вирус rootkit и malware

[albena]

ot два дни ми пиука за вируса win 32 malware i rootkit az gi pra6tam v kletkata i vse ne6to mi blokira kakvo da pravq

[sergo_k]

ot два дни ми пиука за вируса win 32 malware i rootkit az gi pra6tam v kletkata i vse ne6to mi blokira kakvo da pravq

Дай малко по-подробно и смислено обяснение. Какво ти блокира ?

[albena]

zna4i ......izliza mi ikona error win32.....i ponejh da razbera ostanaloto poneje be6e na angliiski,ima6e na kraq dva otgovora:ediniq be6e popitai internet dostav4ika a drugiq be6e :ne predpriemai ni6to.Parviq p1t ne predprieh ni6to i sled tova vidqh v kontroloniq panel 4e trite mi za6titni steni ne rabotqt restartirah i se opraviha.posle pak mi izleze tova i re6ih da natisna drugiq otgovor i pak sa6toto sas za6titnite steni.POMISLIH 4E IMAM VIRUS SKANIRAH I OTKRIH dva ediniq be6e rootkit a drugiq malware premestih gi v kletkata,poopravi se za 4as dva i posle pak mi izleze taq ikona i taka 6 pati.Zapo4na po bavno da mi raboti komputara,za dnes ne se e povtarqlo,no ve4e mnogo se pritesnqvam ot tova,po4ti sam ubedena 4e e ot virusite.6te moje6 li da mi dade6 savet kakvo da napravq s tqh,te sa v kletkata,no....izglejda tova ne pomaga.BLAGODARQ TI PREDVARITELNO

[sergo_k]

Изтегли Malware Bytes AntiMalware http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

Пусни бързо сканиране и ако открие нещо го изтрии
После ако пак излиза съобщението пусни един скрииншот да го видим !

P.S. Пиши на кирилица, моля

[albena]

благодаря ти много :Dако има някакав проблем отново пак ще пиша

[vendo29]

аз имам горе долу същия проблем на едно и също място ми показва че имам rootkit пускам предстартова трие го и пак се появява после. наскоро ми преинсталираха уиндоуса и тогава се появи.  същто така когато се свържа в нета в един момент ми дава aplication error и нета заспива и трябва да му дам рестарт

[Maniac]

Здравейте!

1) Изтеглете ComboFix от: тук
2) Запазете го на работния си плот (десктоп).
3) Кликнете с десния бутон върху иконата на ESET NOD32 Antivirus в долния десен ъгъл (системен трей) и изберете Disable real-time file system protection.
4) Кликнете два пъти върху combofix.exe
5) ComboFix ще започне да сканира вашата система, докато трае сканирането не барайте нищо. Накрая ще се рестартира компютъра Ви.
6) След рестарта изчакайте да завърши сканирането на ComboFix и да генерира лог файл. Когато сканирането завърши ще Ви изскочи Notepad, копирайте съдържанието му и го публикувайте в следващия си пост тук. Ако не Ви изскочи, влезте в C:\ и намерете файл с името combofix.txt . Отворете го, копирайте съдържанието му и го публикувайте тук.

[vendo29]

