Невъзможност да се качи антивирусен продукт ?!?

B-boy/StyLe/ · Септември 6, 2009

V momenta v koito se opitah da izteglq "The Avenger", sesiqta se zatvori kakto pri antivirusnite...Iz4ezna i language bar-a...

Какво е положението в Control Panel => Regional and language options => Languages => Details =>

От прозореца Text Services and Input Languages отиди на таба Settings и натисни бутона Language bar => сложи отметка пред Show the language bar on the desktop.

Сега спри пак защитата на Spybot TeaTimer и изтегли и разархивирай The Avenger от линка по-надолу. (нарочно съм го преименувал на avvy.com).

Разархивирай го и го стартирай. Изпълни скрипта от предишния ми пост.

http://www.mediafire.com/download.php?mixtzzzzmnw

draco_volans · Септември 6, 2009

От под коментара ми пробвай...

regbor · Септември 6, 2009

бутона Language bar e neaktiven...

B-boy/StyLe/ · Септември 6, 2009

бутона Language bar e neaktiven...

Изтегли това и го стартирай с двукратен клик:

http://www.kellys-korner-xp.com/regs_edits...gbarrestore.reg

Първо обаче да изчистим системата, после ще оправяме остатъчните поражения.

B-boy/StyLe/ · Септември 6, 2009

Probvah i dvata linka ... otkazva da go razarhivira!

За language bar-a

Провери дали няма отметка на :

Control Panel > Regional and Language Options > Languages page - щракни Details и иди на Advanced

Turn off Advanced Text services НЕ трябва да има отметка.

http://img107.imageshack.us/img107/4300/87999501gh4.jpg

За паразита:

Понеже имам информация че вече Combofix използва The_Avenger за триенето на упорити файлове мисля, че The_Avenger като самостоятелно приложение е обречено на провал. Така или иначе няма да се предаваме.Combofix би трябвало сам да е добавил ред Recovery Console при рестарт на компютъра ? Ако не е

така се надявам да имаш инсталационен диск за да можем да влезим в Recovery Console режим.

http://img.bleepingcomputer.com/tutorials/rc/startup.gif

След това остава да следваш тези инструкции:

Ще бъдете подканен да изберете коя Windows инсталация ще възстановявате:
Ако имате само една инсталация просто избирате "1"

http://sonic-bg.com/reviews/recovery_console/rcons03.gif

След това се изисква и администраторската парола.
Ако не сте въвеждали такава просто натиснете "ENTER".

http://sonic-bg.com/reviews/recovery_console/rcons04.gif

И остава да напишеш командата:

del c:\windows\system32\bfbafeffaecaf.dll

regbor · Септември 6, 2009

Езика се оправи,имаше отметка, но не разполагам с диск...

B-boy/StyLe/ · Септември 6, 2009

Езика се оправи,имаше отметка, но не разполагам с диск...

Добре да пробваме следното:

Изтегли AVZ 4.32 и го разархивирай.

Стартирай файла avz.exe

http://img200.imageshack.us/img200/4783/30286166.jpg

Сега от File => Custom scripts въведи

http://img442.imageshack.us/img442/5166/55218612.jpg

С copy/paste следното:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
DeleteFile('c:\windows\system32\bfbafeffaecaf.dll');
DeleteFile('c:\windows\system32\ec797eaf165bd5f53cc5641ac7f1a35e.TMP');
DeleteFile('bfbafeffaecaf.dll');
BC_DeleteFile('bfbafeffaecaf.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

Натисни RUN .

Копирай лог файла след рестарта който ще се създаде.

regbor · Септември 6, 2009

Случайно открих някаква версия на HiJack в една папка...прилагам лог файл:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:06:28, on 07.09.2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrator\Desktop\AdA\HiJackThis202.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: AcroIEHlprObj Class - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: flashget urlcatch - {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe

O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot

O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: &Сваляне на всички с FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: &Сваляне с FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{0287E462-2975-49A3-A896-3A1BF3BC82DF}: NameServer = 10.28.4.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{0287E462-2975-49A3-A896-3A1BF3BC82DF}: NameServer = 10.28.4.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{0287E462-2975-49A3-A896-3A1BF3BC82DF}: NameServer = 10.28.4.1

O17 - HKLM\System\CS3\Services\Tcpip\..\{0287E462-2975-49A3-A896-3A1BF3BC82DF}: NameServer = 10.28.4.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: bfbafeffaecaf - C:\WINDOWS\

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--

End of file - 7524 bytes

B-boy/StyLe/ · Септември 6, 2009

Пробва ли скрипта ми за AVZ ?

