И мен ме тормози... NOD32

bitterMoo · Октомври 11, 2008

Здравейте!

НОДът ми има проблем, който не може да реши

от 2 седмици насам, непрекъснато пищи за ето този проблем

опитах какво ли не - сканирах си компютъра с помощта на още поне 5 различни антивирусни програми, без да броя онлайн проверките, които му спретнах

всичките намериха "болежки", основно бисквитки, които изтриваха без проблем

НОД продължава да изкарва съобщението си за зараза

направи ми впечатление, по време на многобройните сканирания, НОД пищеше за проблема си всеки път, щом поредната антивирусна минаваше през въпросния файл, докато в същото време, самата антивирусна не отчиташе зараза

попрочетох тук, преди да пускам нова тема, затова си позволявам директно да приложа някои лог-чета

последното, което предприех днес, беше:

1/ проверка със SUPERAntiSpyware - откри 41 кукита, които изтри

2/ проверка с Malwarebytes Anti-Malware 1.28 - докладва, че всичко е шест!

3/ рестартирах и пуснах HijackThis 1.99.1 - това е логът му

Logfile of HijackThis v1.99.1

Scan saved at 11:05:01 AM, on 10/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20861)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\Datecs\Flex2K.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

D:\HijackThis 1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interbild.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S

O4 - Global Startup: FlexType 2K.lnk = ?

O8 - Extra context menu item: &Сваляне на всички с FlashGet - D:\FlashGet\jc_all.htm

O8 - Extra context menu item: &Сваляне с FlashGet - D:\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A038764B-9653-4429-9892-CA4D61F265DE}: NameServer = 10.17.0.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe

4/ накрая и Autorunsc - това пък е неговият отчет

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ Adobe Reader Speed Launcher Adobe Acrobat SpeedLauncher Adobe Systems Incorporated c:\program files\adobe\reader 9.0\reader\reader_sl.exe

+ Alcmtr Realtek Azalia Audio - Event Monitor Realtek Semiconductor Corp. c:\windows\alcmtr.exe

+ ATICCC CLI Application (Command Line Interface) ATI Technologies Inc. c:\program files\ati technologies\ati.ace\cli.exe

+ ISTray PC Tools Tray Application PC Tools c:\program files\spyware doctor\pctstray.exe

+ NeroFilterCheck NeroCheck Ahead Software Gmbh c:\windows\system32\nerocheck.exe

+ nod32kui NOD32 Control Center GUI Eset c:\program files\eset\nod32kui.exe

+ RTHDCPL Realtek HD Audio Control Panel Realtek Semiconductor Corp. c:\windows\rthdcpl.exe

+ SBAMTray SBAMTray Application Sunbelt Software c:\program files\sunbelt software\counterspy\sbamtray.exe

+ SkyTel Realtek Voice Manager Realtek Semiconductor Corp. c:\windows\skytel.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

+ FlexType 2K.lnk c:\windows\datecs\flex2k.exe

C:\Documents and Settings\MINKOVI\Start Menu\Programs\Startup

+ FileZilla File not found: C:\Documents and Settings\MINKOVI\Start Menu\Programs\Startup\FileZilla

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} Nero Home Nero AG c:\program files\common files\ahead\lib\nmbgmonitor.exe

+ Uniblue RegistryBooster 2009 File not found: C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S

HKLM\SOFTWARE\Classes\Protocols\Handler

+ skype4com Skype for COM API Skype Technologies c:\program files\common files\skype\skype4com.dll

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

+ 0 File not found: About:Home

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ SABShellExecuteHook Class ShellExecuteHook SuperAdBlocker.com c:\program files\superantispyware\sasseh.dll

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers

+ FileEraserShellExt Secure File Eraser Shell Extension Sunbelt Software c:\program files\sunbelt software\counterspy\sbfe.dll

+ ICQLiteMenu File not found: C:\Program Files\ICQLite\ICQLiteShell.dll

+ NBShellHook Class Nero BackItUp Application Nero AG c:\program files\nero\nero 7\nero backitup\nbshell.dll

+ NOD32 Context Menu Shell Extension c:\program files\eset\nodshex.dll

+ SASContextMenu Class SUPERAntiSpyware Context Menu Extension SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dll

+ SBAMScanShellExt SBAM Scan Shell Extension Sunbelt Software c:\program files\sunbelt software\counterspy\sbamscanshellext.dll

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers

+ MBAMShlExt Malwarebytes' Anti-Malware Malwarebytes Corporation c:\program files\malwarebytes' anti-malware\mbamext.dll

HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers

+ FileEraserShellExt Secure File Eraser Shell Extension Sunbelt Software c:\program files\sunbelt software\counterspy\sbfe.dll

+ ICQLiteMenu File not found: C:\Program Files\ICQLite\ICQLiteShell.dll

+ SASContextMenu Class SUPERAntiSpyware Context Menu Extension SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dll

+ SBAMScanShellExt SBAM Scan Shell Extension Sunbelt Software c:\program files\sunbelt software\counterspy\sbamscanshellext.dll

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\Directory\Shellex\DragDropHandlers

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ NeroDigitalColumnHandler Class Nero Digital Shell Extension Nero AG c:\program files\common files\ahead\lib\nerodigitalext.dll

+ PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers

+ MBAMShlExt Malwarebytes' Anti-Malware Malwarebytes Corporation c:\program files\malwarebytes' anti-malware\mbamext.dll

+ NBShellHook Class Nero BackItUp Application Nero AG c:\program files\nero\nero 7\nero backitup\nbshell.dll

+ NOD32 Context Menu Shell Extension c:\program files\eset\nodshex.dll

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers

+ ACE ACE Context Menu c:\program files\ati technologies\ati.ace\atiacmxx.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Catalyst Context Menu extension ACE Context Menu c:\program files\ati technologies\ati.ace\atiacmxx.dll

+ Display Panning CPL Extension File not found: deskpan.dll

+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll

+ ICQ Lite Shell Extension File not found: C:\Program Files\ICQLite\ICQLiteShell.dll

+ NeroDigitalIconHandler Nero Digital Shell Extension Nero AG c:\program files\common files\ahead\lib\nerodigitalext.dll

+ NeroDigitalPropSheetHandler Nero Digital Shell Extension Nero AG c:\program files\common files\ahead\lib\nerodigitalext.dll

+ NOD32 Context Menu Shell Extension c:\program files\eset\nodshex.dll

+ WinRAR shell extension c:\program files\winrar\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ &Yahoo! Toolbar Helper Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll

+ Adobe PDF Link Helper Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll

+ FGCatchUrl Flashget CatchUrl Module www.flashget.com d:\flashget\jccatch.dll

+ FlashGet GetFlash Class Flashget GetFlash Module www.flashget.com d:\flashget\getflash.dll

+ Google Toolbar Notifier BHO GoogleToolbarNotifier Google Inc. c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll

+ Skype add-on (mastermind) Skype add-on for IE Skype Technologies S.A. c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ Yahoo! Toolbar Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ Yahoo! Toolbar Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ FlashGet FlashGet FlashGet.com d:\flashget\flashget.exe

+ ICQ Lite File not found: C:\Program Files\ICQLite\ICQLite.exe

+ ICQ6 ICQ Library ICQ, Inc. c:\program files\icq6\icq.exe

Task Scheduler

+ Norton Security Scan for MINKOVI.job Norton Security Scan Symantec Corporation c:\program files\norton security scan\nss.exe

HKLM\System\CurrentControlSet\Services

+ Ati HotKey Poller ATI External Event Utility EXE Module ATI Technologies Inc. c:\windows\system32\ati2evxx.exe

+ ATKKeyboardService ASUS Keyboard Service ASUSTeK COMPUTER INC. c:\windows\atkkbservice.exe

+ CCALib8 Canon Camera Access Library 8 Canon Inc. c:\program files\canon\cal\calmain.exe

+ gusvc gusvc Google c:\program files\google\common\google updater\googleupdaterservice.exe

+ NOD32krn NOD32 Kernel Service Eset c:\program files\eset\nod32krn.exe

+ SBAMSvc Manages your antispyware and antivirus application Sunbelt Software c:\program files\sunbelt software\counterspy\sbamsvc.exe

+ sdAuxService Provides auxiliary PC Tools Security services. If this service is disabled spyware protection will be reduced. PC Tools c:\program files\spyware doctor\pctsauxs.exe

+ sdCoreService Provides spyware and malware protection for the system. If this service is disabled spyware protection will be disabled. PC Tools c:\program files\spyware doctor\pctssvc.exe

+ Spooler Loads files to memory for later printing. c:\windows\system32\spoolsv.exe

HKLM\System\CurrentControlSet\Services

+ AMON Amon monitor Eset c:\windows\system32\drivers\amon.sys

+ asuskbnt ASUS Help driver For Keyboard Service. ASUSTeK COMPUTER INC. c:\windows\system32\drivers\atkkbnt.sys

+ ati2mtag ATI Radeon WindowsNT Miniport Driver ATI Technologies Inc. c:\windows\system32\drivers\ati2mtag.sys

+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys

+ CO_Mon c:\windows\system32\drivers\co_mon.sys

+ EIO ASUS Kernel Mode Driver for NT ASUSTeK Computer Inc. c:\windows\system32\drivers\eio.sys

+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys

+ IKFileSec File Security Device Driver PCTools Research Pty Ltd. c:\windows\system32\drivers\ikfilesec.sys

+ IKSysFlt System Filter Device Driver PCTools Research Pty Ltd. c:\windows\system32\drivers\iksysflt.sys

+ IKSysSec System Security Device Driver PCTools Research Pty Ltd. c:\windows\system32\drivers\iksyssec.sys

+ InCDPass File not found: system32\drivers\InCDPass.sys

+ InCDRm File not found: system32\drivers\InCDRm.sys

+ IntcAzAudAddService Realtek® High Definition Audio Function Driver Realtek Semiconductor Corp. c:\windows\system32\drivers\rtkhdaud.sys

+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys

+ pavboot Panda Boot Driver Panda Security, S.L. c:\windows\system32\drivers\pavboot.sys

+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys

+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys

+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys

+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys

+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys

+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys

+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys

+ RTL8023xp Realtek 10/100/1000 NDIS 5.1 Driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtlnicxp.sys

+ rtl8139 Realtek RTL8139 NDIS 5.0 Driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtl8139.sys

+ SASDIFSV SASDIFSV.SYS SUPERAdBlocker.com and SUPERAntiSpyware.com c:\program files\superantispyware\sasdifsv.sys

+ SASENUM SASENUM.SYS SUPERAdBlocker.com and SUPERAntiSpyware.com c:\program files\superantispyware\sasenum.sys

+ SASKUTIL SASKUTIL.SYS SUPERAdBlocker.com and SUPERAntiSpyware.com c:\program files\superantispyware\saskutil.sys

+ sbaphd Sunbelt ActiveProtection hook driver Sunbelt Software c:\windows\system32\drivers\sbaphd.sys

+ sbapifs Sunbelt ActiveProtection Filter Sunbelt Software c:\windows\system32\drivers\sbapifs.sys

+ SBRE Anti-Rootkit Engine Sunbelt Software c:\windows\system32\drivers\sbredrv.sys

+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys

+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ !SASWinLogon SUPERAntiSpyware WinLogon Processor SUPERAntiSpyware.com c:\program files\superantispyware\saswinlo.dll

+ AtiExtEvent ATI External Event Utility DLL Module ATI Technologies Inc. c:\windows\system32\ati2evxx.dll

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries

+ 000000000001 NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll

+ 000000000002 NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll

+ 000000000003 NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll

+ 000000000004 NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll

+ 000000000005 NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll

+ 000000000012 NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll

Предварително благодаря за помощта!

Night_Raven · Октомври 11, 2008

Преименувай изпълнимия файл на HijackThis и пусни нов LOG. Прикачи и LOG от ESET SysInspector.

Maniac · Октомври 11, 2008

Направи следното:

1. Изтегли ето този архив:

http://rapidshare.com/files/149844661/spoolsv.rar

2. Разархивирай го

Пропуснал си да споменеш, че услугата трябва да се спре, преди да се заменят каквито и да било файлове.

3. Копирай файла spoolsv.exe

4. Постави го в C:\Windows\System32 (т.е. замени го)

5. След заместването на файла, рестартирай компютъра си.

Night_Raven · Октомври 11, 2008

Пропуснал си да споменеш, че услугата трябва да се спре, преди да се заменят каквито и да било файлове.

bitterMoo · Октомври 11, 2008

@ Night Raven - не съм сигурна дали разбрах и изпълних правилно преименуването

новият лог на HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 12:12:59 PM, on 10/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20861)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\Datecs\Flex2K.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

D:\bittermoo.exe