Премини към съдържанието

dilqnkakk

Потребител
  • Публикации

    15
  • Регистрация

  • Последно онлайн

Харесвания

1 Неутрална репутация

1 Последовател

Всичко за dilqnkakk

  • Титла
    Потребител
  1. Results of screen317's Security Check version 0.99.53 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware, Іµрсёя 1.65.1.1000 Adobe Flash Player 11.1.102.55 Adobe Reader X 10.1.1 Adobe Reader out of Date! Mozilla Firefox (8.0.1) Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` OTL logfile created on: 22.10.2012 г. 21:47:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersкотомановDownloads Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000402 | Country: България | Language: BGR | Date Format: d.M.yyyy 'г.' 1,93 Gb Total Physical Memory | 0,68 Gb Available Physical Memory | 35,25% Memory free 4,10 Gb Paging File | 2,42 Gb Available in Paging File | 59,15% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files Drive C: | 170,88 Gb Total Space | 107,21 Gb Free Space | 62,74% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 44,00 Gb Free Space | 88,01% Space Free | Partition Type: NTFS Drive F: | 1,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: КОТОМАНОВ-PC | User Name: котоманов | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.22 21:46:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:UsersкотомановDownloadsOTL.exe PRC - [2012.10.22 21:37:09 | 000,881,773 | ---- | M] () -- C:UsersкотомановDownloadsSecurityCheck.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe PRC - [2012.09.25 11:05:20 | 000,247,728 | ---- | M] (Facebook) -- C:UsersкотомановAppDataLocalFacebookMessenger2.1.4651.0FacebookMessenger.exe PRC - [2012.06.01 08:59:15 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:Program FilesuTorrentuTorrent.exe PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:UsersкотомановAppDataRoamingDropboxbinDropbox.exe PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:Program FilesAVAST SoftwareAvastAvastUI.exe PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:Program FilesAVAST SoftwareAvastAvastSvc.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:Program FilesCommon FilesAdobeARM1.0armsvc.exe PRC - [2009.07.02 13:34:20 | 000,482,360 | ---- | M] (Conexant Systems, Inc.) -- C:Program FilesConexantcAudioFilterAgentcAudioFilterAgent.exe PRC - [2009.04.11 14:19:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:Windowsexplorer.exe PRC - [2008.01.21 03:21:57 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32cmd.exe PRC - [2002.05.19 08:24:00 | 000,095,232 | ---- | M] () -- C:Program FilesDatecsFlexType 2KFType2K.exe ========== Modules (No Company Name) ========== MOD - [2012.10.22 21:37:09 | 000,881,773 | ---- | M] () -- C:UsersкотомановDownloadsSecurityCheck.exe MOD - [2012.10.10 11:06:15 | 000,460,312 | ---- | M] () -- C:UsersкотомановAppDataLocalGoogleChromeApplication22.0.1229.94ppGoogleNaClPluginChrome.dll MOD - [2012.10.10 11:06:13 | 012,435,992 | ---- | M] () -- C:UsersкотомановAppDataLocalGoogleChromeApplication22.0.1229.94PepperFlashpepflashplayer.dll MOD - [2012.10.10 11:06:12 | 004,005,912 | ---- | M] () -- C:UsersкотомановAppDataLocalGoogleChromeApplication22.0.1229.94pdf.dll MOD - [2012.10.10 11:04:57 | 000,578,072 | ---- | M] () -- C:UsersкотомановAppDataLocalGoogleChromeApplication22.0.1229.94libglesv2.dll MOD - [2012.10.10 11:04:55 | 000,123,928 | ---- | M] () -- C:UsersкотомановAppDataLocalGoogleChromeApplication22.0.1229.94libegl.dll MOD - [2012.10.10 11:04:44 | 000,156,712 | ---- | M] () -- C:UsersкотомановAppDataLocalGoogleChromeApplication22.0.1229.94avutil-51.dll MOD - [2012.10.10 11:04:43 | 000,275,496 | ---- | M] () -- C:UsersкотомановAppDataLocalGoogleChromeApplication22.0.1229.94avformat-54.dll MOD - [2012.10.10 11:04:42 | 002,168,360 | ---- | M] () -- C:UsersкотомановAppDataLocalGoogleChromeApplication22.0.1229.94avcodec-54.dll MOD - [2012.09.25 11:05:32 | 022,423,984 | ---- | M] () -- C:UsersкотомановAppDataLocalFacebookMessenger2.1.4651.0libcef.dll MOD - [2012.09.25 11:05:08 | 000,181,680 | ---- | M] () -- C:UsersкотомановAppDataLocalFacebookMessenger2.1.4651.0CefSharp.WinForms.dll MOD - [2012.09.25 11:05:00 | 000,286,640 | ---- | M] () -- C:UsersкотомановAppDataLocalFacebookMessenger2.1.4651.0CefSharp.dll MOD - [2012.06.14 06:34:00 | 011,820,032 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Web508b444db523c5cf20ff12c7f440837bSystem.Web.ni.dll MOD - [2012.06.14 06:24:57 | 012,433,920 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Windows.Formsf2691cfa7671cdc58179e56ba9227591System.Windows.Forms.ni.dll MOD - [2012.06.14 06:24:46 | 001,592,320 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Drawing18f9789aa214c657113e676b3a9015aaSystem.Drawing.ni.dll MOD - [2012.06.09 07:21:31 | 006,621,696 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Data81983f051a8a49dabc8bcacc3b814189System.Data.ni.dll MOD - [2012.06.09 07:21:06 | 005,450,752 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Xmld2630342a066a7cb9056d9eb6157687aSystem.Xml.ni.dll MOD - [2012.06.09 07:21:02 | 000,971,264 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Configurationbd76aaaa03ddc15d1840207b5a480644System.Configuration.ni.dll MOD - [2012.06.09 07:20:58 | 007,953,408 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System28d633338fc8d29f8af31935ef7d001bSystem.ni.dll MOD - [2012.06.09 07:20:51 | 011,492,352 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32mscorlibaf9c9e9d7e0523cd444f8b551baa9cbfmscorlib.ni.dll MOD - [2011.03.16 22:11:16 | 004,297,568 | ---- | M] () -- C:PROGRA~1COMMON~1MICROS~1OFFICE14Culturesoffice.odf MOD - [2010.10.20 13:45:26 | 008,801,120 | ---- | M] () -- C:PROGRA~1MICROS~2Office141033GrooveIntlResource.dll MOD - [2009.04.11 14:19:42 | 002,933,760 | ---- | M] () -- C:WindowsassemblyGAC_32System.Data2.0.0.0__b77a5c561934e089System.Data.dll MOD - [2002.05.19 08:24:00 | 000,095,232 | ---- | M] () -- C:Program FilesDatecsFlexType 2KFType2K.exe MOD - [2002.04.22 23:17:06 | 000,045,056 | ---- | M] () -- C:WindowsSystem32newdll.dll ========== Services (SafeList) ========== SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 11:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:Program FilesSkypeUpdaterUpdater.exe -- (SkypeUpdate) SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:Program FilesAVAST SoftwareAvastAvastSvc.exe -- (avast! Antivirus) SRV - [2011.06.12 09:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:Program FilesMicrosoft OfficeOffice14GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:Program FilesCommon FilesAdobeARM1.0armsvc.exe -- (AdobeARMservice) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:Program FilesMcAfee Security Scan2.0.181McCHSvc.exe -- (McComponentHostService) SRV - [2008.01.21 03:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program FilesWindows Defendermpsvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32DRIVERSnwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32DRIVERSnwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32DRIVERSipinip.sys -- (IpInIp) DRV - [2012.10.21 11:47:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversmbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:WindowsSystem32driversmbam.sys -- (MBAMProtector) DRV - [2012.08.02 08:00:37 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:WindowsSystem32driversdtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:WindowsSystem32driversaswSnx.sys -- (aswSnx) DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:WindowsSystem32driversaswSP.sys -- (aswSP) DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:WindowsSystem32driversaswRdr.sys -- (aswRdr) DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:WindowsSystem32driversaswTdi.sys -- (aswTdi) DRV - [2011.11.28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:WindowsSystem32driversaswMonFlt.sys -- (aswMonFlt) DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:WindowsSystem32driversaswFsBlk.sys -- (aswFsBlk) DRV - [2009.04.08 03:04:00 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversL1C60x86.sys -- (L1C) DRV - [2009.03.30 08:38:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.03.30 08:38:18 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.03.30 08:38:00 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.01.22 08:01:00 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversathr.sys -- (athr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM..SearchScopes,DefaultScope = IE - HKU.DEFAULT..SearchScopes,DefaultScope = IE - HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 IE - HKUS-1-5-18..SearchScopes,DefaultScope = IE - HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 IE - HKUS-1-5-19..SearchScopes,DefaultScope = IE - HKUS-1-5-20..SearchScopes,DefaultScope = IE - HKUS-1-5-21-3941534589-3315542025-358933197-1000SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com IE - HKUS-1-5-21-3941534589-3315542025-358933197-1000SOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKUS-1-5-21-3941534589-3315542025-358933197-1000SOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = bg IE - HKUS-1-5-21-3941534589-3315542025-358933197-1000SOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 41 81 8D 31 9A AF CC 01 [binary data] IE - HKUS-1-5-21-3941534589-3315542025-358933197-1000..URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found IE - HKUS-1-5-21-3941534589-3315542025-358933197-1000..SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKUS-1-5-21-3941534589-3315542025-358933197-1000..SearchScopes,DefaultScope = IE - HKUS-1-5-21-3941534589-3315542025-358933197-1000..SearchScopes{201A9928-2C98-4DCD-92C4-FA63F7C2E379}: "URL" = http://search.softonic.com/MON00006/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=170 IE - HKUS-1-5-21-3941534589-3315542025-358933197-1000SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.15.1.0 FF - user.js - File not found FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF32.dll () FF - HKLMSoftwareMozillaPlugins@inhatch.com,version=0.7.61: C:Program FilesInhatchTeamInhatchnpinhatch.dll (Inhatch) FF - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/SharePoint,version=14.0: C:PROGRA~1MICROS~2Office14NPSPWRAP.DLL (Microsoft Corporation) FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.) FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:UsersкотомановAppDataLocalGoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.) FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:UsersкотомановAppDataLocalGoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.) FF - HKCUSoftwareMozillaPluginsfacebook.com/fbDesktopPlugin: C:UsersкотомановAppDataLocalFacebookMessenger2.1.4651.0npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionswrc@avast.com: C:Program FilesAVAST SoftwareAvastWebRepFF [2011.12.23 22:04:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 8.0.1extensionsComponents: C:Program FilesMozilla Firefoxcomponents [2011.12.08 15:28:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 8.0.1extensionsPlugins: C:Program FilesMozilla Firefoxplugins [2012.07.05 21:03:18 | 000,000,000 | ---D | M] [2011.12.08 15:29:09 | 000,000,000 | ---D | M] (No name found) -- C:UsersкотомановAppDataRoamingmozillaExtensions [2012.10.20 19:39:26 | 000,000,000 | ---D | M] (No name found) -- C:UsersкотомановAppDataRoamingmozillaFirefoxProfileshrd7dhd7.defaultextensions [2012.06.12 13:41:34 | 000,000,000 | ---D | M] (blekko search bar) -- C:UsersкотомановAppDataRoamingmozillaFirefoxProfileshrd7dhd7.defaultextensions{8769adce-dba5-48e9-afb5-67b12cdf2e61} [2011.12.08 15:28:59 | 000,000,000 | ---D | M] (No name found) -- C:Program Filesmozilla firefoxextensions File not found (No name found) -- C:USERSЪнтнУаннвAPPDATAROAMINGMOZILLAFIREFOXPROFILESHRD7DHD7.DEFAULTEXTENSIONS{687578B9-7132-4A7A-80E4-30EE31099E03} [2011.11.21 05:17:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:Program Filesmozilla firefoxcomponentsbrowsercomps.dll [2011.11.21 02:29:50 | 000,001,083 | ---- | M] () -- C:Program Filesmozilla firefoxsearchplugins911bg.xml [2011.11.21 02:29:50 | 000,002,442 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsdiribg.xml [2011.11.21 02:29:50 | 000,001,515 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginspe-bg.xml [2011.11.21 02:29:50 | 000,001,857 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsportalbgdict.xml [2012.06.12 13:41:33 | 000,002,134 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginssearch.xml [2011.11.21 02:29:50 | 000,001,220 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginswikipedia-bg.xml ========== Chrome ========== CHR - homepage: http://search.softonic.com/MON00006/tb_v1?SearchSource=48&cc= CHR - default_search_provider: Bing (Enabled) CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=bg-BG&q={searchTerms} CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language} CHR - homepage: http://search.softonic.com/MON00006/tb_v1?SearchSource=48&cc= CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:Usersu043Au043Eu0442u043Eu043Cu0430u043Du043Eu0432AppDataLocalGoogleChromeApplication22.0.1229.94ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:Usersu043Au043Eu0442u043Eu043Cu0430u043Du043Eu0432AppDataLocalGoogleChromeApplication22.0.1229.94pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:Usersu043Au043Eu0442u043Eu043Cu0430u043Du043Eu0432AppDataLocalGoogleChromeApplication22.0.1229.94gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:UsersAppDataLocalGoogleChromeUser DataPepperFlash11.2.31.144pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:Windowssystem32MacromedFlashNPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:Program FilesAdobeReader 10.0ReaderBrowsernppdf32.dll CHR - plugin: Inhatch Plug-in (Enabled) = C:Program FilesInhatchTeamInhatchnpinhatch.dll CHR - plugin: Google Update (Enabled) = C:UsersAppDataLocalGoogleUpdate1.3.21.111npGoogleUpdate3.dll CHR - Extension: Angry Birds = C:UsersкотомановAppDataLocalGoogleChromeUser DataDefaultExtensionsaknpkdffaafgjchaibgeefbgmgeghloj1.5.0.7_0 CHR - Extension: Awesome Screenshot: Capture & Annotate = C:UsersкотомановAppDataLocalGoogleChromeUser DataDefaultExtensionsalelhddbbhepgpmgidjdcjakblofbmce3.3.7_0 CHR - Extension: Google u0414u0438u0441u043A = C:UsersкотомановAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf6.2_0 CHR - Extension: Webpage Screenshot = C:UsersкотомановAppDataLocalGoogleChromeUser DataDefaultExtensionsckibcdccnfeookdmbahgiakhnjcddpki5.5.3_0 CHR - Extension: AutoZoom = C:UsersкотомановAppDataLocalGoogleChromeUser DataDefaultExtensionsocdkpkoaonnchdakgkmmcmnihhhgbjch0.9.8_0 O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:WindowsSystem32driversetchosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~2Office14GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:Program Filesblekkotb_031blekkotb_019X.dll () O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:PROGRA~1MICROS~2Office14URLREDIR.DLL (Microsoft Corporation) O3 - HKLM..Toolbar: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:Program Filesblekkotb_031blekkotb_019X.dll () O3 - HKLM..Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll (AVAST Software) O3 - HKLM..Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O4 - HKLM..Run: [avast] C:Program FilesAVAST SoftwareAvastavastUI.exe (AVAST Software) O4 - HKLM..Run: [cAudioFilterAgent] C:Program FilesConexantcAudioFilterAgentcAudioFilterAgent.exe (Conexant Systems, Inc.) O4 - HKUS-1-5-19..Run: [WindowsWelcomeCenter] C:WindowsSystem32oobefldr.dll (Microsoft Corporation) O4 - HKUS-1-5-20..Run: [WindowsWelcomeCenter] C:WindowsSystem32oobefldr.dll (Microsoft Corporation) O4 - HKUS-1-5-21-3941534589-3315542025-358933197-1000..Run: [DAEMON Tools Lite] C:Program FilesDAEMON Tools LiteDTLite.exe (DT Soft Ltd) O4 - HKUS-1-5-21-3941534589-3315542025-358933197-1000..Run: [Facebook Update] C:UsersкотомановAppDataLocalFacebookUpdateFacebookUpdate.exe (Facebook Inc.) O4 - HKUS-1-5-21-3941534589-3315542025-358933197-1000..Run: [uTorrent] C:Program FilesuTorrentuTorrent.exe (BitTorrent, Inc.) O4 - Startup: C:UsersкотомановAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupDropbox.lnk = C:UsersкотомановAppDataRoamingDropboxbinDropbox.exe (Dropbox, Inc.) O4 - Startup: C:UsersкотомановAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupFacebook Messenger.lnk = C:UsersкотомановAppDataLocalFacebookMessenger2.1.4651.0FacebookMessenger.exe (Facebook) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office14EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - res://C:PROGRA~1MICROS~2Office14ONBttnIE.dll/105 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.2.1 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{D1300522-110F-4DF7-8646-993D85822A2F}: DhcpNameServer = 192.168.2.1 O18 - ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL (Skype Technologies) O18 - ProtocolHandlerskype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSystem32userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:UsersкотомановAppDataRoamingMicrosoftWindows Photo GalleryТапет от фотогалерията на Windows.jpg O24 - Desktop BackupWallPaper: C:UsersкотомановAppDataRoamingMicrosoftWindows Photo GalleryТапет от фотогалерията на Windows.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:PROGRA~1MICROS~2Office14GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.03.22 05:24:09 | 000,000,175 | R--- | M] () - F:autorun.inf -- [ CDFS ] O33 - MountPoints2{088e04be-dc6d-11e1-9f41-00269e2cbe20}Shell - "" = AutoRun O33 - MountPoints2{088e04be-dc6d-11e1-9f41-00269e2cbe20}ShellAutoRuncommand - "" = F:setup.exe -- [2010.03.12 04:44:53 | 001,100,664 | R--- | M] (Microsoft Corporation) O33 - MountPoints2{088e04be-dc6d-11e1-9f41-00269e2cbe20}Shellconfigurecommand - "" = F:setup.exe -- [2010.03.12 04:44:53 | 001,100,664 | R--- | M] (Microsoft Corporation) O33 - MountPoints2{088e04be-dc6d-11e1-9f41-00269e2cbe20}Shellinstallcommand - "" = F:setup.exe -- [2010.03.12 04:44:53 | 001,100,664 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37 - HKLM...com [@ = comfile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.21 11:34:10 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:WindowsSystem32driversmbamswissarmy.sys [2012.10.21 11:33:36 | 000,000,000 | ---D | C] -- C:UsersкотомановAppDataRoamingMalwarebytes [2012.10.21 11:33:27 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes' Anti-Malware [2012.10.21 11:33:24 | 000,000,000 | ---D | C] -- C:ProgramDataMalwarebytes [2012.10.21 11:33:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:WindowsSystem32driversmbam.sys [2012.10.21 11:33:20 | 000,000,000 | ---D | C] -- C:Program FilesMalwarebytes' Anti-Malware [2012.10.20 17:46:48 | 000,492,146 | R--- | C] (Swearware) -- C:UsersкотомановDesktopdds.exe [2012.10.20 12:47:05 | 000,000,000 | ---D | C] -- C:ProgramDataBrowser Manager [2012.10.20 12:45:07 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsCollage Maker 3.60 [2012.10.20 12:45:07 | 000,000,000 | ---D | C] -- C:Program FilesCollage Maker 3.60 [2012.10.20 12:45:06 | 000,000,000 | ---D | C] -- C:UsersкотомановDocumentsCollage Maker Projects [2012.10.20 11:33:49 | 000,000,000 | ---D | C] -- C:UsersкотомановAppDataRoamingPearlMountain [2012.10.20 11:33:49 | 000,000,000 | ---D | C] -- C:UsersPublicDocumentsPearlMountain [2012.10.20 11:33:49 | 