Премини към съдържанието
Форумът в приложение

По-лесно сърфиране. Научи повече.
Kaldata.com - Форуми

Приложение на форума на цял екран с push известия, значки и други.

За да инсталирате това приложение на iOS и iPadOS
  1. Докоснете Иконата за споделяне в Safari
  2. Превъртете менюто и докоснете Добавяне към началния екран.
  3. Докоснете Добавяне в горния десен ъгъл.
За да инсталирате това приложение на Android
  1. Докоснете менюто с 3 точки (⋮) в горния десен ъгъл на браузъра.
  2. Докоснете Добавяне към началния екран или Инсталиране на приложение.
  3. Потвърдете, като докоснете Инсталиране.
Добави Kaldata.com в предпочитани източници в Google

Добре дошли!

Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

 

Помощ за откриване и премахване на вируси, троянски коне и..

koba
в Сигурност и антивирусна защита

Featured Replies

Имаш две антивирусни в реално време!

Деинсталирай една от двете и сканирай отново!

кои са те? имам анти-малуер, но тя не е в реално време :) имам само авира cool.gif

  • Отговори 2,6k
  • Прегледи 169,5k
  • Създадено
  • Последен отговор

Потребители с най-много отговори

Популярни дни

Най-популярни публикации

  • Maniac
    Maniac

    Логът вече беше искан, чети преди да пишеш. От HiJackThis, можеш да получиш само най-основната информация. Освен това ComboFix в случая е подходящ, затова вземи да прочетеш нещичко.

  • Maniac
    Maniac

    Avira те е почистила много добре. Вече може да се каже, че си чист. Браво на B-Boy

  • SilentScream
    SilentScream

    Благодаря б-бой :Р Сложих и WoT

Публикувани изображения

Колегата е прав. Виж съдържанието на следните две папки:

C:\Program Files\Avira\AntiVir PersonalEdition Premium\

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\

Това какво е? :) Предлагам ти да деинсталираш и двете и след това да направиш оптимизация и да си сложиш една от двете или някоя друга, както си прецениш. Ето деинсталатори за двете антивирусни:

http://usa.kaspersky.com/support/home-supp...ic_id=176492916

http://avira-antivir-removal-tool-for-wind...h.qarchive.org/

Препоръчвам пълна оптимизация, след това можеш да си изтеглиш някоя антивирусна програма по твой избор:

http://www.nod32.bg/forum/viewtopic.php?f=...2c798c05d2af72f

http://www.kaldata.com/modules.php?modid=1...n=cat&id=41

:) когато се опитам да влезна в контрол панел ми показва съобщение: value creation failed " at line 521 sad.gif

Компютъра вече работи като фурия :Р Вече забравям за safe mode

Компютъра вече работи като фурия :Р Вече забравям за safe mode

Би ли споделил как го постигна, за да може, ако друг има подобен проблем да разбере как става. Иначе: Welcome back :yanim:

ПОследния лог SDFix:

SDFix: Version 1.162

Run by Administrator on 30.06.2008 Ј. at 13:41

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\PROGRA~1\SDFix

Checking Services :

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-30 13:58:04

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0FF8D4B6-916F-8147-3DB3-D0B6C5AB5EBA}]

"hanadknomnellcha"=hex:6d,61,6c,66,63,70,62,65,6a,65,66,70,62,6b,6f,64,6e,70,65,65,70,..

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"D:\\Program Files\\BitComet\\BitComet.exe"="D:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"D:\\Program Files\\JustVoip\\JustVoip.exe"="D:\\Program Files\\JustVoip\\JustVoip.exe:*:Enabled:JustVoip"

"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Program"

"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter"

"D:\\Program Files\\Skype\\Phone\\Skype.exe"="D:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

File Backups: - C:\PROGRA~1\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 16 Jan 2007 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"

Tue 24 Apr 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT41.tmp"

Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT3F.tmp"

Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT49.tmp"

Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT44.tmp"

Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT4A.tmp"

Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT40.tmp"

Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BITE.tmp"

Finished!

P.S. Направих всичко подред от последни пост на B-Boy и направих повечето неща от темата за оптимизация на Windows XP. Така се оправих и то е само за 2 часа работа :yanim:

Редактирано от sifon4o (преглед на промените)

1. Изтегли Combofix наново и го запази на декстопа.

