Премини към съдържанието

Djembi

Потребител
  • Публикации

    12
  • Регистрация

  • Последно онлайн

Харесвания

0 Неутрална репутация

Всичко за Djembi

  • Титла
    Потребител
  • Рожден ден 28.12.1990

Информация

  • Пол
    Мъж
  • Град
    Варна

Контакти

  • Skype
    stefan5190
  1. ОК Вае пак как да си изтрия вируса ?
  2. Не те обвинявам Само казвам,че не ми засича дисковете като ги сложа в устройството. Използвам Opera. От тук не става http://www.opera.com/support/kb/view/802/ ....
  3. А за IE да не ми е browser-a по подразбиране? + това дори не ми засича и дисковете,че са вътре...и това е след тея всички процедури които направихме
  4. И какво правим сега,ако ми е изгубена информация и не мога да си я възтановя?... Кажи ми само как да си оправя autorun-а и CD,Floppy и USB и да спираме до тука докат не е станал fatal error... А да! и IE да не ми е browser-a по подразбиране П.С Ето ти линк - http://rapidshare.de/files/48720963/Mini102909-01.dmp.html
  5. Изтрих ComboFix и отново го инсталирах и пак не ми даде лог файл. Даде ми ето това - Благодаря ти за оказаната помощ,но след около седмица ще си преинсталирам PC-то и ще си слагам Windows 7,но през това време тези неща ще ми трябват (CD,Floppy,USB) и е много дразнещо като IE ми е browser-а по подразбиране! Сега ще ми кажеш ли как да си ги оправя както и autorun-a ? Благодаря!
  6. Бележка: Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа. ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране. ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме. ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си. В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема. Справих се сам с проблема с паметта сега,ако може само да кажеш как да си пусна пак autorun-а,IE да не ми е browser-а по подразбиране и как да си вкюча CD,Floppy и USB-то,защото са изключени.
  7. Не съществува такъв файл! :{
  8. Не ми изкара никакъв лог
  9. Тук ще имам малък проблем.Премахнах AskToolbar ,но ако премахна avast! Antivirus ,след което,ако вляза в интернен ще ми спре автоматично интернет достъпа,защото интернет доставчика ми ще ми засече,че компютъра ми е незащитен и има вирус/и. Ако може преди да я премахна и нея да ми препоръчаш някоя антивирусна програма....?
  10. Results of screen317's Security Check version 0.99.0 Windows XP Service Pack 2 Out of date service pack!! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! avast! Antivirus Antivirus out of date! `````````````````````````````` Anti-malware/Other Utilities Check: HijackThis 2.0.2 Java 6 Update 15 Adobe Flash Player 10 Adobe Reader 9.1.2 `````````````````````````````` Process Check: objlist.exe by Laurent Alwil Software Avast4 aswUpdSv.exe Alwil Software Avast4 ashServ.exe Alwil Software Avast4 ashDisp.exe Alwil Software Avast4 ashMaiSv.exe Alwil Software Avast4 ashWebSv.exe `````````````````````````````` DNS Vulnerability Check: POOR! (Vulnerable to DNS cache poisoning!!-- Consider OPENDNS) `````````End of Log``````````` След като сложих отметки на Drivers Processes SSDT Hidden Services Не ми излезе нито бутон ОК нито да слагам отметки на (C:\ , D:\ ....) ,а ми излезе направо този рапорт - ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/11/01 19:11 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0x9FD44000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xA217E000 Size: 8192 File Visible: No Signed: - Status: - Name: PCI_PNP1094 Image Path: \Driver\PCI_PNP1094 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0x9CC38000 Size: 49152 File Visible: No Signed: - Status: - Name: sphq.sys Image Path: sphq.sys Address: 0xF8464000 Size: 1048576 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - SSDT ------------------- #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa75186b8 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7518574 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7518a52 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa751814c #: 071 Function Name: NtEnumerateKey Status: Hooked by "sphq.sys" at address 0xf8483ca2 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "sphq.sys" at address 0xf8484030 #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa751864e #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa751808c #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa75180f0 #: 160 Function Name: NtQueryKey Status: Hooked by "sphq.sys" at address 0xf8484108 #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa751876e #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa751872e #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa75188ae Hidden Services ------------------- Service Name: ubksxhhik Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs ==EOF== ComboFix 09-10-30.01 - Administrator 11.2009 г. 19:25.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.511.161 [GMT 2:00] Running from: c:\documents and settings\Administrator\Desktop\Tool.exe.exe AV: avast! antivirus 4.8.1356 [VPS 091023-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Application Data\.# c:\documents and settings\Administrator\Application Data\.#\MBX@E38@962338.### c:\documents and settings\Administrator\Application Data\.#\MBX@E38@9648C8.### c:\documents and settings\Administrator\Application Data\.#\MBX@E38@9649B8.### c:\documents and settings\Administrator\Application Data\.#\MBX@E38@964D08.### c:\program files\driver . ((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2070-01-02 04:32 . 2070-01-02 04:32 -------- d-----w- c:\program files\K-Lite Codec Pack 2070-01-02 04:18 . 2070-01-02 04:18 -------- d-----w- c:\program files\Alwil Software 2070-01-02 04:11 . 2070-01-02 04:11 -------- d-----w- c:\program files\Realtek Sound Manager 2070-01-02 04:11 . 2070-01-02 04:11 -------- d-----w- c:\program files\AvRack 2070-01-02 04:11 . 2070-01-02 04:11 -------- d-----w- c:\program files\Realtek AC97 2070-01-02 04:09 . 