ComboFix 09-06-06.03 - Veseto 06.2009 г. 11:12.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1251.359.1033.18.2047.1547 [GMT 3:00]
Running from: d:\download\soft\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090606-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Veseto\Application Data\BITS
c:\documents and settings\Veseto\Application Data\BITS\BITS.ini
c:\documents and settings\Veseto\Application Data\BITS\DHTTable.dat
c:\documents and settings\Veseto\Application Data\BITS\ProxyList.ini
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090421182941.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090421182941.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090421182941.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090421182941.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090421182941.torrent.seeds
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090423165359.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090423165359.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090423165359.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090423172644.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090423172644.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090423172644.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090423172644.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090423203242.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090423203242.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090423203242.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090423203242.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090423210633.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090423210633.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090423210633.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090423210633.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090425162201.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090425162201.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090425162201.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090425162201.torrent.seeds
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090425162745.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090425162745.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090425162745.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090426210327.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090426210327.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090426210327.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090429193420.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090429193420.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090429193420.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090501194416.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090501194416.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090501194416.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090501205356.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090501205356.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090501205356.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090501205356.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090501211519.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090501211519.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090501211519.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090501211519.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090504104333.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090504104333.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090504104333.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090505225022.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090505225022.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090505225022.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090505225022.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090505225022.torrent.seeds
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090505232128.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090505232128.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090505232128.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090505232128.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090506094929.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090506094929.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090506094929.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090506094929.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090506100644.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090506100644.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090506100644.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090510220600.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090510220600.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090510220600.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090510220600.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090511112051.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090511112051.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090511112051.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090511163003.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090511163003.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090511163003.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090513145241.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090513145241.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090513145241.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090513145241.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090514132453.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090514132453.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090514132453.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090514132453.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090514132749.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090514132749.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090514132749.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090514132749.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090515005036.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090515005036.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090515005036.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090515224121.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090515224121.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090515224121.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090515224121.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090516231853.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090516231853.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090516231853.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090516231853.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090517102334.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090517102334.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090517102334.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090517102334.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090518095037.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090518095037.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090518095037.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090518095037.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090518100502.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090518100502.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090518100502.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090518100502.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090518100502.torrent.seeds
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090519145424.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090519145424.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090519145424.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090519145424.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090519150201.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090519150201.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090519150201.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090519201725.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090519201725.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090519201725.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090519201725.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090521195922.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090521195922.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090521195922.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090521195922.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090522235653.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090522235653.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090522235653.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090522235653.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090523083354.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090523083354.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090523083354.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090525093657.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090525093657.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090525093657.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090525093657.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090525104353.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090525104353.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090525104353.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090525104353.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090526184743.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090526184743.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090526184743.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090526184743.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090527220700.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090527220700.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090527220700.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090527220700.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090528091441.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090528091441.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090528091441.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090528091626.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090528091626.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090528091626.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090528091626.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090528091731.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090528091731.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090528091731.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090528091731.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090529171406.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090529171406.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090529171406.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090529171406.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090529172621.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090529172621.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090529172621.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090529172621.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090531081819.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090531081819.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090531081819.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090531081819.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090601120412.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090601120412.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090601120412.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090601120412.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090602125811.torrent
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090602125811.torrent.bits
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090602125811.torrent.filelist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090602125811.torrent.hybridlist
c:\documents and settings\Veseto\Application Data\BITS\Torrent\20090602125811.torrent.seeds
c:\program files\FlashGet Network
c:\windows\system32\msupdte.exe
c:\windows\system32\wr47655.dll
c:\windows\system32\wr71135.dll
c:\windows\system32\xa145625.exe
c:\windows\system32\xa145812.exe
c:\windows\system32\xa194750.exe
c:\windows\system32\xa194921.exe
c:\windows\system32\xa197265.exe
c:\windows\system32\xa197453.exe
c:\windows\system32\xa252709531.exe
c:\windows\system32\xa252709718.exe
c:\windows\system32\xa252740796.exe
c:\windows\system32\xa252740984.exe
c:\windows\system32\xa252979062.exe
c:\windows\system32\xa252979250.exe
c:\windows\system32\xa253005312.exe
c:\windows\system32\xa253005500.exe
c:\windows\system32\xa253054968.exe
c:\windows\system32\xa253055156.exe
c:\windows\system32\xa253160078.exe
c:\windows\system32\xa253160265.exe
c:\windows\system32\xa253169250.exe
c:\windows\system32\xa253169437.exe
c:\windows\system32\xa256828.exe
c:\windows\system32\xa257015.exe
c:\windows\system32\xa258639625.exe
c:\windows\system32\xa258639812.exe
c:\windows\system32\xa258682437.exe
c:\windows\system32\xa258682625.exe
c:\windows\system32\xa258729875.exe
c:\windows\system32\xa258730062.exe
c:\windows\system32\xa258769718.exe
c:\windows\system32\xa258769906.exe
c:\windows\system32\xa258831750.exe
c:\windows\system32\xa258831937.exe
c:\windows\system32\xwr47655.dll
c:\windows\system32\xwr71135.dll

[vendo29]

(((((((((((((((((((((((((   Files Created from 2009-05-07 to 2009-06-07  )))))))))))))))))))))))))))))))
.