Че ако не стане имам и друга идея...

Отвори notepad и въведи:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
"c:\windows\system32\bfbafeffaecaf.dll"
"c:\windows\system32\ec797eaf165bd5f53cc5641ac7f1a35e.TMP"
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
pause
del %0

Запази файла с име fix.bat

Трябва да изглежа ето така - http://i266.photobucket.com/albums/ii277/sUBs_/bat_icon.gif

Стартирай го с двукратен клик на мишката и дай нов лог от HijackThis

И ще те помоля да следваш точно инструкциите...

B-boy/StyLe/ · Септември 6, 2009

И все пак The_Avenger си е The_Avenger.

Извинявам се на форума, че борбата продължи по Skype, но всичко бе в името на бързината.

Логът от преименуван на Albundy.exe (The_Avenger)

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "c:\windows\system32\bfbafeffaecaf.dll" not found!
Deletion of file "c:\windows\system32\bfbafeffaecaf.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\system32\ec797eaf165bd5f53cc5641ac7f1a35e.TMP" not found!
Deletion of file "c:\windows\system32\ec797eaf165bd5f53cc5641ac7f1a35e.TMP" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\bfbafeffaecaf" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Скрипта го има в предната ми страница...не съм го променял.

Логовете вече на HijackThis и обновен Combofix (отново преименуван на Albundy.exe) са чисти:

Тук има някои дреболии и празни обекти:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:33, on 07.09.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Administrator\Desktop\AdA\HiJackThis202.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Сваляне на всички с FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Сваляне с FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0287E462-2975-49A3-A896-3A1BF3BC82DF}: NameServer = 10.28.4.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0287E462-2975-49A3-A896-3A1BF3BC82DF}: NameServer = 10.28.4.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0287E462-2975-49A3-A896-3A1BF3BC82DF}: NameServer = 10.28.4.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0287E462-2975-49A3-A896-3A1BF3BC82DF}: NameServer = 10.28.4.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7641 bytes

А това е от ComboFix:

ComboFix 09-09-06.03 - Petia 07.09.2009 2:10.4.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.359.1033.18.502.147 [GMT 3:00]
Running from: c:\documents and settings\Petia\My Documents\Albundy.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.

2009-09-06 10:25 . 2009-09-06 10:25--------d-----w-c:\windows\ServicePackFiles
2009-09-06 09:25 . 2009-09-06 23:0012----a-w-c:\windows\bthservsdp.dat
2009-08-25 18:35 . 2009-08-25 18:35--------d-----w-c:\windows\system32\NtmsData
2009-08-24 21:01 . 2009-08-24 21:02--------d-----w-c:\program files\Spybot - Search & Destroy
2009-08-23 19:46 . 2009-08-23 19:47--------d-----w-c:\temp\Fracture.2007.DVDRip.XViD.AC3.iNT-CiMG
2009-08-22 00:45 . 2009-08-22 00:45--------d-----w-c:\temp\Ice Age 3 - Dawn Of The Dinosaurs (2009) - R5.LiNE.Subs (In Sync) - FUSiON

