Премини към съдържанието

azoh

Потребител
  • Публикации

    22
  • Регистрация

  • Последно онлайн

Харесвания

0 Неутрална репутация

Всичко за azoh

  • Титла
    Потребител

Последни посетители

1377 прегледа на профила
  1. http://rapidshare.de/files/48537404/bjmaydin.dll.html
  2. Готово преинсталирах и инсталирах новото
  3. Програмата ли да прейнсталирам ? или друго какво да търся точно искам да кажа цялото avast! и после да сложа новото така ли.Съжалявам че пак питам но не разбрах
  4. А как да преинсталирам пакета ?
  5. All processes killed ========== FILES ========== c:\windows\system32\Multibro.exe moved successfully. c:\windows\Tasks\MultiMediaTaskUserS-1-5-21-343818398-2139871995-1177238915-1003.job moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Atalay User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Getsuga Tensou ->Temp folder emptied: 1746 bytes ->Temporary Internet Files folder emptied: 146035 bytes ->Java cache emptied: 32869474 bytes ->FireFox cache emptied: 35699357 bytes ->Google Chrome cache emptied: 118662504 bytes ->Opera cache emptied: 23757255 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 16346638 bytes %systemdrive% .tmp files removed: 0 bytes C:\WINDOWS\msdownld.tmp folder deleted successfully. %systemroot% .tmp files removed: 2396569 bytes %systemroot%\System32 .tmp files removed: 2577 bytes File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_64c.dat scheduled to be deleted on reboot. Windows Temp folder emptied: 255 bytes RecycleBin emptied: 305381 bytes Total Files Cleaned = 219,59 mb OTM by OldTimer - Version 3.0.0.6 log created on 10182009_173556 Files moved on Reboot... File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. File C:\WINDOWS\temp\Perflib_Perfdata_64c.dat not found! Registry entries deleted on Reboot... Как да дейнсталирам пакета , ако може да обясниш
  6. Qoobox.rar Qoobox.rar Mirror uninst_bg_full.exe File uninst_bg_full.exe received on 2009.10.17 15:38:16 (UTC) Current status: finished Result: 0/41 (0%) Compact Print results Antivirus Version Last Update Result a-squared 4.5.0.41 2009.10.17 - AhnLab-V3 5.0.0.2 2009.10.17 - AntiVir 7.9.1.35 2009.10.16 - Antiy-AVL 2.0.3.7 2009.10.16 - Authentium 5.1.2.4 2009.10.17 - Avast 4.8.1351.0 2009.10.17 - AVG 8.5.0.420 2009.10.17 - BitDefender 7.2 2009.10.17 - CAT-QuickHeal 10.00 2009.10.16 - ClamAV 0.94.1 2009.10.17 - Comodo 2634 2009.10.17 - DrWeb 5.0.0.12182 2009.10.17 - eSafe 7.0.17.0 2009.10.15 - eTrust-Vet 35.1.7072 2009.10.16 - F-Prot 4.5.1.85 2009.10.17 - F-Secure 9.0.15300.0 2009.10.16 - Fortinet 3.120.0.0 2009.10.16 - GData 19 2009.10.17 - Ikarus T3.1.1.72.0 2009.10.17 - Jiangmin 11.0.800 2009.10.17 - K7AntiVirus 7.10.872 2009.10.16 - Kaspersky 7.0.0.125 2009.10.17 - McAfee 5774 2009.10.17 - McAfee+Artemis 5774 2009.10.17 - McAfee-GW-Edition 6.8.5 2009.10.17 - Microsoft 1.5101 2009.10.17 - NOD32 4518 2009.10.17 - Norman 6.03.02 2009.10.17 - nProtect 2009.1.8.0 2009.10.17 - Panda 10.0.2.2 2009.10.17 - PCTools 4.4.2.0 2009.10.17 - Prevx 3.0 2009.10.17 - Rising 21.51.44.00 2009.10.16 - Sophos 4.46.0 2009.10.17 - Sunbelt 3.2.1858.2 2009.10.17 - Symantec 1.4.4.12 2009.10.17 - TheHacker 6.5.0.2.044 2009.10.17 - TrendMicro 8.950.0.1094 2009.10.17 - VBA32 3.12.10.11 2009.10.16 - ViRobot 2009.10.17.1990 2009.10.17 - VirusBuster 4.6.5.0 2009.10.16 - Multibro.exe Antivirus Version Last Update Result a-squared 4.5.0.41 2009.10.17 - AhnLab-V3 5.0.0.2 2009.10.17 - AntiVir 7.9.1.35 2009.10.16 - Antiy-AVL 2.0.3.7 2009.10.16 - Authentium 5.1.2.4 2009.10.17 - Avast 4.8.1351.0 2009.10.17 - AVG 8.5.0.420 2009.10.17 - BitDefender 7.2 2009.10.17 - CAT-QuickHeal 10.00 2009.10.16 - ClamAV 0.94.1 2009.10.17 - Comodo 2634 2009.10.17 - DrWeb 5.0.0.12182 2009.10.17 - eSafe 7.0.17.0 2009.10.15 - eTrust-Vet 35.1.7072 2009.10.16 - F-Prot 4.5.1.85 2009.10.17 - F-Secure 9.0.15300.0 2009.10.16 - Fortinet 3.120.0.0 2009.10.16 - GData 19 2009.10.17 - Ikarus T3.1.1.72.0 2009.10.17 - Jiangmin 11.0.800 2009.10.17 - K7AntiVirus 7.10.872 2009.10.16 - Kaspersky 7.0.0.125 2009.10.17 - McAfee 5774 2009.10.17 - McAfee+Artemis 5774 2009.10.17 - McAfee-GW-Edition 6.8.5 2009.10.17 Heuristic.BehavesLike.Win32.Suspicious.C Microsoft 1.5101 2009.10.17 - NOD32 4518 2009.10.17 - Norman 6.03.02 2009.10.17 - nProtect 2009.1.8.0 2009.10.17 - Panda 10.0.2.2 2009.10.17 - PCTools 4.4.2.0 2009.10.17 - Prevx 3.0 2009.10.17 Medium Risk Malware Rising 21.51.44.00 2009.10.16 - Sophos 4.46.0 2009.10.17 - Sunbelt 3.2.1858.2 2009.10.17 - Symantec 1.4.4.12 2009.10.17 - TheHacker 6.5.0.2.044 2009.10.17 - TrendMicro 8.950.0.1094 2009.10.17 - VBA32 3.12.10.11 2009.10.16 - ViRobot 2009.10.17.1990 2009.10.17 - VirusBuster 4.6.5.0 2009.10.16 - GMER 1.0.15.15163 - http://www.gmer.net Rootkit quick scan 2009-10-18 17:12:24 Windows 5.1.2600 Service Pack 3, v.5857 Running: gmer.exe; Driver: C:\DOCUME~1\GETSUG~1\LOCALS~1\Temp\kwloapod.sys ---- System - GMER 1.0.15 ---- SSDT splj.sys ZwEnumerateKey [0xF72A5CA2] SSDT splj.sys ZwEnumerateValueKey [0xF72A6030] ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8655A1F8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) Device \FileSystem\Fastfat \Fat 86214500 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- EOF - GMER 1.0.15 ---- Имам проблем със зареждането на антивируса П.С. Която и кожа или дреха там е си дава тва че не е довършена
  7. ComboFix 09-10-16.09 - Getsuga Tensou 18.10.2009 16:05.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.1023.571 [GMT 2:00] Running from: c:\documents and settings\Getsuga Tensou\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Getsuga Tensou\Desktop\CFScript.txt AV: avast! antivirus 4.8.1351 [VPS 091016-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\granthelp\winhelp.exe" "c:\windows\system32\gfbaksm.dat" "c:\windows\system32\gfkernel.dll" "c:\windows\system32\vbsgf.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Norton c:\documents and settings\All Users\Application Data\Norton\symdata.xml c:\documents and settings\All Users\Application Data\NortonInstaller c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-09h49m30s\Install.1.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-09h49m30s\NortonInstall-09-22-2009-09h49m30s.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-09h53m44s\Install.1.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-09h53m44s\Norton Security Scan-0x0928.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-09h53m44s\NortonInstall-09-22-2009-09h53m44s.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-09h54m50s\NortonInstall-09-22-2009-09h54m50s.log c:\documents and settings\All Users\Application Data\Symantec c:\documents and settings\All Users\Application Data\Symantec\symdata.xml c:\granthelp\winhelp.exe c:\windows\system32\gfbaksm.dat c:\windows\system32\vbsgf.