2009-06-05 13:05 . 2009-06-05 13:05   --------   d-----w-   c:\documents and settings\Veseto\Local Settings\Application Data\Help
2009-06-05 13:05 . 2009-06-05 13:05   --------   d-----w-   c:\windows\LastGood
2009-06-05 13:04 . 2009-06-05 13:04   --------   d-----w-   c:\program files\The Digital Village
2009-06-05 12:45 . 2009-06-05 12:45   153544   ----a-w-   c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-05 12:45 . 2009-06-05 12:45   --------   d-----w-   c:\program files\MSBuild
2009-06-05 12:45 . 2009-06-05 12:45   --------   d-----w-   c:\windows\system32\XPSViewer
2009-06-05 12:45 . 2009-06-05 12:45   --------   d-----w-   c:\program files\Reference Assemblies
2009-06-05 12:44 . 2006-06-29 10:07   14048   ------w-   c:\windows\system32\spmsg2.dll
2009-06-05 12:42 . 2009-06-05 12:42   --------   d-----w-   c:\program files\MSXML 6.0
2009-06-05 12:39 . 2009-06-05 13:01   --------   d-----w-   c:\program files\Kalypso
2009-06-04 07:45 . 2009-06-04 07:46   --------   d-----w-   c:\documents and settings\All Users\Application Data\cupcakecafe
2009-06-04 07:45 . 2009-06-04 07:45   --------   d-----w-   c:\program files\Jessica's Cupcake Cafe
2009-06-02 10:10 . 2009-06-07 08:09   --------   d-----w-   c:\program files\FlashGet
2009-06-01 18:29 . 2009-06-01 18:29   --------   d-----w-   c:\documents and settings\Veseto\Application Data\Malwarebytes
2009-06-01 18:29 . 2009-05-26 10:20   40160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-01 18:29 . 2009-06-01 18:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-01 18:29 . 2009-06-01 18:29   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-06-01 18:29 . 2009-05-26 10:19   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-05-31 05:20 . 2009-05-31 05:20   --------   d-----w-   c:\documents and settings\Veseto\Application Data\YoudaGames
2009-05-29 08:35 . 2009-05-29 08:35   21504   ----a-w-   c:\documents and settings\All Users\Application Data\3rd Eye Solutions\jestertb.dll
2009-05-29 08:35 . 2009-05-29 08:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\3rd Eye Solutions
2009-05-28 06:46 . 2009-05-28 06:46   --------   d-----w-   c:\documents and settings\Veseto\Application Data\IronCode
2009-05-28 06:46 . 2009-05-28 06:46   --------   d-----w-   c:\program files\Pahelika - Secret Legends
2009-05-28 06:46 . 2009-05-28 06:46   --------   d-----w-   c:\windows\Pahelika - Secret Legends
2009-05-28 06:29 . 2009-05-29 08:35   --------   d-----w-   c:\program files\Games
2009-05-27 12:03 . 2009-05-27 12:03   --------   d-----w-   c:\documents and settings\Veseto\Application Data\Artogon
2009-05-27 12:03 . 2009-05-27 12:03   --------   d-----w-   C:\games
2009-05-25 07:52 . 2009-05-26 13:37   --------   d-----w-   c:\program files\Supermarket Management
2009-05-25 07:52 . 2009-05-25 07:52   --------   d-----w-   c:\windows\Supermarket Management
2009-05-23 05:55 . 2009-05-23 05:55   --------   d-----w-   c:\windows\Tahiti Hidden Pearl
2009-05-19 12:19 . 2009-05-19 12:19   --------   d-----w-   c:\documents and settings\Veseto\Application Data\Enchanted Katya
2009-05-19 12:19 . 2009-05-19 12:19   --------   d-----w-   c:\program files\Enchanted Katya - Mystery of the Lost Wizard
2009-05-18 06:59 . 2009-05-18 06:59   --------   d-----w-   c:\documents and settings\Veseto\Application Data\PlayFirst
2009-05-18 06:59 . 2009-05-18 06:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\PlayFirst
2009-05-14 21:51 . 2009-06-02 09:54   --------   d-----w-   c:\program files\BS_Player
2009-05-14 21:51 . 2009-06-02 09:54   --------   d-----w-   c:\documents and settings\Veseto\Local Settings\Application Data\BS_Player
2009-05-14 21:51 . 2009-05-14 21:51   --------   d-----w-   c:\program files\Conduit
2009-05-14 21:51 . 2009-05-14 21:51   --------   d-----w-   c:\documents and settings\Veseto\Local Settings\Application Data\Conduit
2009-05-14 21:51 . 2009-05-27 07:08   --------   d-----w-   c:\documents and settings\Veseto\Application Data\BSplayer
2009-05-14 21:51 . 2009-05-14 21:51   --------   d-----w-   c:\documents and settings\Veseto\Application Data\BSplayer Pro
2009-05-14 21:51 . 2009-05-14 21:51   --------   d-----w-   c:\program files\Webteh
2009-05-13 11:57 . 2009-05-31 08:36   --------   d-----w-   c:\program files\Shopping Blocks
2009-05-11 13:34 . 2009-05-11 13:34   --------   d-----w-   c:\documents and settings\Veseto\Application Data\Bigfish 3 Days Zoo Mystery
2009-05-10 11:58 . 2009-05-10 11:58   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 12:50 . 2009-04-21 13:35   64696   ----a-w-   c:\documents and settings\Veseto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 12:16 . 2009-04-21 14:25   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2009-06-02 10:02 . 2009-04-21 14:36   --------   d-----w-   c:\program files\InCode Solutions
2009-06-02 10:00 . 2009-04-21 14:50   --------   d-----w-   c:\program files\Opera
2009-06-01 18:09 . 2009-04-21 14:37   --------   d-----w-   c:\documents and settings\Veseto\Application Data\SUPERAntiSpyware.com
2009-06-01 18:09 . 2009-04-21 14:37   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-05-31 17:26 . 2009-04-21 14:46   --------   d-----w-   c:\documents and settings\Veseto\Application Data\Skype
