Премини към съдържанието

pocketrocket

Потребител
  • Публикации

    718
  • Регистрация

  • Последно онлайн

Всичко публикувано от pocketrocket

  1. Благодарско, бяхте много полезни
  2. Ами това е. Има ли разлика? Споря с една позната относно Еменското ждрело/каньон. В google намирам да се нарича и с двете имена и това ме навежда на мисълта, че и двете са правилни. Значи ли това, че природното явление на р. Ерма може да се оперели като ждрело и каньон ?
  3. Лелеее след 6 мъчителни години някой задоволи любопитството ми ! Благодаря Ви !
  4. Здравейте чудя се кои от двете фирми да избера за пакет интернет + цифрова телевизия. Интернета на булсатком ми е непознат като качество, докато Мегалан съм ги ползвал и са супер. Цифровата телевизия пък на мегалан не съм ползвал и не знам дали е качествена, докато тази на булсатком съм я ползвал и е супер. Може ли да се каже кой от двата пакета е по-добър ?
  5. Добре ако просто отида и си купа HDMI кабел няма ли да се реши проблема ?
  6. професоре, мисля, че на снимката ясно се вижда какви входове има телевизора - скарт, компонент и HDMI И моля те не бъди саркастичен, а любезен Ето изглед от зад на телевизора все пак
  7. Здравейте Имам малък проблем със свързването на ТВ и двд система. На стария ми ТВ и старата двд система беше лесно. Един скарт кабел и нещата заспиват. Но тук е малко по различно. На двд системата нямам скарт От приложената картинка се вижда, че метод 1 отпада поради липса на HDMI кабел. Метод 2 - компонент не ми се съвсем ясен ... нямам в комплекта такива кабели, но ми приличат на съвсем обикновенни чинч кабели, три на брой. Ако някой го е свързал така да каже Аз се сетих за един кабел, който от едната страна е скарт, а от другата е компонент (три чинча) ако си купя такъв ще стане ли свързването ?
  8. благодаря, ще опитам и ще пиша какво е станало
  9. Здравейте. Имаме следния проблем с настройките на рутера. Имам 1 настолен комп и 1 лаптоп. С кабелен интернет съм. Рутера е свързан правилно, имам интернет на настолния, лаптопа хваща wireless-a, но когато сложа парола не може да се закачи. Лаптова е тошиба toshiba nb 100
  10. Мерси за помощта !

  11. [email protected] as downloader log: Can not read file from [email protected] as downloader log: Can not read file from [email protected] as downloader log: Can not read file from [email protected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=9262fad3e7d90f4cb3b9a3999a5cf442 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-12-29 10:00:40 # local_time=2009-12-29 12:00:40 (+0200, FLE Standard Time) # country="Bulgaria" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 308138 308138 0 0 # compatibility_mode=8192 67108863 100 0 8422 8422 0 0 # scanned=60693 # found=22 # cleaned=22 # scan_time=1255 C:\Documents and Settings\All Users\Application Data\{B064F9E5-5CCB-4D7B-A3A5-C00960A6B135}\OFFLINE\69E6D3E5\3E688669\stbapp.exe a variant of Win32/Adware.DoubleD.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\All Users\Application Data\{B064F9E5-5CCB-4D7B-A3A5-C00960A6B135}\OFFLINE\B75FA91E\3E688669\stbsvc.exe a variant of Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\All Users\Application Data\{B064F9E5-5CCB-4D7B-A3A5-C00960A6B135}\OFFLINE\BED3DEFB\3E688669\stbasst.exe probably a variant of Win32/Adware.DoubleD.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\All Users\Application Data\{B064F9E5-5CCB-4D7B-A3A5-C00960A6B135}\OFFLINE\EB91CE86\3E688669\stbdl.exe a variant of Win32/Adware.DoubleD.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\All Users\Application Data\{B064F9E5-5CCB-4D7B-A3A5-C00960A6B135}\OFFLINE\mFileBagIDE.dll\bag\stbpx.exe probably a variant of Win32/Adware.DoubleD.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP107\A0031784.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP107\A0031785.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP107\A0031786.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP107\A0031787.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP107\A0031788.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP107\A0031789.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP107\A0031790.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP107\A0031792.scr Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP109\A0032022.DLL Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP109\A0032729.exe a variant of Win32/Adware.DoubleD.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP109\A0032730.exe a variant of Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP109\A0032731.exe probably a variant of Win32/Adware.DoubleD.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP109\A0032732.exe a variant of Win32/Adware.DoubleD.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP109\A0032733.exe probably a variant of Win32/Adware.DoubleD.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP109\A0032734.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C E:\World of Warcraft\la_whi.dll probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C [email protected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=9262fad3e7d90f4cb3b9a3999a5cf442 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-12-29 01:10:57 # local_time=2009-12-29 03:10:57 (+0200, FLE Standard Time) # country="Bulgaria" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 316453 316453 0 0 # compatibility_mode=8199 22379925 100 100 6567 3736934 0 0 # scanned=61125 # found=3 # cleaned=3 # scan_time=4357 # nod_component=V3 Build:0x30000000 E:\World of Warcraft\ardamax_keylogger_2.8+serial.rar multiple threats (deleted - quarantined) 00000000000000000000000000000000 C E:\World of Warcraft\la_whi.dll probably a variant of Win32/Agent trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C E:\World of Warcraft\ardamax_keylogger_2.8+serial\ardamax_keylogger+serial\setup_akl.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C И сега каква антивирусна програма да си кача ?