2070-01-02 04:09 -------- d-----w- c:\program files\NVIDIA Corporation 2070-01-02 04:09 . 2070-01-02 04:09 -------- d-----w- c:\program files\Common Files\NVIDIA Shared 2070-01-02 04:05 . 2070-01-02 04:05 -------- d-----w- c:\program files\ATI Technologies 2070-01-02 03:54 . 2070-01-02 03:54 -------- d-----w- c:\program files\microsoft frontpage 2070-01-02 03:51 . 2070-01-02 03:51 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-11-01 17:20 . 2070-01-02 04:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype 2009-11-01 14:00 . 2009-03-02 22:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM 2009-11-01 13:05 . 2009-11-01 13:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-11-01 13:04 . 2009-11-01 13:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-01 13:04 . 2009-11-01 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-31 19:03 . 2009-06-13 13:09 -------- d-----w- c:\program files\Minilyrics 2009-10-31 18:58 . 2009-03-10 19:24 21048 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-31 05:42 . 2009-03-03 00:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-31 05:02 . 2009-10-31 05:02 -------- d-----w- c:\program files\Nettsenteret 2009-10-31 02:51 . 2009-10-31 02:51 -------- d-----w- c:\program files\Microsoft Silverlight 2009-10-30 18:48 . 2009-10-30 18:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic 2009-10-30 17:30 . 2009-03-09 10:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent 2009-10-28 01:48 . 2009-10-28 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Socusoft 2009-10-28 01:48 . 2009-10-28 01:47 -------- d-----w- c:\program files\DVD Photo Slideshow Professional 2009-10-28 01:40 . 2070-01-02 04:05 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-26 23:48 . 2009-10-26 23:48 0 ----a-w- c:\windows\nsreg.dat 2009-10-19 17:35 . 2009-03-03 01:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\BSplayer 2009-10-15 22:22 . 2009-03-03 18:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer 2009-10-15 22:20 . 2009-10-15 22:18 -------- d-----w- c:\program files\iTunes 2009-10-15 22:20 . 2009-10-15 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-15 22:19 . 2009-10-15 22:19 -------- d-----w- c:\program files\iPod 2009-10-15 22:18 . 2009-03-03 21:56 -------- d-----w- c:\program files\Common Files\Apple 2009-10-15 22:15 . 2009-10-15 22:14 -------- d-----w- c:\program files\QuickTime 2009-10-10 22:27 . 2009-10-10 22:27 -------- d-----w- c:\program files\ONAIR 2009-10-05 13:43 . 2009-09-18 23:41 -------- d-----w- c:\program files\SystemRequirementsLab 2009-10-05 13:43 . 2009-09-18 23:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab 2009-10-04 14:02 . 2009-03-02 23:39 -------- d-----w- c:\program files\Opera 2009-10-04 10:58 . 2005-01-01 21:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite 2009-10-03 13:07 . 2009-10-03 13:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2009-10-03 13:07 . 2009-10-03 13:07 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf 2009-10-02 14:15 . 2009-10-02 14:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-10-02 14:15 . 2009-10-02 14:15 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-10-02 14:09 . 2009-10-02 13:24 136472 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-10-02 14:08 . 2005-01-01 21:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia 2009-10-02 14:05 . 2009-10-02 13:38 -------- d-----w- c:\program files\Nokia 2009-10-02 14:05 . 2009-10-02 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaMusic 2009-10-02 14:04 . 2009-10-02 14:03 -------- d-----w- c:\program files\Common Files\muvee Technologies 2009-10-02 13:59 . 2005-01-01 21:42 -------- d-----w- c:\program files\Common Files\Nokia 2009-10-02 13:57 . 2005-01-01 21:42 -------- d-----w- c:\program files\DIFX 2009-10-02 13:23 . 2009-10-02 13:23 -------- d-----w- c:\program files\MSBuild 2009-10-02 13:23 . 2009-10-02 13:23 -------- d-----w- c:\program files\Reference Assemblies 2009-10-02 13:14 . 2009-10-02 13:14 -------- d-----w- c:\program files\MSXML 6.0 2009-09-26 15:50 . 2009-09-26 15:49 -------- d-----w- c:\program files\Altiris 2009-09-15 10:59 . 2009-10-09 17:40 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-15 10:56 . 2009-10-09 17:41 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-09-15 10:56 . 2009-10-09 17:41 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-09-15 10:55 . 2009-10-09 17:41 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-09-15 10:55 . 2009-10-09 17:41 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-09-15 10:54 . 2009-10-09 17:41 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-09-15 10:54 . 2009-10-09 17:41 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-09-15 10:53 . 2009-10-09 17:41 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-09-15 10:53 . 2009-10-09 17:41 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-09-13 08:48 . 2009-09-13 08:48 -------- d-----w- c:\program files\Panerai 2009-09-12 10:21 . 2009-07-18 22:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{11AE5274-ACE4-48DC-8781-BA074146E52A} 2009-09-10 12:54 . 2009-11-01 13:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 12:53 . 2009-11-01 13:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-28 16:42 . 2009-07-06 18:11 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-08-28 16:42 . 2009-03-03 21:56 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-04-15 01:25 . 2009-04-02 23:51 326123 -csha-w- c:\windows\system32\9\klog.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP0.dll" [2009-07-13 2215960] [HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] 2009-07-13 22:10 2215960 ----a-w- c:\program files\MyPlayCity\tbMyP0.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-04-02 16:50 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP0.dll" [2009-07-13 2215960] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864] [HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP0.dll" [2009-07-13 2215960] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864] [HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-21 39408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688] "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-04 133104] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584] "ONAIR"="c:\program files\ONAIR\ONAIR.exe" [2009-10-09 680960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-21 68592] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "PCSuiteTrayApplication"="e:\nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 222720] "NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-22 2331936] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-08-17 90112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] "PcSync"="e:\nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ ImpulseNow.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-4-7 356352] Stardock ObjectDock.lnk - c:\program files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe [2009-4-30 3446512] c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2009-3-3 151552] wskype.lnk - c:\program files\wskype\wskype.exe [2007-5-5 23552] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7679:TCP"= 7679:TCP:mrppoh R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [09.10.2009 і. 19:41 114768] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [02.1.2070 і. 06:07 13696] R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [22.8.2009 і. 22:04 24786] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09.10.2009 і. 19:41 20560] R3 AEXPAM;Philips SmartManage Service;c:\windows\system32\drivers\aexpamdrv.sys [01.9.2004 і. 13:10 21824] R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 і. 12:29 162176] S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?] S2 ubksxhhik;Monitor Installer;c:\windows\system32\svchost.exe -k netsvcs [04.8.2004 і. 00:56 14336] S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [22.8.2009 і. 22:04 45534] --- Other Services/Drivers In Memory --- *NewlyCreated* - CLASSPNP_2 *NewlyCreated* - MBR *Deregistered* - CLASSPNP_2 *Deregistered* - mbr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ubksxhhik [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6455F474-9574-DC40-8169-05DC9F701D2B}] c:\windows\system32\9\9r.exe s . Contents of the 'Scheduled Tasks' folder 2009-10-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1390067357-839522115-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-04 21:14] 2009-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1390067357-839522115-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-04 21:14] 2009-11-01 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2009-04-02 16:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.theprizeday.com/today.php uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: {157D1474-84EC-4C08-8EDD-258123F28169} = 10.6.0.1 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6jycemp8.default\ FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll . - - - - ORPHANS REMOVED - - - - HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe AddRemove-HijackThis - c:\hijack this\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-01 19:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ubksxhhik] "ServiceDll"="c:\windows\system32\odxky.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(728) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-11-01 19:35 ComboFix-quarantined-files.txt 2009-11-01 17:34 Pre-Run: 3 032 506 368 bytes free Post-Run: 3 207 102 464 bytes free - - End Of File - - 1974468BA678A389AF7AAE386F515F01
  11. Ето това е лог-а от Malwarebytes' Anti-Malware (По време на сканиването AVAST! се обади 2 пъти - 1 троянец и 1 червей,след края на сканирането поиска рестарт на PC-to) Malwarebytes' Anti-Malware 1.41 Database version: 3076 Windows 5.1.2600 Service Pack 2 01.11.2009 г. 16:46:11 mbam-log-2009-11-01 (16-46-11).txt Scan type: Full Scan (C:\|D:\|E:\|) Objects scanned: 215173 Time elapsed: 1 hour(s), 38 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 16 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 16 Files Infected: 152 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully. C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\system32 (Backdoor.Bifrose) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins (Adware.DoubleD) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\juicyaccess_installer.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Sony\Sound Forge 9.0\sony.sound.forge.9.0c.build.405-NoPE.exe (Trojan.Downloader) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{7C1798CD-8B6B-474F-BBFD-D877794C35CD}\RP23\A0022399.exe (Trojan.Downloader) -> Quarantined and deleted successfully. E:\vdfsv\Keygen_photoshop_cs3\Keygen photoshop cs3\activator\activator.exe (Trojan.Agent) -> Quarantined and deleted successfully. E:\vdfsv\Keygen_photoshop_cs3\Keygen photoshop cs3\Serial\keygen2.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Program Files\system32\logg.dat (Backdoor.Bifrose) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090719-015149.812.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090719-015233.437.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090720-134752.625.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-120101.359.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-160002.359.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-094909.125.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-160101.531.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-181711.390.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-001818.937.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-161856.187.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-110241.421.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-131510.203.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-131546.765.