2009-05-31 17:04 . 2009-04-21 14:48   --------   d-----w-   c:\documents and settings\Veseto\Application Data\skypePM
2009-04-28 20:27 . 2009-04-28 20:27   --------   d-----w-   c:\program files\Favorite-Games
2009-04-26 18:21 . 2009-04-25 14:00   --------   d-----w-   c:\program files\Wild Tribe
2009-04-25 14:00 . 2009-04-25 14:00   --------   d-----w-   c:\documents and settings\Veseto\Application Data\TikGames
2009-04-25 14:00 . 2009-04-25 14:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\TikGames
2009-04-25 13:50 . 2009-04-25 13:49   --------   d-----w-   c:\program files\Plan It Green
2009-04-25 13:18 . 2009-04-25 13:18   --------   d-----w-   c:\documents and settings\Veseto\Application Data\Anabel
2009-04-23 14:14 . 2009-04-21 14:03   --------   d-----w-   c:\program files\Common Files\Adobe
2009-04-23 14:14 . 2009-04-23 14:14   --------   d-----w-   c:\program files\3DO
2009-04-23 13:49 . 2009-04-21 14:30   --------   d-----w-   c:\program files\Unlocker
2009-04-23 13:34 . 2009-04-21 14:08   --------   d-----w-   c:\documents and settings\Veseto\Application Data\Ahead
2009-04-21 17:58 . 2009-04-21 17:58   --------   d-----w-   c:\documents and settings\Veseto\Application Data\Skunk Studios
2009-04-21 17:57 . 2009-04-21 17:57   4096   ----a-w-   c:\windows\d3dx.dat
2009-04-21 16:04 . 2009-04-21 16:04   --------   d-----w-   c:\program files\directx
2009-04-21 16:02 . 2009-04-21 16:01   --------   d-----w-   c:\program files\DAEMON Tools Lite
2009-04-21 15:58 . 2009-04-21 15:58   717296   ----a-w-   c:\windows\system32\drivers\sptd.sys
2009-04-21 15:58 . 2009-04-21 15:58   --------   d-----w-   c:\documents and settings\Veseto\Application Data\DAEMON Tools
2009-04-21 15:52 . 2009-04-21 15:52   --------   d-----w-   c:\documents and settings\Veseto\Application Data\ShinyTales
2009-04-21 14:48 . 2009-04-21 14:48   56   ---ha-w-   c:\windows\system32\ezsidmv.dat
2009-04-21 14:45 . 2009-04-21 14:45   --------   d-----w-   c:\program files\Skype
2009-04-21 14:45 . 2009-04-21 14:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype
2009-04-21 14:45 . 2009-04-21 14:45   --------   d-----w-   c:\program files\Common Files\Skype
2009-04-21 14:37 . 2009-04-21 14:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-21 14:36 . 2009-04-21 14:36   --------   d-----w-   c:\program files\Alwil Software
2009-04-21 14:34 . 2009-04-21 14:31   --------   d-----w-   c:\program files\Winamp
2009-04-21 14:31 . 2009-04-21 14:30   --------   d-----w-   c:\program files\The KMPlayer
2009-04-21 14:30 . 2009-04-21 14:30   --------   d-----w-   c:\program files\Mv2Player
2009-04-21 14:28 . 2009-04-21 14:28   --------   d-----w-   c:\program files\K-Lite Codec Pack
2009-04-21 14:26 . 2009-04-21 14:25   --------   d-----w-   c:\program files\Your Uninstaller 2008
2009-04-21 14:25 . 2009-04-21 14:25   --------   d-----w-   c:\documents and settings\Veseto\Application Data\URSoft
2009-04-21 14:24 . 2009-04-21 14:24   --------   d-----w-   c:\program files\CCleaner
2009-04-21 14:17 . 2009-04-21 14:17   --------   d-----w-   c:\program files\Lavalys
2009-04-21 14:15 . 2009-04-21 14:15   --------   d-----w-   c:\program files\SkyCode
2009-04-21 14:15 . 2009-04-21 13:29   89783   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-21 14:09 . 2009-04-21 14:07   --------   d-----w-   c:\program files\Common Files\Ahead
2009-04-21 14:09 . 2009-04-21 14:07   --------   d-----w-   c:\program files\Nero
2009-04-21 14:07 . 2009-04-21 14:07   --------   d-----w-   c:\program files\PowerArchiver
2009-04-21 14:05 . 2009-04-21 14:05   --------   d-----w-   c:\program files\Microsoft Works
2009-04-21 14:05 . 2009-04-21 14:05   --------   d-----w-   c:\program files\Microsoft.NET
2009-04-21 14:01 . 2009-04-21 14:01   --------   d-----w-   c:\program files\Alcohol Soft
2009-04-21 13:56 . 2009-04-21 13:56   --------   d-----w-   c:\documents and settings\Veseto\Application Data\ATI
2009-04-21 13:56 . 2009-04-21 13:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\ATI
2009-04-21 13:54 . 2009-04-21 13:40   --------   d-----w-   c:\program files\ATI Technologies
2009-04-21 13:53 . 2009-04-21 13:40   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-04-21 13:52 . 2009-04-21 13:40   --------   d-----w-   c:\program files\Common Files\InstallShield
2009-04-21 13:52 . 2009-04-21 13:52   9158   ----a-r-   c:\documents and settings\Veseto\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-04-21 13:52 . 2009-04-21 13:52   --------   d-----w-   c:\program files\Common Files\ATI Technologies
2009-04-21 13:45 . 2009-04-21 13:41   --------   d-----w-   c:\program files\Realtek
2009-04-21 13:40 . 2009-04-21 13:40   315392   ----a-w-   c:\windows\HideWin.exe
2009-04-21 13:30 . 2009-04-21 13:30   --------   d-----w-   c:\program files\microsoft frontpage
2009-04-21 13:27 . 2009-04-21 13:27   21640   ----a-w-   c:\windows\system32\emptyregdb.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-06-02 09:56   2094616   ----a-w-   c:\program files\BS_Player\tbBS_1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-02-26 16125440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2009-4-21 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9132:TCP"= 9132:TCP:ktohy

