Премини към съдържанието

KaWaii

Потребител
  • Публикации

    25
  • Регистрация

  • Последно онлайн

Харесвания

0 Неутрална репутация

Всичко за KaWaii

  • Титла
    Потребител
  1. Махнах всичко, проблема остава. Дадох за всеки случаи след деинсталирането и system restore за миналия месец (26), но сега пак се рестартира всеки път щом стигне до логото на windows.
  2. Пробвахме с last known и не става. Търсихме да деинсталираме нещата, но нищо не намерихме (?). Намираме папката, тръгва програмата, но uninstall няма, а това което прилича на него просто не тръгва. Няма я и в списъка с програмите (на Add or remove programs)
  3. Нека започна с това, че става въпрос за компютър на близо 10 години, windows XP. Скоро решихме да пъхнем в компютъра флашка за мобилен интернет на vivacom. Инсталирахме я и всичко беше ОК. При следващото пускане на компютъра, той не можеше да продължи след като стига до логото на Windows (където зарежда). След него постоянно се рестартираше. След малко търсене в интернет намерих как да спра рестартирането, за да видя какъв е точно проблема. Тогава видях великия син екран. Пише "driver_irql_not_less_or_equal". Четох и разбрах, че това е вероятно проблем с драйвер, а ние тъкмо бяхме инсталирали драйверите за въпросната флашка. На няколко места пишеше, че е добре да се сложи SP3 (ние бяхме на SP2), инсталирах го на Safe mode и при рестартирането се появи пак син екран, но този път се появи и нещо свързано с "atapi.sys". При следващото рестартиране то изчезна и остана стария син екран отново с "driver_irql_not_less_or_equal". Приемам всякаква помощ, до колкото разбрах преинсталиране на Windows ще оправи проблема, но ако може да се оправи и без това няма да откажа. Благодаря предварително!
  4. Този път бая закъснях с отговора, но бях в София и нямаше как да стане. Отново се извинявам ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=b72b8051184df848a4e48ae80c8ba0fd # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-03-15 09:49:27 # local_time=2012-03-15 11:49:27 (+0200, FLE Standard Time) # country="Bulgaria" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1797 16774142 0 6 449600 68382120 0 0 # compatibility_mode=8192 67108863 100 0 3786 3786 0 0 # scanned=165739 # found=11 # cleaned=11 # scan_time=9839 C:\Documents and Settings\home\Desktop\Meine nicht deine\FableTrn.exe probably a variant of Win32/Spy.Agent.BMYYYSA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Cheat Engine\Cheat Engine.exe a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Cheat Engine\dbk32.dll a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Cheat Engine\dbk32.sys Win32/HackTool.CheatEngine application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Cheat Engine\Systemcallretriever.exe a variant of Win32/HackTool.SystemCall.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Cheat Engine\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Garena\plugins\UI\GEngine.dll probably a variant of Win32/Agent.LIJKDGU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Sony Vegas Movie Studio Platinum Edition Pro v9.a Build 85\patch.exe Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Program Files\winamp5601_full_emusic-7plus_en-us.exe.vir Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettingsRes409.dll.vir Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=b72b8051184df848a4e48ae80c8ba0fd # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-03-25 06:15:21 # local_time=2012-03-25 09:15:21 (+0200, FLE Daylight Time) # country="Bulgaria" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1797 16774142 0 6 1298614 69231134 0 0 # compatibility_mode=8192 67108863 100 0 849200 849200 0 0 # scanned=262157 # found=15 # cleaned=15 # scan_time=11971 C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1253\A0332812.sys a variant of Win32/Rootkit.Kryptik.KL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1256\A0335676.dll Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1256\A0335677.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1259\A0337986.exe probably a variant of Win32/Spy.Agent.BMYYYSA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1259\A0337990.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1259\A0337992.exe a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1259\A0337993.dll a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1259\A0337994.sys Win32/HackTool.CheatEngine application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1259\A0337995.exe a variant of Win32/HackTool.SystemCall.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1259\A0337996.exe a variant of Win32/HackTool.SystemCall.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1259\A0338000.dll probably a variant of Win32/Agent.LIJKDGU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1259\A0338003.exe Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\WINDOWS\pss\PowerReg Scheduler.exeStartup Win32/PowerReg application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Games\SolSuite.2007.v7.11.WinAll.Incl.KeyGen-NeoX\keygen.exe a variant of Win32/Keygen.AM application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1267\A0342324.exe a variant of Win32/Keygen.AM application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  5. ComboFix 12-03-12.03 - home 03.2012 г. 20:33:52.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.1983.1498 [GMT 2:00] Running from: c:\documents and settings\home\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\home\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 ))))))))))))))))))))))))))))))) . . 2012-03-10 14:09 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-03-10 14:09 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-03-10 14:09 . 2012-03-07 00:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-03-10 14:09 . 2012-03-07 00:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-03-10 14:09 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-10 14:09 . 2012-03-07 00:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-03-10 14:09 . 2012-03-07 00:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-03-10 14:09 . 2012-03-06 23:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-03-10 14:08 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr 2012-03-10 14:08 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-10 14:01 . 2012-03-10 14:01 -------- d-----w- c:\windows\system32\wbem\Repository 2012-03-10 11:58 . 2012-03-10 14:08 -------- d-----w- c:\program files\AVAST Software 2012-03-10 11:58 . 2012-03-10 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-03-10 11:21 . 2012-03-10 11:21 -------- d-----w- c:\documents and settings\home\Application Data\DriverCure 2012-03-10 11:21 . 2012-03-10 11:21 -------- d-----w- c:\program files\SpeedyPC Software 2012-03-10 11:21 . 2012-03-10 11:21 -------- d-----w- c:\program files\Common Files\SpeedyPC Software 2012-03-10 11:21 . 2012-03-10 11:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software 2012-03-10 10:33 . 2012-03-10 10:33 -------- d-----w- c:\documents and settings\LocalService\IETldCache 2012-03-10 10:25 . 2012-03-10 13:58 -------- d-sh--w- c:\documents and settings\home\Local Settings\Application Data\9f790a05 2012-02-23 16:49 . 2012-02-25 16:32 -------- d-----w- c:\documents and settings\home\riotsGamesLogs 2012-02-23 16:49 . 2012-02-23 16:49 -------- d-----w- c:\documents and settings\home\Application Data\LolClient 2012-02-23 00:40 . 2012-02-23 00:40 -------- d-----w- c:\program files\Common Files\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-11 16:54 . 2010-08-20 17:32 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-01-28 21:11 . 2012-01-28 21:11 629288 ----a-w- C:\WindowsXP-KB932823-v3-x86-ENU.exe 2012-01-28 20:59 . 2012-01-28 20:59 16883056 ----a-w- C:\Internet_Explorer_8_0.exe 2011-05-06 09:42 . 2011-05-06 09:42 14310930 ----a-w- c:\program files\any-video-converter-free.exe 2011-01-28 17:48 . 2011-01-28 17:48 359940 ----a-w- c:\program files\shoutcast-dsp-2-1-3-windows.exe 2011-01-28 17:46 . 2011-01-28 17:46 1948225 ----a-w- c:\program files\shoutcast-dnas-1-9-8-windows.exe 2011-01-19 22:10 . 2011-01-19 22:05 94112150 ----a-w- c:\program files\AC Web Ultimate Repack.exe 2011-01-19 22:01 . 2011-01-19 22:00 31323871 ----a-w- c:\program files\xampp-win32-1.5.2-installer.exe 2011-01-04 19:43 . 2011-01-04 19:22 232501 ----a-w- c:\program files\Minecraft.exe 2011-01-04 19:24 . 2011-01-04 19:24 232501 ----a-w- c:\program files\Minecraft(2).exe 2011-01-03 20:45 . 2011-01-03 20:45 3514656 ----a-w- c:\program files\TeamViewer_Setup.exe 2010-12-31 13:52 . 2010-12-31 13:52 401728 ----a-w- c:\program files\setup.exe 2010-12-30 21:33 . 2010-12-30 21:33 568648 ----a-w- c:\program files\GoogleEarthSetup.exe 2010-12-11 18:44 . 2010-12-11 18:44 2790864 ----a-w- c:\program files\install_flash_player.exe 2010-12-10 14:03 . 2010-12-10 14:03 22971688 ----a-w- c:\program files\Skype 4.2.0.169.exe 2010-12-09 18:03 . 2010-12-09 18:02 8027408 ----a-w- c:\program files\boost-speed-setup.exe 2012-02-19 07:53 . 2011-05-01 07:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-03-12_16.01.07 ))))))))))))))))))))))))))))))))))))))))) . + 2012-03-15 18:45 . 2012-03-15 18:45 16384 c:\windows\Temp\Perflib_Perfdata_7b8.dat + 2012-03-15 18:45 . 2012-03-15 18:45 16384 c:\windows\Temp\Perflib_Perfdata_3b0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-28 3077528] "Akamai NetSession Interface"="c:\documents and settings\home\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 3329824] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112] "RTHDCPL"="RTHDCPL.EXE" [2009-12-08 18789920] "Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-10-15 380416] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200] "NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2006-10-04 53760] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-30 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 2.1.lnk backup=c:\windows\pss\Digimax Viewer 2.1.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^ _-=TIgI-sCripT=-_.lnk] path=c:\documents and settings\home\Start Menu\Programs\Startup\ _-=TIgI-sCripT=-_.lnk backup=c:\windows\pss\ _-=TIgI-sCripT=-_.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^.lnk] path=c:\documents and settings\home\Start Menu\Programs\Startup\.lnk backup=c:\windows\pss\.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^PowerReg Scheduler.exe] path=c:\documents and settings\home\Start Menu\Programs\Startup\PowerReg Scheduler.exe backup=c:\windows\pss\PowerReg Scheduler.exeStartup . [HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^The Matrix_ Path of Neo Registration.lnk] path=c:\documents and settings\home\Start Menu\Programs\Startup\The Matrix_ Path of Neo Registration.lnk backup=c:\windows\pss\The Matrix_ Path of Neo Registration.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 21:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MorEmoticons] 2007-11-12 02:35 64000 ----a-w- c:\program files\MorEmoticons\Moremoticons.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Games\\war\\Warcraft III\\Warcraft III.exe"= "d:\\Games\\war\\Warcraft III\\War3.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Garena\\Garena.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "e:\\Games2\\CS\\hl.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "e:\\Games2\\CS\\hlds.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\wow server\\xampp\\apache\\bin\\apache.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "e:\\Games2\\AOE2\\AOE2\\empires2.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\home\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "23183:TCP"= 23183:TCP:BitComet 23183 TCP "23183:UDP"= 23183:UDP:BitComet 23183 UDP "6612:TCP"= 6612:TCP:Blizard Downloader "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "13189:TCP"= 13189:TCP:BitComet 13189 TCP "13189:UDP"= 13189:UDP:BitComet 13189 UDP "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675 "2706:TCP"= 2706:TCP:Inhatch P2P Streaming "2707:TCP"= 2707:TCP:Inhatch P2P Streaming "2708:TCP"= 2708:TCP:Inhatch P2P Streaming "2709:TCP"= 2709:TCP:Inhatch P2P Streaming "58389:TCP"= 58389:TCP:Pando Media Booster "58389:UDP"= 58389:UDP:Pando Media Booster "1113:TCP"= 1113:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.9.2007 г. 22:02 691696] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.3.2012 г. 16:09 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.3.2012 г. 16:09 337880] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04.8.2004 г. 00:56 14336] R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [16.12.2009 г. 17:38 375296] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.3.2012 г. 16:09 20696] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20.8.2010 г. 19:32 652360] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [08.10.2011 г. 07:48 2255464] R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [10.8.2011 г. 13:13 4096] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.8.2010 г. 19:32 20464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 г. 12:16 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05.8.2009 г. 20:21 133104] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [15.2.2012 г. 13:30 158856] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.11.2010 г. 00:54 1691480] S3 cpuz130;cpuz130;\??\c:\docume~1\home\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\home\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [04.12.2010 г. 15:25 130976] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\home\LOCALS~1\Temp\HQO85.tmp --> c:\docume~1\home\LOCALS~1\Temp\HQO85.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\d:\games\Garena\safedrv.sys --> d:\games\Garena\safedrv.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [05.8.2009 г. 20:21 133104] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [20.8.2010 г. 19:32 40776] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 г. 12:16 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:20] . 2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:20] . 2012-03-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-1303643608-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 19:09] . 2012-03-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-1303643608-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 19:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1 uInternet Settings,ProxyServer = 213.185.116.218:3128 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &С&валяне &с BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &С&валяне на всички с BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: &С&валяне на всичкото видео с BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} Trusted Zone: ubb.bg\ebb TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{DCBC3E0E-D6A9-4EAE-B79E-C26871E46E0B}: NameServer = 212.39.90.42,212.39.90.43 FF - ProfilePath - c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\ieu1njgb.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/picpick/{E56BB3A3-CA04-4D5B-992E-7732EF0E806D}?q= FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-15 20:46 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\home\LOCALS~1\Temp\HQO85.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1056) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(2592) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\wow server\xampp\mysql\bin\mysqld.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PnkBstrA.exe c:\program files\ATI Technologies\ATI.ACE\CLI.EXE c:\windows\RTHDCPL.EXE c:\windows\system32\RunDLL32.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\program files\ATI Technologies\ATI.ACE\cli.exe . ************************************************************************** . Completion time: 2012-03-15 20:50:32 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-15 18:50 ComboFix2.txt 2012-03-15 17:30 ComboFix3.txt 2012-03-12 16:04 . Pre-Run: 38 616 440 832 bytes free Post-Run: 38 627 155 968 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn . - - End Of File - - 068C3D86620DAE3DA5F4B833595BF26F
  6. Вече привършва, но само да те питам - всеки път като сканира ComboFix (така де - последните 2 пъти) аваст ми намира файла \??\C:\DOCUME~1\home\LOCALS~1\Temp\catchme.sys . Дава ми опции да го изтрия или игнорирам...кое да направя?
  7. В момента се сканира и пиша от другия компютър. Нормално ли е пак да ми показва съобщения за ZeroAccess и rootkit (и отново рестартира компютъра - винаги го прави като пускам ComboFix)?
  8. Не, всичко върви нормално Вчера само един път изведнъж много се забави (като цяло интернета и системата), но след рестартиране се оправи, така че предполагам, че може да е било просто нещо временно. Благодаря много!
  9. Извинявам се за късния пост, но напоследък нямах време да седя на компютъра. ComboFix 12-03-12.03 - home 03.2012 г. 19:12:35.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.1983.1494 [GMT 2:00] Running from: c:\documents and settings\home\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\home\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . FILE :: "c:\program files\AskBarDis\bar\bin\askBar.dll" "c:\program files\ConduitEngine\ConduitEngine.dll" "c:\program files\Softonic_English\prxtbSof0.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\antivir c:\antivir\avz4\avz.exe c:\antivir\avz4\avz.url c:\antivir\avz4\avz_en.chm c:\antivir\avz4\avz_ru.chm c:\antivir\avz4\Base\backup.avz c:\antivir\avz4\Base\bt.avz c:\antivir\avz4\Base\exc.avz c:\antivir\avz4\Base\extract.avz c:\antivir\avz4\Base\keylogger.avz c:\antivir\avz4\Base\krnldrv.avz c:\antivir\avz4\Base\lang_en.avz c:\antivir\avz4\Base\lang_ru.avz c:\antivir\avz4\Base\main.avz c:\antivir\avz4\Base\main001.avz c:\antivir\avz4\Base\main002.avz c:\antivir\avz4\Base\main003.avz c:\antivir\avz4\Base\main004.avz c:\antivir\avz4\Base\main005.avz c:\antivir\avz4\Base\main006.avz c:\antivir\avz4\Base\main007.avz c:\antivir\avz4\Base\main008.avz c:\antivir\avz4\Base\main009.avz c:\antivir\avz4\Base\main010.avz c:\antivir\avz4\Base\main011.avz c:\antivir\avz4\Base\main012.avz c:\antivir\avz4\Base\main013.avz c:\antivir\avz4\Base\main014.avz c:\antivir\avz4\Base\main015.avz c:\antivir\avz4\Base\main016.avz c:\antivir\avz4\Base\main017.avz c:\antivir\avz4\Base\main018.avz c:\antivir\avz4\Base\main019.avz c:\antivir\avz4\Base\main020.avz c:\antivir\avz4\Base\main021.avz c:\antivir\avz4\Base\main022.avz c:\antivir\avz4\Base\main023.avz c:\antivir\avz4\Base\main024.avz c:\antivir\avz4\Base\main025.avz c:\antivir\avz4\Base\main026.avz c:\antivir\avz4\Base\main027.avz c:\antivir\avz4\Base\main028.avz c:\antivir\avz4\Base\main029.avz c:\antivir\avz4\Base\neural.avz c:\antivir\avz4\Base\neurald.avz c:\antivir\avz4\Base\neurale.avz c:\antivir\avz4\Base\neuralm.avz c:\antivir\avz4\Base\ports.avz c:\antivir\avz4\Base\prt.avz c:\antivir\avz4\Base\repair.avz c:\antivir\avz4\Base\rootkit.avz c:\antivir\avz4\Base\scripts.avz c:\antivir\avz4\Base\scu.avz c:\antivir\avz4\Base\signf001.avz c:\antivir\avz4\Base\signf002.avz c:\antivir\avz4\Base\signf003.avz c:\antivir\avz4\Base\signf004.avz c:\antivir\avz4\Base\signf005.avz c:\antivir\avz4\Base\signf006.avz c:\antivir\avz4\Base\signfusr.avz c:\antivir\avz4\Base\syscheck.avz c:\antivir\avz4\Base\sysipu.avz c:\antivir\avz4\Base\tsw-auto.avz c:\antivir\avz4\Base\tsw.avz c:\antivir\avz4\LOG\KL_syscure.htm c:\antivir\avz4\LOG\KL_syscure.xml c:\antivir\avz4\LOG\KL_syscure.zip c:\antivir\avz4\quarantine.zip c:\antivir\avz4\version.txt c:\documents and settings\home\Application Data\PriceGong c:\documents and settings\home\Application Data\PriceGong\Data\1.xml c:\documents and settings\home\Application Data\PriceGong\Data\a.xml c:\documents and settings\home\Application Data\PriceGong\Data\b.xml c:\documents and settings\home\Application Data\PriceGong\Data\c.xml c:\documents and settings\home\Application Data\PriceGong\Data\d.xml c:\documents and settings\home\Application Data\PriceGong\Data\e.xml c:\documents and settings\home\Application Data\PriceGong\Data\f.xml c:\documents and settings\home\Application Data\PriceGong\Data\g.xml c:\documents and settings\home\Application Data\PriceGong\Data\h.xml c:\documents and settings\home\Application Data\PriceGong\Data\i.xml c:\documents and settings\home\Application Data\PriceGong\Data\J.xml c:\documents and settings\home\Application Data\PriceGong\Data\k.xml c:\documents and settings\home\Application Data\PriceGong\Data\l.xml c:\documents and settings\home\Application Data\PriceGong\Data\m.xml c:\documents and settings\home\Application Data\PriceGong\Data\n.xml c:\documents and settings\home\Application Data\PriceGong\Data\o.xml c:\documents and settings\home\Application Data\PriceGong\Data\p.xml c:\documents and settings\home\Application Data\PriceGong\Data\q.xml c:\documents and settings\home\Application Data\PriceGong\Data\r.xml c:\documents and settings\home\Application Data\PriceGong\Data\s.xml c:\documents and settings\home\Application Data\PriceGong\Data\t.xml c:\documents and settings\home\Application Data\PriceGong\Data\u.xml c:\documents and settings\home\Application Data\PriceGong\Data\v.xml c:\documents and settings\home\Application Data\PriceGong\Data\w.xml c:\documents and settings\home\Application Data\PriceGong\Data\x.xml c:\documents and settings\home\Application Data\PriceGong\Data\y.xml c:\documents and settings\home\Application Data\PriceGong\Data\z.xml . . ((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 ))))))))))))))))))))))))))))))) . . 2012-03-10 14:09 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-03-10 14:09 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-03-10 14:09 . 2012-03-07 00:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-03-10 14:09 . 2012-03-07 00:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-03-10 14:09 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-10 14:09 . 2012-03-07 00:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-03-10 14:09 . 2012-03-07 00:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-03-10 14:09 . 2012-03-06 23:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-03-10 14:08 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr 2012-03-10 14:08 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-10 14:01 . 2012-03-10 14:01 -------- d-----w- c:\windows\system32\wbem\Repository 2012-03-10 11:58 . 2012-03-10 14:08 -------- d-----w- c:\program files\AVAST Software 2012-03-10 11:58 . 2012-03-10 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-03-10 11:21 . 2012-03-10 11:21 -------- d-----w- c:\documents and settings\home\Application Data\DriverCure 2012-03-10 11:21 . 2012-03-10 11:21 -------- d-----w- c:\program files\SpeedyPC Software 2012-03-10 11:21 . 2012-03-10 11:21 -------- d-----w- c:\program files\Common Files\SpeedyPC Software 2012-03-10 11:21 . 2012-03-10 11:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software 2012-03-10 10:33 . 2012-03-10 10:33 -------- d-----w- c:\documents and settings\LocalService\IETldCache 2012-03-10 10:25 . 2012-03-10 13:58 -------- d-sh--w- c:\documents and settings\home\Local Settings\Application Data\9f790a05 2012-02-23 16:49 . 2012-02-25 16:32 -------- d-----w- c:\documents and settings\home\riotsGamesLogs 2012-02-23 16:49 . 2012-02-23 16:49 -------- d-----w- c:\documents and settings\home\Application Data\LolClient 2012-02-23 00:40 . 2012-02-23 00:40 -------- d-----w- c:\program files\Common Files\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-11 16:54 . 2010-08-20 17:32 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-01-28 21:11 . 2012-01-28 21:11 629288 ----a-w- C:\WindowsXP-KB932823-v3-x86-ENU.exe 2012-01-28 20:59 . 2012-01-28 20:59 16883056 ----a-w- C:\Internet_Explorer_8_0.exe 2011-05-06 09:42 . 2011-05-06 09:42 14310930 ----a-w- c:\program files\any-video-converter-free.exe 2011-01-28 17:48 . 2011-01-28 17:48 359940 ----a-w- c:\program files\shoutcast-dsp-2-1-3-windows.exe 2011-01-28 17:46 . 2011-01-28 17:46 1948225 ----a-w- c:\program files\shoutcast-dnas-1-9-8-windows.exe 2011-01-19 22:10 . 2011-01-19 22:05 94112150 ----a-w- c:\program files\AC Web Ultimate Repack.exe 2011-01-19 22:01 . 2011-01-19 22:00 31323871 ----a-w- c:\program files\xampp-win32-1.5.2-installer.exe 2011-01-04 19:43 . 2011-01-04 19:22 232501 ----a-w- c:\program files\Minecraft.exe 2011-01-04 19:24 . 2011-01-04 19:24 232501 ----a-w- c:\program files\Minecraft(2).exe 2011-01-03 20:45 . 2011-01-03 20:45 3514656 ----a-w- c:\program files\TeamViewer_Setup.exe 2010-12-31 13:52 . 2010-12-31 13:52 401728 ----a-w- c:\program files\setup.exe 2010-12-30 21:33 . 2010-12-30 21:33 568648 ----a-w- c:\program files\GoogleEarthSetup.exe 2010-12-11 18:44 . 2010-12-11 18:44 2790864 ----a-w- c:\program files\install_flash_player.exe 2010-12-10 14:03 . 2010-12-10 14:03 22971688 ----a-w- c:\program files\Skype 4.2.0.169.exe 2010-12-09 18:03 . 2010-12-09 18:02 8027408 ----a-w- c:\program files\boost-speed-setup.exe 2012-02-19 07:53 . 2011-05-01 07:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\home\Local Settings\Application Data\9f790a05 ---- . 2012-03-10 10:25 . 2012-03-10 10:25 2048 --sha-w- c:\documents and settings\home\Local Settings\Application Data\9f790a05\@ . . ((((((((((((((((((((((((((((( SnapShot@2012-03-12_16.01.07 ))))))))))))))))))))))))))))))))))))))))) . + 2012-03-15 17:24 . 2012-03-15 17:24 16384 c:\windows\Temp\Perflib_Perfdata_6a8.dat + 2012-03-15 17:24 . 2012-03-15 17:24 16384 c:\windows\Temp\Perflib_Perfdata_640.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-28 3077528] "Akamai NetSession Interface"="c:\documents and settings\home\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 3329824] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112] "RTHDCPL"="RTHDCPL.EXE" [2009-12-08 18789920] "Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-10-15 380416] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200] "NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2006-10-04 53760] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-30 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 2.1.lnk backup=c:\windows\pss\Digimax Viewer 2.1.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^ _-=TIgI-sCripT=-_.lnk] path=c:\documents and settings\home\Start Menu\Programs\Startup\ _-=TIgI-sCripT=-_.lnk backup=c:\windows\pss\ _-=TIgI-sCripT=-_.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^.lnk] path=c:\documents and settings\home\Start Menu\Programs\Startup\.lnk backup=c:\windows\pss\.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^PowerReg Scheduler.exe] path=c:\documents and settings\home\Start Menu\Programs\Startup\PowerReg Scheduler.exe backup=c:\windows\pss\PowerReg Scheduler.exeStartup . [HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^The Matrix_ Path of Neo Registration.lnk] path=c:\documents and settings\home\Start Menu\Programs\Startup\The Matrix_ Path of Neo Registration.lnk backup=c:\windows\pss\The Matrix_ Path of Neo Registration.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 21:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MorEmoticons] 2007-11-12 02:35 64000 ----a-w- c:\program files\MorEmoticons\Moremoticons.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Games\\war\\Warcraft III\\Warcraft III.exe"= "d:\\Games\\war\\Warcraft III\\War3.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Garena\\Garena.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "e:\\Games2\\CS\\hl.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "e:\\Games2\\CS\\hlds.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\wow server\\xampp\\apache\\bin\\apache.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "e:\\Games2\\AOE2\\AOE2\\empires2.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\home\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "23183:TCP"= 23183:TCP:BitComet 23183 TCP "23183:UDP"= 23183:UDP:BitComet 23183 UDP "6612:TCP"= 6612:TCP:Blizard Downloader "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "13189:TCP"= 13189:TCP:BitComet 13189 TCP "13189:UDP"= 13189:UDP:BitComet 13189 UDP "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675 "2706:TCP"= 2706:TCP:Inhatch P2P Streaming "2707:TCP"= 2707:TCP:Inhatch P2P Streaming "2708:TCP"= 2708:TCP:Inhatch P2P Streaming "2709:TCP"= 2709:TCP:Inhatch P2P Streaming "58389:TCP"= 58389:TCP:Pando Media Booster "58389:UDP"= 58389:UDP:Pando Media Booster "1089:TCP"= 1089:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.9.2007 г. 22:02 691696] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.3.2012 г. 16:09 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.3.2012 г. 16:09 337880] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04.8.2004 г. 00:56 14336] R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [16.12.2009 г. 17:38 375296] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.3.2012 г. 16:09 20696] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20.8.2010 г. 19:32 652360] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [08.10.2011 г. 07:48 2255464] R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [10.8.2011 г. 13:13 4096] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.8.2010 г. 19:32 20464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 г. 12:16 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05.8.2009 г. 20:21 133104] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [15.2.2012 г. 13:30 158856] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.11.2010 г. 00:54 1691480] S3 cpuz130;cpuz130;\??\c:\docume~1\home\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\home\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [04.12.2010 г. 15:25 130976] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\home\LOCALS~1\Temp\HQO85.tmp --> c:\docume~1\home\LOCALS~1\Temp\HQO85.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\d:\games\Garena\safedrv.sys --> d:\games\Garena\safedrv.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [05.8.2009 г. 20:21 133104] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [20.8.2010 г. 19:32 40776] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 г. 12:16 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:20] . 2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:20] . 2012-03-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-1303643608-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 19:09] . 2012-03-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-1303643608-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 19:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1 uInternet Settings,ProxyServer = 213.185.116.218:3128 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &С&валяне &с BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &С&валяне на всички с BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: &С&валяне на всичкото видео с BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} Trusted Zone: ubb.bg\ebb TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{DCBC3E0E-D6A9-4EAE-B79E-C26871E46E0B}: NameServer = 212.39.90.42,212.39.90.43 FF - ProfilePath - c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\ieu1njgb.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/picpick/{E56BB3A3-CA04-4D5B-992E-7732EF0E806D}?q= FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{930f1200-f5f1-4870-bac6-e233ec8e7023} - (no file) BHO-{930f1200-f5f1-4870-bac6-e233ec8e7023} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-15 19:25 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . C:\avast! sandbox . scan completed successfully hidden files: 1 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\home\LOCALS~1\Temp\HQO85.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1036) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(2592) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\wow server\xampp\mysql\bin\mysqld.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PnkBstrA.exe c:\program files\ATI Technologies\ATI.ACE\CLI.EXE c:\windows\RTHDCPL.EXE c:\windows\system32\RunDLL32.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\program files\ATI Technologies\ATI.ACE\cli.exe . ************************************************************************** . Completion time: 2012-03-15 19:30:00 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-15 17:29 ComboFix2.txt 2012-03-12 16:04 . Pre-Run: 38 590 517 248 bytes free Post-Run: 38 668 283 904 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn . - - End Of File - - B42FD086CAADBBA46C662CA11892C336
  10. ComboFix 12-03-12.03 - home 03.2012 г. 17:46:16.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.1983.1494 [GMT 2:00] Running from: c:\documents and settings\home\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\home\Application Data\Dealio c:\documents and settings\home\Application Data\Dealio\res\widgets.xml c:\documents and settings\home\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml c:\documents and settings\home\Application Data\PriceGong c:\documents and settings\home\Application Data\PriceGong\Data\1.xml c:\documents and settings\home\Application Data\PriceGong\Data\a.xml c:\documents and settings\home\Application Data\PriceGong\Data\b.xml c:\documents and settings\home\Application Data\PriceGong\Data\c.xml c:\documents and settings\home\Application Data\PriceGong\Data\d.xml c:\documents and settings\home\Application Data\PriceGong\Data\e.xml c:\documents and settings\home\Application Data\PriceGong\Data\f.xml c:\documents and settings\home\Application Data\PriceGong\Data\g.xml c:\documents and settings\home\Application Data\PriceGong\Data\h.xml c:\documents and settings\home\Application Data\PriceGong\Data\i.xml c:\documents and settings\home\Application Data\PriceGong\Data\J.xml c:\documents and settings\home\Application Data\PriceGong\Data\k.xml c:\documents and settings\home\Application Data\PriceGong\Data\l.xml c:\documents and settings\home\Application Data\PriceGong\Data\m.xml c:\documents and settings\home\Application Data\PriceGong\Data\mru.xml c:\documents and settings\home\Application Data\PriceGong\Data\n.xml c:\documents and settings\home\Application Data\PriceGong\Data\o.xml c:\documents and settings\home\Application Data\PriceGong\Data\p.xml c:\documents and settings\home\Application Data\PriceGong\Data\q.xml c:\documents and settings\home\Application Data\PriceGong\Data\r.xml c:\documents and settings\home\Application Data\PriceGong\Data\s.xml c:\documents and settings\home\Application Data\PriceGong\Data\t.xml c:\documents and settings\home\Application Data\PriceGong\Data\u.xml c:\documents and settings\home\Application Data\PriceGong\Data\v.xml c:\documents and settings\home\Application Data\PriceGong\Data\w.xml c:\documents and settings\home\Application Data\PriceGong\Data\x.xml c:\documents and settings\home\Application Data\PriceGong\Data\y.xml c:\documents and settings\home\Application Data\PriceGong\Data\z.xml c:\documents and settings\home\Application Data\Toolbar4 c:\documents and settings\home\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\affid.dat c:\documents and settings\home\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\basis.xml c:\documents and settings\home\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\icons.bmp c:\documents and settings\home\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\info.txt c:\documents and settings\home\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbback.bmp c:\documents and settings\home\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbbigopen.bmp c:\documents and settings\home\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbclose.bmp c:\documents and settings\home\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbfwd.bmp c:\documents and settings\home\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbsep.bmp c:\documents and settings\home\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\nav1c.bmp c:\documents and settings\home\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\version.txt c:\documents and settings\home\Local Settings\Tempcheck.exe c:\documents and settings\home\System c:\documents and settings\home\System\win_qs8.jqx c:\documents and settings\home\WINDOWS c:\program files\DTLite4355-0068.exe c:\program files\filesubmit c:\program files\filesubmit\Black\Black.msstyles c:\program files\filesubmit\Black\shell\normalcolor\shellstyle.dll c:\program files\filesubmit\DameK_UltraBlue_1.9.exe c:\program files\Program Files c:\program files\Program Files\Microsoft Office\Templates\SC-Templates\Buttons\construction-button.jpg c:\program files\Program Files\Microsoft Office\Templates\SC-Templates\Buttons\countryroad_button.jpg c:\program files\Program Files\Microsoft Office\Templates\SC-Templates\Buttons\lentils-button.jpg c:\program files\Program Files\Microsoft Office\Templates\SC-Templates\Buttons\money_button.jpg c:\program files\Program Files\Microsoft Office\Templates\SC-Templates\Buttons\rice-button.jpg c:\program files\Program Files\Microsoft Office\Templates\SC-Templates\Buttons\traffic_button.jpg c:\program files\Program Files\Microsoft Office\Templates\SC-Templates\Buttons\watch_button.jpg c:\program files\Program Files\Microsoft Office\Templates\SC-Templates\Buttons\wheat_button.jpg c:\program files\Program Files\Microsoft Office\Templates\SC-Templates\Construction.pot c:\program files\Program Files\Microsoft Office\Templates\SC-Templates\Country Road.pot c:\program files\Program Files\Microsoft Office\Templates\SC-Templates\Lentils.pot c:\program files\Program Files\Microsoft Office\Templates\SC-Templates\Money.pot c:\program files\Program Files\Microsoft Office\Templates\SC-Templates\Rice.pot c:\program files\Program Files\Microsoft Office\Templates\SC-Templates\Traffic.pot c:\program files\Program Files\Microsoft Office\Templates\SC-Templates\Watch.pot c:\program files\Program Files\Microsoft Office\Templates\SC-Templates\Wheat.pot c:\program files\Search Settings c:\program files\Search Settings\SearchSettingsRes409.dll c:\program files\winamp5601_full_emusic-7plus_en-us.exe c:\program files\Your Product\Uninstall c:\program files\Your Product\Uninstall\IRIMG1.JPG c:\program files\Your Product\Uninstall\IRIMG2.JPG c:\program files\Your Product\Uninstall\uninstall.dat c:\program files\Your Product\Uninstall\uninstall.xml c:\windows\system32\embedded c:\windows\system32\embedded\License.txt c:\windows\system32\embedded\regsvr.exe c:\windows\system32\embedded\Thumbs.db c:\windows\system32\embedded\uninstall.exe c:\windows\system32\embedded\WizardImage.bmp c:\windows\system32\embedded\WizardSmallImage.bmp c:\windows\system32\NEW27.tmp c:\windows\system32\NEW2D.tmp c:\windows\system32\NEW2E.tmp c:\windows\system32\WanPacket.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Legacy_ddsxeiservice -------\Service_ddsxeiservice . . ((((((((((((((((((((((((( Files Created from 2012-02-12 to 2012-03-12 ))))))))))))))))))))))))))))))) . . 2012-03-10 19:55 . 2012-03-10 19:56 -------- d-----w- C:\antivir 2012-03-10 14:09 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-03-10 14:09 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-03-10 14:09 . 2012-03-07 00:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-03-10 14:09 . 2012-03-07 00:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-03-10 14:09 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-10 14:09 . 2012-03-07 00:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-03-10 14:09 . 2012-03-07 00:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-03-10 14:09 . 2012-03-06 23:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-03-10 14:08 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr 2012-03-10 14:08 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-10 14:01 . 2012-03-10 14:01 -------- d-----w- c:\windows\system32\wbem\Repository 2012-03-10 11:58 . 2012-03-10 14:08 -------- d-----w- c:\program files\AVAST Software 2012-03-10 11:58 . 2012-03-10 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-03-10 11:21 . 2012-03-10 11:21 -------- d-----w- c:\documents and settings\home\Application Data\DriverCure 2012-03-10 11:21 . 2012-03-10 11:21 -------- d-----w- c:\program files\SpeedyPC Software 2012-03-10 11:21 . 2012-03-10 11:21 -------- d-----w- c:\program files\Common Files\SpeedyPC Software 2012-03-10 11:21 . 2012-03-10 11:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software 2012-03-10 10:33 . 2012-03-10 10:33 -------- d-----w- c:\documents and settings\LocalService\IETldCache 2012-03-10 10:25 . 2012-03-10 13:58 -------- d-sh--w- c:\documents and settings\home\Local Settings\Application Data\9f790a05 2012-02-29 19:50 . 2012-02-29 19:50 -------- d-----w- c:\program files\LogMeIn Hamachi 2012-02-23 16:49 . 2012-02-25 16:32 -------- d-----w- c:\documents and settings\home\riotsGamesLogs 2012-02-23 16:49 . 2012-02-23 16:49 -------- d-----w- c:\documents and settings\home\Application Data\LolClient 2012-02-23 00:40 . 2012-02-23 00:40 -------- d-----w- c:\program files\Common Files\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-11 16:54 . 2010-08-20 17:32 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-01-28 21:11 . 2012-01-28 21:11 629288 ----a-w- C:\WindowsXP-KB932823-v3-x86-ENU.exe 2012-01-28 20:59 . 2012-01-28 20:59 16883056 ----a-w- C:\Internet_Explorer_8_0.exe 2011-05-06 09:42 . 2011-05-06 09:42 14310930 ----a-w- c:\program files\any-video-converter-free.exe 2011-01-28 17:48 . 2011-01-28 17:48 359940 ----a-w- c:\program files\shoutcast-dsp-2-1-3-windows.exe 2011-01-28 17:46 . 2011-01-28 17:46 1948225 ----a-w- c:\program files\shoutcast-dnas-1-9-8-windows.exe 2011-01-19 22:10 . 2011-01-19 22:05 94112150 ----a-w- c:\program files\AC Web Ultimate Repack.exe 2011-01-19 22:01 . 2011-01-19 22:00 31323871 ----a-w- c:\program files\xampp-win32-1.5.2-installer.exe 2011-01-04 19:43 . 2011-01-04 19:22 232501 ----a-w- c:\program files\Minecraft.exe 2011-01-04 19:24 . 2011-01-04 19:24 232501 ----a-w- c:\program files\Minecraft(2).exe 2011-01-03 20:45 . 2011-01-03 20:45 3514656 ----a-w- c:\program files\TeamViewer_Setup.exe 2010-12-31 13:52 . 2010-12-31 13:52 401728 ----a-w- c:\program files\setup.exe 2010-12-30 21:33 . 2010-12-30 21:33 568648 ----a-w- c:\program files\GoogleEarthSetup.exe 2010-12-11 18:44 . 2010-12-11 18:44 2790864 ----a-w- c:\program files\install_flash_player.exe 2010-12-10 14:03 . 2010-12-10 14:03 22971688 ----a-w- c:\program files\Skype 4.2.0.169.exe 2010-12-09 18:03 . 2010-12-09 18:02 8027408 ----a-w- c:\program files\boost-speed-setup.exe 2012-02-19 07:53 . 2011-05-01 07:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}] 2011-05-09 09:49 176936 ----a-w- c:\program files\Softonic_English\prxtbSof0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-22 284040] "{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-05-09 176936] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192] . [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] . [HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-05-09 176936] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-22 284040] . [HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}] . [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-28 3077528] "Akamai NetSession Interface"="c:\documents and settings\home\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 3329824] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112] "RTHDCPL"="RTHDCPL.EXE" [2009-12-08 18789920] "Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-10-15 380416] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200] "NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2006-10-04 53760] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-30 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 2.1.lnk backup=c:\windows\pss\Digimax Viewer 2.1.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^ _-=TIgI-sCripT=-_.lnk] path=c:\documents and settings\home\Start Menu\Programs\Startup\ _-=TIgI-sCripT=-_.lnk backup=c:\windows\pss\ _-=TIgI-sCripT=-_.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^.lnk] path=c:\documents and settings\home\Start Menu\Programs\Startup\.lnk backup=c:\windows\pss\.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^PowerReg Scheduler.exe] path=c:\documents and settings\home\Start Menu\Programs\Startup\PowerReg Scheduler.exe backup=c:\windows\pss\PowerReg Scheduler.exeStartup . [HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^The Matrix_ Path of Neo Registration.lnk] path=c:\documents and settings\home\Start Menu\Programs\Startup\The Matrix_ Path of Neo Registration.lnk backup=c:\windows\pss\The Matrix_ Path of Neo Registration.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 21:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MorEmoticons] 2007-11-12 02:35 64000 ----a-w- c:\program files\MorEmoticons\Moremoticons.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Games\\war\\Warcraft III\\Warcraft III.exe"= "d:\\Games\\war\\Warcraft III\\War3.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Garena\\Garena.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "e:\\Games2\\CS\\hl.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "e:\\Games2\\CS\\hlds.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\wow server\\xampp\\apache\\bin\\apache.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "e:\\Games2\\AOE2\\AOE2\\empires2.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\home\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "23183:TCP"= 23183:TCP:BitComet 23183 TCP "23183:UDP"= 23183:UDP:BitComet 23183 UDP "6612:TCP"= 6612:TCP:Blizard Downloader "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "13189:TCP"= 13189:TCP:BitComet 13189 TCP "13189:UDP"= 13189:UDP:BitComet 13189 UDP "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675 "2706:TCP"= 2706:TCP:Inhatch P2P Streaming "2707:TCP"= 2707:TCP:Inhatch P2P Streaming "2708:TCP"= 2708:TCP:Inhatch P2P Streaming "2709:TCP"= 2709:TCP:Inhatch P2P Streaming "58389:TCP"= 58389:TCP:Pando Media Booster "58389:UDP"= 58389:UDP:Pando Media Booster "1113:TCP"= 1113:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.9.2007 г. 22:02 691696] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.3.2012 г. 16:09 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.3.2012 г. 16:09 337880] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04.8.2004 г. 00:56 14336] R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [16.12.2009 г. 17:38 375296] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.3.2012 г. 16:09 20696] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 г. 17:38 1373576] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20.8.2010 г. 19:32 652360] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [08.10.2011 г. 07:48 2255464] R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [10.8.2011 г. 13:13 4096] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.8.2010 г. 19:32 20464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 г. 12:16 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05.8.2009 г. 20:21 133104] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [15.2.2012 г. 13:30 158856] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.11.2010 г. 00:54 1691480] S3 cpuz130;cpuz130;\??\c:\docume~1\home\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\home\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [04.12.2010 г. 15:25 130976] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\home\LOCALS~1\Temp\HQO85.tmp --> c:\docume~1\home\LOCALS~1\Temp\HQO85.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\d:\games\Garena\safedrv.sys --> d:\games\Garena\safedrv.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [05.8.2009 г. 20:21 133104] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [20.8.2010 г. 19:32 40776] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 г. 12:16 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:20] . 2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:20] . 2012-03-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-1303643608-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 19:09] . 2012-03-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-1303643608-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 19:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1 uInternet Settings,ProxyServer = 213.185.116.218:3128 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &С&валяне &с BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &С&валяне на всички с BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: &С&валяне на всичкото видео с BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} Trusted Zone: ubb.bg\ebb TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{DCBC3E0E-D6A9-4EAE-B79E-C26871E46E0B}: NameServer = 212.39.90.42,212.39.90.43 FF - ProfilePath - c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\ieu1njgb.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/picpick/{E56BB3A3-CA04-4D5B-992E-7732EF0E806D}?q= FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe HKLM_ActiveSetup-{D04F05BA-8BB4-1BB3-DAA2-04289D991083} - c:\program files\Bifrost\server.exe . . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\home\LOCALS~1\Temp\HQO85.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1084) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(2580) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\wow server\xampp\mysql\bin\mysqld.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PnkBstrA.exe c:\program files\ATI Technologies\ATI.ACE\CLI.EXE c:\windows\RTHDCPL.EXE c:\windows\system32\RunDLL32.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\program files\ATI Technologies\ATI.ACE\cli.exe . ************************************************************************** . Completion time: 2012-03-12 18:04:48 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-12 16:04 . Pre-Run: 38 080 024 576 bytes free Post-Run: 38 694 985 728 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn . - - End Of File - - A9D76CF8394F532C8BF9599E2E53D6F0
  11. Malwarebytes Anti-Malware (PRO) 1.60.1.1000 www.malwarebytes.org Версия на базата от данни: v2012.03.11.08 Windows XP Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.18702 home :: HOME-AC5CE86EB3 [администратор] Защита: изключена 11.3.2012 г. 18:55:12 mbam-log-2012-03-11 (18-55-12).txt Тип сканиране: Пълно сканиране Включени опции за сканиране: Памет | Автоматично зареждане | Системен регистър | Файлова система | Евристики/Допълнителни | Евристики/Shuriken | PUP | PUM Изключени опции за сканиране: P2P Сканирани обекти: 533256 Изминало време: 2 час(а), 52 минута(и), 46 секунда(и) Открити процеси в паметта: 0 (Не бяха открити зловредни обекти) Открити модули в паметта: 0 (Не бяха открити зловредни обекти) Открити ключове в системния регистър: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EuroDictXP (Trojan.Downloader.bh) -> Поставен под карантина и изтрит успешно. Открити стойности в системния регистър: 0 (Не бяха открити зловредни обекти) Открити информационни обекти в системния регистър: 0 (Не бяха открити зловредни обекти) Открити папки: 0 (Не бяха открити зловредни обекти) Открити файлове: 24 C:\Documents and Settings\home\Desktop\Meine nicht deine\FableTrn.exe (PUP.HackTool.HotKeysHook) -> Не беше предприето действие. C:\Program Files\Sony Vegas Movie Studio Platinum Edition Pro v9.a Build 85\patch.exe (PUP.Hacktool.Patcher) -> Не беше предприето действие. C:\Documents and Settings\home\Local Settings\Application Data\9f790a05\X (Rootkit.0Access) -> Поставен под карантина и изтрит успешно. C:\Documents and Settings\home\Local Settings\Application Data\9f790a05\U\000000cf.@ (Trojan.Agent) -> Поставен под карантина и изтрит успешно. C:\Documents and Settings\home\Local Settings\Temp\5689.sys (Trojan.Service) -> Поставен под карантина и изтрит успешно. C:\Documents and Settings\home\Local Settings\Temp\18.tmp (Spyware.Sniffer) -> Поставен под карантина и изтрит успешно. C:\Documents and Settings\home\Local Settings\Temporary Internet Files\Content.IE5\RBSYVULQ\4[1].exe (Spyware.Sniffer) -> Поставен под карантина и изтрит успешно. c:\documents and settings\home\local settings\temporary internet files\content.ie5\theidb66\5[1].exe (Rootkit.0Access) -> Поставен под карантина и изтрит успешно. C:\Program Files\KoralSoft\EuroDictXP\UnInstall.exe (Trojan.Downloader.bh) -> Поставен под карантина и изтрит успешно. C:\Program Files\WinRAR 3.93 Final\Keygen\Keygen.exe (RiskWare.Tool.CK) -> Поставен под карантина и изтрит успешно. C:\Program Files\TuneUp Utilities 2009\Keygen.exe (Trojan.Agent.CK) -> Поставен под карантина и изтрит успешно. C:\RECYCLER\S-1-5-21-1390067357-1303643608-682003330-1003\Dc79.exe (Affiliate.Downloader) -> Поставен под карантина и изтрит успешно. C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1253\A0332789.dll (Rootkit.0Access) -> Поставен под карантина и изтрит успешно. C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1253\A0332781.dll (Rootkit.0Access) -> Поставен под карантина и изтрит успешно. C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1253\A0332782.dll (Rootkit.0Access) -> Поставен под карантина и изтрит успешно. C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1253\A0332783.dll (Rootkit.0Access) -> Поставен под карантина и изтрит успешно. C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1253\A0332784.dll (Rootkit.0Access) -> Поставен под карантина и изтрит успешно. C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1253\A0332785.dll (Rootkit.0Access) -> Поставен под карантина и изтрит успешно. C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1253\A0332786.dll (Rootkit.0Access) -> Поставен под карантина и изтрит успешно. C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1253\A0332787.dll (Rootkit.0Access) -> Поставен под карантина и изтрит успешно. C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1253\A0332788.dll (Rootkit.0Access) -> Поставен под карантина и изтрит успешно. C:\System Volume Information\_restore{7C8269DC-55F6-40FC-88B7-AF94027C9864}\RP1253\A0332790.dll (Rootkit.0Access) -> Поставен под карантина и изтрит успешно. C:\Documents and Settings\home\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Поставен под карантина и изтрит успешно. C:\WINDOWS\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Поставен под карантина и изтрит успешно. (край)
  12. С две думи да пратя e-mail и на двете пощи с този файл и линка към темата?
  13. Да. Всичко тръгва без никакви проблеми.
  14. Пробвах да старитрам OTL от desktop, но ми дава грешка (OTL has encountered a problem and needs to close. We are sorry for the inconvenience.). ПП: Преди време когато имах проблем отново с компютъра и исках съвет във форума, програмата отново не ми тръгна със същата грешка.
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.