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CPUZ -------\Legacy_XDVA076 -------\Legacy_XDVA092 -------\Service_cpuz -------\Service_XDva076 -------\Service_XDva092 ((((((((((((((((((((((((( Files Created from 2009-09-18 to 2009-10-18 ))))))))))))))))))))))))))))))) . 2009-10-16 18:57 . 2009-10-16 18:57 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\Malwarebytes 2009-10-16 18:56 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-16 18:56 . 2009-10-16 18:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-16 18:56 . 2009-10-16 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-16 18:56 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-16 18:30 . 2009-10-16 18:40 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\PQFLVDownloader 2009-10-16 18:27 . 2009-10-16 18:41 -------- d-----w- c:\program files\PQDVD 2009-10-15 16:00 . 2009-10-15 16:00 -------- d-----w- c:\documents and settings\Getsuga Tensou\Local Settings\Application Data\FontCreator 2009-10-15 16:00 . 2009-06-16 22:02 616600 ----a-w- c:\windows\system32\FontInstaller.dll 2009-10-15 16:00 . 2009-10-15 16:07 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\FontCreator 2009-10-15 16:00 . 2009-10-15 16:01 -------- d-----w- c:\program files\High-Logic FontCreator 2009-10-12 14:47 . 2009-10-18 14:24 -------- d-----w- C:\GRANTHELP 2009-10-12 14:47 . 2009-10-12 14:47 163840 ----a-w- c:\windows\system\ilanot32.Dll 2009-10-12 14:47 . 2009-10-12 14:47 40960 ----a-w- C:\REGSVR32.EXE 2009-10-12 14:30 . 2009-10-12 14:30 -------- d-----w- c:\documents and settings\Getsuga Tensou\Local Settings\Application Data\Temporary Projects 2009-10-12 14:26 . 2009-10-12 14:26 -------- d-----w- c:\program files\Microsoft Synchronization Services 2009-10-12 14:25 . 2009-10-12 14:25 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-10-12 14:18 . 2009-10-12 14:35 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2009-10-12 14:17 . 2009-10-12 14:17 -------- d-----w- c:\program files\Microsoft SDKs 2009-10-11 10:10 . 2009-10-11 10:10 -------- d-----w- c:\program files\TimeAdjuster 2009-10-10 13:53 . 2009-10-10 13:53 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\Office Genuine Advantage 2009-10-04 07:20 . 2009-10-04 07:21 -------- d-----w- c:\program files\MediaInfo 2009-10-01 19:24 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2009-10-01 19:24 . 2009-09-04 15:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll 2009-10-01 19:24 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2009-10-01 19:24 . 2009-09-04 15:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll 2009-10-01 19:24 . 2009-09-04 15:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll 2009-10-01 19:24 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2009-10-01 19:24 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2009-10-01 13:37 . 2009-10-01 13:40 -------- d-----w- c:\documents and settings\Getsuga Tensou\nimbuzz 2009-09-27 08:39 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll 2009-09-26 15:38 . 2009-09-26 15:38 -------- d-----w- c:\documents and settings\Getsuga Tensou\Local Settings\Application Data\www.doom9.net 2009-09-26 15:31 . 2009-10-06 20:08 -------- d-----w- c:\program files\megui 2009-09-21 19:51 . 2009-09-21 19:51 -------- d-----w- c:\windows\system32\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-18 14:00 . 2008-10-11 20:36 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\FileZilla 2009-10-18 13:59 . 2008-10-09 18:35 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\Skype 2009-10-18 13:53 . 2009-03-20 16:34 -------- d-----w- c:\program files\CometBird 2009-10-18 13:26 . 2008-10-09 17:46 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\uTorrent 2009-10-18 11:11 . 2008-10-09 18:35 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\skypePM 2009-10-16 20:00 . 2009-04-10 14:24 -------- d-----w- c:\program files\AIMP2 2009-10-16 14:54 . 2009-09-18 11:55 -------- d-----w- c:\program files\GetFLV 2009-10-16 14:10 . 2008-10-09 17:13 95976 ----a-w- c:\documents and settings\Getsuga Tensou\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-15 07:11 . 2009-05-01 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-10-14 06:47 . 2009-05-28 06:23 -------- d-----r- c:\program files\Skype 2009-10-12 14:26 . 2009-02-06 19:07 -------- d-----w- c:\program files\Microsoft SQL Server 2009-10-11 11:34 . 2009-07-23 11:57 -------- d-----w- c:\program files\Combined Community Codec Pack 2009-10-10 19:15 . 2009-02-20 16:27 -------- d-----w- c:\program files\Total Video Converter 2009-10-06 20:04 . 2009-06-17 12:52 -------- d-----w- c:\program files\Xvid 2009-10-06 20:01 . 2009-01-20 17:50 -------- d-----w- c:\program files\Easy Video Downloader 2009-10-06 14:04 . 2009-03-10 19:35 -------- d-----w- c:\program files\AviSynth 2.5 2009-10-05 18:37 . 2008-10-27 08:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-02 17:36 . 2009-04-29 17:58 -------- d-----w- c:\program files\Video Thumbnails Maker 2009-09-26 15:37 . 2009-06-21 13:31 -------- d-----w- c:\program files\Replay Converter 2009-09-22 14:06 . 2009-03-08 19:28 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND 2009-09-18 11:49 . 2009-06-19 14:48 -------- d-----w- c:\program files\WMCap 2009-09-16 18:30 . 2008-10-21 06:09 -------- d-----w- c:\program files\Java 2009-09-12 15:08 . 2009-09-12 15:08 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\Ashampoo 2009-09-12 15:06 . 2009-09-12 15:06 -------- d-----w- c:\program files\Ashampoo 2009-09-11 14:18 . 2008-01-26 05:57 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 15:08 . 2009-05-19 13:16 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-09 08:20 . 2008-11-15 09:49 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\gtk-2.0 2009-09-04 21:03 . 2008-01-26 05:57 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-04 15:44 . 2009-05-30 07:30 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-08-29 17:05 . 2008-10-11 09:01 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-29 16:35 . 2008-10-11 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-08-29 08:08 . 2008-01-26 05:57 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:30 . 2009-02-06 19:46 -------- d-----w- c:\program files\Sony 2009-08-26 08:00 . 2008-01-26 05:57 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-25 19:57 . 2009-08-25 19:57 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\Sonic Foundry 2009-08-23 08:02 . 2009-06-06 07:31 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\Any Video Converter 2009-08-21 11:54 . 2009-07-23 10:32 -------- d-----w- c:\program files\FormatFactory 2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-17 16:10 . 2009-08-22 13:19 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-17 16:06 . 2009-08-22 13:19 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-17 16:06 . 2009-08-22 13:19 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-17 16:05 . 