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.4.2009 і. 17:36 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.4.2009 і. 17:36 20560]
S2 asjuout;Monitor Support;c:\windows\system32\svchost.exe -k netsvcs [04.8.2004 і. 02:56 14336]
S3 esihdrv;esihdrv;\??\c:\docume~1\Veseto\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\Veseto\LOCALS~1\Temp\esihdrv.sys [?]
S3 FXDrv32;FXDrv32;\??\h:\fxdrv32.sys --> h:\FXDrv32.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
asjuout
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Microsoft WinUpdate - c:\windows\system32\msupdte.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.bg/
uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Е&кспортирай в Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {C927C457-E28F-4994-B6F4-342CB778666B} = 212.7.196.6 212.7.196.3
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-07 11:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)?0???@??

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asjuout]
"ServiceDll"="c:\windows\system32\hbccoi.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-07 11:14
ComboFix-quarantined-files.txt  2009-06-07 08:14

Pre-Run: 2 024 787 968 bytes free
Post-Run: 2 265 772 032 bytes free

413

[Maniac]

Отворете Notepad и чрез copy/paste поставете следното:

Код: [Маркирай кода]

KillAll::

Driver::
ktohy
asjuout
esihdrv
FXDrv32

File::
c:\windows\d3dx.dat

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9132:TCP"=-
Запазете файла с името CFScript.txt и го поставете върху ComboFix.



След, като програмата приключи ще Ви изведе лог файла. Чрез Copy/Paste поставете информацията тук.

[vendo29]

davami tova were you trying to run CFScript?the name CFScript appears to be incorrectly spelt

[vendo29]

ComboFix 09-06-06.04 - Veseto 06.2009 г. 18:54.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1251.359.1033.18.2047.1596 [GMT 3:00]
Running from: d:\download\soft\ComboFix.exe
Command switches used :: c:\documents and settings\Veseto\Desktop\CFScript.txt.txt
AV: avast! antivirus 4.8.1335 [VPS 090606-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\d3dx.dat"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\d3dx.dat

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASJUOUT
-------\Legacy_ESIHDRV
-------\Legacy_FXDRV32
-------\Service_asjuout
-------\Service_esihdrv
-------\Service_FXDrv32


(((((((((((((((((((((((((   Files Created from 2009-05-07 to 2009-06-07  )))))))))))))))))))))))))))))))
.