2. Отвори Notepad:

3. Въведи следната информация:

FILE::

C:\WINDOWS\system32\tmp.reg

C:\Fixme.reg

C:\WINDOWS\system32\mdpxxxye.dll

C:\WINDOWS\system32\phcjn1j0ee73.bmp

C:\WINDOWS\system32\blphcjn1j0ee73.scr

C:\Documents and Settings\All Users\Application Data\ezsid.dat


FOLDER::

C:\Program Files\Crawler

C:\Documents and Settings\user_2\Application Data\rhcnn1j0ee73

C:\Documents and Settings\user\Application Data\rhcnn1j0ee73


REGISTRY::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"antivirus-2008pro.exe"=-

5. Запази файла под име CFScript.txt и го вкарай с мишката върху Combofix.

CFScript3.gif

;)

1. Изтегли Combofix наново и го запази на декстопа.

2. Отвори Notepad:

3. Въведи следната информация:

FILE::

C:\WINDOWS\system32\tmp.reg

C:\Fixme.reg

C:\WINDOWS\system32\mdpxxxye.dll

C:\WINDOWS\system32\phcjn1j0ee73.bmp

C:\WINDOWS\system32\blphcjn1j0ee73.scr

C:\Documents and Settings\All Users\Application Data\ezsid.dat


FOLDER::

C:\Program Files\Crawler

C:\Documents and Settings\user_2\Application Data\rhcnn1j0ee73

C:\Documents and Settings\user\Application Data\rhcnn1j0ee73


REGISTRY::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"antivirus-2008pro.exe"=-

5. Запази файла под име CFScript.txt и го вкарай с мишката върху Combofix.

CFScript3.gif

;)

Попринцип този съвет е само за случаи като този на stifon4o и не е за "профилактично" сканиране , изчистване и тн.

Поздрави!

Ето го лог-а от програмата:

ComboFix 08-06-20.4 - user 2008-06-30 14:49:09.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.618 [GMT 3:00]

Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\Documents and Settings\All Users\Application Data\ezsid.dat

C:\Fixme.reg

C:\WINDOWS\system32\blphcjn1j0ee73.scr

C:\WINDOWS\system32\mdpxxxye.dll

C:\WINDOWS\system32\phcjn1j0ee73.bmp

C:\WINDOWS\system32\tmp.reg

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Application Data\ezsid.dat

C:\Documents and Settings\user\Application Data\rhcnn1j0ee73

C:\Documents and Settings\user_2\Application Data\rhcnn1j0ee73

C:\Fixme.reg

C:\Program Files\Crawler

C:\WINDOWS\system32\blphcjn1j0ee73.scr

C:\WINDOWS\system32\mdpxxxye.dll

C:\WINDOWS\system32\phcjn1j0ee73.bmp

C:\WINDOWS\system32\pskill.exe

C:\WINDOWS\system32\tmp.reg

.

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))

.

2008-06-30 14:24 . 2008-06-30 14:24 <DIR> d-------- C:\WINDOWS\system32\VIRepair

2008-06-30 14:13 . 2008-06-30 14:13 <DIR> d-------- C:\Documents and Settings\user\Application Data\Styler

2008-06-30 14:12 . 2008-06-30 14:27 <DIR> d-------- C:\WINDOWS\system32\VITrans

2008-06-30 14:12 . 2008-06-30 14:13 <DIR> d-------- C:\VTPFiles

2008-06-30 14:12 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe

2008-06-30 14:12 . 2006-12-03 17:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe

2008-06-30 14:12 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe

2008-06-30 14:12 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe

2008-06-30 13:49 . 2008-06-30 13:49 <DIR> d-------- C:\VundoFix Backups

2008-06-30 13:39 . 2008-06-30 13:39 <DIR> d-------- C:\WINDOWS\ERUNT

2008-06-30 13:35 . 2008-06-30 13:59 <DIR> d-------- C:\Program Files\SDFix

2008-06-30 10:33 . 2008-06-30 10:33 <DIR> d-------- C:\Program Files\Avira

2008-06-28 14:34 . 2008-06-30 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-06-27 22:35 . 2006-06-03 08:42 4,184,634 --a------ C:\Documents and Settings\Administrator\Dr.Web-универсална чистачка.exe

