Премини към съдържанието

Rosen Studenkov

Потребител
  • Публикации

    5
  • Регистрация

  • Последно онлайн

Харесвания

0 Неутрална репутация

Всичко за Rosen Studenkov

  • Титла
    Новобранец
  1. win32 sayty [РЕШЕН]

    Iztrih Vsichki Rar Fajlove mahnah partishena na C: i napravih nov prejnstalirah Kompiutara i Slojih Avast Antivirus obnovihq i skanirah pishe virusi 0 la Pusnah Sality kiler ne otkri nishto avg_rem_slt_all_1_616 i Pc Mav nqmam virusi blagodarq vi mnogo za pomoshta!
  2. win32 sayty [РЕШЕН]

    ComboFix 12-01-17.01 - Rosen Studenkov 01/18/2012 0:21.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.502.173 [GMT 2:00] Running from: c:\documents and settings\Rosen Studenkov\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Rosen Studenkov\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} * Created a new restore point . FILE :: "c:\winxp\system32\DRIVERS\33483297.sys" "c:\winxp\Tasks\Scheduled Update for Ask Toolbar.job" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4 c:\program files\Ask.com c:\program files\Ask.com\assets\oobe\b.png c:\program files\Ask.com\assets\oobe\bl.png c:\program files\Ask.com\assets\oobe\br.png c:\program files\Ask.com\assets\oobe\l.png c:\program files\Ask.com\assets\oobe\pointer.png c:\program files\Ask.com\assets\oobe\r.png c:\program files\Ask.com\assets\oobe\t.png c:\program files\Ask.com\assets\oobe\tl.png c:\program files\Ask.com\assets\oobe\tr.png c:\program files\Ask.com\cobrand.ico c:\program files\Ask.com\config.xml c:\program files\Ask.com\favicon.ico c:\program files\Ask.com\GenericAskToolbar.dll c:\program files\Ask.com\mupcfg.xml c:\program files\Ask.com\precache.exe c:\program files\Ask.com\SaUpdate.exe c:\program files\Ask.com\Updater\config.xml c:\program files\Ask.com\Updater\Updater.exe c:\program files\Ask.com\UpdateTask.exe c:\winxp\Tasks\Scheduled Update for Ask Toolbar.job . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_33483297 -------\Service_33483297 . . ((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 ))))))))))))))))))))))))))))))) . . 2012-01-16 11:02 . 2012-01-16 20:11 -------- d-----w- c:\program files\AccmeWare Toolbar 2012-01-16 11:01 . 2012-01-16 11:01 -------- d-----w- c:\documents and settings\Rosen Studenkov\Application Data\FLAC to MP3 Converter 2012-01-16 11:00 . 2012-01-16 11:00 -------- d-----w- c:\program files\FLAC to MP3 Converter 2012-01-14 15:26 . 2012-01-14 15:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Hagel Technologies 2012-01-14 15:26 . 2012-01-14 15:26 -------- d--h--w- c:\documents and settings\Rosen Studenkov\Application Data\IFViewer 2012-01-14 15:26 . 2012-01-14 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Hagel Technologies 2012-01-13 16:01 . 2012-01-13 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead 2012-01-12 08:48 . 2012-01-12 08:48 -------- d--h--w- c:\winxp\system32\GroupPolicy 2012-01-11 16:43 . 2010-03-09 11:12 162640 ----a-w- c:\winxp\system32\drivers\aswSP.sys 2012-01-11 16:43 . 2010-03-09 11:08 19024 ----a-w- c:\winxp\system32\drivers\aswFsBlk.sys 2012-01-11 16:43 . 2010-03-09 11:09 23376 ----a-w- c:\winxp\system32\drivers\aswRdr.sys 2012-01-11 16:43 . 2010-03-09 11:12 46672 ----a-w- c:\winxp\system32\drivers\aswTdi.sys 2012-01-11 16:43 . 2010-03-09 11:08 100432 ----a-w- c:\winxp\system32\drivers\aswmon2.sys 2012-01-11 16:43 . 2010-03-09 11:08 94800 ----a-w- c:\winxp\system32\drivers\aswmon.sys 2012-01-11 16:43 . 2010-03-09 11:08 28880 ----a-w- c:\winxp\system32\drivers\aavmker4.sys 2012-01-11 16:43 . 2010-03-09 11:24 153184 ----a-w- c:\winxp\system32\aswBoot.exe 2012-01-11 16:42 . 2012-01-11 16:42 -------- d-----w- c:\program files\Alwil Software 2012-01-11 16:42 . 2012-01-11 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2012-01-11 11:58 . 2012-01-11 11:58 -------- d-sh--w- c:\documents and settings\Rosen Studenkov\IECompatCache 2012-01-10 18:56 . 2012-01-10 18:56 -------- d-----w- c:\program files\DX-Ball 2012-01-10 17:50 . 2012-01-10 17:50 -------- d-----w- c:\documents and settings\Rosen Studenkov\Application Data\Malwarebytes 2012-01-10 17:50 . 2012-01-10 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-01-10 17:50 . 2012-01-10 17:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-10 17:50 . 2011-12-10 13:24 20464 ----a-w- c:\winxp\system32\drivers\mbam.sys 2012-01-03 20:15 . 2001-08-17 18:36 5632 ----a-w- c:\winxp\system32\ptpusb.dll 2012-01-03 20:15 . 2008-04-13 20:15 15104 -c--a-w- c:\winxp\system32\dllcache\usbscan.sys 2012-01-03 20:15 . 2008-04-13 20:15 15104 ----a-w- c:\winxp\system32\drivers\usbscan.sys 2012-01-03 20:15 . 2008-04-14 01:42 159232 ----a-w- c:\winxp\system32\ptpusd.dll 2012-01-03 07:05 . 2012-01-03 07:05 -------- d-----w- c:\program files\Common Files\Skype 2011-12-27 14:03 . 2011-12-27 14:03 -------- d-----w- c:\program files\Lavalys 2011-12-26 18:12 . 2012-01-09 05:38 -------- d-----w- c:\documents and settings\Rosen Studenkov\Local Settings\Application Data\Ahead 2011-12-26 18:09 . 2012-01-13 17:09 -------- d-----w- c:\documents and settings\Rosen Studenkov\Application Data\Ahead 2011-12-26 18:07 . 2011-12-26 18:07 -------- d-----w- c:\program files\Common Files\Ahead 2011-12-26 18:07 . 2011-12-26 18:07 -------- d-----w- c:\program files\Nero 2011-12-26 18:03 . 2004-08-22 14:31 5248 ----a-w- c:\winxp\system32\drivers\d347prt.sys 2011-12-26 18:03 . 2004-08-22 14:31 155136 ----a-w- c:\winxp\system32\drivers\d347bus.sys 2011-12-26 18:03 . 2011-12-26 18:03 -------- d-----w- c:\program files\D-Tools 2011-12-26 18:03 . 2011-12-26 18:03 -------- d-----w- c:\winxp\Downloaded Installations 2011-12-26 17:56 . 2011-12-26 17:56 -------- d-----w- c:\program files\Microsoft.NET 2011-12-26 17:53 . 2011-12-26 17:53 -------- d-----w- c:\winxp\system32\XPSViewer 2011-12-26 17:52 . 2011-12-26 17:52 -------- d-----w- c:\program files\MSBuild 2011-12-26 17:52 . 2011-12-26 17:52 -------- d-----w- c:\program files\Reference Assemblies 2011-12-26 17:52 . 2008-07-06 12:06 89088 -c----w- c:\winxp\system32\dllcache\filterpipelineprintproc.dll 2011-12-26 17:52 . 2008-07-06 12:06 575488 -c----w- c:\winxp\system32\dllcache\xpsshhdr.dll 2011-12-26 17:52 . 