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 09:11 . 2004-08-04 02:00204800----a-w-c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2004-08-04 02:0082432----a-w-c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-04 02:00119808----a-w-c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-08-04 02:0058880----a-w-c:\windows\system32\atl.dll
2009-07-13 07:08 . 2004-08-04 02:00286720----a-w-c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2006-01-09 08:08827392----a-w-c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 02:0078336----a-w-c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 02:0017408----a-w-c:\windows\system32\corpol.dll
2009-06-12 11:50 . 2004-08-04 02:0076288----a-w-c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-04 02:0084992----a-w-c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2004-08-04 02:00132096----a-w-c:\windows\system32\wkssvc.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-05_14.11.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-06 23:01 . 2009-09-06 23:01
16384 c:\windows\temp\Perflib_Perfdata_358.dat
+ 2007-07-18 01:42 . 2009-07-14 11:03
46080 c:\windows\system32\tzchange.exe
- 2007-03-09 12:51 . 2008-07-09 07:3826488 c:\windows\system32\spupdsvc.exe
+ 2007-03-09 12:51 . 2007-07-27 07:41
26488 c:\windows\system32\spupdsvc.exe
+ 2007-03-09 12:53 . 2008-07-08 13:02
17272 c:\windows\system32\spmsg.dll
- 2007-03-09 12:53 . 2007-11-30 12:3917272 c:\windows\system32\spmsg.dll
- 2006-01-09 08:08 . 2009-02-20 18:0944544 c:\windows\system32\pngfilt.dll
+ 2006-01-09 08:08 . 2009-06-29 16:12
44544 c:\windows\system32\pngfilt.dll
- 2007-08-13 15:54 . 2009-02-20 18:0952224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 15:54 . 2009-06-29 16:12
52224 c:\windows\system32\msfeedsbs.dll
- 2004-08-04 02:00 . 2009-02-20 18:0927648 c:\windows\system32\jsproxy.dll
+ 2004-08-04 02:00 . 2009-06-29 16:12
27648 c:\windows\system32\jsproxy.dll
- 2007-08-13 15:39 . 2009-02-20 10:2013824 c:\windows\system32\ieudinit.exe
+ 2007-08-13 15:39 . 2009-06-29 11:07
13824 c:\windows\system32\ieudinit.exe
+ 2004-08-04 02:00 . 2009-06-29 16:12
44544 c:\windows\system32\iernonce.dll
- 2004-08-04 02:00 . 2009-02-20 18:0944544 c:\windows\system32\iernonce.dll
+ 2004-08-04 02:00 . 2009-06-29 11:07
70656 c:\windows\system32\ie4uinit.exe
- 2004-08-04 02:00 . 2009-02-20 10:2070656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 15:36 . 2009-06-29 16:12
63488 c:\windows\system32\icardie.dll
- 2007-08-13 15:36 . 2009-02-20 18:0963488 c:\windows\system32\icardie.dll
+ 2004-08-04 02:00 . 2009-06-12 11:50
76288 c:\windows\system32\dllcache\telnet.exe
- 2006-01-09 08:08 . 2009-02-20 18:0944544 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-01-09 08:08 . 2009-06-29 16:12
44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-10-10 12:55 . 2009-02-20 18:0952224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-10-10 12:55 . 2009-06-29 16:12
52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-04 02:00 . 2009-02-20 18:0927648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 02:00 . 2009-06-29 16:12
27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-10-09 23:59 . 2009-02-20 10:2013824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-10-09 23:59 . 2009-06-29 11:07
13824 c:\windows\system32\dllcache\ieudinit.exe
- 2004-08-04 02:00 . 2009-02-20 18:0944544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-04 02:00 . 2009-06-29 16:12
44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-04 02:00 . 2009-06-29 16:12
78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 02:00 . 2009-02-20 18:0978336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 02:00 . 2009-02-20 10:2070656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 02:00 . 2009-06-29 11:07
70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-10-10 12:55 . 2009-02-20 18:0963488 c:\windows\system32\dllcache\icardie.dll
+ 2007-10-10 12:55 . 2009-06-29 16:12
63488 c:\windows\system32\dllcache\icardie.dll
+ 2004-08-04 02:00 . 2009-07-29 04:53
82432 c:\windows\system32\dllcache\fontsub.dll