  12. Maniac. Съжалявам, но забравих да запазя log file на последния скан, този преди да го деинсталирам. Фатално ли е ако не го побликувам ? В момента свалям online scaner-a на НОД. Скоро ще сканирам и ще публикувам неговия лог
  13. ComboFix 09-12-26.05 - user 12.2009 г. 19:26:41.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2047.1539 [GMT 2:00] Running from: c:\documents and settings\user\Desktop\tool.exe.exe AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Start Menu\Programs\325 USB PC Camera c:\documents and settings\All Users\Start Menu\Programs\325 USB PC Camera \AMCap.lnk c:\documents and settings\All Users\Start Menu\Programs\325 USB PC Camera \Uninstall.lnk C:\mxeitylr.bat C:\odowlulvfrts.bat c:\program files\FunWebProducts c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE c:\program files\MyWebSearch\bar\3.bin\MWSSVC.EXE c:\program files\MyWebSearch\bar\4.bin\MWSSVC.EXE c:\program files\MyWebSearch\bar\5.bin\MWSSVC.EXE c:\program files\MyWebSearch\bar\6.bin\MWSSVC.EXE c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\windows\system32\AutoRun.inf c:\windows\system32\f3PSSavr.scr C:\wjsylshpxh.bat D:\mxeitylr.bat D:\odowlulvfrts.bat D:\wjsylshpxh.bat E:\mxeitylr.bat E:\odowlulvfrts.bat E:\wjsylshpxh.bat F:\mxeitylr.bat F:\odowlulvfrts.bat F:\wjsylshpxh.bat . ((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 ))))))))))))))))))))))))))))))) . 2009-12-26 13:21 . 2009-12-26 13:21 -------- d-----w- C:\_OTL 2009-12-26 07:24 . 2009-12-26 07:24 -------- d-----w- c:\program files\AskPBar 2009-12-26 07:21 . 2009-12-26 07:21 -------- d-----w- c:\documents and settings\user\Application Data\Paltalk 2009-12-26 07:21 . 2009-12-26 07:21 -------- d-----w- c:\program files\Paltalk Messenger 2009-12-26 07:21 . 2009-12-26 07:21 -------- d-----w- c:\windows\PaltalkScene 2009-12-25 21:04 . 2009-12-25 21:04 -------- d-----w- c:\program files\Trend Micro 2009-12-25 20:20 . 2009-12-03 14:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-25 20:20 . 2009-12-03 14:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-25 20:20 . 2009-12-25 20:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-25 10:02 . 2009-12-25 21:02 -------- d-----w- c:\program files\Eset 2009-12-25 10:02 . 2009-12-25 10:02 270336 ----a-w- c:\windows\system32\imon.dll 2009-12-25 10:02 . 2009-12-25 10:02 502368 ----a-w- c:\windows\system32\drivers\amon.sys 2009-12-07 08:49 . 2009-12-07 08:49 -------- d-----w- c:\program files\Hasbro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-27 17:10 . 2009-02-24 16:52 -------- d-----w- c:\documents and settings\user\Application Data\Skype 2009-12-27 16:10 . 2009-03-09 12:11 -------- d-----w- c:\documents and settings\user\Application Data\skypePM 2009-12-25 11:16 . 2009-08-25 20:32 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-12-22 19:51 . 2009-07-16 21:28 10 ----a-w- c:\windows\popcinfo.dat 2009-12-22 10:30 . 2009-06-06 08:36 -------- d-----w- c:\program files\Google 2009-12-18 12:45 . 2009-02-24 15:39 -------- d-----w- c:\documents and settings\user\Application Data\uTorrent 2009-12-05 07:48 . 2009-02-24 09:11 29024 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-04 14:36 . 2009-10-20 17:07 -------- d-----w- c:\documents and settings\user\Application Data\dvdcss 2009-12-01 09:04 . 2009-02-24 16:27 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-11-27 08:56 . 2009-11-27 08:56 -------- d-----w- c:\documents and settings\user\Application Data\Syntrillium 2009-11-27 08:55 . 2009-11-27 08:54 -------- d-----w- c:\program files\coolpro2 2009-11-26 14:34 . 2009-11-26 14:34 -------- d-----w- c:\program files\Qni 2009-11-14 17:51 . 2009-11-14 17:51 -------- d-----w- c:\program files\Unlocker 2009-11-13 12:18 . 2009-02-24 16:48 -------- d-----r- c:\program files\Skype 2009-11-13 12:18 . 2009-11-13 12:18 -------- d-----w- c:\program files\Common Files\Skype 2009-11-13 12:18 . 2009-02-24 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-11-02 12:10 . 2009-11-02 12:10 28120 ----a-w- c:\documents and settings\D E V I L\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-02 12:10 . 2009-11-02 12:10 -------- d-----w- c:\documents and settings\D E V I L\Application Data\PC Suite 2009-10-26 17:03 . 2009-10-26 16:55 145875 ----a-w- c:\windows\hpoins21.dat 2009-10-21 18:56 . 2009-10-18 10:59 480128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-10-13 03:17 . 2009-10-13 03:17 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe 2009-10-13 03:17 . 2009-10-13 03:17 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe 2009-10-13 03:17 . 2009-10-13 03:17 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-10-13 03:17 . 2009-10-13 03:17 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe 2009-10-13 03:16 . 2009-10-13 03:17 33816384 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_us.exe 2009-10-11 13:32 . 2009-10-11 13:32 733783 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Packages\Nokia_PC_Suite\CustomActions\NSU_Inst_fix.exe 2009-10-11 13:32 . 2009-10-11 13:32 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstCCD.exe 2009-10-11 13:32 . 2009-10-11 13:32 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-10-11 13:32 . 2009-10-11 13:32 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstPCS.exe 2009-10-11 13:32 . 2009-10-11 13:32 27505824 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Nokia PC Suite 6.85 Release 14 Final.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0A94B116-4504-4e26-AB05-E61E474AA38B}"= "c:\program files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL" [2009-12-26 61440] [HKEY_CLASSES_ROOT\clsid\{0a94b116-4504-4e26-ab05-e61e474aa38b}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-12-25 921600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2008-5-9 10452992] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "EnableVirtualization"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-06 07:40 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=c:\windows\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2006-11-16 17:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] 2009-09-03 21:17 3342336 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-03-11 19:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart] 2009-02-26 14:04 2376992 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2009-06-25 12:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325] 2007-04-25 13:36 835584 ----a-w- c:\windows\vsnp325.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2009-12-25 10:10 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325] 2007-04-21 07:30 270336 ----a-w- c:\windows\tsnp325.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\ICQ6.5\\ICQ.exe"= "c:\\Program Files\\FlashGet\\FlashGet.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "e:\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"= "e:\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05.8.2009 г. 15:06 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05.8.2009 г. 15:06 74480] R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [27.3.2009 г. 15:18 10343168] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.8.2009 г. 21:42 682232] S2 gupdate1c9e681e6d0ad58;Google Update Service (gupdate1c9e681e6d0ad58);c:\program files\Google\Update\GoogleUpdate.exe [06.6.2009 г. 10:36 133104] S3 FXDrv32;FXDrv32;\??\g:\fxdrv32.sys --> g:\FXDrv32.sys [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05.8.2009 г. 15:06 7408] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . ------- Supplementary Scan ------- . uStart Page = hxxp://paltalk.myway.com mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html'>http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm IE: &Search - ?p=ZJfox000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\ouj669ax.default\ FF - prefs.js: browser.startup.homepage - FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe MSConfigStartUp-ndpyoyqbmzccg - dxnauietizgksuydw.exe MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe MSConfigStartUp-wjsylshpxh - wpeqjwrftjpszadh.exe MSConfigStartUp-wpeqjwrftjpszadh - c:\docume~1\user\LOCALS~1\Temp\mhymhwtjzrzenqvbvg.