2008-07-06 12:06 575488 ------w- c:\winxp\system32\xpsshhdr.dll 2011-12-26 17:52 . 2008-07-06 12:06 117760 ------w- c:\winxp\system32\prntvpt.dll 2011-12-26 17:52 . 2008-07-06 10:50 597504 -c----w- c:\winxp\system32\dllcache\printfilterpipelinesvc.exe 2011-12-26 17:52 . 2008-07-06 10:50 597504 ------w- c:\winxp\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2011-12-26 17:52 . 2008-07-06 12:06 1676288 -c----w- c:\winxp\system32\dllcache\xpssvcs.dll 2011-12-26 17:52 . 2008-07-06 12:06 1676288 ------w- c:\winxp\system32\xpssvcs.dll 2011-12-26 17:19 . 2009-09-04 15:29 1974616 ----a-w- c:\winxp\system32\D3DCompiler_42.dll 2011-12-26 17:19 . 2009-09-04 15:29 1892184 ----a-w- c:\winxp\system32\D3DX9_42.dll 2011-12-26 17:19 . 2008-10-15 04:22 4379984 ----a-w- c:\winxp\system32\D3DX9_40.dll 2011-12-26 17:19 . 2007-07-19 16:14 3727720 ----a-w- c:\winxp\system32\d3dx9_35.dll 2011-12-26 17:19 . 2007-05-16 14:45 3497832 ----a-w- c:\winxp\system32\d3dx9_34.dll 2011-12-26 17:18 . 2011-12-26 17:18 -------- d-----w- c:\winxp\Logs 2011-12-26 16:53 . 2009-10-07 14:28 17544 ------w- c:\winxp\system32\drivers\RkPavproc1.sys 2011-12-26 08:17 . 2011-12-26 08:40 -------- d-----w- c:\documents and settings\Rosen Studenkov\Local Settings\Application Data\Google 2011-12-26 06:02 . 2011-12-26 06:02 -------- d-----w- C:\New Folder 2011-12-24 19:46 . 2011-12-24 19:46 -------- d-----w- c:\program files\LDA Games 2011-12-23 18:34 . 2008-04-14 09:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2011-12-21 12:25 . 2011-12-21 12:25 -------- d-----w- c:\documents and settings\Rosen Studenkov\Application Data\BabylonToolbar . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-09 07:25 . 2011-12-08 20:02 414368 ----a-w- c:\winxp\system32\FlashPlayerCPLApp.cpl 2011-12-08 22:45 . 2011-12-08 22:45 21035 ----a-w- c:\winxp\system32\drivers\AegisP.sys 2011-03-18 17:55 . 2011-12-08 20:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-16_20.15.06 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-14 09:00 . 2012-01-16 11:11 67312 c:\winxp\system32\perfc009.dat + 2008-04-14 09:00 . 2012-01-17 21:34 67312 c:\winxp\system32\perfc009.dat + 2008-04-14 09:00 . 2012-01-17 21:34 432356 c:\winxp\system32\perfh009.dat - 2008-04-14 09:00 . 2012-01-16 11:11 432356 c:\winxp\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}] 2010-06-15 13:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-06-15 86696] . [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-12-08 289584] "espaces"="c:\premiumsoft\photofun\photofun.exe" [2011-11-01 912896] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480] "IgfxTray"="c:\winxp\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\winxp\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\winxp\system32\igfxpers.exe" [2008-02-15 131072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "NeroFilterCheck"="c:\winxp\system32\NeroCheck.exe" [2001-07-09 155648] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336] . c:\documents and settings\Rosen Studenkov\Start Menu\Programs\Startup\ Configure Bulgarian Speech.lnk - c:\documents and settings\Rosen Studenkov\Application Data\Microsoft\Installer\{319A3CA9-DA63-4D65-8B25-403CF9CBF087}\_5af141bb.exe [2011-12-8 1078] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2011-12-8 95232] REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe [2011-12-9 815104] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 BtHidBus;Bluetooth HID Bus Service;c:\winxp\system32\drivers\BtHidBus.sys [1/7/2009 11:39 PM 20744] R0 d347bus;d347bus;c:\winxp\system32\drivers\d347bus.sys [12/26/2011 8:03 PM 155136] R0 d347prt;d347prt;c:\winxp\system32\drivers\d347prt.sys [12/26/2011 8:03 PM 5248] R1 aswSP;aswSP;c:\winxp\system32\drivers\aswSP.sys [1/11/2012 6:43 PM 162640] R2 aswFsBlk;aswFsBlk;c:\winxp\system32\drivers\aswFsBlk.sys [1/11/2012 6:43 PM 19024] R2 EAPPkt;Realtek EAPPkt Protocol;c:\winxp\system32\drivers\EAPPkt.sys [12/9/2011 12:45 AM 38144] R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\winxp\system32\drivers\RTL8187.sys [12/9/2011 12:45 AM 332928] S3 Ambfilt;Ambfilt;c:\winxp\system32\drivers\Ambfilt.sys [12/8/2011 9:17 PM 1691480] S3 btnetBUs;Bluetooth PAN Bus Service;c:\winxp\system32\drivers\btnetBus.sys [12/7/2008 12:44 PM 30088] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\winxp\system32\drivers\IvtBtBus.sys [7/2/2008 2:58 PM 26248] S3 RkPavproc1;RkPavproc1;c:\winxp\system32\drivers\RkPavproc1.sys [12/26/2011 6:53 PM 17544] . Contents of the 'Scheduled Tasks' folder . 2012-01-17 c:\winxp\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-220523388-1177238915-1003Core.job - c:\documents and settings\Rosen Studenkov\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-26 08:17] . 2012-01-17 c:\winxp\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-220523388-1177238915-1003UA.job - c:\documents and settings\Rosen Studenkov\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-26 08:17] . 2012-01-17 c:\winxp\Tasks\User_Feed_Synchronization-{FFA13B31-264B-4F83-BE80-86593EAA8926}.job - c:\winxp\system32\msfeedssync.exe [2008-04-14 10:27] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Rosen Studenkov\Application Data\Mozilla\Firefox\Profiles\g016waht.default\ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-18 00:28 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1372) c:\winxp\system32\WININET.dll c:\winxp\system32\newdll.dll c:\winxp\system32\msi.dll c:\winxp\system32\ieframe.dll c:\winxp\system32\webcheck.dll c:\winxp\system32\wpdshserviceobj.dll c:\winxp\system32\portabledevicetypes.dll c:\winxp\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\winxp\system32\rundll32.exe c:\winxp\RTHDCPL.EXE c:\program files\BACL\SpeechLab\TTSProfileDlg.exe c:\winxp\system32\igfxsrvc.exe c:\winxp\system32\wscntfy.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\program files\Alwil Software\Avast5\setup\avast.setup . ************************************************************************** . Completion time: 2012-01-18 00:30:08 - machine was rebooted ComboFix-quarantined-files.txt 2012-01-17 22:30 ComboFix2.txt 2012-01-16 20:17 . Pre-Run: 4,041,596,928 bytes free Post-Run: 4,036,440,064 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINXP [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINXP="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - E65AFA634DC026F2AA18D3D92EFEB787