2009-08-22 13:19 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-17 16:05 . 2009-08-22 13:19 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-17 16:04 . 2009-08-22 13:19 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-17 16:04 . 2009-08-22 13:19 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-17 16:03 . 2009-08-22 13:19 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-17 16:02 . 2009-08-22 13:19 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-08-06 21:30 . 2009-06-18 17:47 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL 2009-08-06 17:24 . 2008-10-09 10:24 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 17:24 . 2008-10-09 10:24 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 17:24 . 2008-10-09 10:24 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 17:24 . 2007-07-30 17:19 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 17:24 . 2008-10-09 10:24 53472 ------w- c:\windows\system32\wuauclt.exe 2009-08-06 17:24 . 2008-01-26 05:57 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 17:23 . 2008-10-09 10:24 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 17:23 . 2009-05-20 10:07 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-06 17:23 . 2009-05-20 10:07 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-06 17:23 . 2008-10-09 10:24 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2008-01-26 05:57 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 18:44 . 2008-01-25 23:18 2189184 ------w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 2008-01-25 23:21 2066048 ------w- c:\windows\system32\ntkrnlpa.exe 2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll 2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe 2009-07-31 13:23 . 2009-01-25 09:12 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-04-19 20:37 . 2009-04-19 20:37 36680 ----a-w- c:\program files\uninst_bg_full.exe . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . --- c:\program files\uninst_bg_full.exe --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File size: 36680 Created time: 2009-04-19 20:37 Modified time: 2009-04-19 20:37 MD5: FAE74A804B85ACD9198CEF9B66AC8433 SHA1: 53384AA0CBC605114C7E84AC8564DA4D80BD0A33 --- C:\REGSVR32.EXE --- Company: Microsoft Corporation File Description: Microsoft© Register Server File Version: 5.00.1586.1 Product Name: Microsoft® Windows NT® Operating System Copyright: Copyright © Microsoft Corp. 1981-1997 Original Filename: REGSVR32.EXE File size: 40960 Created time: 2009-10-12 14:47 Modified time: 2009-10-12 14:47 MD5: 92A57B6F6EE4293601FF220CA81AAAA4 SHA1: D377012A92D11101FF13CF2B87EFA29E02377CDC --- c:\windows\system32\Multibro.exe --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File size: 158237 Created time: 2009-06-05 13:35 Modified time: 2009-01-10 13:35 MD5: B315F5ECDB03F974B2B351556F4A26C6 SHA1: 227F969361F4FD508053C85CF4B575DB8D9B51C0 ---- Directory of c:\documents and settings\Getsuga Tensou\nimbuzz ---- 2009-10-01 13:40 . 2009-10-01 13:40 34 ----a-w- c:\documents and settings\Getsuga Tensou\nimbuzz\avatars\[email protected]\cmF6MHJzNjVAbmltYnV6ei5jb20=.md5 2009-10-01 13:40 . 2009-10-01 13:40 1519 ----a-w- c:\documents and settings\Getsuga Tensou\nimbuzz\avatars\[email protected]\cmF6MHJzNjVAbmltYnV6ei5jb20=.png 2009-10-01 13:39 . 2009-10-01 13:39 3072 ----a-w- c:\documents and settings\Getsuga Tensou\nimbuzz\[email protected] 2009-10-01 13:38 . 2009-10-01 13:42 10906 ----a-w- c:\documents and settings\Getsuga Tensou\nimbuzz\gips.log 2009-10-01 13:37 . 2009-10-01 13:42 7752 ----a-w- c:\documents and settings\Getsuga Tensou\nimbuzz\main-win32.log ---- Directory of C:\GRANTHELP ---- 2009-10-12 14:47 . 2009-10-12 14:47 323584 ----a-w- c:\granthelp\WINHLP32.EXE 2009-10-12 14:47 . 2009-10-12 14:47 2527 ----a-w- c:\granthelp\WINHELP.EXE ((((((((((((((((((((((((((((( [email protected]_13.24.52 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-18 14:29 . 2009-10-18 14:29 16384 c:\windows\Temp\Perflib_Perfdata_fac.dat + 2009-10-18 14:26 . 2009-10-18 14:26 16384 c:\windows\Temp\Perflib_Perfdata_644.dat + 2009-10-18 14:26 . 2009-10-18 14:26 16384 c:\windows\Temp\Perflib_Perfdata_2d0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-10-14 289072] "Google Update"="c:\documents and settings\Getsuga Tensou\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-10 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-01-10 5513216] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-01-10 86016] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "ScheduleTV"="c:\program files\Gadmei\TVR PLUS\ScheduleTV.exe" [2007-05-23 716800] "HostManager"="c:\program files\Common Files\AOL\1240048988\ee\AOLSoftware.exe" [2006-04-13 50792] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-08-17 81000] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-01-10 1490944] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-01-26 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "d:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "e:\\Counter-Strike 1.6 32.1\\hl.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "e:\\capture\\Jlgsolera Online TV Live v6.3.38\\OnLine TV Live.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Ace Translator\\AceTrans.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"= "e:\\Fraps\\eMule Xtreme 7.2\\eMule Xtreme 7.2\\emule.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "e:\\WWE Ke4 RAW\\DBZ\\dbzbx.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\93311966401384599632.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\37423198758256774546.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\33719607206945881529.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\13833967943450028597.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\72651194501546801195.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\13351779860469316364.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\20311369585787473931.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\73862073736198533411.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\68837935094262446324.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\62973234488096938876.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\48991119151185057559.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\85278584156791467643.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\07975374040047350501.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\30817325259599898103.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\66614655686811693556.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\51162699941689795712.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\73983325441545330385.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\72940558481721561893.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\43375459833437853322.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\64776095542496868821.