- 2004-08-04 02:00 . 2007-08-13 15:4217408 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-04 02:00 . 2009-06-29 16:12
17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-04 02:00 . 2009-06-10 14:21
84992 c:\windows\system32\dllcache\avifil32.dll
- 2004-08-04 02:00 . 2004-08-04 02:0084992 c:\windows\system32\dllcache\avifil32.dll
- 2004-08-03 19:00 . 2004-08-03 19:0058880 c:\windows\system32\dllcache\atl.dll
+ 2004-08-03 19:00 . 2009-07-17 18:55
58880 c:\windows\system32\dllcache\atl.dll
+ 2009-09-06 10:26 . 2009-02-20 18:09
44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll
+ 2009-09-06 10:26 . 2009-02-20 18:09
52224 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll
+ 2009-09-06 10:26 . 2009-02-20 18:09
27648 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll
+ 2009-09-06 10:26 . 2009-02-20 10:20
13824 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe
+ 2009-09-06 10:26 . 2009-02-20 18:09
44544 c:\windows\ie7updates\KB972260-IE7\iernonce.dll
+ 2009-09-06 10:26 . 2009-02-20 18:09
78336 c:\windows\ie7updates\KB972260-IE7\ieencode.dll
+ 2009-09-06 10:26 . 2009-02-20 10:20
70656 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe
+ 2009-09-06 10:26 . 2009-02-20 18:09
63488 c:\windows\ie7updates\KB972260-IE7\icardie.dll
+ 2009-09-06 10:26 . 2007-08-13 15:42
17408 c:\windows\ie7updates\KB972260-IE7\corpol.dll
+ 2006-02-07 14:29 . 2009-04-15 09:24
351744 c:\windows\system32\xpsp3res.dll
- 2006-02-07 14:29 . 2008-02-15 09:06351744 c:\windows\system32\xpsp3res.dll
+ 2004-08-04 02:00 . 2009-06-29 16:12
233472 c:\windows\system32\webcheck.dll
- 2004-08-04 02:00 . 2009-02-20 18:09233472 c:\windows\system32\webcheck.dll
- 2004-08-04 02:00 . 2009-02-20 18:09105984 c:\windows\system32\url.dll
+ 2004-08-04 02:00 . 2009-06-29 16:12
105984 c:\windows\system32\url.dll
- 2004-08-04 02:00 . 2007-07-09 02:09584192 c:\windows\system32\rpcrt4.dll
+ 2004-08-04 02:00 . 2009-04-15 15:11
584192 c:\windows\system32\rpcrt4.dll
+ 2004-08-04 02:00 . 2009-06-29 16:12
102912 c:\windows\system32\occache.dll
- 2004-08-04 02:00 . 2009-02-20 18:09102912 c:\windows\system32\occache.dll
+ 2004-08-04 02:00 . 2009-06-05 07:42
655872 c:\windows\system32\mstscax.dll
- 2006-01-09 08:08 . 2009-02-20 18:09671232 c:\windows\system32\mstime.dll
+ 2006-01-09 08:08 . 2009-06-29 16:12
671232 c:\windows\system32\mstime.dll
+ 2006-01-09 08:08 . 2009-06-29 16:12
193024 c:\windows\system32\msrating.dll
- 2006-01-09 08:08 . 2009-02-20 18:09193024 c:\windows\system32\msrating.dll
- 2006-01-09 08:08 . 2009-02-20 18:09477696 c:\windows\system32\mshtmled.dll
+ 2006-01-09 08:08 . 2009-06-29 16:12
477696 c:\windows\system32\mshtmled.dll
+ 2007-08-13 15:54 . 2009-06-29 16:12
459264 c:\windows\system32\msfeeds.dll
- 2007-08-13 15:54 . 2009-02-20 18:09459264 c:\windows\system32\msfeeds.dll
+ 2004-08-04 02:00 . 2009-05-07 15:44
344064 c:\windows\system32\localspl.dll
- 2007-08-13 15:34 . 2009-02-20 18:09268288 c:\windows\system32\iertutil.dll
+ 2007-08-13 15:34 . 2009-06-29 16:12
268288 c:\windows\system32\iertutil.dll
- 2004-08-04 02:00 . 2009-02-20 18:09385024 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 02:00 . 2009-06-29 16:12
385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 09:27 . 2009-06-29 16:12
380928 c:\windows\system32\ieapfltr.dll
+ 2004-08-04 02:00 . 2009-06-29 08:33
161792 c:\windows\system32\ieakui.dll
- 2004-08-04 02:00 . 2009-02-20 05:14161792 c:\windows\system32\ieakui.dll
- 2004-08-04 02:00 . 2009-02-20 18:09230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 02:00 . 2009-06-29 16:12
230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 02:00 . 2009-06-29 16:12
153088 c:\windows\system32\ieakeng.dll
- 2004-08-04 02:00 . 2009-02-20 18:09153088 c:\windows\system32\ieakeng.dll
+ 2006-04-29 14:06 . 2009-09-06 10:28
235168 c:\windows\system32\FNTCACHE.DAT
- 2006-04-29 14:06 . 2009-04-15 16:22235168 c:\windows\system32\FNTCACHE.DAT
+ 2006-01-09 08:08 . 2009-06-29 16:12
133120 c:\windows\system32\extmgr.dll
- 2006-01-09 08:08 . 2009-02-20 18:09133120 c:\windows\system32\extmgr.dll
+ 2006-01-09 08:08 . 2009-06-29 16:12