  3. win32 sayty [РЕШЕН]

    ComboFix 12-01-16.02 - Rosen Studenkov 01/16/2012 22:07:06.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.502.118 [GMT 2:00] Running from: c:\documents and settings\Rosen Studenkov\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\ROSENS~1\LOCALS~1\Temp\CSM37.tmp c:\documents and settings\All Users\Application Data\QuestBasic c:\documents and settings\All Users\Application Data\QuestBasic\questbasic115.exe c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4 c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\27c746d432b7a753a0af8d7c033b46fe c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\384dd5f4dc8eb162d0166cf3e1983447 c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\43419161128879d147fb21fd1185d8f7 c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\52b66d6979ef2abcea9a736d1b4dbc82 c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\64e4586cb76a6d771efd6aa0dbd47fa6 c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\757a20d7a75ae93435ac64a6095eab39 c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\7d68a903233acbec65db87612595c3ac c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\8c235243c3aad8118ee7ed29f53cb902 c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\8d7129d91fe9f4f63cdc5db9c5b4ccd4 c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9956734e872eec3ea3e17f52e84dc6cc c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\a6f8eb41f8d7d49bf9accb840e34d113 c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\b843ee60838c8db512c87a29ab597203 c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\ba58480f80c850e9f96537a2d506cbcf c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\bbd4451cfb304063dfd666cc1085169e c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\bbd70e0c6a27130f40bc8806e5252b76 c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\bc862d949e86a779dddfa76b8fd71438 c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\bdcf0ed363b85538f740c9b718bf611c c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c48c9e27c16419ab995d48b077a802ff c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c4febd1a585c3ce70660e8fe92979428 c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\d57d3f554ba48c6d60c03fb39c9099f9 c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\db97ecdde59727f50132d25b008ece4e c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\dcd16c0f4842bc19d648b261e3cf263d c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\e4d2dc592e186023171024ecfc7104a0 c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\e7325df8b288bf18b950185166ce1f47 c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\ede2cc6831d0d59cd64ae1ed6a71978a c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\5a28af1179f81725f2fc620831b4b533 c:\documents and settings\Rosen Studenkov\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\6f9488b2a9a6c2e993c9305df719843a c:\documents and settings\Rosen Studenkov\Local Settings\Temp\CSM37.tmp c:\program files\AccmeWare Toolbar\tbHElper.dll c:\program files\QuestBasic c:\program files\QuestBasic\questbasic.exe c:\program files\QuestBasic\trz62.tmp c:\program files\RelevantKnowledge c:\program files\RelevantKnowledge\ncncf.dat c:\program files\RelevantKnowledge\nscf.dat c:\program files\RelevantKnowledge\rlls.dll c:\program files\RelevantKnowledge\rlls64.dll c:\program files\RelevantKnowledge\rloci.bin c:\program files\RelevantKnowledge\rlservice.exe c:\program files\RelevantKnowledge\rlvknlg.exe c:\program files\RelevantKnowledge\rlvknlg64.exe c:\winxp\daemon.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_QuestBasic_Service -------\Legacy_QuestBasic_Service -------\Service_QuestBasic Service -------\Service_QuestBasic Service . . ((((((((((((((((((((((((( Files Created from 2011-12-16 to 2012-01-16 ))))))))))))))))))))))))))))))) . . 2012-01-16 11:02 . 2012-01-16 20:11 -------- d-----w- c:\program files\AccmeWare Toolbar 2012-01-16 11:01 . 2012-01-16 11:01 -------- d-----w- c:\documents and settings\Rosen Studenkov\Application Data\FLAC to MP3 Converter 2012-01-16 11:00 . 2012-01-16 11:00 -------- d-----w- c:\program files\FLAC to MP3 Converter 2012-01-14 15:26 . 2012-01-14 15:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Hagel Technologies 2012-01-14 15:26 . 2012-01-14 15:26 -------- d--h--w- c:\documents and settings\Rosen Studenkov\Application Data\IFViewer 2012-01-14 15:26 . 2012-01-14 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Hagel Technologies 2012-01-13 16:01 . 2012-01-13 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead 2012-01-12 08:48 . 2012-01-12 08:48 -------- d--h--w- c:\winxp\system32\GroupPolicy 2012-01-11 16:43 . 2010-03-09 11:12 162640 ----a-w- c:\winxp\system32\drivers\aswSP.sys 2012-01-11 16:43 . 2010-03-09 11:08 19024 ----a-w- c:\winxp\system32\drivers\aswFsBlk.sys 2012-01-11 16:43 . 2010-03-09 11:09 23376 ----a-w- c:\winxp\system32\drivers\aswRdr.sys 2012-01-11 16:43 . 2010-03-09 11:12 46672 ----a-w- c:\winxp\system32\drivers\aswTdi.sys 2012-01-11 16:43 . 2010-03-09 11:08 100432 ----a-w- c:\winxp\system32\drivers\aswmon2.sys 2012-01-11 16:43 . 2010-03-09 11:08 94800 ----a-w- c:\winxp\system32\drivers\aswmon.sys 2012-01-11 16:43 . 2010-03-09 11:08 28880 ----a-w- c:\winxp\system32\drivers\aavmker4.sys 2012-01-11 16:43 . 2010-03-09 11:24 153184 ----a-w- c:\winxp\system32\aswBoot.exe 2012-01-11 16:42 . 2012-01-11 16:42 -------- d-----w- c:\program files\Alwil Software 2012-01-11 16:42 . 2012-01-11 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2012-01-11 11:58 . 2012-01-11 11:58 -------- d-sh--w- c:\documents and settings\Rosen Studenkov\IECompatCache 2012-01-10 18:56 . 2012-01-10 18:56 -------- d-----w- c:\program files\DX-Ball 2012-01-10 17:50 . 2012-01-10 17:50 -------- d-----w- c:\documents and settings\Rosen Studenkov\Application Data\Malwarebytes 2012-01-10 17:50 . 2012-01-10 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-01-10 17:50 . 