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-27 19:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(700) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(756) c:\windows\system32\imon.dll . Completion time: 2009-12-27 19:30:55 ComboFix-quarantined-files.txt 2009-12-27 17:30 Pre-Run: 65 702 772 736 bytes free Post-Run: 65 656 860 672 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - B49F4473C3A72BB83EB660F7950EB95F Toва е от Add-Remove Programs Архиватор WinRAR µTorrent 32 Bit HP CIO Components Installer 325 USB PC Camera Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9 AIO_Scan Ask Toolbar ATI Display Driver BufferChm C5200 C5200_doccd c5200_Help Compatibility Pack for the 2007 Office system Cool Edit Pro 2.0 Copy Critical Update for Windows Media Player 11 (KB959772) CustomerResearchQFolder Destination Component DeviceDiscovery DeviceManagementQFolder DocProc DocProcQFolder EA Download Manager Easy CD-DA Extractor 9.0 ESET Online Scanner v3 eSupportQFolder Fax FlashGet 1.9.6.1073 Google Земя Google Update Helper HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) HP Customer Participation Program 9.0 HP Imaging Device Functions 9.0 HP OCR Software 9.0 HP Photosmart All-In-One Software 9.0 HP Photosmart Essential 2.01 HP Photosmart Essential2.01 HP Smart Web Printing HP Solution Center 9.0 HP Update HPProductAssistant HPSSupply ICQ6.5 KoralSoft - EuroDictXP Malwarebytes' Anti-Malware MarketResearch Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.5 Microsoft Visual C++ 2005 Redistributable Microsoft WSE 3.0 Runtime Monopoly by Parker Brothers Mozilla Firefox (3.5.6) MSVC80_x86 MSXML 6.0 Parser (KB933579) Nero 7 Ultra Edition NOD32 antivirus system Nokia Connectivity Cable Driver Nokia Flashing Cable Driver Nokia Music Nokia Ovi Application Installer Nokia Ovi Application Installer 6.85.3011 Nokia Ovi Content Copier Nokia Ovi Content Copier 6.85.3011 Nokia Ovi One Touch Access Nokia Ovi One Touch Access 6.85.3011 Nokia Ovi Suite Nokia Ovi System Utilities Nokia Ovi System Utilities 6.85.3014 Nokia PC Suite Nokia Photos Nokia Software Updater NVIDIA Drivers Opera 9.63 PaltalkScene PanoStandAlone PC Connectivity Solution PS_AIO_02_ProductContext PS_AIO_02_Software PS_AIO_02_Software_min PSSWCORE Realtek AC'97 Audio Realtek High Definition Audio Driver SA Dictionary 2005 T2 Scan Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Skype web features Skype™ 4.1 SLD Codec Pack SolutionCenter Spybot - Search & Destroy Status SUPERAntiSpyware Free Edition The KMPlayer (remove only) The Sims 2 The Sims™ 3 Toolbox TrayApp UnloadSupport Unlocker 1.8.7 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB943729) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB973815) VideoToolkit01 VLC media player 0.9.8a WebFldrs XP WebReg Winamp Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 World of Warcraft Yahoo! Messenger Yahoo! Toolbar Zuma Deluxe RA
  14. OTL logfile created on: 26.12.2009 г. 15:28:49 - Run 3 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\user\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.' 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 78,13 Gb Total Space | 61,36 Gb Free Space | 78,54% Space Free | Partition Type: NTFS Drive D: | 97,65 Gb Total Space | 7,37 Gb Free Space | 7,54% Space Free | Partition Type: NTFS Drive E: | 146,48 Gb Total Space | 32,27 Gb Free Space | 22,03% Space Free | Partition Type: NTFS Drive F: | 143,49 Gb Total Space | 143,41 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Drive G: | 4,14 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-PC Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009.12.26 11:04:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe PRC - [2009.12.25 12:02:02 | 00,921,600 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exe PRC - [2009.12.25 12:02:02 | 00,507,904 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe PRC - [2009.12.17 09:14:10 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009.06.25 14:12:42 | 01,414,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2009.06.02 09:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2009.05.28 12:45:00 | 00,132,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2009.03.30 09:11:14 | 00,120,320 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009.03.30 09:06:58 | 00,090,112 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe PRC - [2009.03.18 17:50:30 | 04,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe PRC - [2008.05.09 01:17:47 | 10,452,992 | ---- | M] (AVM Software Inc.) -- C:\Program Files\Paltalk Messenger\paltalk.exe PRC - [2008.04.14 02:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2008.04.14 02:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.02.26 06:00:02 | 00,520,192 | R--- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2007.04.16 22:28:22 | 00,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2007.04.04 00:29:15 | 00,165,784 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe PRC - [2007.02.12 14:50:40 | 00,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe ========== Modules (SafeList) ========== MOD - [2009.12.26 11:04:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2009.12.25 12:02:02 | 00,507,904 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn) SRV - [2009.06.06 10:36:33 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9e681e6d0ad58) Google Update Service (gupdate1c9e681e6d0ad58) SRV - [2009.06.02 09:10:08 | 00,637,952 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.04.14 02:11:56 | 00,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon) SRV - [2008.02.26 06:00:02 | 00,520,192 | R--- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller) SRV - [2007.06.04 22:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2007.06.04 22:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) SRV - [2006.11.08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12) SRV - [2006.11.08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12) SRV - [2003.07.28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://paltalk.myway.com IE - HKCU\..\URLSearchHook: {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (Ask.com) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: [email protected]:1.01 FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.10.13 05:18:51 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.12.17 09:14:15 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.12.17 09:14:15 | 00,000,000 | ---D | M] [2009.08.27 22:41:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions [2009.12.26 14:21:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ouj669ax.default\extensions [2009.12.25 13:35:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ouj669ax.default\extensions\[email protected] [2009.09.30 23:58:24 | 00,000,325 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ouj669ax.default\searchplugins\mywebsearch.xml [2009.08.27 22:40:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.07.31 00:46:07 | 00,001,083 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\911bg.xml [2009.07.31 00:46:07 | 00,002,442 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\diribg.xml [2009.07.31 00:46:07 | 00,001,515 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pe-bg.xml [2009.07.31 00:46:07 | 00,001,857 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\portalbgdict.xml [2009.07.31 00:46:07 | 00,001,220 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-bg.xml O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) O2 - BHO: (Ask Search Assistant BHO) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (Ask.com) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com) O2 - BHO: (Ask Toolbar BHO) - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com) O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe () O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset ) O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1 O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM () O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM () O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset ) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset ) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset ) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset ) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset ) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\imon.dll (Eset ) O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.9.224.2 217.9.224.3 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 14 Days ========== [2009.12.26 15:21:57 | 00,000,000 | ---D | C] -- C:\_OTL [2009.12.26 11:03:31 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe [2009.12.26 09:24:02 | 00,000,000 | ---D | C] -- C:\Program Files\AskPBar [2009.12.26 09:21:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Paltalk [2009.12.26 09:21:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\PaltalkScene [2009.12.26 09:21:36 | 00,000,000 | ---D | C] -- C:\Program Files\Paltalk Messenger [2009.12.25 23:04:07 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009.12.25 22:20:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009.12.25 22:20:57 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009.12.25 22:20:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009.12.25 22:17:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\New Folder (2) [2009.12.25 21:43:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\da4inka [2009.12.25 12:02:28 | 00,502,368 | ---- | C] (Eset ) -- C:\WINDOWS\System32\drivers\amon.sys [2009.12.25 12:02:28 | 00,270,336 | ---- | C] (Eset ) -- C:\WINDOWS\System32\imon.dll [2009.12.25 12:02:28 | 00,000,000 | ---D | C] -- C:\Program Files\Eset [2009.12.25 12:01:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\NOD32 [2009.12.17 10:15:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\HERBALIFE [2009.11.29 09:44:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2009.11.29 09:44:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2009.06.28 12:47:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2009.06.06 10:36:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2009.03.27 15:18:23 | 00,147,456 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp325.dll [2009.03.27 15:18:23 | 00,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnp325.dll [2009.03.27 15:18:23 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp325.dll [2009.02.25 17:47:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2003.02.22 20:02:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2003.02.22 20:02:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft ========== Files - Modified Within 14 Days ========== [2009.12.26 15:29:59 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009.12.26 15:24:17 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2009.12.26 15:23:52 | 00,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009.12.26 15:23:48 | 00,000,240 | ---- | M] () -- C:\WINDOWS\tasks\NOD32.job [2009.12.26 15:23:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009.12.26 15:23:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009.12.26 15:22:34 | 08,126,464 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT [2009.12.26 15:22:34 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini [2009.12.26 15:22:23 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2009.12.26 14:57:00 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2009.12.26 12:20:00 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2009.12.26 11:04:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe [2009.12.26 09:21:41 | 00,001,640 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk [2009.12.26 09:21:41 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\user\Desktop\PaltalkScene.lnk [2009.12.26 09:21:41 | 00,001,312 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Upgrade to Paltalk Extreme.lnk [2009.12.26 09:16:32 | 10,660,416 | ---- | M] () -- C:\Documents and Settings\user\Desktop\pal_install_r17704.exe [2009.12.25 23:06:13 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\user\Desktop\HijackThis.lnk [2009.12.25 23:00:56 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db [2009.12.25 22:21:02 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009.12.25 13:51:55 | 00,000,940 | ---- | M] () -- C:\WINDOWS\win.ini [2009.12.25 13:51:55 | 00,000,255 | ---- | M] () -- C:\WINDOWS\system.ini [2009.12.25 13:51:55 | 00,000,211 | -H-- | M] () -- C:\boot.ini [2009.12.25 13:38:01 | 02,672,312 | ---- | M] () -- C:\Documents and Settings\user\Desktop\esetsmartinstaller_enu.exe [2009.12.25 12:11:02 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009.12.25 12:02:03 | 00,270,336 | ---- | M] (Eset ) -- C:\WINDOWS\System32\imon.dll [2009.12.25 12:02:02 | 00,502,368 | ---- | M] (Eset ) -- C:\WINDOWS\System32\drivers\amon.sys [2009.12.25 10:08:36 | 05,595,648 | ---- | M] () -- C:\Documents and Settings\user\Desktop\2010.pps [2009.12.24 00:41:52 | 00,100,566 | ---- | M] () -- C:\Documents and Settings\user\Desktop\5B05DE90-A29C-4077-B03C-E485E6B12F27.jpg [2009.12.22 21:51:13 | 00,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat [2009.12.22 20:34:34 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009.12.22 12:30:53 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Земя.lnk [2009.12.21 13:10:32 | 05,246,339 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Emanuela i Krum - Nishto Ne Znaesh.mp3 [2009.12.20 11:09:50 | 00,054,964 | ---- | M] () -- C:\Documents and Settings\user\Desktop\grafik.jpg [2009.12.19 18:15:29 | 00,000,824 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Yahoo! Messenger (2).lnk [2009.12.17 16:34:31 | 00,033,972 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Kate.And.Leopold.2001.BRRip.XviD.AC3-KiNGS.rar [2009.12.17 16:22:45 | 00,074,752 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.14 09:35:54 | 00,045,996 | ---- | M] () -- C:\Documents and Settings\user\Desktop\NOKTO.JPG [2009.12.12 20:40:52 | 04,648,682 | ---- | M] () -- C:\Documents and Settings\user\Desktop\01 Track 1.wma [2009.12.12 17:23:55 | 00,041,440 | ---- | M] () -- C:\Documents and Settings\user\Desktop\The.Ugly.Truth.BRRip.XviD.AC3_DEViSE.(subs.sab.bz).zip ========== Files Created - No Company Name ========== [2009.12.26 09:21:41 | 00,001,640 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk [2009.12.26 09:21:41 | 00,001,620 | ---- | C] () -- C:\Documents and Settings\user\Desktop\PaltalkScene.lnk [2009.12.26 09:21:41 | 00,001,312 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Upgrade to Paltalk Extreme.lnk [2009.12.26 08:57:55 | 10,660,416 | ---- | C] () -- C:\Documents and Settings\user\Desktop\pal_install_r17704.exe [2009.12.25 23:04:09 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\user\Desktop\HijackThis.lnk [2009.12.25 22:21:02 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009.12.25 13:31:15 | 02,672,312 | ---- | C] () -- C:\Documents and Settings\user\Desktop\esetsmartinstaller_enu.exe [2009.12.25 13:22:00 | 00,000,240 | ---- | C] () -- C:\WINDOWS\tasks\NOD32.job [2009.12.25 12:11:02 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009.12.24 16:51:51 | 05,595,648 | ---- | C] () -- C:\Documents and Settings\user\Desktop\2010.pps [2009.12.24 00:41:39 | 00,100,566 | ---- | C] () -- C:\Documents and Settings\user\Desktop\5B05DE90-A29C-4077-B03C-E485E6B12F27.jpg [2009.12.22 12:30:53 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Земя.lnk [2009.12.21 13:01:09 | 05,246,339 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Emanuela i Krum - Nishto Ne Znaesh.mp3 [2009.12.20 11:09:50 | 00,054,964 | ---- | C] () -- C:\Documents and Settings\user\Desktop\grafik.jpg [2009.12.19 18:15:29 | 00,000,824 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Yahoo! Messenger (2).lnk [2009.12.17 16:34:29 | 00,033,972 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Kate.And.Leopold.2001.BRRip.XviD.AC3-KiNGS.rar [2009.12.14 09:35:53 | 00,045,996 | ---- | C] () -- C:\Documents and Settings\user\Desktop\NOKTO.JPG [2009.12.12 20:38:41 | 04,648,682 | ---- | C] () -- C:\Documents and Settings\user\Desktop\01 Track 1.wma [2009.12.12 17:23:55 | 00,041,440 | ---- | C] () -- C:\Documents and Settings\user\Desktop\The.Ugly.Truth.BRRip.XviD.AC3_DEViSE.(subs.sab.bz).zip [2009.10.26 19:10:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI [2009.10.26 18:55:21 | 00,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009.10.18 12:59:21 | 00,480,128 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2009.10.14 13:15:49 | 00,000,227 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI [2009.08.27 21:42:00 | 00,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.07.01 14:59:19 | 00,014,810 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009.03.27 15:20:18 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys [2009.03.27 15:20:18 | 00,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBTEnum.sys [2009.03.27 15:18:25 | 00,015,498 | ---- | C] () -- C:\WINDOWS\snp325.ini [2009.03.09 12:15:25 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2009.02.25 17:29:53 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.02.25 17:29:46 | 00,074,752 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.24 19:17:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2009.02.24 17:53:41 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004.12.20 12:08:28 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2004.12.20 12:03:26 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2003.01.07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002.12.14 23:46:02 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll [2002.12.14 23:46:02 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2002.12.14 23:46:02 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2002.12.14 22:46:04 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2002.11.15 14:11:26 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll ========== LOP Check ========== [2009.08.28 19:55:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2009.10.13 05:16:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2009.10.18 12:03:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic [2009.10.11 15:37:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2009.05.27 02:24:43 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B064F9E5-5CCB-4D7B-A3A5-C00960A6B135} [2009.02.24 18:53:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ICQ [2009.10.18 17:49:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nokia [2009.10.18 12:09:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nseries [2009.02.24 19:25:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera [2009.12.26 09:21:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Paltalk [2009.10.13 22:06:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PC Suite [2009.12.18 14:45:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\uTorrent [2009.12.26 15:23:48 | 00,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\NOD32.job [2009.12.26 15:24:17 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job ========== Purity Check ========== < End of report >