214528 c:\windows\system32\dxtrans.dll
- 2006-01-09 08:08 . 2009-02-20 18:09214528 c:\windows\system32\dxtrans.dll
+ 2004-08-04 02:00 . 2009-06-29 16:12
347136 c:\windows\system32\dxtmsft.dll
- 2004-08-04 02:00 . 2009-02-20 18:09347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 02:00 . 2009-07-13 07:08
286720 c:\windows\system32\dllcache\wmpdxm.dll
- 2004-08-04 02:00 . 2006-08-17 01:28132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2004-08-04 02:00 . 2009-06-10 06:32
132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2006-01-09 08:08 . 2009-06-29 16:12
827392 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 02:00 . 2009-06-29 16:12
233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-04 02:00 . 2009-02-20 18:09233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-03 19:00 . 2009-06-29 16:12
105984 c:\windows\system32\dllcache\url.dll
- 2004-08-03 19:00 . 2009-02-20 18:09105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 02:00 . 2009-07-29 04:53
119808 c:\windows\system32\dllcache\t2embed.dll
- 2004-08-03 19:00 . 2007-07-09 02:09584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-03 19:00 . 2009-04-15 15:11
584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-04 02:00 . 2009-06-29 16:12
102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 02:00 . 2009-02-20 18:09102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 02:00 . 2009-08-05 09:11
204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2004-08-04 02:00 . 2009-06-05 07:42
655872 c:\windows\system32\dllcache\mstscax.dll
+ 2006-01-09 08:08 . 2009-06-29 16:12
671232 c:\windows\system32\dllcache\mstime.dll
- 2006-01-09 08:08 . 2009-02-20 18:09671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-01-09 08:08 . 2009-06-29 16:12
193024 c:\windows\system32\dllcache\msrating.dll
- 2006-01-09 08:08 . 2009-02-20 18:09193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-01-09 08:08 . 2009-06-29 16:12
477696 c:\windows\system32\dllcache\mshtmled.dll
- 2006-01-09 08:08 . 2009-02-20 18:09477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-10-10 12:55 . 2009-02-20 18:09459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-10-10 12:55 . 2009-06-29 16:12
459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2004-08-04 02:00 . 2009-05-07 15:44
344064 c:\windows\system32\dllcache\localspl.dll
+ 2004-08-04 02:00 . 2009-06-29 08:35
634632 c:\windows\system32\dllcache\iexplore.exe
+ 2007-10-10 12:55 . 2009-06-29 16:12
268288 c:\windows\system32\dllcache\iertutil.dll
- 2007-10-10 12:55 . 2009-02-20 18:09268288 c:\windows\system32\dllcache\iertutil.dll
- 2004-08-04 02:00 . 2009-02-20 18:09385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 02:00 . 2009-06-29 16:12
385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-10-10 12:55 . 2009-06-29 16:12
380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2004-08-04 02:00 . 2009-02-20 05:14161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 02:00 . 2009-06-29 08:33
161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-04 02:00 . 2009-02-20 18:09230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 02:00 . 2009-06-29 16:12
230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 02:00 . 2009-06-29 16:12
153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-04 02:00 . 2009-02-20 18:09153088 c:\windows\system32\dllcache\ieakeng.dll
- 2006-01-09 08:08 . 2009-02-20 18:09133120 c:\windows\system32\dllcache\extmgr.dll
+ 2006-01-09 08:08 . 2009-06-29 16:12
133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-01-09 08:08 . 2009-02-20 18:09214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-01-09 08:08 . 2009-06-29 16:12
214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 02:00 . 2009-06-29 16:12
347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 02:00 . 2009-02-20 18:09347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-03 19:00 . 2009-06-29 16:12
124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-03 19:00 . 2009-02-20 18:09124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 02:00 . 2009-06-29 16:12