2012-01-10 17:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-10 17:50 . 2011-12-10 13:24 20464 ----a-w- c:\winxp\system32\drivers\mbam.sys 2012-01-03 20:15 . 2001-08-17 18:36 5632 ----a-w- c:\winxp\system32\ptpusb.dll 2012-01-03 20:15 . 2008-04-13 20:15 15104 -c--a-w- c:\winxp\system32\dllcache\usbscan.sys 2012-01-03 20:15 . 2008-04-13 20:15 15104 ----a-w- c:\winxp\system32\drivers\usbscan.sys 2012-01-03 20:15 . 2008-04-14 01:42 159232 ----a-w- c:\winxp\system32\ptpusd.dll 2012-01-03 07:05 . 2012-01-03 07:05 -------- d-----w- c:\program files\Common Files\Skype 2011-12-27 14:03 . 2011-12-27 14:03 -------- d-----w- c:\program files\Lavalys 2011-12-26 18:12 . 2012-01-09 05:38 -------- d-----w- c:\documents and settings\Rosen Studenkov\Local Settings\Application Data\Ahead 2011-12-26 18:09 . 2012-01-13 17:09 -------- d-----w- c:\documents and settings\Rosen Studenkov\Application Data\Ahead 2011-12-26 18:07 . 2011-12-26 18:07 -------- d-----w- c:\program files\Common Files\Ahead 2011-12-26 18:07 . 2011-12-26 18:07 -------- d-----w- c:\program files\Nero 2011-12-26 18:03 . 2004-08-22 14:31 5248 ----a-w- c:\winxp\system32\drivers\d347prt.sys 2011-12-26 18:03 . 2004-08-22 14:31 155136 ----a-w- c:\winxp\system32\drivers\d347bus.sys 2011-12-26 18:03 . 2011-12-26 18:03 -------- d-----w- c:\program files\D-Tools 2011-12-26 18:03 . 2011-12-26 18:03 -------- d-----w- c:\winxp\Downloaded Installations 2011-12-26 17:56 . 2011-12-26 17:56 -------- d-----w- c:\program files\Microsoft.NET 2011-12-26 17:53 . 2011-12-26 17:53 -------- d-----w- c:\winxp\system32\XPSViewer 2011-12-26 17:52 . 2011-12-26 17:52 -------- d-----w- c:\program files\MSBuild 2011-12-26 17:52 . 2011-12-26 17:52 -------- d-----w- c:\program files\Reference Assemblies 2011-12-26 17:52 . 2008-07-06 12:06 89088 -c----w- c:\winxp\system32\dllcache\filterpipelineprintproc.dll 2011-12-26 17:52 . 2008-07-06 12:06 575488 -c----w- c:\winxp\system32\dllcache\xpsshhdr.dll 2011-12-26 17:52 . 2008-07-06 12:06 575488 ------w- c:\winxp\system32\xpsshhdr.dll 2011-12-26 17:52 . 2008-07-06 12:06 117760 ------w- c:\winxp\system32\prntvpt.dll 2011-12-26 17:52 . 2008-07-06 10:50 597504 -c----w- c:\winxp\system32\dllcache\printfilterpipelinesvc.exe 2011-12-26 17:52 . 2008-07-06 10:50 597504 ------w- c:\winxp\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2011-12-26 17:52 . 2008-07-06 12:06 1676288 -c----w- c:\winxp\system32\dllcache\xpssvcs.dll 2011-12-26 17:52 . 2008-07-06 12:06 1676288 ------w- c:\winxp\system32\xpssvcs.dll 2011-12-26 17:19 . 2009-09-04 15:29 1974616 ----a-w- c:\winxp\system32\D3DCompiler_42.dll 2011-12-26 17:19 . 2009-09-04 15:29 1892184 ----a-w- c:\winxp\system32\D3DX9_42.dll 2011-12-26 17:19 . 2008-10-15 04:22 4379984 ----a-w- c:\winxp\system32\D3DX9_40.dll 2011-12-26 17:19 . 2007-07-19 16:14 3727720 ----a-w- c:\winxp\system32\d3dx9_35.dll 2011-12-26 17:19 . 2007-05-16 14:45 3497832 ----a-w- c:\winxp\system32\d3dx9_34.dll 2011-12-26 17:18 . 2011-12-26 17:18 -------- d-----w- c:\winxp\Logs 2011-12-26 16:53 . 2009-10-07 14:28 17544 ------w- c:\winxp\system32\drivers\RkPavproc1.sys 2011-12-26 08:17 . 2011-12-26 08:40 -------- d-----w- c:\documents and settings\Rosen Studenkov\Local Settings\Application Data\Google 2011-12-26 06:02 . 2011-12-26 06:02 -------- d-----w- C:\New Folder 2011-12-24 19:46 . 2011-12-24 19:46 -------- d-----w- c:\program files\LDA Games 2011-12-23 18:34 . 2008-04-14 09:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2011-12-21 12:25 . 2011-12-21 12:25 -------- d-----w- c:\documents and settings\Rosen Studenkov\Application Data\BabylonToolbar . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-09 07:25 . 2011-12-08 20:02 414368 ----a-w- c:\winxp\system32\FlashPlayerCPLApp.cpl 2011-12-08 22:45 . 2011-12-08 22:45 21035 ----a-w- c:\winxp\system32\drivers\AegisP.sys 2011-03-18 17:55 . 2011-12-08 20:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}] 2010-06-15 13:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 14:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-06-15 86696] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-12-08 289584] "espaces"="c:\premiumsoft\photofun\photofun.exe" [2011-11-01 912896] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480] "IgfxTray"="c:\winxp\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\winxp\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\winxp\system32\igfxpers.exe" [2008-02-15 131072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "NeroFilterCheck"="c:\winxp\system32\NeroCheck.exe" [2001-07-09 155648] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336] . c:\documents and settings\Rosen Studenkov\Start Menu\Programs\Startup\ Configure Bulgarian Speech.lnk - c:\documents and settings\Rosen Studenkov\Application Data\Microsoft\Installer\{319A3CA9-DA63-4D65-8B25-403CF9CBF087}\_5af141bb.exe [2011-12-8 1078] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2011-12-8 95232] REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe [2011-12-9 815104] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 BtHidBus;Bluetooth HID Bus Service;c:\winxp\system32\drivers\BtHidBus.sys [1/7/2009 11:39 PM 20744] R0 d347bus;d347bus;c:\winxp\system32\drivers\d347bus.sys [12/26/2011 8:03 PM 155136] R0 d347prt;d347prt;c:\winxp\system32\drivers\d347prt.sys [12/26/2011 8:03 PM 5248] R1 aswSP;aswSP;c:\winxp\system32\drivers\aswSP.sys [1/11/2012 6:43 PM 162640] R2 aswFsBlk;aswFsBlk;c:\winxp\system32\drivers\aswFsBlk.sys [1/11/2012 6:43 PM 19024] R2 EAPPkt;Realtek EAPPkt Protocol;c:\winxp\system32\drivers\EAPPkt.sys [12/9/2011 12:45 AM 38144] R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\winxp\system32\drivers\RTL8187.sys [12/9/2011 12:45 AM 332928] S0 33483297;33483297;c:\winxp\system32\DRIVERS\33483297.sys --> c:\winxp\system32\DRIVERS\33483297.sys [?] S3 Ambfilt;Ambfilt;c:\winxp\system32\drivers\Ambfilt.sys [12/8/2011 9:17 PM 1691480] S3 btnetBUs;Bluetooth PAN Bus Service;c:\winxp\system32\drivers\btnetBus.sys [12/7/2008 12:44 PM 30088] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\winxp\system32\drivers\IvtBtBus.sys [7/2/2008 2:58 PM 26248] S3 RkPavproc1;RkPavproc1;c:\winxp\system32\drivers\RkPavproc1.sys [12/26/2011 6:53 PM 17544] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-01-16 c:\winxp\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-220523388-1177238915-1003Core.job - c:\documents and settings\Rosen Studenkov\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-26 08:17] . 2012-01-16 c:\winxp\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-220523388-1177238915-1003UA.job - c:\documents and settings\Rosen Studenkov\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-26 08:17] . 2012-01-16 c:\winxp\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2012-01-03 14:31] . 2012-01-16 c:\winxp\Tasks\User_Feed_Synchronization-{FFA13B31-264B-4F83-BE80-86593EAA8926}.job - c:\winxp\system32\msfeedssync.exe [2008-04-14 10:27] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.babylon.com/?babsrc=HP_Prot mStart Page = hxxp://www.bigseekpro.com/accmeware/{F85BB5C4-101C-48BA-9170-55DF6C5C442B} IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Rosen Studenkov\Application Data\Mozilla\Firefox\Profiles\g016waht.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_Prot FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/accmeware/{F85BB5C4-101C-48BA-9170-55DF6C5C442B}?q= FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.BabylonToolbar_i.id - f8b5f85c000000000000380a0aa06ca5 FF - user.js: extensions.BabylonToolbar_i.hardId - f8b5f85c000000000000380a0aa06ca5 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15318 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:23 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=19993 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS REMOVED - - - - . HKLM-Run-TaskTray - (no file) HKLM-Run-NWEReboot - (no file) AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-16 22:15 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(4028) c:\winxp\system32\WININET.dll c:\winxp\system32\newdll.dll c:\winxp\system32\msi.dll c:\winxp\system32\ieframe.dll c:\winxp\system32\webcheck.dll c:\winxp\system32\wpdshserviceobj.dll c:\winxp\system32\portabledevicetypes.dll c:\winxp\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\winxp\system32\rundll32.exe c:\winxp\RTHDCPL.EXE c:\winxp\system32\igfxsrvc.exe c:\program files\BACL\SpeechLab\TTSProfileDlg.exe c:\winxp\system32\wscntfy.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2012-01-16 22:17:14 - machine was rebooted ComboFix-quarantined-files.txt 2012-01-16 20:17 . Pre-Run: 845,303,808 bytes free Post-Run: 3,455,647,744 bytes free . - - End Of File - - 82FDA9538611D32DD48F71B9DEDAC1CF
  4. win32 sayty [РЕШЕН]

    Извинявам се че пиша със закъснение, нета ми е бавен а калдейта отваря трудно .... ето доклада от аваст, от Касперски вирус ремовал - нямам доклад - защото се деинсталира при затваряне * * Доклад на avast! * Файлът е генериран автоматично * * Използвана задача 'Пълна проверка на системата' * Стартирана на събота, Януари 14, 2012 6:28:25 PM * VPS: 120114-0, 01/14/2012 * C:\Documents and Settings\Rosen Studenkov\Local Settings\Application Data\Mozilla\Firefox\Profiles\g016waht.default\Cache\_CACHE_002_ [L] JS:Agent-PL [Trj] (0) D:\Dokumenti Piks & Programs\Install - programs\Audio i Video Draiveri\Cmi8738-6ch\W95-98\app\directX\dcom95.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Audio i Video Draiveri\Cmi8738-6ch\W95-98\app\directX\dx80eng.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Audio i Video Draiveri\Cmi8738-6ch\W95-98\app\directX\DXMEDIA.EXE [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Audio i Video Draiveri\Cmi8738-6ch\W95-98\app\directX\dxsetup.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Audio i Video Draiveri\Cmi8738-6ch\W95-98\app\directX\DXTXTRA.EXE [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Audio i Video Draiveri\Cmi8738-6ch\Xp-2K-Me\app\directX\dcom95.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Audio i Video Draiveri\Cmi8738-6ch\Xp-2K-Me\app\directX\dx80eng.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Audio i Video Draiveri\Cmi8738-6ch\Xp-2K-Me\app\directX\DXMEDIA.EXE [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Audio i Video Draiveri\Cmi8738-6ch\Xp-2K-Me\app\directX\dxsetup.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Audio i Video Draiveri\Cmi8738-6ch\Xp-2K-Me\app\directX\DXTXTRA.EXE [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K3\ARA\kb888111srvrtm.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K3\BR\kb888111srvrtm.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K3\CHS\kb888111srvrtm.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K3\CHT\kb888111srvrtm.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K3\EL\kb888111srvrtm.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K3\FR\kb888111srvrtm.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K3\GER\kb888111srvrtm.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K3\HEB\kb888111srvrtm.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K3\HU\kb888111srvrtm.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K3\IT\kb888111srvrtm.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K3\JPN\kb888111srvrtm.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K3\KOR\kb888111srvrtm.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K3\NO\kb888111srvrtm.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K3\PL\kb888111srvrtm.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K3\TR\kb888111srvrtm.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\ARA\kb888111xpsp1.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\ARA\kb888111xpsp2.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\CHS\kb888111xpsp2.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\CHT\kb888111w2ksp4.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\CHT\kb888111xpsp1.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\CS\kb888111w2ksp4.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\CS\kb888111xpsp1.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\CS\kb888111xpsp2.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\DA\kb888111xpsp1.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\EL\kb888111xpsp1.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\EL\kb888111xpsp2.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\ES\kb888111w2ksp4.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\ES\kb888111xpsp1.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\FI\kb888111w2ksp4.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\FR\kb888111w2ksp4.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\FR\kb888111xpsp1.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\HEB\kb888111xpsp1.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\HU\kb888111w2ksp4.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\HU\kb888111xpsp1.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\HU\kb888111xpsp2.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\JPN\kb888111xpsp2.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\KOR\kb888111w2ksp4.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\KOR\kb888111xpsp2.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\NL\kb888111xpsp2.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\NO\kb888111xpsp2.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\PL\kb888111w2ksp4.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\PL\kb888111xpsp2.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\PT\kb888111xpsp2.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\RU\kb888111w2ksp4.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\SV\kb888111xpsp1.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\SV\kb888111xpsp2.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\us\kb888111xpsp1.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\HDA\5122\MSHDQFE\Win2K_XP\us\kb888111xpsp2.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\RealTek\A370_PG506\Ap\AvRack2.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\RealTek\A370_PG506\Ap\MPIE4STD.EXE [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Install - programs\Drivers\EU&USA_intel Series_9xx_945G7MA-8EKRS2_Driver_AUDIO\audio\RealTek\A370_PG506\Ap\Mpstd.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\My Documents\Orgtechnica_KA-диск за дистрибутори 2011г\НОВИ ЕКАФП КЛЕН ДТ\СОФТУЕР\SIM REG\NET FRAMEWORK 2.0\dotnetfx.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\My Documents\Orgtechnica_KA-диск за дистрибутори 2011г\НОВИ ЕКАФП КЛЕН ДТ\СОФТУЕР\Драйвер\vsu\instmsi.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\My Documents\Orgtechnica_KA-диск за дистрибутори 2011г\НОВИ ЕКАФП КЛЕН ДТ\СОФТУЕР\Драйвер\vsu\instmsiw.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\My Documents\Orgtechnica_KA-диск за дистрибутори 2011г\НОВИ ЕКАФП КЛЕН ДТ\СОФТУЕР\ИНИЦ. И РЕГИСТРАЦИЯ\fpinit\instmsi.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\My Documents\Orgtechnica_KA-диск за дистрибутори 2011г\НОВИ ЕКАФП КЛЕН ДТ\СОФТУЕР\ИНИЦ. И РЕГИСТРАЦИЯ\fpinit\instmsiw.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\My Documents\Orgtechnica_KA-диск за дистрибутори 2011г\НОВИ ЕКАФП КЛЕН ДТ\СОФТУЕР\ПРОГРАМИРАНЕ\eqld\instmsi.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\My Documents\Orgtechnica_KA-диск за дистрибутори 2011г\НОВИ ЕКАФП КЛЕН ДТ\СОФТУЕР\ПРОГРАМИРАНЕ\eqld\instmsiw.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\My Documents\Orgtechnica_KA-диск за дистрибутори 2011г\НОВИ ЕКАФП КЛЕН ДТ\СОФТУЕР\ПРОГРАМИРАНЕ\syssw\instmsi.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\My Documents\Orgtechnica_KA-диск за дистрибутори 2011г\НОВИ ЕКАФП КЛЕН ДТ\СОФТУЕР\ПРОГРАМИРАНЕ\syssw\instmsiw.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\My Documents\Orgtechnica_KA-диск за дистрибутори 2011г\НОВИ ЕКАФП КЛЕН ДТ\СОФТУЕР\Продажби\ecrfp\instmsi.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\My Documents\Orgtechnica_KA-диск за дистрибутори 2011г\НОВИ ЕКАФП КЛЕН ДТ\СОФТУЕР\Продажби\ecrfp\instmsiw.exe [L] Win32:Sality (0) D:\Dokumenti Piks & Programs\Web Design\Drugi\IRC.exe|>IRC\IRC\8.jpg [E] Архивът е защитен с парола. (42056) D:\Install\Antivirus\Avast! Internet Security 6.0.1125 Final\Crack\ashBase.dll [L] Win32:Crack-E [PUP] (0) D:\Install\Tools\Vryska s drugo PC pylen dostyp\vnc-4_1_1-x86_win32.exe [L] Win32:PUP-gen [PUP] (0) Инфектирани файлове: 75 Общо файлове: 74675 Общо папки: 7742 Общ размер: 62.3 GB * * Задачата спряна: Saturday, January 14, 2012 7:27:25 PM * Време на изпълнение: 59 минути, 0 секунди *
  5. Първо бях с Панда Антивирус после с Kaspersky virus removal toolСканирах с Аваст Антивирус и открих 75 Салти Вируса на C: i D: после сканирах с PCMAV express for sality sality killer и последно с ДДС пращам ви 2 та лога да ми каже кой Файлове са Заразени и какво мога да Спася? Мога ли да си запшаза Филми Музика и Снимки . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Rosen Studenkov at 9:39:22 on 2012-01-16 Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.502.60 [GMT 2:00] . AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\WINXP\system32\svchost -k DcomLaunch svchost.exe C:\WINXP\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINXP\Explorer.EXE C:\WINXP\RTHDCPL.EXE C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe C:\WINXP\system32\hkcmd.exe C:\WINXP\system32\igfxpers.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\D-Tools\daemon.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Messenger\msmsgs.exe C:\premiumsoft\photofun\photofun.exe C:\WINXP\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINXP\system32\igfxsrvc.exe C:\Program Files\Datecs\FlexType 2K\FType2K.exe C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe C:\Program Files\BACL\SpeechLab\TTSProfileDlg.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe svchost.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe C:\Program Files\QuestBasic\questbasic.exe C:\WINXP\system32\svchost.exe -k imgsvc C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe C:\Program Files\QuestBasic\questbasic.exe C:\WINXP\system32\wscntfy.exe C:\Program Files\DX-Ball\DXBall.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?babsrc=HP_Prot BHO: Помощник за връзки на Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [espaces] c:\premiumsoft\photofun\photofun.exe uRun: [Google Update] "c:\documents and settings\rosen studenkov\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [CTFMON.EXE] c:\winxp\system32\ctfmon.