2008-06-27 22:11 . 2008-06-27 22:11 <DIR> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes

2008-06-27 20:47 . 2008-06-27 20:47 <DIR> d-------- C:\Program Files\Trend Micro

2008-06-27 20:43 . 2008-06-27 20:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-06-27 20:43 . 2008-06-27 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-06-27 20:43 . 2008-06-27 20:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2008-06-27 20:43 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-06-27 20:43 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-06-27 18:03 . 2008-06-27 18:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson

2008-06-27 15:00 . 2008-06-27 15:00 <DIR> d-------- C:\Program Files\CCleaner

2008-06-27 14:56 . 2008-06-27 14:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\rhcnn1j0ee73

2008-06-27 14:53 . 2008-06-27 14:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Thinstall

2008-06-27 14:51 . 2008-06-27 14:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX

2008-06-27 13:12 . 2008-06-27 13:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator

2008-06-27 12:54 . 2008-06-27 12:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback

2008-06-26 20:38 . 2008-06-26 20:38 <DIR> d-------- C:\Program Files\InCode Solutions

2008-06-26 20:17 . 2008-06-28 15:27 <DIR> d-------- C:\Documents and Settings\Administrator

2008-06-26 16:05 . 2008-06-26 16:05 <DIR> d-------- C:\Documents and Settings\user_2\Application Data\Sony Ericsson

2008-06-26 15:53 . 2008-06-26 15:53 <DIR> d-------- C:\Program Files\Kaspersky Lab

2008-06-26 15:53 . 2008-06-26 15:54 <DIR> d-------- C:\Program Files\Common Files\KAV Shared Files

2008-06-21 16:40 . 2008-06-21 16:40 <DIR> d-------- C:\Documents and Settings\user\Application Data\Thinstall

2008-06-14 18:20 . 2006-11-30 15:14 90,800 -ra------ C:\WINDOWS\system32\drivers\se45unic.sys

2008-06-14 18:20 . 2006-11-30 15:14 18,704 -ra------ C:\WINDOWS\system32\drivers\se45nd5.sys

2008-06-14 18:20 . 2006-11-30 15:14 4,128 -ra------ C:\WINDOWS\system32\drivers\se45cr.sys

2008-06-14 18:09 . 2006-11-30 15:14 88,624 -ra------ C:\WINDOWS\system32\drivers\se45mgmt.sys

2008-06-14 18:09 . 2006-11-30 15:14 86,432 -ra------ C:\WINDOWS\system32\drivers\se45obex.sys

2008-06-14 12:36 . 2006-11-30 15:14 97,088 -ra------ C:\WINDOWS\system32\drivers\se45mdm.sys

2008-06-14 12:36 . 2006-11-30 15:14 9,360 -ra------ C:\WINDOWS\system32\drivers\se45mdfl.sys

2008-06-14 12:36 . 2006-11-30 15:13 6,240 -ra------ C:\WINDOWS\system32\drivers\se45cmnt.sys

2008-06-14 12:36 . 2006-11-30 15:13 6,240 -ra------ C:\WINDOWS\system32\drivers\se45cm.sys

2008-06-14 11:31 . 2006-11-30 15:13 61,536 -ra------ C:\WINDOWS\system32\drivers\se45bus.sys

2008-06-14 11:31 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-06-14 11:31 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-06-14 11:31 . 2006-11-30 15:14 5,872 -ra------ C:\WINDOWS\system32\drivers\se45whnt.sys

2008-06-14 11:31 . 2006-11-30 15:14 5,872 -ra------ C:\WINDOWS\system32\drivers\se45wh.sys

2008-06-14 11:30 . 2008-06-14 11:30 <DIR> d-------- C:\Documents and Settings\user\Application Data\Teleca

2008-06-14 11:29 . 2008-06-14 11:29 <DIR> d-------- C:\Documents and Settings\user\Application Data\Sony Ericsson