124928 c:\windows\system32\advpack.dll
- 2004-08-04 02:00 . 2009-02-20 18:09124928 c:\windows\system32\advpack.dll
+ 2009-09-06 10:26 . 2009-03-03 00:18
826368 c:\windows\ie7updates\KB972260-IE7\wininet.dll
+ 2009-09-06 10:26 . 2009-02-20 18:09
233472 c:\windows\ie7updates\KB972260-IE7\webcheck.dll
+ 2009-09-06 10:26 . 2009-02-20 18:09
105984 c:\windows\ie7updates\KB972260-IE7\url.dll
+ 2009-09-06 10:26 . 2009-05-26 11:40
382840 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll
+ 2009-09-06 10:26 . 2008-07-08 13:02
231288 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe
+ 2009-09-06 10:26 . 2009-02-20 18:09
102912 c:\windows\ie7updates\KB972260-IE7\occache.dll
+ 2009-09-06 10:26 . 2009-02-20 18:09
671232 c:\windows\ie7updates\KB972260-IE7\mstime.dll
+ 2009-09-06 10:26 . 2009-02-20 18:09
193024 c:\windows\ie7updates\KB972260-IE7\msrating.dll
+ 2009-09-06 10:26 . 2009-02-20 18:09
477696 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll
+ 2009-09-06 10:26 . 2009-02-20 18:09
459264 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll
+ 2009-09-06 10:26 . 2009-02-28 04:54
636072 c:\windows\ie7updates\KB972260-IE7\iexplore.exe
+ 2009-09-06 10:26 . 2009-02-20 18:09
268288 c:\windows\ie7updates\KB972260-IE7\iertutil.dll
+ 2009-09-06 10:26 . 2009-02-20 18:09
385024 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll
+ 2009-09-06 10:26 . 2009-02-20 18:09
383488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll
+ 2009-09-06 10:26 . 2009-02-20 05:14
161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll
+ 2009-09-06 10:26 . 2009-02-20 18:09
230400 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll
+ 2009-09-06 10:26 . 2009-02-20 18:09
153088 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll
+ 2009-09-06 10:26 . 2009-02-20 18:09
133120 c:\windows\ie7updates\KB972260-IE7\extmgr.dll
+ 2009-09-06 10:26 . 2009-02-20 18:09
214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll
+ 2009-09-06 10:26 . 2009-02-20 18:09
347136 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll
+ 2009-09-06 10:26 . 2009-02-20 18:09
124928 c:\windows\ie7updates\KB972260-IE7\advpack.dll
+ 2004-08-04 02:00 . 2009-07-13 07:08
5537792 c:\windows\system32\wmp.dll
- 2004-08-04 02:00 . 2007-04-30 05:205537792 c:\windows\system32\wmp.dll
+ 2004-08-04 02:00 . 2009-04-17 09:58
1846656 c:\windows\system32\win32k.sys
+ 2006-01-09 08:08 . 2009-06-29 16:12
1159680 c:\windows\system32\urlmon.dll
+ 2004-08-04 02:00 . 2009-06-03 19:27
1290752 c:\windows\system32\quartz.dll
+ 2006-01-31 15:59 . 2009-07-19 13:33
3597824 c:\windows\system32\mshtml.dll
+ 2007-08-13 15:54 . 2009-07-19 13:33
6067200 c:\windows\system32\ieframe.dll
+ 2007-02-12 13:10 . 2009-06-29 08:33
2452872 c:\windows\system32\ieapfltr.dat
+ 2004-08-04 02:00 . 2009-07-13 07:08
5537792 c:\windows\system32\dllcache\wmp.dll
- 2004-08-04 02:00 . 2007-04-30 05:205537792 c:\windows\system32\dllcache\wmp.dll
+ 2004-08-03 19:00 . 2009-04-17 09:58
1846656 c:\windows\system32\dllcache\win32k.sys
+ 2006-01-09 08:08 . 2009-06-29 16:12
1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 02:00 . 2009-06-03 19:27
1290752 c:\windows\system32\dllcache\quartz.dll
+ 2004-08-04 02:00 . 2009-07-10 13:42
1315328 c:\windows\system32\dllcache\msoe.dll
+ 2006-01-31 15:59 . 2009-07-19 13:33
3597824 c:\windows\system32\dllcache\mshtml.dll
+ 2007-10-10 12:55 . 2009-07-19 13:33
6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2007-06-30 16:31 . 2009-06-29 08:33
2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-09-06 10:26 . 2009-02-20 18:09
1160192 c:\windows\ie7updates\KB972260-IE7\urlmon.dll
+ 2009-09-06 10:26 . 2009-02-20 18:09
3595264 c:\windows\ie7updates\KB972260-IE7\mshtml.dll
+ 2009-09-06 10:26 . 2009-02-20 18:09
6066176 c:\windows\ie7updates\KB972260-IE7\ieframe.dll
+ 2009-09-06 10:26 . 2008-07-09 14:25
2455488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 212992]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-9-19 581693]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"gusvc"=3 (0x3)
"AWService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