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRunOnce: [FlashPlayerUpdate] c:\winxp\system32\macromed\flash\FlashUtil10q_ActiveX.exe -update activex mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [TaskTray] mRun: [RTHDCPL] RTHDCPL.EXE mRun: [btTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe" mRun: [igfxTray] c:\winxp\system32\igfxtray.exe mRun: [HotKeysCmds] c:\winxp\system32\hkcmd.exe mRun: [Persistence] c:\winxp\system32\igfxpers.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [WinampAgent] c:\program files\winamp\winampa.exe mRun: [<NO NAME>] mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033 mRun: [NWEReboot] mRun: [NeroFilterCheck] c:\winxp\system32\NeroCheck.exe mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui StartupFolder: c:\docume~1\rosens~1\startm~1\programs\startup\config~1.lnk - c:\documents and settings\rosen studenkov\application data\microsoft\installer\{319a3ca9-da63-4d65-8b25-403cf9cbf087}\_5af141bb.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flexty~1.lnk - c:\program files\datecs\flextype 2k\FType2K.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\rtl8187 wireless lan utility\RtWLan.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Send by Bluetooth - c:\program files\ivt corporation\bluesoleil\transsend\ie\tsinfo.htm IE: Send via &Message... - c:\program files\ivt corporation\bluesoleil\transsend\ie\tssms.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{62AB5103-05A4-4BB9-B798-ED2199E4226D} : DhcpNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winxp\system32\wpdshserviceobj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\rosen studenkov\application data\mozilla\firefox\profiles\g016waht.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=19993&babsrc=HP_ss&mntrId=f8b5f85c000000000000380a0aa06ca5 FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=19993&babsrc=adbartrp&mntrId=f8b5f85c000000000000380a0aa06ca5&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\rosen studenkov\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.id - f8b5f85c000000000000380a0aa06ca5 FF - user.js: extensions.BabylonToolbar_i.hardId - f8b5f85c000000000000380a0aa06ca5 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15318 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:23:52 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=19993 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . ============= SERVICES / DRIVERS =============== . R0 BtHidBus;Bluetooth HID Bus Service;c:\winxp\system32\drivers\BtHidBus.sys [2009-1-7 20744] R0 d347bus;d347bus;c:\winxp\system32\drivers\d347bus.sys [2011-12-26 155136] R0 d347prt;d347prt;c:\winxp\system32\drivers\d347prt.sys [2011-12-26 5248] R1 aswSP;aswSP;c:\winxp\system32\drivers\aswSP.sys [2012-1-11 162640] R2 aswFsBlk;aswFsBlk;c:\winxp\system32\drivers\aswFsBlk.sys [2012-1-11 19024] R2 EAPPkt;Realtek EAPPkt Protocol;c:\winxp\system32\drivers\EAPPkt.sys [2011-12-9 38144] R3 btnetBUs;Bluetooth PAN Bus Service;c:\winxp\system32\drivers\btnetBus.sys [2008-12-7 30088] R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\winxp\system32\drivers\IvtBtBus.sys [2008-7-2 26248] R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\winxp\system32\drivers\RTL8187.sys [2011-12-9 332928] S0 33483297;33483297;c:\winxp\system32\drivers\33483297.sys --> c:\winxp\system32\drivers\33483297.sys [?] S3 Ambfilt;Ambfilt;c:\winxp\system32\drivers\Ambfilt.sys [2011-12-8 1691480] S3 RkPavproc1;RkPavproc1;c:\winxp\system32\drivers\RkPavproc1.sys [2011-12-26 17544] . =============== Created Last 30 ================ . 2012-01-14 15:26:40 -------- d-----w- c:\documents and settings\all users\application data\Hagel Technologies 2012-01-12 08:48:13 -------- d--h--w- c:\winxp\system32\GroupPolicy 2012-01-11 16:42:54 -------- d-----w- c:\documents and settings\all users\application data\Alwil Software 2012-01-11 11:58:38 -------- d-sh--w- c:\documents and settings\rosen studenkov\IECompatCache 2012-01-10 18:56:08 -------- d-----w- c:\program files\DX-Ball 2012-01-10 17:50:53 -------- d-----w- c:\documents and settings\rosen studenkov\application data\Malwarebytes 2012-01-10 17:50:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-01-10 17:50:33 20464 ----a-w- c:\winxp\system32\drivers\mbam.sys 2012-01-10 17:50:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-03 20:15:59 5632 ----a-w- c:\winxp\system32\ptpusb.dll 2012-01-03 20:15:58 15104 -c--a-w- c:\winxp\system32\dllcache\usbscan.sys 2012-01-03 20:15:58 15104 ----a-w- c:\winxp\system32\drivers\usbscan.sys 2012-01-03 20:15:57 159232 ----a-w- c:\winxp\system32\ptpusd.dll 2012-01-03 07:04:39 -------- d-----w- c:\winxp\system32\appmgmt 2011-12-27 14:03:07 -------- d-----w- c:\program files\Lavalys 2011-12-26 18:12:29 -------- d-----w- c:\documents and settings\rosen studenkov\local settings\application data\Ahead 2011-12-26 18:07:46 -------- d-----w- c:\program files\Nero 2011-12-26 18:03:55 5248 ----a-w- c:\winxp\system32\drivers\d347prt.sys 2011-12-26 18:03:55 155136 ----a-w- c:\winxp\system32\drivers\d347bus.sys 2011-12-26 18:03:53 -------- d-----w- c:\program files\D-Tools 2011-12-26 18:03:40 -------- d-----w- c:\winxp\Downloaded Installations 2011-12-26 17:53:02 -------- d-----w- c:\winxp\system32\XPSViewer 2011-12-26 17:52:14 89088 -c----w- c:\winxp\system32\dllcache\filterpipelineprintproc.dll 2011-12-26 17:52:14 597504 -c----w- c:\winxp\system32\dllcache\printfilterpipelinesvc.exe 2011-12-26 17:52:14 597504 ------w- c:\winxp\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2011-12-26 17:52:14 575488 -c----w- c:\winxp\system32\dllcache\xpsshhdr.dll 2011-12-26 17:52:14 575488 ------w- c:\winxp\system32\xpsshhdr.dll 2011-12-26 17:52:14 117760 ------w- c:\winxp\system32\prntvpt.dll 2011-12-26 17:52:13 1676288 -c----w- c:\winxp\system32\dllcache\xpssvcs.dll 2011-12-26 17:52:13 1676288 ------w- c:\winxp\system32\xpssvcs.dll 2011-12-26 17:19:55 1974616 ----a-w- c:\winxp\system32\D3DCompiler_42.dll 2011-12-26 17:19:43 1892184 ----a-w- c:\winxp\system32\D3DX9_42.dll 2011-12-26 17:19:32 4379984 ----a-w- c:\winxp\system32\D3DX9_40.dll 2011-12-26 17:19:20 3727720 ----a-w- c:\winxp\system32\d3dx9_35.dll 2011-12-26 17:19:08 3497832 ----a-w- c:\winxp\system32\d3dx9_34.dll 2011-12-26 17:18:52 -------- d-----w- c:\winxp\Logs 2011-12-26 16:53:31 17544 ------w- c:\winxp\system32\drivers\RkPavproc1.sys 2011-12-26 08:17:22 -------- d-----w- c:\documents and settings\rosen studenkov\local settings\application data\Google 2011-12-26 06:02:21 -------- d-----w- C:\New Folder 2011-12-24 19:46:57 -------- d-----w- c:\program files\QuestBasic 2011-12-24 19:46:57 -------- d-----w- c:\documents and settings\all users\application data\QuestBasic 2011-12-24 19:46:36 -------- d-----w- c:\program files\LDA Games 2011-12-21 12:25:45 -------- d-----w- c:\documents and settings\rosen studenkov\application data\BabylonToolbar . ==================== Find3M ==================== . 