  15. Ето лога на OLT OTL logfile created on: 26.12.2009 г. 14:19:49 - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\user\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.' 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 78,13 Gb Total Space | 61,00 Gb Free Space | 78,08% Space Free | Partition Type: NTFS Drive D: | 97,65 Gb Total Space | 7,37 Gb Free Space | 7,54% Space Free | Partition Type: NTFS Drive E: | 146,48 Gb Total Space | 32,27 Gb Free Space | 22,03% Space Free | Partition Type: NTFS Drive F: | 143,49 Gb Total Space | 143,41 Gb Free Space | 99,95% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-PC Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009.12.26 11:04:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe PRC - [2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\system32\zxrigyyrkfqykqyhesqkb.exe PRC - [2009.12.25 12:02:02 | 00,921,600 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exe PRC - [2009.12.25 12:02:02 | 00,507,904 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe PRC - [2009.12.17 09:14:10 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009.03.18 17:50:30 | 04,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe PRC - [2008.04.14 02:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2008.04.14 02:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.02.26 06:00:02 | 00,520,192 | R--- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2007.04.16 22:28:22 | 00,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2007.04.04 00:29:15 | 00,165,784 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe PRC - [2007.02.12 14:50:40 | 00,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe ========== Modules (SafeList) ========== MOD - [2009.12.26 11:04:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2009.12.25 12:02:02 | 00,507,904 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn) SRV - [2009.06.06 10:36:33 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9e681e6d0ad58) Google Update Service (gupdate1c9e681e6d0ad58) SRV - [2009.06.02 09:10:08 | 00,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.04.14 02:11:56 | 00,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon) SRV - [2008.02.26 06:00:02 | 00,520,192 | R--- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller) SRV - [2007.06.04 22:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2007.06.04 22:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) SRV - [2006.11.08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12) SRV - [2006.11.08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12) SRV - [2003.07.28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2009.12.25 12:02:02 | 00,502,368 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON) DRV - [2009.08.27 21:42:00 | 00,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.08.05 15:06:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009.08.05 15:06:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2009.08.05 15:06:28 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2009.02.09 07:37:56 | 00,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.02.09 07:37:48 | 00,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.02.09 07:37:46 | 00,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.02.09 07:37:46 | 00,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.04.13 19:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser) DRV - [2008.04.13 18:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008.04.13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008.02.26 08:51:43 | 02,863,616 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008.01.25 00:36:16 | 04,127,488 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2007.10.12 16:15:00 | 00,054,144 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007.10.12 16:15:00 | 00,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007.05.14 10:12:28 | 03,526,464 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtHDMI.sys -- (RTHDMIAzAudService) DRV - [2007.04.26 11:03:12 | 10,343,168 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325) DRV - [2007.03.08 06:20:50 | 00,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12) DRV - [2007.03.08 06:20:49 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12) DRV - [2007.03.08 06:20:48 | 00,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412) DRV - [2007.03.08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2005.05.31 14:40:20 | 00,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2005.05.31 08:42:28 | 00,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2005.04.30 13:50:20 | 00,011,860 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBTEnum.sys -- (BTHidEnum) DRV - [2005.04.30 13:50:10 | 00,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2005.04.30 13:48:58 | 00,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT) DRV - [2005.03.25 16:18:48 | 00,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2004.10.19 12:37:38 | 00,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2004.08.04 00:29:50 | 00,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4) DRV - [2004.08.04 00:29:48 | 00,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3) DRV - [2004.08.04 00:29:46 | 00,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5) DRV - [2004.08.04 00:29:46 | 00,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4) DRV - [2004.08.04 00:29:46 | 00,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6) DRV - [2004.08.04 00:29:44 | 00,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3) DRV - [2004.08.04 00:29:44 | 00,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1) DRV - [2004.08.04 00:29:42 | 00,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0) DRV - [2004.08.04 00:29:42 | 00,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7) DRV - [2004.08.04 00:29:40 | 00,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5) DRV - [2004.08.04 00:29:40 | 00,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6) DRV - [2004.08.04 00:29:38 | 00,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004.08.04 00:29:38 | 00,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0) DRV - [2004.08.04 00:29:38 | 00,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1) DRV - [2004.08.04 00:29:38 | 00,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2) DRV - [2001.08.23 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2001.08.23 14:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM) DRV - [2001.08.17 14:20:04 | 00,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) DRV - [2001.08.17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel® DRV - [2001.08.17 13:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://paltalk.myway.com IE - HKCU\..\URLSearchHook: {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (Ask.com) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "MyWebSearch" FF - prefs.js..browser.startup.homepage: "http://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZJfox000&ptb=whM5cwpAFDyqWoWgwz7QVg" FF - prefs.js..extensions.enabledItems: [email protected]:1.01 FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=whM5cwpAFDyqWoWgwz7QVg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=" FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.10.13 05:18:51 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.12.17 09:14:15 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.12.17 09:14:15 | 00,000,000 | ---D | M] [2009.08.27 22:41:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions [2009.12.25 14:12:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ouj669ax.default\extensions [2009.12.25 13:35:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ouj669ax.default\extensions\[email protected] [2009.09.30 23:58:24 | 00,000,325 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ouj669ax.default\searchplugins\mywebsearch.xml [2009.08.27 22:40:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.07.31 00:46:07 | 00,001,083 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\911bg.xml [2009.07.31 00:46:07 | 00,002,442 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\diribg.xml [2009.07.31 00:46:07 | 00,001,515 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pe-bg.xml [2009.07.31 00:46:07 | 00,001,857 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\portalbgdict.xml [2009.07.31 00:46:07 | 00,001,220 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-bg.xml O1 HOSTS File: (297250 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 10268 more lines... O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) O2 - BHO: (Ask Search Assistant BHO) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (Ask.com) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com) O2 - BHO: (Ask Toolbar BHO) - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com) O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe () O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset ) O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [wjsylshpxh] C:\WINDOWS\System32\xtlawmkbsluakoubwie.exe () O4 - HKLM..\Run: [wpeqjwrftjpszadh] C:\Documents and Settings\user\Local Settings\Temp\wpeqjwrftjpszadh.exe () O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [ndpyoyqbmzccg] C:\WINDOWS\System32\khaqnedvnhryjovdzmjc.exe () O4 - HKCU..\Run: [wjsylshpxh] C:\Documents and Settings\user\Local Settings\Temp\dxnauietizgksuydw.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: odowlulvfrts = zxrigyyrkfqykqyhesqkb.