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-182638.890.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090725-085101.000.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090726-032942.484.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090727-065413.328.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090727-122930.718.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090727-124000.156.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090727-182215.375.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090728-061815.578.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090728-160158.156.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090728-160500.968.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090728-175743.484.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090728-190857.703.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090729-091735.437.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090729-143327.812.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090729-143606.843.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090729-144805.359.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-094703.765.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-094707.062.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-133929.890.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090808-063847.921.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090808-153934.593.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090808-233941.093.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-013557.234.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-020947.375.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-104029.781.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-105031.328.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-194008.531.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-194208.421.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-002034.218.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-155056.015.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-230908.656.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-093034.828.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-181459.578.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-121610.921.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090817-090934.000.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090818-004040.015.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090818-164011.890.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090818-183902.875.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090819-200722.593.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090821-170218.656.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090822-160537.375.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090822-162855.640.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090822-165125.250.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090825-163543.375.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-170116.203.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-170216.656.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-170825.031.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090830-015104.937.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090830-200434.593.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090902-142323.843.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090903-041139.765.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090903-192323.609.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090905-035158.937.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090905-035213.406.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090905-181435.531.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090905-232238.687.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090912-130748.015.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090912-132617.156.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\01c9eb2893468d1fba80553d2b75bd30.gif (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\867b44b1158783875052f103c3a2f11a.gif (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\bc83ac54dd36e7479704363c8fbd7e43.gif (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\c14631dd1d688aa0ae8e9c9dd396c653.gif (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\addon.dat (Malware.Trace) -> Quarantined and deleted successfully. Ето го и лог-а от TrendMicro™ HijackThis™ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:08:59, on 01.11.2009 г. Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\Datecs\Flex2K.exe C:\Program Files\wskype\wskype.exe C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Opera\opera.exe C:\HiJack This\Kaldata.exe.exe C:\HiJack This\Kaldata.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ONAIR] C:\Program Files\ONAIR\ONAIR.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe O4 - Global Startup: FlexType 2K.lnk = ? O4 - Global Startup: wskype.lnk = ? O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{157D1474-84EC-4C08-8EDD-258123F28169}: NameServer = 10.6.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{157D1474-84EC-4C08-8EDD-258123F28169}: NameServer = 10.6.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{157D1474-84EC-4C08-8EDD-258123F28169}: NameServer = 10.6.0.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 9339 bytes
  12. Преди време бях хванал някакъв много гаден вирус,който ми изтри 90% от инфо-то в PC-то. Ок...върнах голяма част от файловете след преинсталация на Windows-a с една програма,НО...пак има някакъв проблем. (D:) & (E:) са ми по 68,5 GB,а ми показва,че имам около 3 GB free space,а аз нямам повече от по около 12-15 GB във всеки един от 2-та....Някой някакво предположение как да се оправи ?
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.