2011-12-09 07:25:10 414368 ----a-w- c:\winxp\system32\FlashPlayerCPLApp.cpl 2011-12-08 22:45:58 21035 ----a-w- c:\winxp\system32\drivers\AegisP.sys . ============= FINISH: 9:40:53.84 =============== Name: Ethernet Controller PNP Device ID: PCI\VEN_14E4&DEV_169C&SUBSYS_0C2D105B&REV_03\4&1AF1648C&0&18F0 Service: . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Mass Storage Controller Device ID: PCI\VEN_1283&DEV_8212&SUBSYS_0CC0105B&REV_13\4&1AF1648C&0&20F0 Manufacturer: Name: Mass Storage Controller PNP Device ID: PCI\VEN_1283&DEV_8212&SUBSYS_0CC0105B&REV_13\4&1AF1648C&0&20F0 Service: . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: SM Bus Controller Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_0CC0105B&REV_01\3&2411E6FE&0&FB Manufacturer: Name: SM Bus Controller PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_0CC0105B&REV_01\3&2411E6FE&0&FB Service: . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Bluetooth PAN Network Adapter Device ID: {F12D3CF8-B11D-457E-8641-BE2AF2D6D204}\IVTBTPAN\1&21CCD16&0&0000 Manufacturer: IVT Corporation Name: Bluetooth PAN Network Adapter PNP Device ID: {F12D3CF8-B11D-457E-8641-BE2AF2D6D204}\IVTBTPAN\1&21CCD16&0&0000 Service: BT . ==== System Restore Points =================== . RP48: 1/15/2012 12:28:23 PM - System Checkpoint . ==== Installed Programs ====================== . AC3Filter (remove only) Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 8 - Bulgarian Ask Toolbar Ask Toolbar Updater Babylon toolbar on IE Bluesoleil 6.4.261.0 BSPlayer DAEMON Tools Driver Genius Professional Edition DX-Ball 1.09 EVEREST Ultimate Edition v5.50 ffdshow [rev 1943] [2008-04-16] FlexType 2K Google Chrome Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB954550-v5) Intel® Graphics Media Accelerator Driver jetAudio Malwarebytes Anti-Malware, Іµрсёя 1.60.0.1800 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Office Professional Edition 2003 Microsoft Primary Interoperability Assemblies 2005 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox 4.0 (x86 bg) Nero 7 Ultra Edition Nimo Codecs Pack v5.0 (Remove Only) Nokia Connectivity Cable Driver Panda Security Toolbar PC Connectivity Solution PhotoFun Realtek High Definition Audio Driver REALTEK RTL8187 Wireless LAN Driver and Utility REALTEK Wireless LAN Driver Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB980195) Skype Click to Call Skype™ 4.0 SpeechLab The KMPlayer (remove only) Update for Microsoft Windows (KB971513) Update for Windows XP (KB2467659) Update for Windows XP (KB898461) WebFldrs XP Winamp (remove only) Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) WinRAR 4.01 (32-±ётѕІ° Іµрсёя) µTorrent . ==== Event Viewer Messages From Past Week ======== . 33483297 33483297 33483297 33483297 33483297 33483297 33483297 33483297 33483297 33483297 33483297 33483297 33483297 1/9/2012 5:52:13 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 380A0AA06CA5. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. 1/9/2012 1:58:07 PM, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 380A0AA06CA5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 1/9/2012 1:08:51 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.5 with the system having network hardware address 00:0E:9B:00:E0:00. Network operations on this system may be disrupted as a result. 1/14/2012 8:12:43 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 380A0AA06CA5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 1/13/2012 11:15:52 AM, error: Dhcp [1002] - The IP address lease 192.168.1.11 for the Network Card with network address 380A0AA06CA5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 1/12/2012 10:44:39 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 380A0AA06CA5. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. 1/11/2012 9:28:13 PM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 380A0AA06CA5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 1/11/2012 8:42:42 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.4 with the system having network hardware address F8:D1:11:08:8A:CD. Network operations on this system may be disrupted as a result. 1/11/2012 8:34:39 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.3 with the system having network hardware address 00:25:D3:D9:B6:74. Network operations on this system may be disrupted as a result. 1/11/2012 7:29:06 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QuestBasic Service service to connect. 1/11/2012 4:57:11 PM, error: Dhcp [1002] - The IP address lease 192.168.1.9 for the Network Card with network address 380A0AA06CA5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 1/11/2012 3:48:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: 1/11/2012 3:29:59 PM, error: Service Control Manager [7031] - The Panda Cloud Antivirus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 1/10/2012 8:53:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 1/10/2012 7:02:29 PM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 380A0AA06CA5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 1/10/2012 5:23:15 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.3 with the system having network hardware address D8:5D:4C:92:FE:23. Network operations on this system may be disrupted as a result. . ==== End Of File ===========================
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.