S3 UnlockerDriver4;UnlockerDriver4 Driver;c:\program files\Unlocker\UnlockerDriver4.sys [25.07.2005 6:31 3584]
.
.
------- Supplementary Scan -------
.
IE: &Сваляне на всички с FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Сваляне с FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {0287E462-2975-49A3-A896-3A1BF3BC82DF} = 10.28.4.1
FF - ProfilePath - c:\documents and settings\Petia\Application Data\Mozilla\Firefox\Profiles\nbt5h1zi.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-07 02:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3876)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-06 2:16
ComboFix-quarantined-files.txt 2009-09-06 23:16
ComboFix2.txt 2009-09-06 09:04
ComboFix3.txt 2009-09-05 22:17
ComboFix4.txt 2009-09-05 14:14

Pre-Run: 5 848 170 496 bytes free
Post-Run: 5 814 779 904 bytes free

297--- E O F ---2009-09-06 10:27

Malwarebytes' Anti-Malware 1.40

Malwarebytes' Anti-Malware 1.40
Database version: 2749
Windows 5.1.2600 Service Pack 2

07.09.2009 3:13:03
mbam-log-2009-09-07 (03-13-03).txt

Scan type: Quick Scan
Objects scanned: 115971
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\00774218 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\00785046 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\00774218\pc00774218ins (Rogue.Multiple) -> Quarantined and deleted successfully.

regbor · Септември 7, 2009

Хиляди благодарности b-boy!!!

Oправихме системата и вече имам антивирусна...!

Оставям на теб да кажеш какъв тип бяха вирусите.

Още веднъж - БЛАГОДАРЯ!

Влез

Невъзможност да се качи антивирусен продукт ?!?

Препоръчан пост

B-boy/StyLe/

Link to comment

Сподели другаде

draco_volans

Link to comment

Сподели другаде

regbor

Link to comment

Сподели другаде

B-boy/StyLe/

Link to comment

Сподели другаде

B-boy/StyLe/

Link to comment

Сподели другаде

regbor

Link to comment

Сподели другаде

B-boy/StyLe/

Link to comment

Сподели другаде

regbor

Link to comment

Сподели другаде

B-boy/StyLe/

Link to comment

Сподели другаде

B-boy/StyLe/

Link to comment

Сподели другаде

regbor

Link to comment

Сподели другаде

Join the conversation

Разгледай

Какво ново?