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: dpxcouipw = C:\DOCUME~1\user\LOCALS~1\Temp\mhymhwtjzrzenqvbvg.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1 O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM () O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM () O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset ) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset ) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset ) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset ) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset ) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\imon.dll (Eset ) O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.9.224.2 217.9.224.3 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003.02.22 19:54:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{504cb3cb-4e39-11de-ab84-001c2538d4e2}\Shell\AutoRun\command - "" = wscript.exe .\.vbs O33 - MountPoints2\{504cb3cb-4e39-11de-ab84-001c2538d4e2}\Shell\open\command - "" = wscript.exe .\.vbs O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009.12.26 11:03:31 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe [2009.12.26 09:24:02 | 00,000,000 | ---D | C] -- C:\Program Files\AskPBar [2009.12.26 09:21:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Paltalk [2009.12.26 09:21:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\PaltalkScene [2009.12.26 09:21:36 | 00,000,000 | ---D | C] -- C:\Program Files\Paltalk Messenger [2009.12.25 23:04:07 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009.12.25 22:20:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009.12.25 22:20:57 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009.12.25 22:20:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009.12.25 22:17:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\New Folder (2) [2009.12.25 21:43:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\da4inka [2009.12.25 12:02:28 | 00,502,368 | ---- | C] (Eset ) -- C:\WINDOWS\System32\drivers\amon.sys [2009.12.25 12:02:28 | 00,270,336 | ---- | C] (Eset ) -- C:\WINDOWS\System32\imon.dll [2009.12.25 12:02:28 | 00,000,000 | ---D | C] -- C:\Program Files\Eset [2009.12.25 12:01:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\NOD32 [2009.12.17 10:15:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\HERBALIFE [2009.12.10 16:17:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\N G 2010 [2009.12.09 13:51:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\FACE [2009.12.07 11:31:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\IZLI6NO [2009.12.07 10:49:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\TikGames [2009.12.07 10:49:10 | 00,000,000 | ---D | C] -- C:\Program Files\Hasbro [2009.11.29 09:44:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2009.11.29 09:44:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2009.11.27 10:56:13 | 00,000,000 | ---D | C] -- C:\Temp [2009.11.27 10:56:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Syntrillium [2009.11.27 10:55:55 | 01,683,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvcore2.dll [2009.11.27 10:55:55 | 00,665,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv8dmoe.dll [2009.11.27 10:55:55 | 00,572,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvdmoe.dll [2009.11.27 10:55:55 | 00,438,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv8dmod.dll [2009.11.27 10:55:55 | 00,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmidx2.ocx [2009.11.27 10:54:33 | 00,000,000 | ---D | C] -- C:\Program Files\coolpro2 [2009.11.26 16:34:39 | 00,000,000 | ---D | C] -- C:\Program Files\Qni [2009.11.26 16:34:35 | 00,000,000 | ---D | C] -- C:\cddatakom [2009.06.28 12:47:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2009.06.06 10:36:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2009.03.27 15:18:23 | 00,147,456 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp325.dll [2009.03.27 15:18:23 | 00,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnp325.dll [2009.03.27 15:18:23 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp325.dll [2009.02.25 17:47:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2003.02.22 20:02:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2003.02.22 20:02:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009.12.26 13:57:00 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2009.12.26 13:50:30 | 08,126,464 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT [2009.12.26 12:20:00 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2009.12.26 12:18:35 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2009.12.26 12:18:22 | 00,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009.12.26 12:18:18 | 00,000,240 | ---- | M] () -- C:\WINDOWS\tasks\NOD32.job [2009.12.26 12:18:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009.12.26 12:18:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009.12.26 11:04:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe [2009.12.26 09:21:41 | 00,001,640 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk [2009.12.26 09:21:41 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\user\Desktop\PaltalkScene.lnk [2009.12.26 09:21:41 | 00,001,312 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Upgrade to Paltalk Extreme.lnk [2009.12.26 09:16:32 | 10,660,416 | ---- | M] () -- C:\Documents and Settings\user\Desktop\pal_install_r17704.exe [2009.12.25 23:59:39 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini [2009.12.25 23:06:13 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\user\Desktop\HijackThis.lnk [2009.12.25 23:00:56 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db [2009.12.25 22:21:02 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009.12.25 22:05:08 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\System32\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo [2009.12.25 22:05:08 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo [2009.12.25 22:05:08 | 00,000,316 | -H-- | M] () -- C:\Program Files\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo [2009.12.25 22:05:08 | 00,000,316 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo [2009.12.25 22:04:50 | 00,002,336 | -H-- | M] () -- C:\WINDOWS\System32\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx [2009.12.25 22:04:50 | 00,002,336 | -H-- | M] () -- C:\WINDOWS\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx [2009.12.25 22:04:50 | 00,002,336 | -H-- | M] () -- C:\Program Files\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx [2009.12.25 22:04:50 | 00,002,336 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx [2009.12.25 22:04:50 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\bdbwyuyvsrgsiserskmkf.dhe [2009.12.25 22:04:50 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\bdbwyuyvsrgsiserskmkf.dhe [2009.12.25 22:04:50 | 00,000,280 | -H-- | M] () -- C:\Program Files\bdbwyuyvsrgsiserskmkf.dhe [2009.12.25 22:04:50 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\bdbwyuyvsrgsiserskmkf.dhe [2009.12.25 22:04:07 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\zxrigyyrkfqykqyhesqkb.exe [2009.12.25 22:04:07 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\xtlawmkbsluakoubwie.exe [2009.12.25 22:04:07 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\qpkcbuvpjfranudnlazuml.exe [2009.12.25 22:04:07 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\mhymhwtjzrzenqvbvg.exe [2009.12.25 22:04:07 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\khaqnedvnhryjovdzmjc.exe [2009.12.25 22:04:07 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\dxnauietizgksuydw.exe [2009.12.25 22:04:06 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\wpeqjwrftjpszadh.exe [2009.12.25 14:15:33 | 00,000,463 | -H-- | M] () -- C:\WINDOWS\System32\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo [2009.12.25 14:15:33 | 00,000,463 | -H-- | M] () -- C:\WINDOWS\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo [2009.12.25 14:15:33 | 00,000,463 | -H-- | M] () -- C:\Program Files\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo [2009.12.25 14:15:33 | 00,000,463 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo [2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\zxrigyyrkfqykqyhesqkb.exe [2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\xtlawmkbsluakoubwie.exe [2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\wpeqjwrftjpszadh.exe [2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\qpkcbuvpjfranudnlazuml.exe [2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\mhymhwtjzrzenqvbvg.exe [2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\khaqnedvnhryjovdzmjc.exe [2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\dxnauietizgksuydw.exe [2009.12.25 13:51:55 | 00,000,940 | ---- | M] () -- C:\WINDOWS\win.ini [2009.12.25 13:51:55 | 00,000,255 | ---- | M] () -- C:\WINDOWS\system.ini [2009.12.25 13:51:55 | 00,000,211 | -H-- | M] () -- C:\boot.ini [2009.12.25 13:38:01 | 02,672,312 | ---- | M] () -- C:\Documents and Settings\user\Desktop\esetsmartinstaller_enu.exe [2009.12.25 12:11:02 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009.12.25 12:02:03 | 00,270,336 | ---- | M] (Eset ) -- C:\WINDOWS\System32\imon.dll [2009.12.25 12:02:02 | 00,502,368 | ---- | M] (Eset ) -- C:\WINDOWS\System32\drivers\amon.sys [2009.12.25 11:50:07 | 09,930,852 | ---- | M] () -- C:\Documents and Settings\user\Desktop\NOD32 2.51.20 + Fixer.rar [2009.12.25 10:08:36 | 05,595,648 | ---- | M] () -- C:\Documents and Settings\user\Desktop\2010.pps [2009.12.24 19:31:33 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009.12.24 00:41:52 | 00,100,566 | ---- | M] () -- C:\Documents and Settings\user\Desktop\5B05DE90-A29C-4077-B03C-E485E6B12F27.jpg [2009.12.23 13:35:26 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl [2009.12.23 13:35:26 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\System32\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl [2009.12.23 13:35:26 | 00,004,248 | -H-- | M] () -- C:\Program Files\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl [2009.12.23 13:35:26 | 00,004,248 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl [2009.12.22 21:51:13 | 00,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat [2009.12.22 20:34:34 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009.12.22 12:30:53 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Земя.lnk [2009.12.21 13:10:32 | 05,246,339 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Emanuela i Krum - Nishto Ne Znaesh.mp3 [2009.12.20 11:09:50 | 00,054,964 | ---- | M] () -- C:\Documents and Settings\user\Desktop\grafik.jpg [2009.12.19 18:15:29 | 00,000,824 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Yahoo! Messenger (2).lnk [2009.12.17 16:34:31 | 00,033,972 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Kate.And.Leopold.2001.BRRip.XviD.AC3-KiNGS.rar [2009.12.17 16:22:45 | 00,074,752 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.14 09:35:54 | 00,045,996 | ---- | M] () -- C:\Documents and Settings\user\Desktop\NOKTO.JPG [2009.12.12 20:40:52 | 04,648,682 | ---- | M] () -- C:\Documents and Settings\user\Desktop\01 Track 1.wma [2009.12.12 17:23:55 | 00,041,440 | ---- | M] () -- C:\Documents and Settings\user\Desktop\The.Ugly.Truth.BRRip.XviD.AC3_DEViSE.(subs.sab.bz).zip [2009.12.10 16:34:09 | 00,247,936 | ---- | M] () -- C:\Documents and Settings\user\Desktop\02.Romski Perli - Sadam kjuchek.mp3 [2009.12.10 16:33:54 | 00,247,936 | ---- | M] () -- C:\Documents and Settings\user\Desktop\07.Romski Perli - Buljasa.mp3 [2009.12.10 16:33:30 | 00,247,936 | ---- | M] () -- C:\Documents and Settings\user\Desktop\11.Romski Perli - Ajde romnie.mp3 [2009.12.08 20:36:34 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to MonopolyPB.exe.lnk [2009.12.08 13:03:13 | 04,778,109 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Tose Proeski - Soba Za Tugu (AtaPulja).mp3 [2009.12.05 09:49:06 | 00,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.12.05 09:48:50 | 00,029,024 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009.12.05 01:52:43 | 00,000,471 | ---- | M] () -- C:\Documents and Settings\user\Desktop\EuroDictXP.lnk [2009.12.03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009.12.03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009.12.02 10:01:26 | 00,429,568 | ---- | M] () -- C:\Documents and Settings\user\Desktop\CV-BG_var2.doc [2009.12.02 10:00:01 | 00,429,568 | ---- | M] () -- C:\Documents and Settings\user\My Documents\CV-BG_var1.doc [2009.12.01 12:09:26 | 00,000,326 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job [2009.12.01 11:00:13 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job [2009.11.29 23:48:15 | 93,932,317 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Ivan i Koceto.rar [2009.11.27 10:55:55 | 00,156,910 | ---- | M] () -- C:\WINDOWS\WMSysPr8.prx [2009.11.27 10:55:53 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Cool Edit Pro 2.0.lnk [2009.11.26 16:34:40 | 00,000,534 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CD Данъчен коментар.lnk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2009.12.26 09:21:41 | 00,001,640 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk [2009.12.26 09:21:41 | 00,001,620 | ---- | C] () -- C:\Documents and Settings\user\Desktop\PaltalkScene.lnk [2009.12.26 09:21:41 | 00,001,312 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Upgrade to Paltalk Extreme.lnk [2009.12.26 08:57:55 | 10,660,416 | ---- | C] () -- C:\Documents and Settings\user\Desktop\pal_install_r17704.exe [2009.12.25 23:04:09 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\user\Desktop\HijackThis.lnk [2009.12.25 22:21:02 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009.12.25 13:31:15 | 02,672,312 | ---- | C] () -- C:\Documents and Settings\user\Desktop\esetsmartinstaller_enu.exe [2009.12.25 13:22:00 | 00,000,240 | ---- | C] () -- C:\WINDOWS\tasks\NOD32.job [2009.12.25 12:11:02 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009.12.25 11:32:44 | 09,930,852 | ---- | C] () -- C:\Documents and Settings\user\Desktop\NOD32 2.51.20 + Fixer.rar [2009.12.24 16:51:51 | 05,595,648 | ---- | C] () -- C:\Documents and Settings\user\Desktop\2010.pps [2009.12.24 00:41:39 | 00,100,566 | ---- | C] () -- C:\Documents and Settings\user\Desktop\5B05DE90-A29C-4077-B03C-E485E6B12F27.jpg [2009.12.23 13:35:38 | 00,002,336 | -H-- | C] () -- C:\WINDOWS\System32\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx [2009.12.23 13:35:38 | 00,002,336 | -H-- | C] () -- C:\WINDOWS\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx [2009.12.23 13:35:38 | 00,002,336 | -H-- | C] () -- C:\Program Files\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx [2009.12.23 13:35:38 | 00,002,336 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx [2009.12.23 13:35:37 | 00,000,463 | -H-- | C] () -- C:\WINDOWS\System32\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo [2009.12.23 13:35:37 | 00,000,463 | -H-- | C] () -- C:\WINDOWS\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo [2009.12.23 13:35:37 | 00,000,463 | -H-- | C] () -- C:\Program Files\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo [2009.12.23 13:35:37 | 00,000,463 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo [2009.12.23 13:35:37 | 00,000,316 | -H-- | C] () -- C:\WINDOWS\System32\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo [2009.12.23 13:35:37 | 00,000,316 | -H-- | C] () -- C:\WINDOWS\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo [2009.12.23 13:35:37 | 00,000,316 | -H-- | C] () -- C:\Program Files\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo [2009.12.23 13:35:37 | 00,000,316 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo [2009.12.23 13:35:26 | 00,004,248 | -H-- | C] () -- C:\WINDOWS\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl [2009.12.23 13:35:26 | 00,004,248 | -H-- | C] () -- C:\WINDOWS\System32\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl [2009.12.23 13:35:26 | 00,004,248 | -H-- | C] () -- C:\Program Files\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl [2009.12.23 13:35:26 | 00,004,248 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl [2009.12.23 13:35:25 | 00,000,280 | -H-- | C] () -- C:\WINDOWS\System32\bdbwyuyvsrgsiserskmkf.dhe [2009.12.23 13:35:25 | 00,000,280 | -H-- | C] () -- C:\WINDOWS\bdbwyuyvsrgsiserskmkf.dhe [2009.12.23 13:35:25 | 00,000,280 | -H-- | C] () -- C:\Program Files\bdbwyuyvsrgsiserskmkf.dhe [2009.12.23 13:35:25 | 00,000,280 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\bdbwyuyvsrgsiserskmkf.dhe [2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\zxrigyyrkfqykqyhesqkb.exe [2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\xtlawmkbsluakoubwie.exe [2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\wpeqjwrftjpszadh.exe [2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\qpkcbuvpjfranudnlazuml.exe [2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\mhymhwtjzrzenqvbvg.exe [2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\khaqnedvnhryjovdzmjc.exe [2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\dxnauietizgksuydw.exe [2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\zxrigyyrkfqykqyhesqkb.exe [2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\xtlawmkbsluakoubwie.exe [2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\wpeqjwrftjpszadh.exe [2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\qpkcbuvpjfranudnlazuml.exe [2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\mhymhwtjzrzenqvbvg.exe [2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\khaqnedvnhryjovdzmjc.exe [2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\dxnauietizgksuydw.exe [2009.12.22 12:30:53 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Земя.lnk [2009.12.21 13:01:09 | 05,246,339 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Emanuela i Krum - Nishto Ne Znaesh.mp3 [2009.12.20 11:09:50 | 00,054,964 | ---- | C] () -- C:\Documents and Settings\user\Desktop\grafik.jpg [2009.12.19 18:15:29 | 00,000,824 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Yahoo! Messenger (2).lnk [2009.12.17 16:34:29 | 00,033,972 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Kate.And.Leopold.2001.BRRip.XviD.AC3-KiNGS.rar [2009.12.14 09:35:53 | 00,045,996 | ---- | C] () -- C:\Documents and Settings\user\Desktop\NOKTO.JPG [2009.12.12 20:38:41 | 04,648,682 | ---- | C] () -- C:\Documents and Settings\user\Desktop\01 Track 1.wma [2009.12.12 17:23:55 | 00,041,440 | ---- | C] () -- C:\Documents and Settings\user\Desktop\The.Ugly.Truth.BRRip.XviD.AC3_DEViSE.