2009-06-05 13:05 . 2009-06-05 13:05   --------   d-----w-   c:\documents and settings\Veseto\Local Settings\Application Data\Help
2009-06-05 13:04 . 2009-06-05 13:04   --------   d-----w-   c:\program files\The Digital Village
2009-06-05 12:45 . 2009-06-05 12:45   153544   ----a-w-   c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-05 12:45 . 2009-06-05 12:45   --------   d-----w-   c:\program files\MSBuild
2009-06-05 12:45 . 2009-06-05 12:45   --------   d-----w-   c:\windows\system32\XPSViewer
2009-06-05 12:45 . 2009-06-05 12:45   --------   d-----w-   c:\program files\Reference Assemblies
2009-06-05 12:44 . 2006-06-29 10:07   14048   ------w-   c:\windows\system32\spmsg2.dll
2009-06-05 12:42 . 2009-06-05 12:42   --------   d-----w-   c:\program files\MSXML 6.0
2009-06-05 12:39 . 2009-06-05 13:01   --------   d-----w-   c:\program files\Kalypso
2009-06-04 07:45 . 2009-06-04 07:46   --------   d-----w-   c:\documents and settings\All Users\Application Data\cupcakecafe
2009-06-04 07:45 . 2009-06-04 07:45   --------   d-----w-   c:\program files\Jessica's Cupcake Cafe
2009-06-02 10:10 . 2009-06-07 15:46   --------   d-----w-   c:\program files\FlashGet
2009-06-01 18:29 . 2009-06-01 18:29   --------   d-----w-   c:\documents and settings\Veseto\Application Data\Malwarebytes
2009-06-01 18:29 . 2009-05-26 10:20   40160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-01 18:29 . 2009-06-01 18:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-01 18:29 . 2009-06-01 18:29   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-06-01 18:29 . 2009-05-26 10:19   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-05-31 05:20 . 2009-05-31 05:20   --------   d-----w-   c:\documents and settings\Veseto\Application Data\YoudaGames
2009-05-29 08:35 . 2009-05-29 08:35   21504   ----a-w-   c:\documents and settings\All Users\Application Data\3rd Eye Solutions\jestertb.dll
2009-05-29 08:35 . 2009-05-29 08:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\3rd Eye Solutions
2009-05-28 06:46 . 2009-05-28 06:46   --------   d-----w-   c:\documents and settings\Veseto\Application Data\IronCode
2009-05-28 06:46 . 2009-06-07 08:41   --------   d-----w-   c:\program files\Pahelika - Secret Legends
2009-05-28 06:46 . 2009-05-28 06:46   --------   d-----w-   c:\windows\Pahelika - Secret Legends
2009-05-28 06:29 . 2009-06-07 08:41   --------   d-----w-   c:\program files\Games
2009-05-27 12:03 . 2009-05-27 12:03   --------   d-----w-   c:\documents and settings\Veseto\Application Data\Artogon
2009-05-27 12:03 . 2009-05-27 12:03   --------   d-----w-   C:\games
2009-05-25 07:52 . 2009-05-26 13:37   --------   d-----w-   c:\program files\Supermarket Management
2009-05-25 07:52 . 2009-05-25 07:52   --------   d-----w-   c:\windows\Supermarket Management
2009-05-23 05:55 . 2009-05-23 05:55   --------   d-----w-   c:\windows\Tahiti Hidden Pearl
2009-05-19 12:19 . 2009-05-19 12:19   --------   d-----w-   c:\documents and settings\Veseto\Application Data\Enchanted Katya
2009-05-18 06:59 . 2009-05-18 06:59   --------   d-----w-   c:\documents and settings\Veseto\Application Data\PlayFirst
2009-05-18 06:59 . 2009-05-18 06:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\PlayFirst
2009-05-14 21:51 . 2009-06-02 09:54   --------   d-----w-   c:\program files\BS_Player
2009-05-14 21:51 . 2009-06-02 09:54   --------   d-----w-   c:\documents and settings\Veseto\Local Settings\Application Data\BS_Player
2009-05-14 21:51 . 2009-05-14 21:51   --------   d-----w-   c:\program files\Conduit
2009-05-14 21:51 . 2009-05-14 21:51   --------   d-----w-   c:\documents and settings\Veseto\Local Settings\Application Data\Conduit
2009-05-14 21:51 . 2009-05-27 07:08   --------   d-----w-   c:\documents and settings\Veseto\Application Data\BSplayer
2009-05-14 21:51 . 2009-05-14 21:51   --------   d-----w-   c:\documents and settings\Veseto\Application Data\BSplayer Pro
2009-05-14 21:51 . 2009-05-14 21:51   --------   d-----w-   c:\program files\Webteh
2009-05-13 11:57 . 2009-05-31 08:36   --------   d-----w-   c:\program files\Shopping Blocks
2009-05-11 13:34 . 2009-05-11 13:34   --------   d-----w-   c:\documents and settings\Veseto\Application Data\Bigfish 3 Days Zoo Mystery
2009-05-10 11:58 . 2009-05-10 11:58   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 14:35 . 2009-04-21 14:46   --------   d-----w-   c:\documents and settings\Veseto\Application Data\Skype
2009-06-07 13:12 . 2009-04-21 14:48   --------   d-----w-   c:\documents and settings\Veseto\Application Data\skypePM
2009-06-07 08:39 . 2009-04-21 14:25   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2009-06-05 12:50 . 2009-04-21 13:35   64696   ----a-w-   c:\documents and settings\Veseto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-02 10:02 . 2009-04-21 14:36   --------   d-----w-   c:\program files\InCode Solutions
2009-06-02 10:00 . 2009-04-21 14:50   --------   d-----w-   c:\program files\Opera
2009-06-01 18:09 . 2009-04-21 14:37   --------   d-----w-   c:\documents and settings\Veseto\Application Data\SUPERAntiSpyware.com
2009-06-01 18:09 . 2009-04-21 14:37   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-04-28 20:27 . 2009-04-28 20:27   --------   d-----w-   c:\program files\Favorite-Games
2009-04-26 18:21 . 2009-04-25 14:00   --------   d-----w-   c:\program files\Wild Tribe
2009-04-25 14:00 . 2009-04-25 14:00   --------   d-----w-   c:\documents and settings\Veseto\Application Data\TikGames
2009-04-25 14:00 . 2009-04-25 14:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\TikGames
2009-04-25 13:50 . 2009-04-25 13:49   --------   d-----w-   c:\program files\Plan It Green
2009-04-25 13:18 . 2009-04-25 13:18   --------   d-----w-   c:\documents and settings\Veseto\Application Data\Anabel
2009-04-23 14:14 . 2009-04-21 14:03   --------   d-----w-   c:\program files\Common Files\Adobe
2009-04-23 14:14 . 2009-04-23 14:14   --------   d-----w-   c:\program files\3DO
2009-04-23 13:49 . 2009-04-21 14:30   --------   d-----w-   c:\program files\Unlocker
2009-04-23 13:34 . 2009-04-21 14:08   --------   d-----w-   c:\documents and settings\Veseto\Application Data\Ahead
2009-04-21 17:58 . 2009-04-21 17:58   --------   d-----w-   c:\documents and settings\Veseto\Application Data\Skunk Studios
2009-04-21 16:04 . 2009-04-21 16:04   --------   d-----w-   c:\program files\directx
2009-04-21 16:02 . 2009-04-21 16:01   --------   d-----w-   c:\program files\DAEMON Tools Lite
2009-04-21 15:58 . 2009-04-21 15:58   717296   ----a-w-   c:\windows\system32\drivers\sptd.sys
2009-04-21 15:58 . 2009-04-21 15:58   --------   d-----w-   c:\documents and settings\Veseto\Application Data\DAEMON Tools
2009-04-21 15:52 . 2009-04-21 15:52   --------   d-----w-   c:\documents and settings\Veseto\Application Data\ShinyTales
2009-04-21 14:48 . 2009-04-21 14:48   56   ---ha-w-   c:\windows\system32\ezsidmv.dat
2009-04-21 14:45 . 2009-04-21 14:45   --------   d-----w-   c:\program files\Skype
2009-04-21 14:45 . 2009-04-21 14:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype
2009-04-21 14:45 . 2009-04-21 14:45   --------   d-----w-   c:\program files\Common Files\Skype
2009-04-21 14:37 . 2009-04-21 14:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-21 14:36 . 2009-04-21 14:36   --------   d-----w-   c:\program files\Alwil Software
2009-04-21 14:34 . 2009-04-21 14:31   --------   d-----w-   c:\program files\Winamp
2009-04-21 14:31 . 2009-04-21 14:30   --------   d-----w-   c:\program files\The KMPlayer
2009-04-21 14:30 . 2009-04-21 14:30   --------   d-----w-   c:\program files\Mv2Player
2009-04-21 14:28 . 2009-04-21 14:28   --------   d-----w-   c:\program files\K-Lite Codec Pack
2009-04-21 14:26 . 2009-04-21 14:25   --------   d-----w-   c:\program files\Your Uninstaller 2008
2009-04-21 14:25 . 2009-04-21 14:25   --------   d-----w-   c:\documents and settings\Veseto\Application Data\URSoft
2009-04-21 14:24 . 2009-04-21 14:24   --------   d-----w-   c:\program files\CCleaner
2009-04-21 14:17 . 2009-04-21 14:17   --------   d-----w-   c:\program files\Lavalys
2009-04-21 14:15 . 2009-04-21 14:15   --------   d-----w-   c:\program files\SkyCode
2009-04-21 14:15 . 2009-04-21 13:29   89783   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-21 14:09 . 2009-04-21 14:07   --------   d-----w-   c:\program files\Common Files\Ahead
2009-04-21 14:09 . 2009-04-21 14:07   --------   d-----w-   c:\program files\Nero
2009-04-21 14:07 . 2009-04-21 14:07   --------   d-----w-   c:\program files\PowerArchiver
2009-04-21 14:05 . 2009-04-21 14:05   --------   d-----w-   c:\program files\Microsoft Works
2009-04-21 14:05 . 2009-04-21 14:05   --------   d-----w-   c:\program files\Microsoft.NET
2009-04-21 14:01 . 2009-04-21 14:01   --------   d-----w-   c:\program files\Alcohol Soft
2009-04-21 13:56 . 2009-04-21 13:56   --------   d-----w-   c:\documents and settings\Veseto\Application Data\ATI
2009-04-21 13:56 . 2009-04-21 13:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\ATI
2009-04-21 13:54 . 2009-04-21 13:40   --------   d-----w-   c:\program files\ATI Technologies
2009-04-21 13:53 . 2009-04-21 13:40   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-04-21 13:52 . 2009-04-21 13:40   --------   d-----w-   c:\program files\Common Files\InstallShield
2009-04-21 13:52 . 2009-04-21 13:52   9158   ----a-r-   c:\documents and settings\Veseto\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-04-21 13:52 . 2009-04-21 13:52   --------   d-----w-   c:\program files\Common Files\ATI Technologies
2009-04-21 13:45 . 2009-04-21 13:41   --------   d-----w-   c:\program files\Realtek
2009-04-21 13:40 . 2009-04-21 13:40   315392   ----a-w-   c:\windows\HideWin.exe
2009-04-21 13:30 . 2009-04-21 13:30   --------   d-----w-   c:\program files\microsoft frontpage
2009-04-21 13:27 . 2009-04-21 13:27   21640   ----a-w-   c:\windows\system32\emptyregdb.dat
.

(((((((((((((((((((((((((((((   SnapShot@2009-06-07_08.13.59   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-07 15:56 . 2009-06-07 15:56   16384              c:\windows\Temp\Perflib_Perfdata_4d4.dat
+ 2009-06-07 11:45 . 2009-06-07 11:45   16384              c:\windows\Temp\Perflib_Perfdata_4cc.dat
- 2009-06-05 09:48 . 2009-06-05 09:48   16384              c:\windows\Temp\Perflib_Perfdata_4cc.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-06-02 09:56   2094616   ----a-w-   c:\program files\BS_Player\tbBS_1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-02-26 16125440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2009-4-21 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.4.2009 і. 17:36 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.4.2009 і. 17:36 20560]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.bg/
uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Е&кспортирай в Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {C927C457-E28F-4994-B6F4-342CB778666B} = 212.7.196.6 212.7.196.3
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-07 18:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)?0???@??

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3236)
c:\program files\FlashGet\fgmgr.dll
c:\windows\system32\newdll.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-07 18:59 - machine was rebooted
ComboFix-quarantined-files.txt  2009-06-07 15:59
ComboFix2.txt  2009-06-07 15:10
ComboFix3.txt  2009-06-07 08:14

Pre-Run: 4 005 453 824 bytes free
Post-Run: 3 931 500 544 bytes free

219

[Maniac]

Моля, архивирайте папката Qoobox, която се намира в C:\ , прикачете я в http://www.4storing.com и публикувайте линка за изтегляне тук и пишете как е положението с вашия компютър сега?