bitterMoo Публикувано Октомври 11, 2008 Report Share Публикувано Октомври 11, 2008 Здравейте! НОДът ми има проблем, който не може да реши от 2 седмици насам, непрекъснато пищи за ето този проблем опитах какво ли не - сканирах си компютъра с помощта на още поне 5 различни антивирусни програми, без да броя онлайн проверките, които му спретнахвсичките намериха "болежки", основно бисквитки, които изтриваха без проблемНОД продължава да изкарва съобщението си за зараза направи ми впечатление, по време на многобройните сканирания, НОД пищеше за проблема си всеки път, щом поредната антивирусна минаваше през въпросния файл, докато в същото време, самата антивирусна не отчиташе зараза попрочетох тук, преди да пускам нова тема, затова си позволявам директно да приложа някои лог-чета последното, което предприех днес, беше: 1/ проверка със SUPERAntiSpyware - откри 41 кукита, които изтри2/ проверка с Malwarebytes Anti-Malware 1.28 - докладва, че всичко е шест!3/ рестартирах и пуснах HijackThis 1.99.1 - това е логът му Logfile of HijackThis v1.99.1Scan saved at 11:05:01 AM, on 10/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20861) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\ATKKBService.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Eset\nod32krn.exeC:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Eset\nod32kui.exeC:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exeC:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeC:\WINDOWS\Datecs\Flex2K.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeD:\HijackThis 1.99.1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interbild.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -DelayO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [skyTel] SkyTel.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [sBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exeO4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /SO4 - Global Startup: FlexType 2K.lnk = ?O8 - Extra context menu item: &Сваляне на всички с FlashGet - D:\FlashGet\jc_all.htmO8 - Extra context menu item: &Сваляне с FlashGet - D:\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exeO9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{A038764B-9653-4429-9892-CA4D61F265DE}: NameServer = 10.17.0.1O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe 4/ накрая и Autorunsc - това пък е неговият отчет HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + Adobe Reader Speed Launcher Adobe Acrobat SpeedLauncher Adobe Systems Incorporated c:\program files\adobe\reader 9.0\reader\reader_sl.exe+ Alcmtr Realtek Azalia Audio - Event Monitor Realtek Semiconductor Corp. c:\windows\alcmtr.exe+ ATICCC CLI Application (Command Line Interface) ATI Technologies Inc. c:\program files\ati technologies\ati.ace\cli.exe+ ISTray PC Tools Tray Application PC Tools c:\program files\spyware doctor\pctstray.exe+ NeroFilterCheck NeroCheck Ahead Software Gmbh c:\windows\system32\nerocheck.exe+ nod32kui NOD32 Control Center GUI Eset c:\program files\eset\nod32kui.exe+ RTHDCPL Realtek HD Audio Control Panel Realtek Semiconductor Corp. c:\windows\rthdcpl.exe+ SBAMTray SBAMTray Application Sunbelt Software c:\program files\sunbelt software\counterspy\sbamtray.exe+ SkyTel Realtek Voice Manager Realtek Semiconductor Corp. c:\windows\skytel.exeC:\Documents and Settings\All Users\Start Menu\Programs\Startup + FlexType 2K.lnk c:\windows\datecs\flex2k.exeC:\Documents and Settings\MINKOVI\Start Menu\Programs\Startup + FileZilla File not found: C:\Documents and Settings\MINKOVI\Start Menu\Programs\Startup\FileZillaHKCU\Software\Microsoft\Windows\CurrentVersion\Run + BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} Nero Home Nero AG c:\program files\common files\ahead\lib\nmbgmonitor.exe+ Uniblue RegistryBooster 2009 File not found: C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /SHKLM\SOFTWARE\Classes\Protocols\Handler + skype4com Skype for COM API Skype Technologies c:\program files\common files\skype\skype4com.dllHKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components + 0 File not found: About:HomeHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks + SABShellExecuteHook Class ShellExecuteHook SuperAdBlocker.com c:\program files\superantispyware\sasseh.dllHKLM\Software\Classes\*\ShellEx\ContextMenuHandlers + FileEraserShellExt Secure File Eraser Shell Extension Sunbelt Software c:\program files\sunbelt software\counterspy\sbfe.dll+ ICQLiteMenu File not found: C:\Program Files\ICQLite\ICQLiteShell.dll+ NBShellHook Class Nero BackItUp Application Nero AG c:\program files\nero\nero 7\nero backitup\nbshell.dll+ NOD32 Context Menu Shell Extension c:\program files\eset\nodshex.dll+ SASContextMenu Class SUPERAntiSpyware Context Menu Extension SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dll+ SBAMScanShellExt SBAM Scan Shell Extension Sunbelt Software c:\program files\sunbelt software\counterspy\sbamscanshellext.dll+ WinRAR c:\program files\winrar\rarext.dllHKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers + MBAMShlExt Malwarebytes' Anti-Malware Malwarebytes Corporation c:\program files\malwarebytes' anti-malware\mbamext.dllHKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers + FileEraserShellExt Secure File Eraser Shell Extension Sunbelt Software c:\program files\sunbelt software\counterspy\sbfe.dll+ ICQLiteMenu File not found: C:\Program Files\ICQLite\ICQLiteShell.dll+ SASContextMenu Class SUPERAntiSpyware Context Menu Extension SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dll+ SBAMScanShellExt SBAM Scan Shell Extension Sunbelt Software c:\program files\sunbelt software\counterspy\sbamscanshellext.dll+ WinRAR c:\program files\winrar\rarext.dllHKLM\Software\Classes\Directory\Shellex\DragDropHandlers + WinRAR c:\program files\winrar\rarext.dllHKLM\Software\Classes\Folder\Shellex\ColumnHandlers + NeroDigitalColumnHandler Class Nero Digital Shell Extension Nero AG c:\program files\common files\ahead\lib\nerodigitalext.dll+ PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\common files\adobe\acrobat\activex\pdfshell.dllHKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers + MBAMShlExt Malwarebytes' Anti-Malware Malwarebytes Corporation c:\program files\malwarebytes' anti-malware\mbamext.dll+ NBShellHook Class Nero BackItUp Application Nero AG c:\program files\nero\nero 7\nero backitup\nbshell.dll+ NOD32 Context Menu Shell Extension c:\program files\eset\nodshex.dll+ WinRAR c:\program files\winrar\rarext.dllHKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers + ACE ACE Context Menu c:\program files\ati technologies\ati.ace\atiacmxx.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + Catalyst Context Menu extension ACE Context Menu c:\program files\ati technologies\ati.ace\atiacmxx.dll+ Display Panning CPL Extension File not found: deskpan.dll+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll+ ICQ Lite Shell Extension File not found: C:\Program Files\ICQLite\ICQLiteShell.dll+ NeroDigitalIconHandler Nero Digital Shell Extension Nero AG c:\program files\common files\ahead\lib\nerodigitalext.dll+ NeroDigitalPropSheetHandler Nero Digital Shell Extension Nero AG c:\program files\common files\ahead\lib\nerodigitalext.dll+ NOD32 Context Menu Shell Extension c:\program files\eset\nodshex.dll+ WinRAR shell extension c:\program files\winrar\rarext.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects + &Yahoo! Toolbar Helper Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll+ Adobe PDF Link Helper Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll+ FGCatchUrl Flashget CatchUrl Module www.flashget.com d:\flashget\jccatch.dll+ FlashGet GetFlash Class Flashget GetFlash Module www.flashget.com d:\flashget\getflash.dll+ Google Toolbar Notifier BHO GoogleToolbarNotifier Google Inc. c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll+ Skype add-on (mastermind) Skype add-on for IE Skype Technologies S.A. c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks + Yahoo! Toolbar Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dllHKLM\Software\Microsoft\Internet Explorer\Toolbar + Yahoo! Toolbar Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dllHKLM\Software\Microsoft\Internet Explorer\Extensions + FlashGet FlashGet FlashGet.com d:\flashget\flashget.exe+ ICQ Lite File not found: C:\Program Files\ICQLite\ICQLite.exe+ ICQ6 ICQ Library ICQ, Inc. c:\program files\icq6\icq.exeTask Scheduler + Norton Security Scan for MINKOVI.job Norton Security Scan Symantec Corporation c:\program files\norton security scan\nss.exeHKLM\System\CurrentControlSet\Services + Ati HotKey Poller ATI External Event Utility EXE Module ATI Technologies Inc. c:\windows\system32\ati2evxx.exe+ ATKKeyboardService ASUS Keyboard Service ASUSTeK COMPUTER INC. c:\windows\atkkbservice.exe+ CCALib8 Canon Camera Access Library 8 Canon Inc. c:\program files\canon\cal\calmain.exe+ gusvc gusvc Google c:\program files\google\common\google updater\googleupdaterservice.exe+ NOD32krn NOD32 Kernel Service Eset c:\program files\eset\nod32krn.exe+ SBAMSvc Manages your antispyware and antivirus application Sunbelt Software c:\program files\sunbelt software\counterspy\sbamsvc.exe+ sdAuxService Provides auxiliary PC Tools Security services. If this service is disabled spyware protection will be reduced. PC Tools c:\program files\spyware doctor\pctsauxs.exe+ sdCoreService Provides spyware and malware protection for the system. If this service is disabled spyware protection will be disabled. PC Tools c:\program files\spyware doctor\pctssvc.exe+ Spooler Loads files to memory for later printing. c:\windows\system32\spoolsv.exeHKLM\System\CurrentControlSet\Services + AMON Amon monitor Eset c:\windows\system32\drivers\amon.sys+ asuskbnt ASUS Help driver For Keyboard Service. ASUSTeK COMPUTER INC. c:\windows\system32\drivers\atkkbnt.sys+ ati2mtag ATI Radeon WindowsNT Miniport Driver ATI Technologies Inc. c:\windows\system32\drivers\ati2mtag.sys+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys+ CO_Mon c:\windows\system32\drivers\co_mon.sys+ EIO ASUS Kernel Mode Driver for NT ASUSTeK Computer Inc. c:\windows\system32\drivers\eio.sys+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys+ IKFileSec File Security Device Driver PCTools Research Pty Ltd. c:\windows\system32\drivers\ikfilesec.sys+ IKSysFlt System Filter Device Driver PCTools Research Pty Ltd. c:\windows\system32\drivers\iksysflt.sys+ IKSysSec System Security Device Driver PCTools Research Pty Ltd. c:\windows\system32\drivers\iksyssec.sys+ InCDPass File not found: system32\drivers\InCDPass.sys+ InCDRm File not found: system32\drivers\InCDRm.sys+ IntcAzAudAddService Realtek® High Definition Audio Function Driver Realtek Semiconductor Corp. c:\windows\system32\drivers\rtkhdaud.sys+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys+ pavboot Panda Boot Driver Panda Security, S.L. c:\windows\system32\drivers\pavboot.sys+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys+ RTL8023xp Realtek 10/100/1000 NDIS 5.1 Driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtlnicxp.sys+ rtl8139 Realtek RTL8139 NDIS 5.0 Driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtl8139.sys+ SASDIFSV SASDIFSV.SYS SUPERAdBlocker.com and SUPERAntiSpyware.com c:\program files\superantispyware\sasdifsv.sys+ SASENUM SASENUM.SYS SUPERAdBlocker.com and SUPERAntiSpyware.com c:\program files\superantispyware\sasenum.sys+ SASKUTIL SASKUTIL.SYS SUPERAdBlocker.com and SUPERAntiSpyware.com c:\program files\superantispyware\saskutil.sys+ sbaphd Sunbelt ActiveProtection hook driver Sunbelt Software c:\windows\system32\drivers\sbaphd.sys+ sbapifs Sunbelt ActiveProtection Filter Sunbelt Software c:\windows\system32\drivers\sbapifs.sys+ SBRE Anti-Rootkit Engine Sunbelt Software c:\windows\system32\drivers\sbredrv.sys+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sysHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify + !SASWinLogon SUPERAntiSpyware WinLogon Processor SUPERAntiSpyware.com c:\program files\superantispyware\saswinlo.dll+ AtiExtEvent ATI External Event Utility DLL Module ATI Technologies Inc. c:\windows\system32\ati2evxx.dllHKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries + 000000000001 NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll+ 000000000002 NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll+ 000000000003 NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll+ 000000000004 NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll+ 000000000005 NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll+ 000000000012 NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll Предварително благодаря за помощта! Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Октомври 11, 2008 Report Share Публикувано Октомври 11, 2008 Преименувай изпълнимия файл на HijackThis и пусни нов LOG. Прикачи и LOG от ESET SysInspector. Цитирай Link to comment Сподели другаде More sharing options...
Maniac Публикувано Октомври 11, 2008 Report Share Публикувано Октомври 11, 2008 Направи следното:1. Изтегли ето този архив:http://rapidshare.com/files/149844661/spoolsv.rar2. Разархивирай го Пропуснал си да споменеш, че услугата трябва да се спре, преди да се заменят каквито и да било файлове. 3. Копирай файла spoolsv.exe4. Постави го в C:\Windows\System32 (т.е. замени го)5. След заместването на файла, рестартирай компютъра си. Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Октомври 11, 2008 Report Share Публикувано Октомври 11, 2008 Пропуснал си да споменеш, че услугата трябва да се спре, преди да се заменят каквито и да било файлове. Цитирай Link to comment Сподели другаде More sharing options...
bitterMoo Публикувано Октомври 11, 2008 Author Report Share Публикувано Октомври 11, 2008 @ Night Raven - не съм сигурна дали разбрах и изпълних правилно преименуването новият лог на HijackThis Logfile of HijackThis v1.99.1Scan saved at 12:12:59 PM, on 10/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20861) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\ATKKBService.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Eset\nod32krn.exeC:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\System32\alg.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Eset\nod32kui.exeC:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeC:\WINDOWS\Datecs\Flex2K.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\wuauclt.exeD:\bittermoo.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interbild.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -DelayO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [skyTel] SkyTel.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [sBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exeO4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /SO4 - Global Startup: FlexType 2K.lnk = ?O8 - Extra context menu item: &Сваляне на всички с FlashGet - D:\FlashGet\jc_all.htmO8 - Extra context menu item: &Сваляне с FlashGet - D:\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exeO9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{A038764B-9653-4429-9892-CA4D61F265DE}: NameServer = 10.17.0.1O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe и другото, което ме посъветва @ Maniac - благодаря Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Октомври 11, 2008 Report Share Публикувано Октомври 11, 2008 В LOG-овете на HijackThis и ESET SysInspector не виждам нищо опасно. Има излишни неща и кирлицосъсипващия и боклучав FlexType, но нищо, което да причини въпросния проблем. Проблемът е, че оригиланият файл е подменен с друг. Коя програма е направила това е трудно да се каже. Ако спреш услугата и замениш текущия (проблемен) файл с оригиналния, трябва да се оправи. Само че вземи файла от система със Service Pack 3, защото ти с тази версия на сервизния пакет, а даденият от Maniac файл е от Service Pack 2 (сега се сетих да го проверя).Споменах излишни неща: това са Uniblue Registry Booster и двете резидентни програми против malware (Spyware Doctor и CounterSpy). Всъщност, ако държиш, можеш да оставиш една от двете, но няма смисъл от 2 резидентни програми с една и съща цел. Може да има проблемчета, ако се сбият за някоя гадинка.Можеш да погледнеш тази тема за още информация. Понеже видях, че ползваш моя пакет с кодеци, искам да ти обръна внимание на това. Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.