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\10580038553383832816.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\68588550418868545228.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\85462765822092620379.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\39881024925512787629.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\68011184406958514740.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\13673400812247650876.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\18450527101445797447.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\15591937107630183658.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP порт 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP порт 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP порт 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP порт 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP порт 37675 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.08.2009 15:19 114768] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [09.10.2008 12:45 13696] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.08.2009 15:19 20560] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [28.11.2008 18:46 81920] R2 GDMCAP;%GDMCAP.DeviceDesc%;c:\windows\system32\drivers\GDMCAP.sys [22.12.2008 19:16 78720] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [28.11.2008 18:46 2723840] R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21.04.2007 16:15 9344] S3 CX88Tune;Conexant 2388x TvTuner;c:\windows\system32\drivers\CX88Tune.sys [09.10.2008 19:58 31629] S3 CX88VCap;Conexant 2388x Capture;c:\windows\system32\drivers\CX88Vid.sys [09.10.2008 19:58 201051] S3 CX88XBar;Conexant 2388x Crossbar;c:\windows\system32\drivers\CX88XBar.sys [09.10.2008 19:59 11884] S3 dTVdrvNT;dTVdrvNT;\??\c:\program files\ChrisTV PVR\dTVdrvNT.sys --> c:\program files\ChrisTV PVR\dTVdrvNT.sys [?] S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [19.10.2008 09:36 4134] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06.11.2007 22:22 34064] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [19.04.2009 19:58 79888] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-2139871995-1177238915-1003Core.job - c:\documents and settings\Getsuga Tensou\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-10 08:08] 2009-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-2139871995-1177238915-1003UA.job - c:\documents and settings\Getsuga Tensou\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-10 08:08] 2009-10-18 c:\windows\Tasks\MultiMediaTaskUserS-1-5-21-343818398-2139871995-1177238915-1003.job - c:\windows\system32\Multibro.exe [2009-06-05 13:35] 2009-10-18 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bsplayer-search.com/startpage uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Getsuga Tensou\Application Data\Mozilla\Firefox\Profiles\ii1jddlu.default\ FF - plugin: c:\documents and settings\Getsuga Tensou\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-18 16:27 Windows 5.1.2600 Service Pack 3, v.5857 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\.*jpg*яяяя»‘|ЙГВwN*] @="?g??????N_auto_file" [HKEY_LOCAL_MACHINE\software\Classes\jpg*яяяя»‘|ЙГВwN*_*a*u*t*o*_*f*i*l*e*\shell\open] "MuiVerb"="@shimgvw.dll,-550" [HKEY_LOCAL_MACHINE\software\Classes\jpg*яяяя»‘|ЙГВwN*_*a*u*t*o*_*f*i*l*e*\shell\open\command] @=expand:"rundll32.exe %SystemRoot%\\system32\\shimgvw.dll,ImageView_Fullscreen %1" [HKEY_LOCAL_MACHINE\software\Classes\jpg*яяяя»‘|ЙГВwN*_*a*u*t*o*_*f*i*l*e*\shell\open\DropTarget] "Clsid"="{e84fda7c-1d6a-45f6-b725-cb260c236066}" [HKEY_LOCAL_MACHINE\software\Classes\jpg*яяяя»‘|ЙГВwN*_*a*u*t*o*_*f*i*l*e*\shell\print\command] @=expand:"rundll32.exe %SystemRoot%\\system32\\shimgvw.dll,ImageView_Fullscreen %1" [HKEY_LOCAL_MACHINE\software\Classes\jpg*яяяя»‘|ЙГВwN*_*a*u*t*o*_*f*i*l*e*\shell\print\DropTarget] "Clsid"="{60fd46de-f830-4894-a628-6fa81bc0190d}" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2384) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\ieframe.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\IoctlSvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\documents and settings\Getsuga Tensou\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2009-10-18 16:33 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-18 14:33 ComboFix2.txt 2009-10-18 13:29 Pre-Run: 2 407 841 792 bytes free Post-Run: 2 241 245 184 bytes free 393 --- E O F --- 2009-10-15 07:26
  8. ComboFix 09-10-16.09 - Getsuga Tensou 18.10.2009 15:00.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.1023.539 [GMT 2:00] Running from: c:\documents and settings\Getsuga Tensou\desktop\ComboFix.exe Command switches used :: /KillAll AV: avast! antivirus 4.8.1351 [VPS 091016-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Getsuga Tensou\Application Data\BITS c:\documents and settings\Getsuga Tensou\Application Data\BITS\BITS.ini c:\documents and settings\Getsuga Tensou\Application Data\BITS\DHTTable.dat c:\documents and settings\Getsuga Tensou\Application Data\BITS\ProxyList.ini c:\documents and settings\Getsuga Tensou\Application Data\BITS\UPnP.ini c:\documents and settings\Getsuga Tensou\Application Data\Desktopicon c:\program files\driver c:\program files\FlashGet Network c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log c:\program files\FlashGet Network\FlashGet universal\fgoption.ini c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat c:\program files\FlashGet Network\FlashGet universal\transaction.log c:\windows\system32\AutoRun.inf c:\windows\system32\gfbaksm.dll c:\windows\system32\gfkernel.dll c:\windows\system32\klipxm32.dll c:\windows\system32\sysaddei34.dll e:\documents and settings\Getsuga Tensou\My Documents\hh.reg E:\install.exe Infected copy of c:\windows\system32\winlogon.exe was found and disinfected Restored copy from - c:\windows\system32\winlogon.bak . ((((((((((((((((((((((((( Files Created from 2009-09-18 to 2009-10-18 ))))))))))))))))))))))))))))))) . 2009-10-16 18:57 . 2009-10-16 18:57 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\Malwarebytes 2009-10-16 18:56 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-16 18:56 . 2009-10-16 18:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-16 18:56 . 2009-10-16 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-16 18:56 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-16 18:30 . 2009-10-16 18:40 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\PQFLVDownloader 2009-10-16 18:27 . 2009-10-16 18:41 -------- d-----w- c:\program files\PQDVD 2009-10-15 16:00 . 2009-10-15 16:00 -------- d-----w- c:\documents and settings\Getsuga Tensou\Local Settings\Application Data\FontCreator 2009-10-15 16:00 . 2009-06-16 22:02 616600 ----a-w- c:\windows\system32\FontInstaller.dll 2009-10-15 16:00 . 2009-10-15 16:07 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\FontCreator 2009-10-15 16:00 . 2009-10-15 16:01 -------- d-----w- c:\program files\High-Logic FontCreator 2009-10-12 14:47 . 2009-10-12 14:47 163840 ----a-w- c:\windows\system\ilanot32.Dll 2009-10-12 14:47 . 2009-10-12 14:47 -------- d-----w- C:\GRANTHELP 2009-10-12 14:47 . 2009-10-12 14:47 40960 ----a-w- C:\REGSVR32.EXE 2009-10-12 14:30 . 2009-10-12 14:30 -------- d-----w- c:\documents and settings\Getsuga Tensou\Local Settings\Application Data\Temporary Projects 2009-10-12 14:26 . 2009-10-12 14:26 -------- d-----w- c:\program files\Microsoft Synchronization Services 2009-10-12 14:25 . 2009-10-12 14:25 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-10-12 14:18 . 2009-10-12 14:35 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2009-10-12 14:17 . 2009-10-12 14:17 -------- d-----w- c:\program files\Microsoft SDKs 2009-10-11 10:10 . 2009-10-11 10:10 -------- d-----w- c:\program files\TimeAdjuster 2009-10-10 13:53 . 2009-10-10 13:53 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\Office Genuine Advantage 2009-10-04 07:20 . 2009-10-04 07:21 -------- d-----w- c:\program files\MediaInfo 2009-10-01 19:24 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2009-10-01 19:24 . 2009-09-04 15:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll 2009-10-01 19:24 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2009-10-01 19:24 . 2009-09-04 15:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll 2009-10-01 19:24 . 2009-09-04 15:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll 2009-10-01 19:24 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2009-10-01 19:24 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2009-10-01 13:37 . 2009-10-01 13:40 -------- d-----w- c:\documents and settings\Getsuga Tensou\nimbuzz 2009-09-27 08:39 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll 2009-09-26 15:38 . 2009-09-26 15:38 -------- d-----w- c:\documents and settings\Getsuga Tensou\Local Settings\Application Data\www.doom9.net 2009-09-26 15:31 . 2009-10-06 20:08 -------- d-----w- c:\program files\megui 2009-09-22 07:50 . 2009-09-22 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-09-22 07:50 . 2009-09-22 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-09-22 07:49 . 2009-09-22 07:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-09-21 19:51 . 2009-09-21 19:51 -------- d-----w- c:\windows\system32\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-18 13:24 . 2008-10-09 18:35 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\Skype 2009-10-18 13:24 . 2008-10-09 17:46 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\uTorrent 2009-10-18 12:54 . 2008-10-11 20:36 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\FileZilla 2009-10-18 11:13 . 2009-03-20 16:34 -------- d-----w- c:\program files\CometBird 2009-10-18 11:11 . 2008-10-09 18:35 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\skypePM 2009-10-16 20:00 . 2009-04-10 14:24 -------- d-----w- c:\program files\AIMP2 2009-10-16 14:54 . 2009-09-18 11:55 5120 --s-a-r- c:\windows\system32\gfbaksm.dat 2009-10-16 14:54 . 2009-09-18 11:55 -------- d-----w- c:\program files\GetFLV 2009-10-16 14:10 . 2008-10-09 17:13 95976 ----a-w- c:\documents and settings\Getsuga Tensou\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-15 07:11 . 2009-05-01 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-10-15 04:37 . 2009-09-18 11:55 4199424 ----a-w- c:\windows\system32\vbsgf.dll 2009-10-14 06:47 . 2009-05-28 06:23 -------- d-----r- c:\program files\Skype 2009-10-12 14:26 . 2009-02-06 19:07 -------- d-----w- c:\program files\Microsoft SQL Server 2009-10-11 11:34 . 2009-07-23 11:57 -------- d-----w- c:\program files\Combined Community Codec Pack 2009-10-10 19:15 . 2009-02-20 16:27 -------- d-----w- c:\program files\Total Video Converter 2009-10-06 20:04 . 2009-06-17 12:52 -------- d-----w- c:\program files\Xvid 2009-10-06 20:01 . 2009-01-20 17:50 -------- d-----w- c:\program files\Easy Video Downloader 2009-10-06 14:04 . 2009-03-10 19:35 -------- d-----w- c:\program files\AviSynth 2.5 2009-10-05 18:37 . 2008-10-27 08:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-02 17:36 . 2009-04-29 17:58 -------- d-----w- c:\program files\Video Thumbnails Maker 2009-09-26 15:37 . 2009-06-21 13:31 -------- d-----w- c:\program files\Replay Converter 2009-09-22 14:06 . 2009-03-08 19:28 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND 2009-09-18 11:49 . 2009-06-19 14:48 -------- d-----w- c:\program files\WMCap 2009-09-16 18:30 . 2008-10-21 06:09 -------- d-----w- c:\program files\Java 2009-09-12 15:08 . 2009-09-12 15:08 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\Ashampoo 2009-09-12 15:06 . 2009-09-12 15:06 -------- d-----w- c:\program files\Ashampoo 2009-09-11 14:18 . 2008-01-26 05:57 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 15:08 . 2009-05-19 13:16 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-09 08:20 . 2008-11-15 09:49 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\gtk-2.0 2009-09-04 21:03 . 2008-01-26 05:57 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-04 15:44 . 2009-05-30 07:30 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-08-29 17:05 . 2008-10-11 09:01 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-29 16:35 . 2008-10-11 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-08-29 08:08 . 2008-01-26 05:57 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:30 . 2009-02-06 19:46 -------- d-----w- c:\program files\Sony 2009-08-26 08:00 . 2008-01-26 05:57 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-25 19:57 . 2009-08-25 19:57 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\Sonic Foundry 2009-08-23 08:02 . 2009-06-06 07:31 -------- d-----w- c:\documents and settings\Getsuga Tensou\Application Data\Any Video Converter 2009-08-21 11:54 . 2009-07-23 10:32 -------- d-----w- c:\program files\FormatFactory 2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-17 16:10 . 2009-08-22 13:19 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-17 16:06 . 2009-08-22 13:19 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-17 16:06 . 2009-08-22 13:19 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-17 16:05 . 2009-08-22 13:19 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-17 16:05 . 2009-08-22 13:19 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-17 16:04 . 2009-08-22 13:19 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-17 16:04 . 2009-08-22 13:19 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-17 16:03 . 2009-08-22 13:19 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-17 16:02 . 2009-08-22 13:19 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-08-06 21:30 . 2009-06-18 17:47 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL 2009-08-06 17:24 . 2008-10-09 10:24 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 17:24 . 2008-10-09 10:24 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 17:24 . 2008-10-09 10:24 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 17:24 . 2007-07-30 17:19 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 17:24 . 2008-10-09 10:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-06 17:24 . 2008-01-26 05:57 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 17:23 . 2008-10-09 10:24 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 17:23 . 2009-05-20 10:07 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-06 17:23 . 2009-05-20 10:07 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-06 17:23 . 2008-10-09 10:24 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2008-01-26 05:57 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 18:44 . 2008-01-25 23:18 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 2008-01-25 23:21 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll 2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe 2009-07-31 13:23 . 2009-01-25 09:12 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-04-19 20:37 . 2009-04-19 20:37 36680 ----a-w- c:\program files\uninst_bg_full.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-10-14 289072] "Google Update"="c:\documents and settings\Getsuga Tensou\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-10 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-01-10 5513216] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-01-10 86016] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "ScheduleTV"="c:\program files\Gadmei\TVR PLUS\ScheduleTV.exe" [2007-05-23 716800] "HostManager"="c:\program files\Common Files\AOL\1240048988\ee\AOLSoftware.exe" [2006-04-13 50792] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-08-17 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-01-10 1490944] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-01-26 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "d:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "e:\\Counter-Strike 1.6 32.1\\hl.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "e:\\capture\\Jlgsolera Online TV Live v6.3.38\\OnLine TV Live.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Ace Translator\\AceTrans.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"= "e:\\Fraps\\eMule Xtreme 7.2\\eMule Xtreme 7.2\\emule.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "e:\\WWE Ke4 RAW\\DBZ\\dbzbx.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\93311966401384599632.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\37423198758256774546.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\33719607206945881529.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\13833967943450028597.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\72651194501546801195.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\13351779860469316364.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\20311369585787473931.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\73862073736198533411.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\68837935094262446324.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\62973234488096938876.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\48991119151185057559.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\85278584156791467643.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\07975374040047350501.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\30817325259599898103.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\66614655686811693556.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\51162699941689795712.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\73983325441545330385.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\72940558481721561893.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\43375459833437853322.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\64776095542496868821.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\10580038553383832816.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\68588550418868545228.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\85462765822092620379.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\39881024925512787629.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\68011184406958514740.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\13673400812247650876.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\18450527101445797447.exe"= "d:\\Counter-Strike 1.6 Sector Edition\\15591937107630183658.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP порт 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP порт 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP порт 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP порт 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP порт 37675 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.08.2009 15:19 114768] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [09.10.2008 12:45 13696] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.08.2009 15:19 20560] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [28.11.2008 18:46 81920] R2 GDMCAP;%GDMCAP.DeviceDesc%;c:\windows\system32\drivers\GDMCAP.sys [22.12.2008 19:16 78720] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [28.11.2008 18:46 2723840] R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21.04.2007 16:15 9344] S3 cpuz;cpuz;\??\c:\docume~1\GETSUG~1\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\GETSUG~1\LOCALS~1\Temp\cpuz.sys [?] S3 CX88Tune;Conexant 2388x TvTuner;c:\windows\system32\drivers\CX88Tune.sys [09.10.2008 19:58 31629] S3 CX88VCap;Conexant 2388x Capture;c:\windows\system32\drivers\CX88Vid.sys [09.10.2008 19:58 201051] S3 CX88XBar;Conexant 2388x Crossbar;c:\windows\system32\drivers\CX88XBar.sys [09.10.2008 19:59 11884] S3 dTVdrvNT;dTVdrvNT;\??\c:\program files\ChrisTV PVR\dTVdrvNT.sys --> c:\program files\ChrisTV PVR\dTVdrvNT.sys [?] S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [19.10.2008 09:36 4134] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06.11.2007 22:22 34064] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [19.04.2009 19:58 79888] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] S3 XDva076;XDva076;\??\c:\windows\system32\XDva076.sys --> c:\windows\system32\XDva076.sys [?] S3 XDva092;XDva092;\??\c:\windows\system32\XDva092.sys --> c:\windows\system32\XDva092.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-2139871995-1177238915-1003Core.job - c:\documents and settings\Getsuga Tensou\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-10 08:08] 2009-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-2139871995-1177238915-1003UA.job - c:\documents and settings\Getsuga Tensou\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-10 08:08] 2009-10-18 c:\windows\Tasks\MultiMediaTaskUserS-1-5-21-343818398-2139871995-1177238915-1003.job - c:\windows\system32\Multibro.exe [2009-06-05 13:35] 2009-10-18 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bsplayer-search.com/startpage uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Getsuga Tensou\Application Data\Mozilla\Firefox\Profiles\ii1jddlu.default\ FF - plugin: c:\documents and settings\Getsuga Tensou\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe HKCU-Run-WengoPhoneNG - c:\program files\WengoPhone\qtwengophone.exe HKCU-Run-DLD.EXE - c:\program files\Download Direct\DLD.exe HKLM-Run-UVS12 Preload - c:\program files\Corel\Corel VideoStudio 12\uvPL.exe AddRemove-HijackThis - e:\documents and settings\Getsuga Tensou\My Documents\Downloads\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-18 15:23 Windows 5.1.2600 Service Pack 3, v.5857 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\.*jpg*яяяя»‘|ЙГВwN*] @="?g??????N_auto_file" [HKEY_LOCAL_MACHINE\software\Classes\jpg*яяяя»‘|ЙГВwN*_*a*u*t*o*_*f*i*l*e*\shell\open] "MuiVerb"="@shimgvw.dll,-550" [HKEY_LOCAL_MACHINE\software\Classes\jpg*яяяя»‘|ЙГВwN*_*a*u*t*o*_*f*i*l*e*\shell\open\command] @=expand:"rundll32.exe %SystemRoot%\\system32\\shimgvw.dll,ImageView_Fullscreen %1" [HKEY_LOCAL_MACHINE\software\Classes\jpg*яяяя»‘|ЙГВwN*_*a*u*t*o*_*f*i*l*e*\shell\open\DropTarget] "Clsid"="{e84fda7c-1d6a-45f6-b725-cb260c236066}" [HKEY_LOCAL_MACHINE\software\Classes\jpg*яяяя»‘|ЙГВwN*_*a*u*t*o*_*f*i*l*e*\shell\print\command] @=expand:"rundll32.exe %SystemRoot%\\system32\\shimgvw.dll,ImageView_Fullscreen %1" [HKEY_LOCAL_MACHINE\software\Classes\jpg*яяяя»‘|ЙГВwN*_*a*u*t*o*_*f*i*l*e*\shell\print\DropTarget] "Clsid"="{60fd46de-f830-4894-a628-6fa81bc0190d}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents] @Denied: (Full) (LocalSystem) "OOBETimer"=hex:ff,10,d5,71,d6,8b,6a,8d,6f,00,18,d5,33,93,fd "LastWPAEventLogged"=hex:d5,07,05,00,06,00,07,00,0f,00,38,00,24,00,fd,02 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1916) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\ieframe.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\IoctlSvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\documents and settings\Getsuga Tensou\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2009-10-18 15:29 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-18 13:29 Pre-Run: 262 049 792 bytes free Post-Run: 2 401 386 496 bytes free 358 --- E O F --- 2009-10-15 07:26 - Направих едно user-барче дано ви хареса благодаря че помагате
  9. Malwarebytes' Anti-Malware 1.41 Версия на базата от данни: 2968 Windows 5.1.2600 Service Pack 3, v.5857 17.10.2009 19:13:20 mbam-log-2009-10-17 (19-13-20).txt Тип сканиране: Пълно сканиране (C:\|D:\|E:\|F:\|) Сканирани обекти: 564048 Изминало време: 9 hour(s), 53 minute(s), 38 second(s) Заразени процеси в паметта: 1 Заразени модули в паметта: 0 Заразени ключове в регистратурата: 10 Заразени стойности в регистратурата: 2 Заразени информационни обекти в регистратурата: 0 Заразени папки: 1 Заразени файлове: 50 Заразени процеси в паметта: C:\Documents and Settings\Getsuga Tensou\Local Settings\Temp\b.exe (Trojan.Downloader) -> Unloaded process successfully. Заразени модули в паметта: (Не бяха открити заплахи) Заразени ключове в регистратурата: HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully. Заразени стойности в регистратурата: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Machine (Trojan.Backdoor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> Quarantined and deleted successfully. Заразени информационни обекти в регистратурата: (Не бяха открити заплахи) Заразени папки: C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully. Заразени файлове: C:\Documents and Settings\Getsuga Tensou\Local Settings\Temp\b.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msxml71.dll (Worm.Allaple) -> Quarantined and deleted successfully. C:\Documents and Settings\Getsuga Tensou\Application Data\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully. C:\Documents and Settings\Getsuga Tensou\Desktop\SSWv5.6\SSWv5.6.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Getsuga Tensou\Desktop\SSWv6.1 by krika\SSWv6.1.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Program Files\Adobe\Adobe Photoshop CS4\adobe.photoshop.cs4-nope.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Artisteer 2\bin\loader_15338.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\RelevantKnowledge\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Program Files\RelevantKnowledge\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. D:\winxp_simulator.exe (Trojan.Logger) -> Quarantined and deleted successfully. D:\Super Simple Wall v5.5\Super Simple Wall v5.5\SSWv5.5.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{B58DEBE6-2915-467A-AF47-54EAA82BB7EC}\RP99\A0033227.EXE (Trojan.Hacktool) -> Quarantined and deleted successfully. D:\proGrams2009\GameCam v.1.3.0.3\GameCam Patch-Crack v.1.3.0.3.exe (Trojan.Downloader) -> Quarantined and deleted successfully. D:\proGrams2009\Sony Vegas Movie Studio + DVD 6.0b\SonyProducts.Kg\Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. D:\proGrams2009\Sony Vegas Movie Studio + DVD 6.0b\SonyVegasMovieStudio6\MovieStudio6-kg.exe (Trojan.Downloader) -> Quarantined and deleted successfully. E:\extratorrent.exe (Trojan.Downloader) -> Quarantined and deleted successfully. E:\Counter-Strike 1.6 32.1\platform\Admin\AdminServer.dll (Malware.Packer) -> Quarantined and deleted successfully. E:\Fraps\Нова папка\Ahead.Nero.v8.3.2.1b.Incl.Keymaker-EMBRACE\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully. E:\Fraps\Нова папка (2)\xp_simulation_setup\Tutorial.exe (Trojan.Agent) -> Quarantined and deleted successfully. E:\Program Files\CrackersKit\Packers\FSG 2.0\fsg.exe (Trojan.Downloader) -> Quarantined and deleted successfully. E:\GAMES\Sony Vegas Movie Studio + DVD 6.0b\SonyProducts.Kg\Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. E:\GAMES\Sony Vegas Movie Studio + DVD 6.0b\SonyVegasMovieStudio6\MovieStudio6-kg.exe (Trojan.Downloader) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{87243840-BBE8-43E0-9413-56D42AE341AE}\RP80\A0035295.exe (Trojan.Downloader) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{87243840-BBE8-43E0-9413-56D42AE341AE}\RP80\A0035343.exe (Trojan.Downloader) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{87243840-BBE8-43E0-9413-56D42AE341AE}\RP80\A0035342.exe (Trojan.Downloader) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{87243840-BBE8-43E0-9413-56D42AE341AE}\RP80\A0035414.exe (Trojan.Downloader) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{87243840-BBE8-43E0-9413-56D42AE341AE}\RP80\A0035649.exe (Adware.Zango) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{E4F56C38-D27E-4566-B659-FE9C8C8F1169}\RP115\A0238497.exe (Trojan.Downloader) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{E4F56C38-D27E-4566-B659-FE9C8C8F1169}\RP115\A0238501.exe (Trojan.Downloader) -> Quarantined and deleted successfully. E:\Documents and Settings\Getsuga Tensou\My Documents\Any Video Converter\MP4\Spot.Software.Spot.v4.4.21-TFT\crack\dd32.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully. E:\Documents and Settings\Getsuga Tensou\My Documents\Downloads\Avast! 4.8 PRO Keygen\Keygen\KeyMaker.exe (Trojan.Banker) -> Delete on reboot. E:\28.10.06\Capture Software\Keymaker.exe (Malware.Packer) -> Quarantined and deleted successfully. E:\28.10.06\programki\AIO_Activadores_2008_www.bookviet4a.org\AIO_Activadores_2008_www.bookviet4a.org\AIO Activadores 2008 [blog All in One].exe (Rogue.Installer) -> Quarantined and deleted successfully. E:\28.10.06\programki\Newwww\Camtasia Studio 5.1.0 + Key\Camtasia Studio 5.1.0+KEYGEN+PATCH\keygen.exe (Malware.Tool) -> Quarantined and deleted successfully. E:\28.10.06\programki\bsvj522\bsvj522\Cure\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. F:\DEKSTOPER\HoH_Hook\hack.exe (Trojan.Downloader) -> Quarantined and deleted successfully. F:\DEKSTOPER\SavagePrawnBot v1.3(2)\SavagePrawnBot v1.3\spbv1.3.exe (Trojan.Downloader) -> Quarantined and deleted successfully. F:\DEKSTOPER\Super Simple Wall v5.11\SSWv5.11.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. F:\DEKSTOPER\UltimateSpider-ManPLUS3Trainer\trainer.exe (Trojan.Downloader) -> Quarantined and deleted successfully. F:\Adobe CS 3\New Folder\New Folder\Super Simple Wall v4.8\Super Simple Wall v4.8\SSW4.8sss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. F:\Adobe CS 3\New Folder\fdsa\Super Simple Wall v4.6\S S Wall v4.6.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. F:\BFP\Нова папка (2)\xp_simulation_setup\Tutorial.exe (Trojan.Agent) -> Quarantined and deleted successfully. F:\BFP\LordOfTheRingsFellowshipOfTheRingPLUS4Trainer\trainer.exe (Trojan.Downloader) -> Quarantined and deleted successfully. F:\Mgame\UltimateSpider-ManPLUS3Trainer\trainer.exe (Trojan.Downloader) -> Quarantined and deleted successfully. F:\Mgame\Super Simple Wall v5.11\Super Simple Wall v5.11\SSWv5.11.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. F:\Mgame\Super Simple Wall v5.11\Super Simple Wall v5.11\Super Simple Wall v5.11\SSWv5.11.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. F:\Ultra.Video.Splitter.v3.5.8+Keygen\Ultra.Video.Splitter.v3.5.8+Keygen\keygen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. F:\BlazeVideo HDTV Player 2.5\blazevideo.hdtv.player.2.5-ismail.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Getsuga Tensou\Local Settings\Temp\meong.txt (Stolen.data) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully. След това направих и стъпка четри наново ето и резултата Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:21:18, on 17.10.2009 Platform: Windows XP SP3, v.5857 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Skype\Phone\Skype.exe C:\Documents and Settings\Getsuga Tensou\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Getsuga Tensou\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe C:\Documents and Settings\Getsuga Tensou\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Getsuga Tensou\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Getsuga Tensou\Local Settings\Application Data\Google\Chrome\Application\chrome.exe E:\Documents and Settings\Getsuga Tensou\My Documents\Downloads\Kaldata.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [scheduleTV] C:\Program Files\Gadmei\TVR PLUS\ScheduleTV.exe O4 - HKLM\..\Run: [uVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1240048988\ee\AOLSoftware.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WengoPhoneNG] C:\Program Files\WengoPhone\qtwengophone.exe -b O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Getsuga Tensou\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VideoGet_IE.dll O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VideoGet_IE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll O22 - SharedTaskScheduler: BjmaydinGcd - {7FBCD1BD-2D08-4A6D-88B5-F136CCEDB71C} - C:\WINDOWS\system32\bjmaydin.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing) -- End of file - 10766 bytes
  10. TrendMicro™ HijackThis™ (KALDATA) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:59:13, on 16.10.2009 Platform: Windows XP SP3, v.5857 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Documents and Settings\Getsuga Tensou\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Documents and Settings\Getsuga Tensou\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\Program Files\Skype\Phone\Skype.exe C:\Documents and Settings\Getsuga Tensou\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Getsuga Tensou\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\DOCUME~1\GETSUG~1\LOCALS~1\Temp\b.exe C:\Documents and Settings\Getsuga Tensou\Local Settings\Application Data\Google\Chrome\Application\chrome.exe E:\Documents and Settings\Getsuga Tensou\My Documents\Downloads\Malwarebytes Anti-Malware 1.41 (kaldata.com).exe C:\DOCUME~1\GETSUG~1\LOCALS~1\Temp\is-5KRPJ.tmp\Malwarebytes Anti-Malware 1.41 (kaldata.com).tmp C:\WINDOWS\system32\msiexec.exe E:\Documents and Settings\Getsuga Tensou\My Documents\Downloads\HiJackThis.exe E:\Documents and Settings\Getsuga Tensou\My Documents\Downloads\Kaldata.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\MsiExec.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [scheduleTV] C:\Program Files\Gadmei\TVR PLUS\ScheduleTV.exe O4 - HKLM\..\Run: [uVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1240048988\ee\AOLSoftware.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WengoPhoneNG] C:\Program Files\WengoPhone\qtwengophone.exe -b O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Getsuga Tensou\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe O4 - HKCU\..\Run: [Microsoft Update Machine] wxrtnn.exe O4 - HKCU\..\Run: [PopRock] C:\DOCUME~1\GETSUG~1\LOCALS~1\Temp\b.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VideoGet_IE.dll O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VideoGet_IE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll O22 - SharedTaskScheduler: BjmaydinGcd - {7FBCD1BD-2D08-4A6D-88B5-F136CCEDB71C} - C:\WINDOWS\system32\bjmaydin.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing) -- End of file - 11439 bytes
  11. Това ми дава кажете какво мислите(какво да правя)!! Най-важното ако го изтрия дали няма да прецака винбозицата.Та въпроса ми е да го трия или не Прочетох какво се изисква но не мисля че толкова сериозно просто искам и друго мнение
  12. Мерси много с Bitspirit стана да те питам някакви препоръки и настройки да дадеш за нея
  13. Мисилиш ли че от това ?
  14. Ето настройките DHT мисля че е включено и се криптира връзката за OC WinXp SP3 кръпки не схванах за какво става въпрос нон не съм слагал допълнения
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×
×
  • Добави ново...