]

backup=c:\windows\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12Voip]

2010-01-29 13:08 9081640 ----a-w- d:\program files 2\12Voip\12voip.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 04:58 611712 -c--a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

2007-04-04 11:41 970752 -c--a-w- c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

2005-08-05 22:07 61440 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

2007-09-06 13:08 136136 ----a-w- d:\program files 2\DAEMON Tools Pro\DTProAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-01-28 19:05 135664 ----atw- c:\documents and settings\Jordan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

2007-11-21 02:16 3293184 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mdAxel]

2003-09-19 09:57 40960 ----a-w- d:\(8) instal\1 Special\1 Drugi\mdAxel_0_02\mdAxel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

2009-11-11 08:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]

2009-02-21 08:18 4333568 ----a-w- d:\program files 2\Rainlendar2\Rainlendar2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

2002-04-17 08:42 69632 -c--a-w- c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-17 10:52 149280 ----a-w- d:\program files 2\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

2006-09-07 17:19 15872 -c--a-w- c:\program files\Unlocker\UnlockerAssistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-10 23:00 90112 ------w- c:\windows\Updreg.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2007-02-13 18:29 35328 -c--a-w- c:\program files\Winamp\winampa.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"d:\\(8) INSTAL\\0 NEW\\New Folder\\Download\\M-torrent\\utorrent_original.exe"=

"d:\\(8) INSTAL\\0 NEW\\New Folder\\Download\\M-torrent\\utorrent_mult100_seeder.exe"=

"d:\\Program files 2\\12Voip\\12Voip.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Documents and Settings\\Jordan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Jordan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10134:TCP"= 10134:TCP:BitComet 10134 TCP

"10134:UDP"= 10134:UDP:BitComet 10134 UDP

"10631:TCP"= 10631:TCP:BitComet 10631 TCP

"10631:UDP"= 10631:UDP:BitComet 10631 UDP

"24060:TCP"= 24060:TCP:BitComet 24060 TCP

"24060:UDP"= 24060:UDP:BitComet 24060 UDP

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"10598:TCP"= 10598:TCP:BitComet 10598 TCP

"10598:UDP"= 10598:UDP:BitComet 10598 UDP

"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP порт 443

"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP порт 443

"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP порт 37674

"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP порт 37674

"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP порт 37675

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"18500:TCP"= 18500:TCP

 

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11.11.2009 г. 10:44 9968]

R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [28.9.2008 г. 17:12 54304]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.6.2009 г. 06:38 685816]

S1 SASKUTIL;SASKUTIL;\??\d:\program files 2\SASKUTIL.sys --> d:\program files 2\SASKUTIL.sys [?]

S2 gupdate1ca87a9acb13d80;Google Update Service (gupdate1ca87a9acb13d80);c:\program files\Google\Update\GoogleUpdate.exe [28.12.2009 г. 12:36 133104]

S3 CnxEtP;Crypto F200 USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [23.7.2008 г. 02:16 60288]

S3 CnxEtU;Crypto F200 USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [23.7.2008 г. 02:16 646784]

S3 CnxTgN;Crypto F200 USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [23.7.2008 г. 02:16 108675]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11.11.2009 г. 10:44 7408]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.1.2008 г. 11:12 25088]

.

Contents of the 'Scheduled Tasks' folder

 

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 10:36]

 

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 10:36]

 

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-2000478354-839522115-1003Core.job

- c:\documents and settings\Jordan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-28 19:05]

 

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-2000478354-839522115-1003UA.job

- c:\documents and settings\Jordan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-28 19:05]

 

2010-03-09 c:\windows\Tasks\User_Feed_Synchronization-{C8ED7381-77CC-4352-A570-961DCC9495DA}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uDefault_Search_URL = hxxp://search.qip.ru

mStart Page = about:blank

uSearchAssistant = hxxp://search.qip.ru/ie

uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip

IE: &D&ownload &with BitComet - d:\program files 2\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - d:\program files 2\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - d:\program files 2\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Jordan\Application Data\Mozilla\Firefox\Profiles\jgpgki6l.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.ru

FF - component: c:\documents and settings\Jordan\Application Data\Mozilla\Firefox\Profiles\jgpgki6l.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll

FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\documents and settings\Jordan\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\Jordan\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: d:\program files 2\bin\new_plugin\npdeploytk.dll

FF - plugin: d:\program files 2\bin\new_plugin\npjp2.dll

.