(subs.sab.bz).zip [2009.12.10 16:34:09 | 00,247,936 | ---- | C] () -- C:\Documents and Settings\user\Desktop\02.Romski Perli - Sadam kjuchek.mp3 [2009.12.10 16:33:54 | 00,247,936 | ---- | C] () -- C:\Documents and Settings\user\Desktop\07.Romski Perli - Buljasa.mp3 [2009.12.10 16:33:30 | 00,247,936 | ---- | C] () -- C:\Documents and Settings\user\Desktop\11.Romski Perli - Ajde romnie.mp3 [2009.12.08 20:36:34 | 00,000,806 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to MonopolyPB.exe.lnk [2009.12.08 13:03:08 | 04,778,109 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Tose Proeski - Soba Za Tugu (AtaPulja).mp3 [2009.12.05 01:52:43 | 00,000,471 | ---- | C] () -- C:\Documents and Settings\user\Desktop\EuroDictXP.lnk [2009.12.02 10:01:26 | 00,429,568 | ---- | C] () -- C:\Documents and Settings\user\Desktop\CV-BG_var2.doc [2009.12.02 09:34:40 | 00,429,568 | ---- | C] () -- C:\Documents and Settings\user\My Documents\CV-BG_var1.doc [2009.11.29 23:47:29 | 93,932,317 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Ivan i Koceto.rar [2009.11.27 10:55:55 | 00,156,910 | ---- | C] () -- C:\WINDOWS\WMSysPr8.prx [2009.11.27 10:55:53 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cool Edit Pro 2.0.lnk [2009.11.26 16:34:40 | 00,000,534 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CD Данъчен коментар.lnk [2009.10.26 19:10:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI [2009.10.26 18:55:21 | 00,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009.10.18 12:59:21 | 00,480,128 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2009.10.14 13:15:49 | 00,000,227 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI [2009.08.27 21:42:00 | 00,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.07.01 14:59:19 | 00,014,810 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009.03.27 15:20:18 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys [2009.03.27 15:20:18 | 00,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBTEnum.sys [2009.03.27 15:18:25 | 00,015,498 | ---- | C] () -- C:\WINDOWS\snp325.ini [2009.03.09 12:15:25 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2009.02.25 17:29:53 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.02.25 17:29:46 | 00,074,752 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.24 19:17:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2009.02.24 17:53:41 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004.12.20 12:08:28 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2004.12.20 12:03:26 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2003.01.07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002.12.14 23:46:02 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll [2002.12.14 23:46:02 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2002.12.14 23:46:02 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2002.12.14 22:46:04 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2002.11.15 14:11:26 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll < End of report >
  16. Хмм, това на HJT или mbam ? Malwarebytes Anti-Malware: Malwarebytes' Anti-Malware 1.42 Database version: 3429 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 25.12.2009 г. 23:52:33 mbam-log-2009-12-25 (23-52-33).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|) Objects scanned: 178119 Time elapsed: 22 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:54:51, on 25.12.2009 г. Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\zxrigyyrkfqykqyhesqkb.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\FixCamera.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZJfox000&ptb=whM5cwpAFDyqWoWgwz7QVg R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [wjsylshpxh] xtlawmkbsluakoubwie.exe O4 - HKLM\..\Run: [wpeqjwrftjpszadh] C:\DOCUME~1\user\LOCALS~1\Temp\wpeqjwrftjpszadh.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ndpyoyqbmzccg] khaqnedvnhryjovdzmjc.exe O4 - HKCU\..\Run: [wjsylshpxh] C:\DOCUME~1\user\LOCALS~1\Temp\dxnauietizgksuydw.exe O4 - HKLM\..\Policies\Explorer\Run: [odowlulvfrts] zxrigyyrkfqykqyhesqkb.exe O4 - HKLM\..\Policies\Explorer\Run: [dpxcouipw] C:\DOCUME~1\user\LOCALS~1\Temp\mhymhwtjzrzenqvbvg.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Search - ?p=ZJfox000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Update Service (gupdate1c9e681e6d0ad58) (gupdate1c9e681e6d0ad58) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7970 bytes Toва е от мен
  17. В същност аз не съм на 100% сигурен, че имам вирус, но сиптомите, които има комютъра ми ме водят натая мисъл. Когато се стартирам НОД-а с идеята да ъпдейтна той се отваря само за част от секундата и веднага сам се затваря. Така става и със тази тема. В момента в който зареди веднага се затваря firefoxa. Ако заредя примерно gong.bg или facebook.com висчко е ОК. Повече от ясно е, че има проблем, който филтрира сайтове в които има ключови думи като nod, online scan ... и т.н. Под safe mode зарежда всички страници, ъпдейта също тръгва, но не успявам да ъпдейтна. Дава ми conection terminated ... или нещо такова. Скенирах с SUPERAntiSpyware, откри разни работи, изчисти всичко (уж), но този проблем остана. Има още едно странно нещо. До преди ден-два на компютъра имаше исталирана антивирусна програма Avira, която по много странни причини изчезна. Не знам как е станало, защото аз малко работя на този компютър. Дали по някакъв начин, някой по невнимание я е деинсталирал или самия вирус я е изтрил не знам. Забелязах че имаше някакъв проблем с ъпдейтването на Avira но какъв не мога да кажа. След като усетих, че има проблем с компютъра инсталирах НОД 32, но със стари дефиниции (не знам от кога) Ето лог-а от Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware 1.42 Database version: 3429 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 25.12.2009 г. 22:59:37 mbam-log-2009-12-25 (22-59-28).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|) Objects scanned: 178012 Time elapsed: 22 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 14 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\user\Desktop\Sofiq.scr (Trojan.Chydo) -> No action taken. C:\Documents and Settings\user\Local Settings\Temp\gegcazmfdfb.exe (Trojan.Vilsel) -> No action taken. Ето лога от HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:06:35, on 25.12.2009 г. Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\zxrigyyrkfqykqyhesqkb.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\FixCamera.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZJfox000&ptb=whM5cwpAFDyqWoWgwz7QVg R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [wjsylshpxh] xtlawmkbsluakoubwie.exe O4 - HKLM\..\Run: [wpeqjwrftjpszadh] C:\DOCUME~1\user\LOCALS~1\Temp\wpeqjwrftjpszadh.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ndpyoyqbmzccg] khaqnedvnhryjovdzmjc.exe O4 - HKCU\..\Run: [wjsylshpxh] C:\DOCUME~1\user\LOCALS~1\Temp\dxnauietizgksuydw.exe O4 - HKLM\..\Policies\Explorer\Run: [odowlulvfrts] zxrigyyrkfqykqyhesqkb.exe O4 - HKLM\..\Policies\Explorer\Run: [dpxcouipw] C:\DOCUME~1\user\LOCALS~1\Temp\mhymhwtjzrzenqvbvg.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Search - ?p=ZJfox000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Update Service (gupdate1c9e681e6d0ad58) (gupdate1c9e681e6d0ad58) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8003 bytes Това от мен. Надявам се да помогнете
  18. Нямам възможност да пиша защото не съм много компетентен, плюс това английския ми не е чак толкова добър. Опитах да изчистя вируса с дефинициите, които имам, но НОД не откри нищо. В същност аз не съм на 100% сигурен, че имам вирус, но сиптомите, които има комютъра ми ме водят натая мисъл. Когато се стартирам НОД-а с идеята да ъпдейтна той се отваря само за част от секундата и веднага сам се затваря. Така става и със тази тема. В момента в който зареди веднага се затваря firefoxa. Ако заредя примерно gong.bg или facebook.com висчко е ОК. Повече от ясно е, че има вирус, който филтрира сайтове в които има ключови думи като nod, online scan ... и т.н. Под safe mode зарежда всички страници, ъпдейта също тръгва, но не успявам да ъпдейтна. Дава ми conection terminated ... или нещо такова. Скенирах с spybot, откри разни работи, изчисти всичко (уж), но този проблем остана
  19. Има ли възможност някой да ми прати някакви по нови дефиниции за НОД защото явно имам някакъв вирус който пречи да си сваля новите ъпдейти ?
  20. Хей :) Приятна изненада :)

    Благодаря

  21. Да разбирам ли, че всеки който не е гей бие жена си/прителката си ? И току що се замислих - неодобрявам домашното насилие и хомосексуализма
  22. Здравейте Свалих си най-новата версия на kmplayer, но имам проблем със субтитрите. Излизат ми на йероглифи. Рових се из настройките търсейки някой шрифт, който да може да възпроизвежда кирилицата, но така и не намерих. Не съм гледал всичките шрифтове разбира се Мерси предварително
  • Разглеждащи това в момента   0 потребители

    • Няма регистрирани потребители разглеждащи тази страница.
×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване