Помощ браузерите ми не се отварят!

[silviq2]

Здравейте!

Имам следният проблем.Още докато отворя Opera или Mozila Firefox ми замръзват и не мога да отворя нито главната страница на браузъра.Става моментално,веднага след отварянето.Вмомента пиша от Slimbrowser,с надеждата че няма да се крашне докато ви напиша темата.Прикачам скрийншоти на на 2-та браузъра,с надежда и молба за помощ.Може би трябва да добавя,че днес ми се случи за пръв път.А, ИЕксплорер изобщо не ми се отваря когато кликвам на иконката или от старта.Днес сканирах с Аваст Професионал за вируси и открих някакъв подозрителен обект,който не се изтрива,а е в паметта "C:\WINDOWS\system32\drivers\80a0add6".Възможно е и да е от това,а и незнам каво да правя.Рестартирах поне 6-7 пъти ПЦ-то,но никаква промяна-нито в браузерите,нито за вируса.Опитах да почистя и с Malwarebytes' Anti-Malware,който откри някакви проблеми,но пак няма промяна.Помогнете,моля ви!

[Night_Raven]

Изтегли ESET SysInspector и:

1) стартирай я и изчакай да събере информацията;

2) меню File -> Save Log;

3) потвърди с Yes;

4) не променяй изходния ZIP формат, запази файла на удобно за теб място и го прикачи после към коментара си (не го разархивирай).

 

Изтегли DDS и:

1) стартирай я;

2) изчакай да събере информацията си;

3) ще се появят 2 текстови файла, копирай съдържанието и на двата тук или ги архивирай и прикачи архива към коментара си.

[silviq2]

Изтегли ESET SysInspector и:

1) стартирай я и изчакай да събере информацията;

2) меню File -> Save Log;

3) потвърди с Yes;

4) не променяй изходния ZIP формат, запази файла на удобно за теб място и го прикачи после към коментара си (не го разархивирай).

 

Изтегли DDS и:

1) стартирай я;

2) изчакай да събере информацията си;

3) ще се появят 2 текстови файла, копирай съдържанието и на двата тук или ги архивирай и прикачи архива към коментара си.

 

Ето файловете:

SysInspector_ELENH_COMPUTER_090511_1145.zip

Attach.txt

DDS.txt

[Night_Raven]

Изтегли GMER. Разархивирай и стартирай програмата. Тя ще направи начално сканиране за секунди. След като то приключи НЕ кликай бутон Scan, а кликни бутон Copy и после пейстни съдържанието тук (Ctrl+V). Ако програмата предложи да направи пълно сканиране, откажи.

 

Казваш, че е направено, но все пак го повтори...

 

Сканирай със SUPERAntiSpyware Free и Malwarebytes' Anti-Malware, като не пропускай да ги обновиш:

 

За SUPERAntiSpyware:

- стартирай програмата;

- кликни бутон Scan your Computer;

- вляво избери само дял C:, а вдясно избери Perform Complete Scan;

- кликни Next и изчакай да сканира;

- кликни Next, за да се премахнат гадинките и накрая Finish;

- кликни бутон Preferences... и иди на подпрозорец Statistics/Logs, маркирай последния лог и кликни бутон View Log...;

- копирай съдържанието му тук.

 

За Malwarebytes' Anti-Malware:

- стартирай програмата;

- избери Perform quick scan и кликни бутон Scan;

- като приключи сканирането кликни бутон Remove Selected;

- ще се появи текстов файл (лог), копирай съдържанието му тук.

 

Ако е нужен рестарт при някое от сканиранията, се съгласи и рестартирай веднага.

 

Опитай и под Safe Mode дали ще има проблем.

[silviq2]

Да,ще направя сканирането.Пиша ви само за да ви кажа какви нови наблюдения имам въе връзка с проблема.Когато изключих интернета си(който е мобилен,с флашка,3G Modem),Операта се отвори нормално,без да се изключи на секундата както преди.Рестартирах компютъра и влязох във вторият си акаунт,създаден с Multiskype.Около 1 час си разглеждах страници из интернета с Опера и с Мозила,без да ми създадат абсолютно никакъв проблем.Помислих си,че няма да е зле да спомена и за тази новост.

Сега ще направя каквото ми писахте по-горе и ще кача резултатите.

[silviq2]

Ето резултатите:

1-от GMER

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-05-11 17:59:07

Windows 5.1.2600 Service Pack 3, v.5755

 

 

---- System - GMER 1.0.15 ----

 

SSDT sptd.sys ZwEnumerateKey [0xB9FBCC7E]

SSDT sptd.sys ZwEnumerateValueKey [0xB9FBCFF6]

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs 80a0add6.sys

Device \FileSystem\Ntfs \Ntfs 873D1A40

 

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip 80a0add6.sys

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Tcp 80a0add6.sys

AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Udp 80a0add6.sys

AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp 80a0add6.sys

AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys

 

---- Services - GMER 1.0.15 ----

 

Service C:\WINDOWS\System32\drivers\80a0add6.sys (*** hidden *** ) [sYSTEM] 80a0add6 <-- ROOTKIT !!!

Service system32\drivers\TDSSserv.sys (*** hidden *** ) [sYSTEM] TDSSserv <-- ROOTKIT !!!

 

---- EOF - GMER 1.0.15 ----

 

2-от SuperAntiSpyware

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 05/11/2009 at 07:01 PM

 

Application Version : 4.26.1002

 

Core Rules Database Version : 3885

Trace Rules Database Version: 1833

 

Scan type : Complete Scan

Total Scan Time : 00:48:56

 

Memory items scanned : 734

Memory threats detected : 1

Registry items scanned : 7703

Registry threats detected : 13

File items scanned : 26640

File threats detected : 6

 

Trojan.Agent/Gen-Proto

C:\DOCUMENTS AND SETTINGS\ALL USERS\PROTO.DLL

C:\DOCUMENTS AND SETTINGS\ALL USERS\PROTO.DLL

 

Adware.Vundo Variant

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98672103-AFBE-4434-92D2-692A124CD60F}

HKU\.default\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98672103-AFBE-4434-92D2-692A124CD60F}

HKU\s-1-5-21-220523388-1343024091-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98672103-AFBE-4434-92D2-692A124CD60F}

HKU\s-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98672103-AFBE-4434-92D2-692A124CD60F}

 

Adware.Tracking Cookie

C:\Documents and Settings\Elenh\Cookies\elenh@counter.search[1].txt

C:\Documents and Settings\Elenh\Cookies\elenh@ads.mucunki[2].txt

.doubleclick.net [ C:\Documents and Settings\Elenh\Application Data\MozillaControl\profiles\MozillaControl\wddg6wz8.slt\cookies.txt ]

.doubleclick.net [ C:\Documents and Settings\Elenh\Application Data\MozillaControl\profiles\MozillaControl\wddg6wz8.slt\cookies.txt ]

 

Adware.MyWebSearch/FunWebProducts

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc

 

Trojan.Unclassified/Loader-Suspicious

C:\PROGRAM FILES\ICONLOVER\LOADER.EXE

3-от Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.33

Версия на базата от данни: 1654

Windows 5.1.2600 Service Pack 3, v.5755

 

5/11/2009 7:52:10 PM

mbam-log-2009-05-11 (19-52-10).txt

 

Тип сканиране: Бързо сканиране

Сканирани обекти: 66504

Изминало време: 6 minute(s), 24 second(s)

 

Заразени процеси в паметта: 0

Заразени модули в паметта: 0

Заразени ключове в регистратурата: 0

Заразени стойности в регистратурата: 0

Заразени информационни обекти в регистратурата: 0

Заразени папки: 0

Заразени файлове: 0

 

Заразени процеси в паметта:

(Нямаше открити заплахи)

 

Заразени модули в паметта:

(Нямаше открити заплахи)

 

Заразени ключове в регистратурата:

(Нямаше открити заплахи)

 

Заразени стойности в регистратурата:

(Нямаше открити заплахи)

 

Заразени информационни обекти в регистратурата:

(Нямаше открити заплахи)

 

Заразени папки:

(Нямаше открити заплахи)

 

Заразени файлове:

(Нямаше открити заплахи)

Този доклад последният(със Malwarebytes' Anti-Malware) е след изчистването със SUPERAntiSpyware,но вчерашният доклад ми отчете доста проблеми.За всеки случай ше го приложа като прикачен файл.Хубавата новина е,че след почистването със SUPERAntiSpyware и съответно рестартирането което се наложи,браузерите проработиха.Всичките!!! Рдостта ми не трая дълго,защото отново се появи някакъв изскачащ прозорец с предупреждение за грешка,а след това и предупреждението на Аваст.Снимах скрийншоти и на двете,които също са в прикачен файл.

А относно това,да пробвам от Safe Mode,естествено не ми се наложи,а и не зная как.

v4era_mbam_log_2009_05_10__22_54_21_.txt

[plamen74.72]

По принцип когато ползвах Аваст и ми поиска рестарт за сканиране на компютъра му разрешавах защото това е една много добра функция - да сканира компютъра преди да се е заредила системата (нещо което се прави и с другите под Safe Mode - но не точно)

 

Относно това:

А относно това,да пробвам от Safe Mode,естествено не ми се наложи,а и не зная как

Под Safe Mode се влиза като след първоначалните надписи при включване на компютъра (инициализирането на устройствата като - хард диск ДВД...) веднага след него се натиска по принцип F8 през секунда (като помпене) -но не е изключено и да е друг клавиш при теб!!! Това се вижда точно на първия прозорец със първоначалните надписи (най отдолу е почти на всички компютри) където пише - BIOS ; BOOT Device ; Net Boot Device ...

До колкото знам същия клавиш който е за Boot Device се използва за влизане през Safe Mode веднага след скриване на този първи екран с надписи преди зареждането на ОС!!!

 

п.с. Този PROTO.DLL който MBAM ти е открил в гугъл пише че е асоцииран с Adware Ето и превода от гугъл:

PROTO.DLL, заедно с други вируси,

шпионски софтуер, рекламен, троянски, rootkits, червеи, информация stealers, keyloggers, ботове, както и други форми на злонамерен заплахите, които могат да пребивават на вашия компютър.

(рекламен софтуер-нежелателно е да има такъв на компютъра) който е от накоя програма която ползваш!!! Например такъв има BSPlayer Free и не само има и в други безплатни програми с цел да се рекламира платената им версия ,но това води само до главоболия ,а и както виждаш този PROTO.DLL открит от MBAM се е асоциирал с рекламата!!! А и последното сканиране на SAS точно това е показал:

Trojan.Agent/Gen-Proto

C:\DOCUMENTS AND SETTINGS\ALL USERS\PROTO.DLL

C:\DOCUMENTS AND SETTINGS\ALL USERS\PROTO.DLL

 

Adware.Vundo Variant

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98672103-AFBE-4434-92D2-692A124CD60F}

HKU\.default\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98672103-AFBE-4434-92D2-692A124CD60F}

HKU\s-1-5-21-220523388-1343024091-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98672103-AFBE-4434-92D2-692A124CD60F}

HKU\s-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98672103-AFBE-4434-92D2-692A124CD60F}

 

Adware.Tracking Cookie

C:\Documents and Settings\Elenh\Cookies\elenh@counter.search[1].txt

C:\Documents and Settings\Elenh\Cookies\elenh@ads.mucunki[2].txt

.doubleclick.net [ C:\Documents and Settings\Elenh\Application Data\MozillaControl\profiles\MozillaControl\wddg6wz8.slt\cookies.txt ]

.doubleclick.net [ C:\Documents and Settings\Elenh\Application Data\MozillaControl\profiles\MozillaControl\wddg6wz8.slt\cookies.txt ]

 

Adware.MyWebSearch/FunWebProducts

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc

 

Особено това (Adware.Tracking Cookie) показва че е свързано пряко с браузърите!!!

Жалко че не съм още много наясно с почистването на системата за да ти предложа решение!!!

[avalon72]

Ето резултатите:

1-от GMER

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-05-11 17:59:07

Windows 5.1.2600 Service Pack 3, v.5755

 

 

---- System - GMER 1.0.15 ----

 

SSDT sptd.sys ZwEnumerateKey [0xB9FBCC7E]

SSDT sptd.sys ZwEnumerateValueKey [0xB9FBCFF6]

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs 80a0add6.sys

Device \FileSystem\Ntfs \Ntfs 873D1A40

 

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip 80a0add6.sys

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Tcp 80a0add6.sys

AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Udp 80a0add6.sys

AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp 80a0add6.sys

AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys

 

---- Services - GMER 1.0.15 ----

 

Service C:\WINDOWS\System32\drivers\80a0add6.sys (*** hidden *** ) [sYSTEM] 80a0add6 <-- ROOTKIT !!!

Service system32\drivers\TDSSserv.sys (*** hidden *** ) [sYSTEM] TDSSserv <-- ROOTKIT !!!

 

---- EOF - GMER 1.0.15 ----

 

2-от SuperAntiSpyware

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 05/11/2009 at 07:01 PM

 

Application Version : 4.26.1002

 

Core Rules Database Version : 3885

Trace Rules Database Version: 1833

 

Scan type : Complete Scan

Total Scan Time : 00:48:56

 

Memory items scanned : 734

Memory threats detected : 1

Registry items scanned : 7703

Registry threats detected : 13

File items scanned : 26640

File threats detected : 6

 

Trojan.Agent/Gen-Proto

C:\DOCUMENTS AND SETTINGS\ALL USERS\PROTO.DLL

C:\DOCUMENTS AND SETTINGS\ALL USERS\PROTO.DLL

 

Adware.Vundo Variant

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98672103-AFBE-4434-92D2-692A124CD60F}

HKU\.default\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98672103-AFBE-4434-92D2-692A124CD60F}

HKU\s-1-5-21-220523388-1343024091-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98672103-AFBE-4434-92D2-692A124CD60F}

HKU\s-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98672103-AFBE-4434-92D2-692A124CD60F}

 

Adware.Tracking Cookie

C:\Documents and Settings\Elenh\Cookies\elenh@counter.search[1].txt

C:\Documents and Settings\Elenh\Cookies\elenh@ads.mucunki[2].txt

.doubleclick.net [ C:\Documents and Settings\Elenh\Application Data\MozillaControl\profiles\MozillaControl\wddg6wz8.slt\cookies.txt ]

.doubleclick.net [ C:\Documents and Settings\Elenh\Application Data\MozillaControl\profiles\MozillaControl\wddg6wz8.slt\cookies.txt ]

 

Adware.MyWebSearch/FunWebProducts

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc

 

Trojan.Unclassified/Loader-Suspicious

C:\PROGRAM FILES\ICONLOVER\LOADER.EXE

3-от Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.33

Версия на базата от данни: 1654

Windows 5.1.2600 Service Pack 3, v.5755

 

5/11/2009 7:52:10 PM

mbam-log-2009-05-11 (19-52-10).txt

 

Тип сканиране: Бързо сканиране

Сканирани обекти: 66504

Изминало време: 6 minute(s), 24 second(s)

 

Заразени процеси в паметта: 0

Заразени модули в паметта: 0

Заразени ключове в регистратурата: 0

Заразени стойности в регистратурата: 0

Заразени информационни обекти в регистратурата: 0

Заразени папки: 0

Заразени файлове: 0

 

Заразени процеси в паметта:

(Нямаше открити заплахи)

 

Заразени модули в паметта:

(Нямаше открити заплахи)

 

Заразени ключове в регистратурата:

(Нямаше открити заплахи)

 

Заразени стойности в регистратурата:

(Нямаше открити заплахи)

 

Заразени информационни обекти в регистратурата:

(Нямаше открити заплахи)

 

Заразени папки:

(Нямаше открити заплахи)

 

Заразени файлове:

(Нямаше открити заплахи)

Този доклад последният(със Malwarebytes' Anti-Malware) е след изчистването със SUPERAntiSpyware,но вчерашният доклад ми отчете доста проблеми.За всеки случай ше го приложа като прикачен файл.Хубавата новина е,че след почистването със SUPERAntiSpyware и съответно рестартирането което се наложи,браузерите проработиха.Всичките!!! Рдостта ми не трая дълго,защото отново се появи някакъв изскачащ прозорец с предупреждение за грешка,а след това и предупреждението на Аваст.Снимах скрийншоти и на двете,които също са в прикачен файл.

А относно това,да пробвам от Safe Mode,естествено не ми се наложи,а и не зная как.

Здрасти! Ами той Аваст ти е предложил какво да направиш - дай му окей - той рестартира и започва да сканира в Safe Mode - на екрана ще четеш инструкциите,които ти казват какво да направиш натискайки съответния бутон-цифра. Избирай "премести в клетка", ако не може да бъде извършено-тогава "изтрий". Случва ми се на една приятелка да сканирам компютъра й така с Аваст - беше го напълнила основно с Rootkits навсякъде и си работеха (може да имаше стотина),отделно троянци-агенти,но по-малко и др. След това пуснах и GMER да направи проверка. Напълнихме клетката на Аваст със заразените файлове,които са там и досега-една година по-късно и уиндоуса още работи. Вероятно Аваст ги е заменил с резервните копия,които прави (по 3 копия) чрез База данни за възстановяване от вируси.

[plamen74.72]

Ами той Аваст ти е предложил какво да направиш - дай му окей - той рестартира и започва да сканира в Safe Mode

 

Не точно ,по различно е!!! Safe Mode е безопасен режим на работа на ОС!!!

А Аваст сканира преди зареждането на ОС - Което си е доста по-голямо предимство!!!

А и надписите които се показват при това сканиране въпреки че са на латиница са си Български думи!!!

[silviq2]

Благодаря за помощтта на Night Raven и за пояснението на plamen 74.72

Oтносно Safe Mode,знам (по-точно съм виждала),че се влиза с F8,да,и при мен е от този клавиш.Просто като вляза незнам какво да натисна,къде да вляза и т.н.Мен ме притеснява обаче този проблем,който откриват всички антивирусни.Той така и не се изтри.Незнам дали трябва дори да бъде изтрит,незнам какво е.Аваст,когато го откри ме попита дали съм сигурна че искам да бъде изтрит този файл,тъй като се намира в папката на Уиндоус.Реших да рискувам и натиснах "Да".Предложи ми предстартова проверка.И нея направих.Пак не се изтри.В горепосочените доклади от SUPERAntiSpyware,Anti-Malware и GMER също се вижда че е засечен C:\WINDOWS\System32\drivers\80a0add6.sys

Притеснява ме,незнам доколко е опасно,какво е? Трябва ли да бъде изтрито или не? ще ми навреди ли ако остане така?Объркана съм,посъветвайте ме моля.

[plamen74.72]

Всъщтнос GMER ти го е показал какво е:

---- Services - GMER 1.0.15 ----

 

Service C:\WINDOWS\System32\drivers\80a0add6.sys (*** hidden *** ) [sYSTEM] 80a0add6 <-- ROOTKIT !!!

Service system32\drivers\TDSSserv.sys (*** hidden *** ) [sYSTEM] TDSSserv <-- ROOTKIT !!!

 

А и би трябвало при това положение да ти е предложил решение, но нека по добре да изчакаме Night Raven или някой който е наясно с почистването (изтриването или ...???) на този обект (кото се оказва и скрит обект (*** hidden *** ))!!!

[silviq2]

Благодаря ти отново plamen 74.72!

Да,ще изчакам мнението на Night Raven,защото той ме предупреди да откажа сканирането с GMER,така че незнам дали GMER може да го премахне(и дали трябва).

[Night_Raven]

Системата е заразена и си имаш неканени гости.

 

Ще преминем директно към по-сериозното почистване, но държа да кажа да ползваш винаги актуални версии на програмите. В случая ти си сканирала със стара версия на Malwarebytes' Anti-Malware, което е нежелателно.

 

Спри всички антивирусни, които имаш активни, и всякакви други излишни програми. Изтегли ComboFix (ако случайно вече имаш някаква версия, я замени) и го запази на десктопа. В меню Start -> Run -> напиши/пейстни следния текст:

"%userprofile%\desktop\combofix.exe" /killall

Потвърди с Yes на прозорците, които се появяват. Изчакай да сканира докрай и не закачай прозореца. Ако има нужда от рестарт, ще се рестартира автоматично. След рестарта трябва да продължи сканирането. Отново не закачай прозореца, докато не се самозатвори прозореца. След това пейстни съдържанието на текстовия файл C:\ComboFix.txt тук или прикачи файла към коментара си.

 

И не рестартирай компютъра след това, докато не бъдеш инструктиран(а) за това.

[silviq2]

Eто резултатите:

 

ComboFix 09-05-11.01 - Elenh 05/12/2009 10:59.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.1023.560 [GMT 3:00]

Running from: c:\documents and settings\Elenh\desktop\combofix.exe

Command switches used :: /killall

AV: avast! antivirus 4.8.1335 [VPS 090511-0] *On-access scanning disabled* (Updated)

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)

FW: Bitdefender Firewall *enabled*

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\Elenh\Application Data\.#

c:\documents and settings\Elenh\Application Data\Adobe\crc.dat

c:\documents and settings\Elenh\Application Data\inst.exe

c:\documents and settings\Elenh\x.exe

c:\windows\system32\drivers\80a0add6.sys

c:\windows\system32\hwqsalkf.ini

c:\windows\system32\vGgPVvut.ini

c:\windows\system32\vGgPVvut.ini2

c:\windows\system32\vvutCcfe.ini

c:\windows\system32\vvutCcfe.ini2

c:\windows\system32\xvid-uninstall.exe

c:\windows\system32\yuduumog.ini

 

----- BITS: Possible infected sites -----

 

hxxp://updateserver.info

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ICF

-------\Legacy_TDSSSERV

-------\Service_80a0add6

-------\Service_seneka

-------\Service_TDSSserv

 

 

((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))

.

 

2009-05-11 22:58 . 2009-05-11 22:58 -------- d-----w c:\program files\4shared Desktop

2009-05-11 22:40 . 2009-05-11 22:40 -------- d-----w c:\documents and settings\Elenh\Application Data\InfraRecorder

2009-05-11 22:40 . 2009-05-11 22:40 -------- d-----w c:\program files\Firegraphic 10

2009-05-11 15:01 . 2009-05-11 15:01 -------- d-----w c:\program files\SUPERAntiSpyware

2009-05-11 15:01 . 2009-05-11 15:01 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-05-11 13:35 . 2009-05-11 13:35 -------- d-----w c:\documents and settings\multiskype\Local Settings\Application Data\isoHunt

2009-05-11 13:35 . 2009-05-11 13:35 -------- d-----w c:\documents and settings\multiskype\Local Settings\Application Data\bananabg

2009-05-11 13:34 . 2009-05-11 13:34 -------- d-----w c:\documents and settings\multiskype\Application Data\HiYo

2009-05-11 13:34 . 2009-05-11 13:34 -------- d-----w c:\documents and settings\multiskype\Application Data\AltrixSoft

2009-05-10 20:46 . 2009-05-10 20:47 -------- d-----w c:\program files\YADA

2009-05-09 23:01 . 2009-05-09 23:43 -------- d-----w c:\documents and settings\Elenh\Application Data\DC++

2009-05-09 23:01 . 2009-05-09 23:01 -------- d-----w c:\documents and settings\Elenh\Local Settings\Application Data\DC++

2009-05-09 23:00 . 2009-05-09 23:00 -------- d-----w c:\program files\DC++

2009-05-09 21:41 . 2009-05-09 22:29 -------- d-----w c:\program files\ProxyChecker

2009-05-08 19:30 . 2009-05-08 19:30 -------- d-----w c:\documents and settings\All Users\Application Data\EPS

2009-05-08 19:30 . 2009-05-08 19:30 -------- d-----w c:\program files\My-Proxy

2009-05-08 19:28 . 2009-05-08 19:28 82898 ----a-w c:\windows\uninstall.exe

2009-05-08 16:51 . 2009-05-08 16:51 -------- d-----w c:\program files\Common Files\GeoVid

2009-05-08 16:51 . 2009-05-08 16:51 -------- d-----w c:\documents and settings\All Users\Application Data\GeoVid

2009-05-08 16:51 . 2005-06-07 12:11 60416 ----a-w c:\windows\system32\dsetup.dll

2009-05-08 16:51 . 2009-05-08 16:51 -------- d-----w c:\program files\GeoVid

2009-05-06 22:56 . 2009-05-06 22:56 -------- d-----w c:\documents and settings\Elenh\Application Data\Sofrayt

2009-05-06 22:56 . 2009-05-06 22:56 -------- d-----w c:\program files\GetSmile

2009-05-06 13:15 . 2009-05-06 21:53 -------- d-----w c:\documents and settings\Elenh\Application Data\Fun Desktop Wallpaper Changer

2009-05-05 16:50 . 2009-05-05 16:50 12991 ----a-w c:\windows\unins006.dat

2009-05-05 16:50 . 2009-05-05 16:50 685913 ----a-w c:\windows\unins006.exe

2009-05-05 16:50 . 2009-05-05 16:50 26905 ----a-w c:\windows\unins005.dat

2009-05-05 16:50 . 2009-05-05 16:50 685913 ----a-w c:\windows\unins005.exe

2009-05-05 16:49 . 2009-05-05 16:49 685913 ----a-w c:\windows\unins004.exe

2009-05-05 16:49 . 2009-05-05 16:49 13273 ----a-w c:\windows\unins004.dat

2009-05-05 16:49 . 2009-05-05 16:49 16961 ----a-w c:\windows\unins003.dat

2009-05-05 16:49 . 2009-05-05 16:49 685913 ----a-w c:\windows\unins003.exe

2009-05-05 16:49 . 2009-05-05 16:48 685913 ----a-w c:\windows\unins001.exe

2009-05-05 16:49 . 2009-05-05 16:49 17853 ----a-w c:\windows\unins001.dat

2009-05-05 16:22 . 2009-05-07 18:32 -------- d-----w c:\documents and settings\All Users\Application Data\LightScribe

2009-05-05 16:22 . 2009-05-05 16:22 -------- d-----w c:\documents and settings\Elenh\Application Data\Droppix

2009-05-05 16:20 . 2005-11-09 06:00 462848 ----a-w c:\windows\system32\HHActiveX.dll

2009-05-05 16:19 . 2009-05-05 16:19 -------- d-----w c:\program files\Common Files\LightScribe

2009-05-05 16:19 . 2009-05-05 16:20 -------- d-----w c:\program files\Common Files\Droppix

2009-05-05 16:19 . 2009-05-05 16:19 -------- d-----w c:\program files\Droppix

2009-05-05 16:18 . 2009-05-05 16:22 -------- d-----w c:\documents and settings\All Users\Application Data\Droppix

2009-05-04 20:15 . 2009-05-04 20:15 -------- d-----w c:\documents and settings\Elenh\Application Data\Flock

2009-05-04 20:15 . 2009-05-04 20:15 -------- d-----w c:\documents and settings\Elenh\Local Settings\Application Data\Flock

2009-05-04 20:14 . 2009-05-10 20:05 -------- d-----w c:\program files\Flock

2009-05-04 00:42 . 2009-05-04 00:56 -------- d-----w c:\documents and settings\Elenh\Application Data\Hide IP NG

2009-05-03 13:39 . 2009-05-03 13:39 -------- d-----w c:\documents and settings\Elenh\Application Data\Ashampoo

2009-05-03 11:03 . 2009-05-03 11:03 -------- d-----w c:\documents and settings\Elenh\Application Data\oovootb

2009-05-02 19:34 . 2009-05-02 19:34 -------- d-----w c:\documents and settings\All Users\Application Data\Blueberry

2009-05-02 19:31 . 2009-05-04 20:13 -------- d-----w c:\documents and settings\Elenh\Application Data\Blueberry

2009-05-02 19:27 . 2009-05-02 19:27 30720 ----a-w c:\windows\system32\bbcap.dll

2009-05-02 19:27 . 2009-05-02 19:27 4608 ----a-w c:\windows\system32\bbchlp.dll

2009-05-02 19:27 . 2009-05-02 19:27 4096 ----a-w c:\windows\system32\drivers\bbcap.sys

2009-05-02 19:27 . 2009-05-02 19:30 -------- d-----w c:\documents and settings\Elenh\Application Data\LogSys

2009-05-02 19:27 . 2009-05-02 19:27 -------- d-----w c:\documents and settings\All Users\Application Data\LogSys

2009-05-02 19:27 . 2009-05-02 19:27 -------- d-----w c:\windows\system32\ShellDD

2009-05-02 19:27 . 2009-05-05 20:15 -------- d-----w c:\program files\Blueberry Software

2009-05-02 19:06 . 2009-05-02 19:06 -------- d-----w c:\program files\MAGIX

2009-05-02 15:29 . 2009-05-02 15:29 286720 ------w c:\windows\Setup1.exe

2009-05-02 15:29 . 2009-05-02 15:29 73216 ----a-w c:\windows\ST6UNST.EXE

2009-05-02 14:06 . 2009-05-02 14:06 -------- d-----w c:\program files\TitleBarClock Pro

2009-05-02 13:56 . 2009-05-02 13:56 -------- d-----w c:\program files\cbl electronics inc

2009-05-02 12:57 . 2009-05-02 12:58 -------- d-----w c:\program files\AutoGK

2009-05-01 18:50 . 2009-05-01 18:58 -------- d-----w c:\documents and settings\Elenh\Application Data\ooVoo Details

2009-05-01 18:48 . 2009-05-01 18:48 -------- d-----w c:\documents and settings\All Users\Application Data\EmailNotifier

2009-04-30 10:57 . 2009-04-30 10:57 -------- d-----w c:\documents and settings\Elenh\vw

2009-04-30 10:57 . 2009-04-30 10:57 -------- d-----w c:\documents and settings\Elenh\VisualRoute

2009-04-30 09:09 . 2009-04-30 09:09 -------- d-----w c:\program files\SamsonSoft

2009-04-29 19:20 . 2009-04-29 19:20 -------- d-----w c:\program files\Photoshine

2009-04-29 18:21 . 2009-04-29 18:24 -------- d-----w c:\program files\Gaberoff Koral

2009-04-29 18:19 . 2009-04-29 18:19 1223956 ---ha-w c:\windows\system32\mlfcache.dat

2009-04-29 17:36 . 2009-04-29 17:37 -------- d-----w c:\documents and settings\Elenh\Application Data\Zoner

2009-04-29 17:34 . 2009-04-29 17:34 -------- d-----w c:\program files\Zoner

2009-04-29 17:25 . 2009-05-06 21:55 -------- d-----w C:\PREVEW

2009-04-29 16:49 . 2009-04-29 16:49 -------- d-----w c:\program files\%ramdrv%Image_Grabber_II

2009-04-24 12:09 . 2009-05-02 14:52 -------- d-----w c:\documents and settings\Elenh\Application Data\Free Audio Editor

2009-04-24 09:34 . 2009-05-05 16:23 2098392 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT

2009-04-22 19:59 . 2009-04-22 19:59 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2009-04-22 16:35 . 2009-04-24 11:08 -------- d-----w c:\program files\PostSmile

2009-04-22 14:10 . 2009-04-22 14:10 -------- d-----w c:\documents and settings\All Users\Application Data\IM

2009-04-22 14:08 . 2009-04-24 01:22 -------- d-----w c:\documents and settings\Elenh\Local Settings\Application Data\IM

2009-04-22 14:08 . 2009-04-23 21:28 -------- d-----w c:\documents and settings\All Users\Application Data\IncrediMail

2009-04-21 23:44 . 2009-05-10 20:01 -------- d-----w c:\program files\FreeRapid-0.82

2009-04-21 21:55 . 2009-05-03 10:33 -------- d-----w c:\program files\vSoft

2009-04-21 20:58 . 2009-04-22 16:29 -------- d-----w c:\program files\Fight for Fun

2009-04-21 15:03 . 2009-01-20 00:05 10372096 ----a-w c:\windows\system32\Koi Fish 3D Screensaver.exe

2009-04-21 15:03 . 2009-01-20 00:05 908288 ----a-w c:\windows\system32\Koi_Fish_3D_Screensaver.scr

2009-04-21 15:03 . 2009-04-21 15:03 -------- d-----w c:\program files\Koi Fish 3D Screensaver

2009-04-21 14:45 . 2009-04-21 14:45 -------- d-----w c:\program files\SweetIM

2009-04-21 14:38 . 2009-04-21 14:38 -------- d-----w c:\documents and settings\Elenh\Local Settings\Application Data\RapidShareDownloader

2009-04-21 12:21 . 2009-04-21 12:21 -------- d-----w c:\documents and settings\Elenh\Application Data\HiYo

2009-04-21 12:21 . 2009-04-21 12:21 -------- d-----w c:\program files\HiYo

2009-04-21 12:21 . 2009-04-21 12:21 -------- d-----w c:\documents and settings\All Users\Application Data\HiYo

2009-04-21 07:08 . 2009-04-21 07:08 1496576 ---ha-w c:\windows\system32\wodfamop.dll

2009-04-21 07:07 . 2009-04-21 07:07 -------- d-----w c:\program files\Abrosoft

2009-04-20 13:21 . 2009-04-20 13:21 -------- d-----w c:\program files\iColorFolder

2009-04-19 17:00 . 2009-05-06 15:49 -------- d-----w c:\documents and settings\Elenh\Application Data\elefundesktops

2009-04-19 17:00 . 2009-04-19 17:00 -------- d-----w c:\program files\EleFun Wallpapers

2009-04-18 17:46 . 2009-04-18 18:04 -------- d-----w c:\documents and settings\Elenh\Zaxwerks

2009-04-18 17:45 . 2009-04-18 17:45 -------- d-----w c:\program files\ProModeler 4.5.1 PC

2009-04-18 17:42 . 2009-04-18 17:42 -------- d-----w c:\documents and settings\All Users\Application Data\Public System Files

2009-04-18 16:32 . 2009-04-18 16:32 -------- d-----w c:\documents and settings\Elenh\Application Data\Ambient Design

2009-04-18 16:25 . 2009-04-18 16:25 -------- d-----w c:\program files\Ambient Design

2009-04-18 14:53 . 2009-04-21 13:53 -------- d-----w c:\documents and settings\Elenh\Application Data\UseNeXT

2009-04-18 14:48 . 2009-04-18 16:38 -------- d-----w c:\program files\Insofta 3D Text Commander

2009-04-18 14:41 . 2009-04-18 14:44 -------- d-----w c:\program files\Insofta Cover Commander

2009-04-16 15:34 . 2009-04-16 15:34 243428 ----a-w c:\windows\uninstall 16Aquari.exe

2009-04-16 14:56 . 2009-04-16 14:56 -------- d-----w c:\program files\AAALOGO2008

2009-04-16 07:53 . 2009-04-16 07:53 -------- d-----w c:\documents and settings\Elenh\Application Data\Windows Live Writer

2009-04-16 07:53 . 2009-04-16 07:54 -------- d-----w c:\documents and settings\Elenh\Local Settings\Application Data\Windows Live Writer

2009-04-15 12:57 . 2009-04-15 12:57 -------- d-----w c:\documents and settings\Elenh\Application Data\AMPSoft

2009-04-15 12:21 . 2008-11-18 20:28 -------- d-----w C:\CYRILIC

2009-04-15 12:21 . 2009-05-10 20:01 -------- d-----w C:\TYGRA 3000

2009-04-15 12:21 . 2009-04-15 12:21 -------- d-----w c:\program files\FontViewer Portable

2009-04-15 12:21 . 2009-04-15 12:21 -------- d-----w c:\program files\AMP Font Viewer

2009-04-15 12:19 . 2009-04-15 12:20 -------- d-----w c:\documents and settings\Elenh\Application Data\PhotoFiltre Studio X

2009-04-15 12:19 . 2009-04-15 20:56 -------- d-----w c:\program files\PhotoFiltre Studio X

2009-04-15 07:39 . 2008-05-03 11:55 2560 ----a-w c:\windows\system32\xpsp4res.dll

2009-04-15 06:22 . 2009-04-15 06:22 -------- d-----w C:\Sandbox

2009-04-15 06:22 . 2009-04-15 06:22 -------- d-----w c:\program files\Sandboxie

2009-04-15 02:13 . 2009-05-12 08:06 -------- d-----w c:\documents and settings\Elenh\Tracing

2009-04-15 02:11 . 2009-02-06 15:08 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys

2009-04-15 02:10 . 2009-04-15 02:10 -------- d-----w c:\program files\Microsoft Sync Framework

2009-04-15 02:09 . 2009-04-15 02:09 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition

2009-04-15 02:08 . 2009-04-15 02:08 -------- d-----w c:\program files\Windows Live SkyDrive

2009-04-14 08:55 . 2009-04-14 08:55 -------- d-----w c:\program files\KaraokeDX

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-12 08:05 . 2008-09-09 23:46 -------- d-----w c:\program files\DNA

2009-05-12 08:05 . 2009-03-02 17:53 5112 ----a-w c:\windows\GPCIDrv.sys

2009-05-12 08:05 . 2008-09-05 12:54 -------- d-----w c:\program files\lg_fwupdate

2009-05-12 08:05 . 2008-09-05 14:05 19039 -c--a-w c:\windows\system32\drivers\GVTDrv.sys

2009-05-11 22:58 . 2008-12-17 18:17 -------- d-----w c:\program files\4shared Uploader

2009-05-11 15:01 . 2008-12-11 09:09 -------- d-----w c:\documents and settings\Elenh\Application Data\SUPERAntiSpyware.com

2009-05-11 14:11 . 2008-11-02 18:40 2098392 ----a-w c:\documents and settings\multiskype\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-11 14:04 . 2009-03-26 13:13 -------- d-----w c:\program files\AlienGUIse

2009-05-11 12:39 . 2008-12-16 06:20 -------- d-----w c:\program files\Registry Clean Expert

2009-05-10 20:01 . 2008-09-18 23:27 -------- d-----w c:\program files\DivX

2009-05-10 20:01 . 2008-09-05 10:38 -------- d-----w c:\program files\Windows Media Connect 2

2009-05-10 20:01 . 2009-02-02 14:33 -------- d-----w c:\program files\Internet Download Manager

2009-05-10 14:01 . 2008-09-05 12:15 96384 ----a-w c:\windows\system32\drivers\sptd5997.sys

2009-05-09 13:42 . 2008-10-23 22:11 -------- d-----w c:\program files\Ashampoo

2009-05-09 13:42 . 2008-09-05 10:32 -------- d--h--w c:\program files\InstallShield Installation Information

2009-05-09 13:32 . 2008-09-05 19:51 -------- d-----w c:\program files\FrostWire

2009-05-09 13:30 . 2009-03-31 11:41 -------- d-----w c:\program files\VS Revo Group

2009-05-04 11:41 . 2009-01-16 08:11 -------- d-----w c:\program files\PhotoScape

2009-05-03 18:34 . 2008-12-09 15:05 -------- d-----w c:\program files\Screensaver Factory 4 Enterprise

2009-05-03 18:26 . 2009-04-01 18:30 -------- d-----w c:\program files\IconLover

2009-05-03 17:27 . 2008-09-05 14:28 -------- d-----w c:\program files\Acoustica Audio Converter Pro

2009-05-02 12:58 . 2008-09-14 21:21 -------- d-----w c:\program files\AviSynth 2.5

2009-04-24 09:33 . 2008-09-05 00:44 8224 ----a-w c:\documents and settings\Elenh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-04-21 19:12 . 2009-04-02 13:19 -------- d-----w c:\program files\Changes

2009-04-16 15:55 . 2008-11-19 09:43 -------- d-----w c:\program files\EZPhotoCalendarCreatorPlus

2009-04-15 02:08 . 2009-02-12 23:05 -------- d-----w c:\program files\Microsoft

2009-04-14 09:05 . 2009-02-16 06:18 -------- d-----w c:\program files\Icon Converter Plus

2009-04-14 09:05 . 2009-01-16 10:25 -------- d-----w c:\program files\IE BrightSpot

2009-04-14 09:05 . 2009-01-16 08:31 -------- d-----w c:\program files\Dream Aquarium

2009-04-14 09:05 . 2009-01-11 17:06 -------- d-----w c:\program files\Wallpaper Desktop

2009-04-14 09:05 . 2008-12-14 15:31 -------- d-----w c:\program files\Atlantis 3D Screensaver

2009-04-14 09:05 . 2008-12-02 15:00 -------- d-----w c:\program files\Setup

2009-04-14 09:05 . 2008-09-07 13:27 -------- d-----w c:\program files\YouTube Downloader

2009-04-14 09:05 . 2009-04-08 20:27 -------- d-----w c:\program files\Acala DVD 3gp Ripper

2009-04-14 09:05 . 2009-03-15 13:16 -------- d-----w c:\program files\Banner Maker Pro 7

2009-04-14 09:05 . 2008-09-09 13:12 -------- d-----w c:\program files\MorEmoticons

2009-04-14 09:05 . 2008-09-05 14:31 -------- d-----w c:\program files\SlimBrowser

2009-04-12 16:14 . 2008-09-07 04:55 -------- d-----w c:\program files\EA GAMES

2009-04-12 13:56 . 2008-12-10 17:57 -------- d-----w c:\program files\Video Thumbnails Maker

2009-04-10 08:47 . 2008-09-05 19:56 -------- d-----w c:\program files\Java

2009-04-08 20:45 . 2008-09-07 16:31 -------- d-----w c:\program files\MediaInfo

2009-04-08 20:44 . 2008-09-05 15:51 -------- d-----w c:\program files\Common Files\Adobe

2009-04-07 19:45 . 2009-04-07 19:44 -------- d-----w c:\program files\QuickTime

2009-04-07 12:10 . 2009-04-07 11:56 -------- d-----w c:\program files\3Planesoft Screensaver Manager

2009-04-07 12:10 . 2009-04-07 12:10 -------- d-----w c:\program files\Coral Clock 3D Screensaver

2009-04-07 11:56 . 2009-04-07 11:56 -------- d-----w c:\program files\Water Clock 3D Screensaver

2009-04-07 05:54 . 2008-09-13 14:08 1148 -c--a-w c:\windows\system32\ezdigsgn.dat

2009-04-04 17:46 . 2009-04-04 17:46 -------- d-----w c:\program files\Common Files\Xuisoft

2009-04-04 13:52 . 2009-04-04 13:52 -------- d-----w c:\program files\Reallusion

2009-04-04 12:46 . 2008-09-06 10:56 -------- d-----w c:\program files\Xilisoft

2009-04-04 12:32 . 2009-02-25 11:49 -------- d-----w c:\program files\No1 Video Converter

2009-04-02 20:13 . 2008-10-20 14:28 -------- d-----w c:\program files\iPod

2009-04-02 13:39 . 2009-04-02 13:39 -------- d-----w c:\program files\soft Xpansion

2009-04-02 13:20 . 2009-04-02 13:20 4608 ----a-w c:\windows\system32\w95inf32.dll

2009-04-02 13:20 . 2009-04-02 13:20 2272 ----a-w c:\windows\system32\w95inf16.dll

2009-04-01 20:33 . 2008-09-05 15:59 -------- d-----w c:\program files\Winamp

2009-04-01 19:59 . 2008-09-05 14:02 -------- d-----w c:\program files\Yahoo!

2009-04-01 19:38 . 2009-04-01 19:38 -------- d-----w c:\program files\Image-Line

2009-04-01 19:38 . 2009-04-01 19:38 -------- d-----w c:\program files\VstPlugins

2009-04-01 18:49 . 2009-04-01 18:38 -------- d-----w c:\program files\The KMPlayer

2009-04-01 18:37 . 2009-04-01 18:37 -------- d-----w c:\program files\BACL

2009-04-01 18:23 . 2009-04-01 18:23 -------- d-----w c:\program files\Streamripper

2009-04-01 09:42 . 2009-03-17 15:38 -------- d-----w c:\program files\easyMule

2009-04-01 09:01 . 2009-01-16 08:22 -------- d-----w c:\program files\Dealio

2009-04-01 08:40 . 2008-09-05 00:55 -------- d-----w c:\program files\Spybot - Search & Destroy

2009-03-31 18:17 . 2008-11-13 20:32 -------- d-----w c:\program files\SpeedFan

2009-03-31 17:19 . 2008-09-07 06:31 -------- d-----w c:\program files\Xfire

2009-03-31 17:19 . 2009-03-28 19:27 -------- d-----w c:\program files\Video to GIF Converter

2009-03-31 17:18 . 2009-01-16 09:16 -------- d-----w c:\program files\Frame Maker Pro

2009-03-31 17:18 . 2008-09-07 08:46 -------- d-----w c:\program files\DANCE!ONLINE

2009-03-31 17:18 . 2008-09-14 22:01 -------- d-----w c:\program files\Common Files\BitDefender

2009-03-31 17:18 . 2009-02-18 19:11 -------- d-----w c:\program files\Collage Maker3

2009-03-31 17:18 . 2009-03-25 22:15 -------- d-----w c:\program files\CDex_150

2009-03-31 17:17 . 2008-09-22 00:17 -------- d-----w c:\program files\'Full Speed' Internet Booster + Performance Tests

2009-03-31 17:16 . 2008-09-21 15:30 -------- d-----w c:\program files\StreamingStar

2009-03-31 15:57 . 2009-03-31 15:57 -------- d-----w c:\program files\Hard Drive Inspector

2009-03-31 15:09 . 2009-03-31 15:09 -------- d-----w c:\program files\Cryptload

2009-03-30 16:52 . 2009-01-27 21:31 -------- d-----w c:\program files\K-Lite Codec Pack

2009-03-30 14:03 . 2009-03-30 14:03 -------- d-----w c:\program files\Pixarra

2009-03-30 11:38 . 2009-03-30 11:38 -------- d-----w c:\program files\Kirillka.ru Snow

2009-03-29 20:15 . 2008-10-29 09:39 -------- d-----w c:\program files\Last.fm

2009-03-28 22:26 . 2008-09-20 00:12 -------- d-----w c:\program files\uTorrent

2009-03-28 19:15 . 2009-03-28 19:14 -------- d-----w c:\program files\Watermark Factory 2

2009-03-28 19:03 . 2009-03-28 19:03 -------- d-----w c:\program files\Image Trends Inc

2009-03-26 15:35 . 2009-01-22 14:39 210352 ----a-w c:\windows\system32\idmmbc.dll

2009-03-26 13:13 . 2009-03-26 13:13 -------- d-----w c:\program files\Common Files\Stardock

2009-03-22 11:42 . 2008-09-18 07:08 -------- d-----w c:\program files\The_Pirate_Bay

2009-03-19 09:34 . 2009-03-19 09:34 -------- d-----w c:\program files\FirmTools

2009-03-15 12:59 . 2009-03-15 12:59 -------- d-----w c:\program files\KC Softwares

2009-03-14 10:06 . 2009-01-16 05:22 -------- d-----w c:\program files\Xara

2009-03-12 00:36 . 2009-03-12 00:36 409280 ----a-w c:\windows\system32\HDDSvc.exe

2009-03-10 19:18 . 2008-12-09 12:03 934792 ----a-w c:\windows\system32\WgaTray.dve.exe

2009-03-09 02:19 . 2009-01-10 13:13 410984 -c--a-w c:\windows\system32\deploytk.dll

2009-03-06 14:22 . 2008-01-26 05:57 284160 ----a-w c:\windows\system32\pdh.dll

2009-03-03 00:18 . 2008-01-26 05:57 826368 ----a-w c:\windows\system32\wininet.dll

2009-02-20 18:09 . 2008-01-26 05:57 78336 ------w c:\windows\system32\ieencode.dll

2009-02-19 19:46 . 2008-01-26 05:57 14336 ----a-w c:\windows\system32\svchost.exe

2009-02-16 06:18 . 2009-02-16 06:18 279489 ----a-w c:\windows\Icon Converter Plus Uninstaller.exe

2009-02-12 05:58 . 2008-09-09 07:36 45056 -c--a-w c:\windows\system32\WNASPI32.DLL

2009-02-12 05:58 . 2008-09-09 07:36 16512 -c--a-w c:\windows\system32\drivers\ASPI32.SYS

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "c:\program files\The_Pirate_Bay\tbThe1.dll" [2009-04-21 1883672]

"{684a09ee-5c31-4b12-924e-49292340f9a4}"= "c:\program files\bananabg\tbbana.dll" [2009-02-19 2081304]

"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "c:\program files\isoHunt\tbisoH.dll" [2009-02-19 2081304]

"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

 

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

 

[HKEY_CLASSES_ROOT\clsid\{684a09ee-5c31-4b12-924e-49292340f9a4}]

 

[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]

 

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{684a09ee-5c31-4b12-924e-49292340f9a4}]

2009-02-19 14:58 2081304 ----a-w c:\program files\bananabg\tbbana.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

2009-04-21 22:08 1883672 ----a-w c:\program files\The_Pirate_Bay\tbThe1.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]

2009-02-19 14:58 2081304 ----a-w c:\program files\isoHunt\tbisoH.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

2008-10-08 09:22 1172792 ----a-w c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "c:\program files\The_Pirate_Bay\tbThe1.dll" [2009-04-21 1883672]

"{684a09ee-5c31-4b12-924e-49292340f9a4}"= "c:\program files\bananabg\tbbana.dll" [2009-02-19 2081304]

"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "c:\program files\isoHunt\tbisoH.dll" [2009-02-19 2081304]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

 

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

 

[HKEY_CLASSES_ROOT\clsid\{684a09ee-5c31-4b12-924e-49292340f9a4}]

 

[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]

 

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= "c:\program files\The_Pirate_Bay\tbThe1.dll" [2009-04-21 1883672]

"{684A09EE-5C31-4B12-924E-49292340F9A4}"= "c:\program files\bananabg\tbbana.dll" [2009-02-19 2081304]

"{A6E4A4EB-D169-4E99-8988-250FCBAFE767}"= "c:\program files\isoHunt\tbisoH.dll" [2009-02-19 2081304]

 

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

 

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

 

[HKEY_CLASSES_ROOT\clsid\{684a09ee-5c31-4b12-924e-49292340f9a4}]

 

[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]

"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-05 171448]

"MorEmoticons"="c:\program files\MorEmoticons\MorEmoticons.exe" [2007-11-12 64000]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-16 342848]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-02-14 270128]

"Web Video Downloader"="c:\program files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe" [2007-12-13 2949120]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2008-11-15 2235920]

"AliceConnect"="c:\program files\COSMOTE\Internet On the Go\Wilog.exe" [2008-03-07 3623464]

"RegClean Expert Scheduler"="c:\program files\Registry Clean Expert\RCHelper.exe" [2008-11-03 603384]

"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-01-01 1654853]

"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-29 2799024]

"WinSnap"="c:\program files\WinSnap\WinSnap.exe" [2008-10-29 414616]

"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 1957888]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-01-26 15360]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-04-13 365568]

"TBC Pro"="c:\program files\TitleBarClock Pro\Tbcpro.exe" [2006-07-23 67072]

"GetSmile"="c:\program files\GetSmile\getsmile.exe" [2007-06-01 2031616]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]

"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2005-04-12 229376]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]

"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2006-07-25 544768]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]

"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]

"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]

"PicPick Start"="c:\program files\PicPick\picpick.exe" [2009-02-11 889856]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-14 399504]

"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]

"HDInspector.exe"="c:\program files\Hard Drive Inspector\HDInspector.exe" [2009-03-15 1031168]

"Make A Voozie"="c:\documents and settings\All Users\Application Data\Make A Voozie\VoozieMaker.exe" [2008-02-20 64000]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2009-03-19 197936]

"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-03-05 111928]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-01-26 110592]

"Resume copy"="copyfstq.exe" - c:\windows\copyfstq.exe [2003-06-10 57344]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-09-05 160592]

 

c:\documents and settings\Elenh\Start Menu\Programs\Startup\

Configure Bulgarian Speech.lnk - c:\documents and settings\Elenh\Application Data\Microsoft\Installer\{319A3CA9-DA63-4D65-8B25-403CF9CBF087}\_5af141bb.exe [2009-4-1 1078]

Random Wallpaper Changer.lnk - c:\changepaper\changepaper.exe [2008-9-6 399360]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoFileAssociate"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]

2008-12-22 09:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-20 21:34 24576 ----a-w c:\program files\AlienGUIse\fastload.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2007-11-02 09:47 120056 ----a-w c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDVOhH]

[bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHWPfc]

[bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\wbsys.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@=""

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=

"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=

"c:\\Program Files\\DC++\\DCPlusPlus.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"43230:TCP"= 43230:TCP:Elenh-comp

"43230:UDP"= 43230:UDP:elenh-computer

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"12909:TCP"= 12909:TCP:BitComet 12909 TCP

"12909:UDP"= 12909:UDP:BitComet 12909 UDP

"22819:TCP"= 22819:TCP:BitComet 22819 TCP

"22819:UDP"= 22819:UDP:BitComet 22819 UDP

"18871:TCP"= 18871:TCP:BitComet 18871 TCP

"18871:UDP"= 18871:UDP:BitComet 18871 UDP

"32371:TCP"= 32371:TCP:Azureus

"50360:UDP"= 50360:UDP:µTorrent 50360 UDP

"50360:TCP"= 50360:TCP:µTorrent 50360 TCP

"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP порт 443

"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP порт 443

"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP порт 37674

"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP порт 37674

"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP порт 37675

"8356:TCP"= 8356:TCP:BitComet 8356 TCP

"8356:UDP"= 8356:UDP:BitComet 8356 UDP

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/1/2002 9:28 PM 114768]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/1/2002 9:28 PM 20560]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/15/2009 5:11 AM 55152]

R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [9/20/2002 7:29 PM 53248]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/13/2009 7:26 PM 170640]

R2 mdvrmng;Mobile IP Route Manager;c:\windows\system32\drivers\mdvrmng.sys [9/5/2008 2:31 PM 10240]

R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 5:53 PM 226656]

R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [5/2/2009 10:27 PM 4096]

R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 5:43 PM 31896]

R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [3/2/2009 8:53 PM 5112]

R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [9/5/2008 5:05 PM 19039]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/13/2009 7:26 PM 15504]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]

R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [4/13/2009 7:51 PM 107520]

R4 atidgllk;atidgllk;c:\program files\GigaByte\VGA Utility Manager\atidgllk.sys [9/5/2008 5:04 PM 5376]

S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [9/20/2002 7:27 PM 77824]

S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [9/20/2002 7:41 PM 77824]

S3 Droppix Service;Droppix Service;c:\program files\Common Files\Droppix\DxService.exe [5/5/2009 7:19 PM 221184]

S3 esihdrv;esihdrv;\??\c:\docume~1\Elenh\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\Elenh\LOCALS~1\Temp\esihdrv.sys [?]