- - - - ORPHANS REMOVED - - - -

 

MSConfigStartUp-nod32kui - c:\program files\Eset\nod32kui.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-09 19:22

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(772)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\Ati2evxx.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

Completion time: 2010-03-09 19:25:12

ComboFix-quarantined-files.txt 2010-03-09 17:25

ComboFix2.txt 2009-01-10 09:55

 

Pre-Run: 1 070 497 792 bytes free

Post-Run: 1 033 920 512 bytes free

 

- - End Of File - - F14318C80DE9E2BAFCE28870D2DBFB9B

[B-boy/StyLe/]

Ами в лог файла на Combofix очаквах да видя по-сериозно положение, но явно TrendMicro е почистил добре.

 

Отворете notepad.exe и с copy/paste въведете следната информация:

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoSecurityTab"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSecurityTab"=-

 

Запазете файла с име fix.reg и го стартирайте.

 

След това направете следното:

 

Изтеглете GMER и го разархивирайте на десктопа.

 

Преди да сканирате се уверете, че всички останали работещи програми в момента са изключени и антивирусния софтуер няма да предприема никакви действия по време на сканирането с Gmer. Не използвайте компютъра си, докато трае сканирането.

 

Кликнете два пъти пъти върху gmer.exe , за да стартирате програмата.

Тя ще направи начално сканиране за секунди. След като то приключи натиснете бутона Scan.

Когато проверката завърши, натиснете бутона Copy и поставете съдържанието на лог файла в следващия си пост.

[yordanp]

Gmer-log

 

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-03-09 21:32:58

Windows 5.1.2600 Service Pack 2

Running: gmer.exe; Driver: C:\DOCUME~1\Jordan\LOCALS~1\Temp\uxddypob.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ZwOpenFile [0xF6CD3080]

 

Code \??\C:\DOCUME~1\Jordan\LOCALS~1\Temp\catchme.sys pIofCallDriver

 

---- Kernel code sections - GMER 1.0.15 ----

 

pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xB874FF00, 0x24000, 0x48000000]

? C:\DOCUME~1\Jordan\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !

? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program files 2\DAEMON Tools Pro\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x12 0x00 0x8A 0x5F ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x16 0xFB 0x05 0x28 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x73 0xDB 0x4A 0x63 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program files 2\DAEMON Tools Pro\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x12 0x00 0x8A 0x5F ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x16 0xFB 0x05 0x28 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x73 0xDB 0x4A 0x63 ...

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 156FB476FE3251AC89A291F64B3A095ABDA991C6CE2E12DF55CE2902473ACB005CF594C100A5C93EAC6FDD06A37679CC9DD634AC54952C8E8F889676198DE5A0B827C89E9BD1F8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C9DB7CE019D40AA5CBA7FD869164D6794FD9795EE89AE71203B93822909A5A7AF6FF2F4870252EBDC7E7EBEA195880F4461CC9569B24B29BE38929D1C278864FB62CFF591CA22D678B43C5DD0344FEE39320FE67980C5E9DDDD133AFDA6376584978CE329629DF1F38A6B3EF7A7D7C3A1ABCFDC44A996E87F4A619337F098971D2C71081B05B70318BCEF51691CC14EDDCB3030BD6A2BFEB75BFB4D83F2870CB101FA0A07EC56F5474FE5E94CBF2072625786FDB18364A83038966A711C517840BBD97A635E5557F18618BE17C4FBB7B7D3DEC5BFB61608A6C59956656237B85BC5F2CA771E05DBA0ED89EC9A61D14AF88DF56BD84D8A606C329F5D183D6F49284B5D51E0F4265AEDD2EFF1F6519079581340B9C611FE1BE6EC7831942AA54C613D67C81032F0CD8A48B331A3531DB9183861D92153A3C58D2AA667BAA976095653904FC9A690543824737468294F231213B65E58661D91EFE2E379BD40F4E668038D67A7A724B0CE008064E31A72F03201CDBB2FA386512ED

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0EC2313A-9694-46C8-0FF6-FF5F6798DCAF}

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E889F132-F8F9-DF73-24C3-03E756F5D429}

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E889F132-F8F9-DF73-24C3-03E756F5D429}@oaiaddbihbghpdmojelbalbigocljj 0x64 0x61 0x68 0x63 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E889F132-F8F9-DF73-24C3-03E756F5D429}@oaepimgipjjemhlcmbcmglnoglpibd 0x6B 0x61 0x69 0x63 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E889F132-F8F9-DF73-24C3-03E756F5D429}@nakgonegkheknhemodcngogjoghp 0x6B 0x61 0x69 0x63 ...

 

---- EOF - GMER 1.0.15 ----

[B-boy/StyLe/]

Лог файла изглежда наред. Все още ли няма никаква промяна ?

 

Пробвайте сега отново с ESET Online Scanner:

 

http://forums.softvisia.com/index.php?showtopic=10820&view=findpost&p=94689

[yordanp]

Пробвах да сканирам с ESET Online Scanner, но отново ми изписа същата грешка-"Can no get update. Is proxy configured".

 

Забелязах, че има настройки за прокси. Въведох данните за едно българско прокси, започна сканирането и при достигането към края на стъпка 2 , ми изписа грешка (вижте долу). Така смених няколко проксита, докато едно от тях не ми прескочи до стъпка 3 и 4. Откри ми 24 опасности. Всичките бяха от една папка с програми (които не са инсталирани), и по точно в файлове с кей генератори пачове и някои други програмни файлове. Сложих отметките за изчистване. Сканирах отново и този път не ми засече нищо.

В папката \Eset\ESET Online Scanner очквах да има 2 лог файла, там намерих само от последното сканиране.

Въпреки, че ми показва че няма вируси, проблемът с отварянето на страниците си остава.

 

Странното е, че тези дни, както и днес на няколко пъти се оправи, но беше съвсем за малко.

 

Eset-Log

 

ESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetesets_scanner_update returned -1 esets_gle=1

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

Can not extract cabC:\Program Files\ESET\ESET Online Scanner\OnlineScanner.cabErr:Cannot create a file when that file already exists.

ESETSmartInstaller@High as downloader log:

Can not extract cabC:\Program Files\ESET\ESET Online Scanner\OnlineScanner.cabErr:Cannot create a file when that file already exists.

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=e4b6ff12f5080244a961a5e17eebb303

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-03-10 10:42:56

# local_time=2010-03-10 12:42:56 (+0200, GTB Standard Time)

# country="Bulgaria"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=2304 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 6351 6351 0 0

# scanned=121083

# found=0

# cleaned=0

# scan_time=6956

[B-boy/StyLe/]

Ако си знаете настройките на достъпа до интернет пробвайте да стартирате този инструмент и да рестартирате машината.

 

Изтеглете прикачения файл и го разархивирайте. Стартирайте го и натиснете Fix.

 

Щом се появи диалогов прозорец с въпрос дали системата да се рестартира се съгласете.

 

Това ще занули всички интернет настройки (евентуално и такива наложени от зловреден софтуер), след което ще трябва да си ги въведете ръчно.

 

Вижте дали ще има някаква промяна.

WinsockFix 1.2.exe.zip

[yordanp]

Някъде от тези прозорци ли мога да си видя настройките на интернета?

[B-boy/StyLe/]

Ако сте на PPPoE би трябвало настройките да са на автоматик.

Само създайте нова конекция с вашето потребителско име и парола предоставени от вашия интернет доставчик и би трябвало всичко да е ок.

[yordanp]

Изпълних горепосочените инструкции. Явно този WinsockFix даде ефект. Вече ми се отварят Google и YouTube.

Единственият сайт, който за сега съм открил, че не се отваря е http://www.eset.com.

Всъщност, ако бяхме опитали в началото този WinsockFix, дали щеше да се оправи, или може би проблемът е бил комплексен?