2008-06-14 11:28 . 2008-06-14 11:28 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-06-14 11:27 . 2008-06-14 11:27 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-06-14 11:27 . 2008-06-14 11:27 <DIR> d-------- C:\Program Files\Sony Ericsson

2008-06-14 11:27 . 2008-06-14 11:27 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared

2008-06-14 11:27 . 2008-06-14 11:27 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared

2008-06-14 11:27 . 2008-06-14 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca

2008-06-14 11:27 . 2008-06-14 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

2008-05-24 15:53 . 2008-05-24 15:53 <DIR> d-------- C:\Program Files\Common Files\Skype

2008-05-24 15:53 . 2008-05-24 15:53 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-05-24 15:43 . 2008-05-24 15:43 8,192 --a------ C:\WINDOWS\REGULOCS.OLD

2008-05-15 11:22 . 2008-05-15 11:22 298 --a------ C:\WINDOWS\EReg072.dat

2008-05-14 19:47 . 2008-05-14 19:48 <DIR> d-------- C:\Program Files\3D Online Pool

2008-05-14 19:36 . 2008-05-14 19:36 20 --a------ C:\WINDOWS\mafosav.INI

2008-05-09 13:52 . 2008-05-09 13:52 <DIR> d-------- C:\Logs

2008-05-08 11:26 . 2008-05-25 16:22 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment

2008-05-05 12:41 . 2008-05-18 10:59 <DIR> d-------- C:\Documents and Settings\user\Application Data\GanymedeNet

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-30 09:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-06-28 11:12 --------- d-----w C:\Program Files\Common Files\Panda Software

2008-06-26 13:18 --------- d-----w C:\Documents and Settings\user_2\Application Data\skypePM

2008-06-26 13:13 --------- d-----w C:\Documents and Settings\user_2\Application Data\Skype

2008-06-26 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-14 17:13 --------- d-----w C:\Documents and Settings\user\Application Data\Skype

2008-06-12 20:28 --------- d-----w C:\Documents and Settings\user\Application Data\skypePM

2008-04-27 17:03 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2008-03-19 09:40 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-01 21:12 253,954 ----a-w C:\WINDOWS\system32\lteml14n.dll

2007-03-24 16:44 1,478,751 ----a-w C:\Documents and Settings\user\ghоst h4х.exe

2003-04-14 14:35 10,752 ----a-w C:\Documents and Settings\user\ghоst h4х.dll

.

------- Sigcheck -------

2007-06-13 14:26 975360 31ec9657d9c76143f6e61fc19851445f C:\WINDOWS\explorer.exe

2007-01-16 23:05 1033216 42d32722b805d7df42d30487a0bcbd78 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2007-06-13 14:26 975360 31ec9657d9c76143f6e61fc19851445f C:\WINDOWS\system32\dllcache\explorer.exe

.

((((((((((((((((((((((((((((( snapshot@2008-06-30_12.33.10.25 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-06-30 09:49:22 80,696 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll

- 2008-06-30 09:29:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-30 11:28:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-03-26 04:15:43 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

+ 2008-06-30 10:39:52 1,093,632 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT

+ 2008-06-30 10:39:52 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-03-26 04:15:43 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-06-30 10:39:50 1,093,632 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT

+ 2008-06-30 10:39:50 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

- 2008-04-09 19:19:18 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-06-30 09:49:59 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

- 2008-04-09 19:19:18 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-06-30 09:50:00 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

- 2008-04-09 19:19:18 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2008-06-30 09:49:59 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

- 2008-04-09 19:19:18 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2008-06-30 09:50:00 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2008-04-09 19:19:18 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2008-06-30 09:50:00 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2008-04-09 19:19:18 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

+ 2008-06-30 09:50:00 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-04-09 19:19:18 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-06-30 09:50:00 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2008-04-09 19:19:18 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-06-30 09:50:00 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

- 2008-04-09 19:19:18 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-06-30 09:50:00 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2008-04-09 19:19:18 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-06-30 09:50:00 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2008-04-09 19:19:18 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-06-30 09:50:00 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2008-04-09 19:19:18 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-06-30 09:49:59 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

- 2007-05-08 08:59:12 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe

+ 2008-06-30 09:48:14 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe

- 2008-05-25 13:22:09 268,600 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-06-30 11:14:45 268,600 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2000-05-23 19:45:58 118,784 ----a-w C:\WINDOWS\system32\MSSTDFMT.DLL

+ 2006-07-24 07:50:38 125,744 ----a-w C:\WINDOWS\system32\MSSTDFMT.DLL

- 2007-01-16 20:06:33 2,120,192 ----a-w C:\WINDOWS\system32\netshell.dll

+ 2007-01-16 20:06:34 2,120,192 ----a-w C:\WINDOWS\system32\netshell.dll

- 2007-02-28 09:15:59 2,017,280 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

+ 2007-02-28 09:16:00 2,017,280 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

- 2007-01-16 20:06:51 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll

+ 2007-01-16 20:06:52 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll

- 2007-10-26 03:34:01 12,872,704 ----a-w C:\WINDOWS\system32\shell32.dll

+ 2007-10-26 03:34:02 12,872,704 ----a-w C:\WINDOWS\system32\shell32.dll

- 2007-05-11 16:22:31 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll

+ 2007-05-11 16:22:32 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [ ]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

"LClock"="C:\Program Files\LClock\LClock.exe" [ ]

"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [ ]

"ViStart"="C:\Program Files\ViStart\ViStart.exe" [ ]

"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 12:22 7618560]

"VirtualCloneDrive"="D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 16:21 94208]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-30 20:00 98304]

"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 12:06 11776]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]

"NvMediaCenter"="NvMCTray.dll" [2006-06-01 12:22 86016 C:\WINDOWS\system32\nvmctray.dll]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:56 15360]

C:\Documents and Settings\user_2\Start Menu\Programs\Startup\

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 01:05:02 630784]

TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 22:41:18 65536]

UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 10:43:08 180224]

Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 10:43:14 155648]

C:\Documents and Settings\user\Start Menu\Programs\Startup\

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 01:05:02 630784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^TransBar.lnk]

path=C:\Documents and Settings\user\Start Menu\Programs\Startup\TransBar.lnk

backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^UberIcon.lnk]

path=C:\Documents and Settings\user\Start Menu\Programs\Startup\UberIcon.lnk

backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Y'z Shadow.lnk]

path=C:\Documents and Settings\user\Start Menu\Programs\Startup\Y'z Shadow.lnk

backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPCC]

--a------ 2003-09-08 13:53 479296 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

--a------ 2006-06-23 20:00 3394048 D:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Felix]

--a------ 2007-09-23 13:09 321184 C:\Program Files\ScreenMates\felix.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

C:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeGuard RegChecker]

--a------ 2001-09-12 15:33 24576 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-04-23 17:45 22058792 D:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"D:\\Program Files\\BitComet\\BitComet.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"D:\\Program Files\\JustVoip\\JustVoip.exe"=

"C:\\WINDOWS\\system32\\ftp.exe"=

"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=

"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"25642:TCP"= 25642:TCP:BitComet 25642 TCP

"25642:UDP"= 25642:UDP:BitComet 25642 UDP

"21089:TCP"= 21089:TCP:BitComet 21089 TCP

"21089:UDP"= 21089:UDP:BitComet 21089 UDP

R2 AntiVirMailService;Avira AntiVir Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-06-30 14:00]

R2 antivirwebservice;Avira AntiVir Premium WebGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE" [2008-04-09 15:57]

R2 AVEService;Avira AntiVir Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-02-07 10:06]

R2 AVPCC;AVP Control Centre Service;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service []

R3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-09-05 04:59]

S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys []

S2 KAVMonitorService;KAV Monitor Service;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service []

S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-30 14:50:38

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-06-30 14:51:28

ComboFix-quarantined-files.txt 2008-06-30 11:51:21

ComboFix2.txt 2008-06-30 09:33:31

Pre-Run: 39,303,491,584 bytes free

Post-Run: 39,290,380,288 bytes free

272 --- E O F --- 2008-04-14 19:39:11

Дай нов лог от HiJackThis.

Дай нов лог от HiJackThis.

Логът вече беше искан, чети преди да пишеш. От HiJackThis, можеш да получиш само най-основната информация. Освен това ComboFix в случая е подходящ, затова вземи да прочетеш нещичко.