S3 fsssvc;Семейна безопасност на Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 8:31 PM 42000]

S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" --> c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [?]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e9864d2-7b3d-11dd-b86b-001a92319fca}]

\Shell\AutoRun\command - H:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97171f77-1786-11de-9650-001a92319fca}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

 

2009-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

 

2009-05-11 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Elenh.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-13 14:11]

.

- - - - ORPHANS REMOVED - - - -

 

URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)

BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)

BHO-{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - (no file)

BHO-{1f17c7af-6123-48cb-980d-6001d8435631} - (no file)

BHO-{6D4C991F-0868-4D32-AB5A-A5E79A765C2C} - (no file)

BHO-{71B1937A-A997-40CF-85EA-D09AC19E2067} - (no file)

BHO-{7D1D31A0-1F78-499E-9236-A5D44495DACE} - (no file)

BHO-{859098F8-F713-490D-92B3-31304377E653} - (no file)

BHO-{D9C28639-7740-4006-BAE9-2D3923BC07B6} - (no file)

HKCU-Run-DiskChk help - c:\documents and settings\All Users\proto.dll

HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\MsnMsgr.Exe

HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mystart.incredimail.com/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE: download all links with idm - c:\program files\Internet Download Manager\IEGetAll.htm

IE: download flv video content with idm - c:\program files\Internet Download Manager\IEGetVL.htm

IE: download flv videos with idm from 10 last requested - c:\program files\Internet Download Manager\IEGetVL2.htm

IE: download with idm - c:\program files\Internet Download Manager\IEExt.htm

IE: {{60237576-b24c-4ba9-9740-c9f3ec9db557} - {EAADF17C-B6EA-4511-8549-A67CFD406EAF} - c:\progra~1\SkyCode\WEBTRA~1\wt2ie.dll

LSP: c:\windows\system32\idmmbc.dll

FF - ProfilePath - c:\documents and settings\Elenh\Application Data\Mozilla\Firefox\Profiles\jul5nnzn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://apps.yahoo.com/-hD4ACE4e/YahooFullView/index.php?yap_src=http://my.yahoo.com/p/1.html

FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=

FF - component: c:\documents and settings\Elenh\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

FF - component: c:\documents and settings\Elenh\Application Data\Mozilla\Firefox\Profiles\jul5nnzn.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Elenh\Application Data\Mozilla\Firefox\Profiles\jul5nnzn.default\extensions\{bc4be15d-6a34-4356-9e97-79e43da32b1d}\components\FFAlert.dll

FF - component: c:\documents and settings\Elenh\Application Data\Mozilla\Firefox\Profiles\jul5nnzn.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\documents and settings\Elenh\Application Data\Mozilla\plugins\npPxPlay.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

FF - user.js: browser.blink_allowed - true

FF - user.js: network.prefetch-next - true

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-12 11:09

Windows 5.1.2600 Service Pack 3, v.5755 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = ~"c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background?

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,3a,da,0e,bd,11,

37,3b,8c,2e,e8,e1,00,eb,16,2b,de,a5,c2,16,c9,6a,38,e3,82,e2,63,26,f1,3f,c8,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,72,28,7c,dc,8a,

5b,84,92,46,47,15,b0,92,4b,c7,ef,b2,96,ce,bd,0d,7e,d7,00,6a,9c,d6,61,af,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,13,7d,e0,ae,ff,

8b,5e,c0,7a,45,05,fd,91,e8,6f,31,03,55,19,0b,bc,2c,ed,46,ff,7c,85,e0,43,d4,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,6f,de,c8,da,bf,

1f,ec,4f,6b,65,49,6a,7e,99,74,f7,a4,26,05,94,f3,3d,c3,e2,86,8c,21,01,be,91,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):c9,b6,e4,16,9f,ea,75,65,b1,0e,38,88,53,8e,c1,77,d3,4a,d5,93,83,

03,42,8b,0a,8e,b2,9b,55,4f,71,90,a8,98,36,d3,22,65,18,a4,00,00,00,00,00,00,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,e4,ee,d3,5e,c8,

4b,b7,8d,e9,02,6c,fa,fb,1d,47,57,9b,85,b4,e6,8f,b6,ff,1c,f5,1d,4d,73,a8,13,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,81,b4,e4,fc,2b,

3a,19,78,50,93,e5,ab,ec,6a,4e,ab,42,d1,8d,a5,1c,ad,ec,88,df,20,58,62,78,6b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,02,b1,66,a4,87,

5f,e1,91,97,20,4e,9a,c7,f1,35,ee,49,fc,7b,14,e4,40,77,89,fb,a7,78,e6,12,2f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,db,de,35,37,d4,

49,39,df,aa,52,c6,00,84,3c,26,64,df,ff,33,65,79,a6,12,3e,01,3a,48,fc,e8,04,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,71,20,e2,d4,fb,

6b,db,c0,b2,46,9a,e2,1b,fe,1b,94,96,50,b0,07,57,fe,0a,77,f6,0f,4e,58,98,5b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,53,2c,cf,d6,62,

26,1b,36,37,a4,aa,c3,a6,15,56,0a,ee,fd,34,60,84,5f,36,ad,3d,ce,ea,26,2d,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f5377d4e-db21-4fe2-a2ec-25ae4e4c5e48}]

@Denied: (Full) (Everyone)

"Model"=dword:00000024

"Therad"=dword:00000018

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,

df,1c,2f,3b,8a,0a,32,11,89,01,b5,79,63,b2,f3,b6,a6,7f,0e,d7,b9,c1,83,e2,e6,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,75,39,3b,74,18,

24,33,81,f8,31,0f,a9,5f,a0,ec,fb,aa,17,8d,6d,c6,45,ab,df,2a,b7,cc,b5,b9,7f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,89,7b,3b,a2,7b,

34,35,cf,05,73,21,dd,54,d8,4a,c5,2f,b2,9a,e1,86,06,92,8a,6c,43,2d,1e,aa,22,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(928)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\Ati2evxx.dll

c:\program files\AlienGUIse\fastload.dll

c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

 

- - - - - - - > 'explorer.exe'(2604)

c:\program files\GetSmile\getsmile.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Sandboxie\SbieSvc.exe

c:\program files\Photodex\ProShowGold\scsiaccess.exe

c:\windows\system32\rundll32.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\program files\COSMOTE\Internet On the Go\AutoUpdateSrv.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Completion time: 2009-05-12 11:14 - machine was rebooted

ComboFix-quarantined-files.txt 2009-05-12 08:13

 

Pre-Run: 98,809,274,368 bytes free

Post-Run: 98,803,490,816 bytes free

 

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7

632 --- E O F --- 2009-04-30 08:09

[Night_Raven]

Ще ми трябва малко повече време да го прегледам, защото има тонове ненужен софтуер (разни дребни програмки) и трябва да се отсее.

 

Междувременно не свързвай никакви флаш памети към компютъра.