    •
    • Харесване 1

    Щом искаш ето:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 14:59:30, on 30.6.2008 г.

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe

    C:\WINDOWS\ATKKBService.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe

    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe

    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE

    D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe

    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

    C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe

    C:\Program Files\Common Files\Teleca Shared\Generic.exe

    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

    D:\Program Files\Mozilla Firefox\firefox.exe

    C:\WINDOWS\explorer.exe

    C:\Program Files\Trend Micro\HijackThis\hjt.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://s1.bg.gladiatus.com/game/index.php?...a2a6f5607d241b4

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

    O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

    O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

    O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe

    O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe

    O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe

    O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

    O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\ObjectDock\ObjectDock.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe

    O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe

    O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe

    O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE

    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

    O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe

    O23 - Service: AVP Control Centre Service (AVPCC) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

    O23 - Service: KAV Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe

    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)

    --

    End of file - 8338 bytes

    В лога ясно се вижда , че Касперски и авира не са премахнати. Колегата Fixer ти е дал инструменти за деинсталиране

    Fixer , исках лог от Hijack за да видим дали авира и касперски са деинсталирани. Моля без заяждания ;)

    НЕ мога да изтрия Касперски biggrin.gif показва ми се съобщение че в момента се използват тези файлове

    Изключи Касперски и след това го деинсталирай с инструмента даден ти от Фиксер

    В лога може да махнеш всичко което е на касперски , например:

    O23 - Service: KAV Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe

    O23 - Service: AVP Control Centre Service (AVPCC) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe

    Редактирано от Fix (преглед на промените)

    е да ама когато се опитам да изтрия папката от program files не ми се изтрива ;)

    между другото в add/remove programs го нямам в листа

    Редактирано от sifon4o (преглед на промените)

    B-boy ми даде един код и чрез него си го изтрих ;)

    Браво! След толкова зор стана работата ;)

    Приятен ден!

    Здравейте! Преди време ми се наложи да дръпна една програмка,но от тогава компютъра нещо ми се бъгна.При всяко влизане в дисковете (независимо кой) ми се появява този надпис.Много е дразнещо.Като натисна "Да" (пък и "Не" да е,няма значение) ме отмъква в някакъв си там сайт,като иска да дръпна нещо.Как да го направя,като не знам какво е това.Ето сайта. Започнаха и други проблеми като този и този

    Кажете ми чесно,понеже аз не разбирам - има ли нужда от преинсталация,или може да се махне "безболезнено"? Само да спомена като забележка,че имах NOD32 като получих всички тия грешки,но някой ме посъветва да дръпна Kaspersky и сега имам 7 версия.Пуснах я да сканира,ама нищо не откри.Само където в кодеците ми пише,че има нещо заключено.Нищо повече. Моля отчаяно за помощ,защото вече се побърквам. :):eek::help wanted3:

    Не това е adware ,който само те подканва да си дръпнеш и после купиш antispyware програма , чисти се с програма от рода на ad-aware или spyware doctor ,може и spysweeper.

    Не това е adware ,който само те подканва да си дръпнеш и после купиш antispyware програма , чисти се с програма от рода на ad-aware или spyware doctor ,може и spysweeper.

    А ти коя би ми препоръчал?

    Гост
    Тази тема е заключена за нови отговори.
    Назад

    Разглеждащи това в момента 0

    • Няма регистрирани потребители разглеждащи тази страница.

    Дарение

    • Подкрепи съществуването на форума - направи дарение
      25%
      Дарени 252.69 EUR от нужните 1,000.00 EUR

    Бюлетин

    Получавайте известие, когато има важна промяна или новина свързана с форума.
    Абонирайте се

    Профил

    Навигация

    Търсене

    Търсене

    Конфигуриране на push известия в браузъра
    Chrome (Android)
    1. Докоснете иконата на катинар до адресната лента.
    2. Докоснете Разрешения → Известия.
    3. Променете предпочитанията си.
    Chrome (Desktop)
    1. Кликнете върху иконата на катинар в адресната лента.
    2. Изберете Настройки на сайта.
    3. Намерете Известия и коригирайте предпочитанията си.