000,000,000 | ---D | C] -- C:ProgramDataPearlMountain [2012.10.20 11:33:49 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsCollageIt [2012.10.20 11:33:36 | 000,000,000 | ---D | C] -- C:Program FilesCollageIt [2012.10.17 20:50:11 | 000,000,000 | ---D | C] -- C:UsersкотомановDesktoppesni [2012.10.10 13:01:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32tzres.dll [2012.10.10 13:01:05 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32ntkrnlpa.exe [2012.10.10 13:01:04 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32ntoskrnl.exe [2012.09.26 21:03:21 | 000,000,000 | ---D | C] -- C:UsersкотомановAppDataRoamingMicrosoftWindowsStart MenuProgramsFacebook [2012.09.25 23:15:52 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsBS.Player [2012.09.25 23:14:48 | 000,000,000 | ---D | C] -- C:UsersкотомановAppDataRoamingBSplayer Pro [2012.09.25 23:14:48 | 000,000,000 | ---D | C] -- C:UsersкотомановAppDataRoamingBSplayer [2012.09.25 23:14:44 | 000,000,000 | ---D | C] -- C:Program FilesWebteh [2012.09.24 03:01:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32mshtml.tlb [2012.09.24 03:01:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32ieui.dll [2012.09.24 03:01:36 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32msfeeds.dll [2012.09.24 03:01:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32ieUnatt.exe [2012.09.24 03:01:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32jsproxy.dll [2012.09.24 03:01:32 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32jscript9.dll [2012.09.24 03:01:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32url.dll [2012.09.24 03:01:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32inetcpl.cpl ========== Files - Modified Within 30 Days ========== [2012.10.22 21:53:07 | 000,001,098 | ---- | M] () -- C:WindowstasksFacebookUpdateTaskUserS-1-5-21-3941534589-3315542025-358933197-1000UA.job [2012.10.22 21:25:29 | 000,001,024 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-3941534589-3315542025-358933197-1000UA.job [2012.10.22 21:18:49 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat [2012.10.22 16:53:53 | 000,003,760 | -H-- | M] () -- C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.22 16:53:53 | 000,003,760 | -H-- | M] () -- C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.22 11:27:02 | 000,000,972 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-3941534589-3315542025-358933197-1000Core.job [2012.10.22 09:50:45 | 000,001,076 | ---- | M] () -- C:WindowstasksFacebookUpdateTaskUserS-1-5-21-3941534589-3315542025-358933197-1000Core.job [2012.10.21 18:55:22 | 000,595,996 | ---- | M] () -- C:WindowsSystem32perfh009.dat [2012.10.21 18:55:22 | 000,104,070 | ---- | M] () -- C:WindowsSystem32perfc009.dat [2012.10.21 18:49:00 | 2072,969,216 | -HS- | M] () -- C:hiberfil.sys [2012.10.21 11:47:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:WindowsSystem32driversmbamswissarmy.sys [2012.10.21 11:33:27 | 000,000,906 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk [2012.10.20 18:44:50 | 000,538,941 | ---- | M] () -- C:UsersкотомановDesktopadwcleaner.exe [2012.10.20 17:46:55 | 000,492,146 | R--- | M] (Swearware) -- C:UsersкотомановDesktopdds.exe [2012.10.20 11:33:49 | 000,000,816 | ---- | M] () -- C:UsersPublicDesktopCollageIt.lnk [2012.10.20 09:47:40 | 000,005,065 | ---- | M] () -- C:UsersкотомановDesktopPortfolio Items-1427675-ThumbnailUrl.jpg [2012.10.18 12:35:06 | 000,043,658 | ---- | M] () -- C:UsersкотомановDesktopduomo2.jpg [2012.10.01 23:52:38 | 000,018,432 | ---- | M] () -- C:UsersкотомановAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:WindowsSystem32driversmbam.sys [2012.09.26 21:04:12 | 000,001,109 | ---- | M] () -- C:UsersкотомановAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupFacebook Messenger.lnk [2012.09.25 23:15:52 | 000,000,915 | ---- | M] () -- C:UsersPublicDesktopBS.Player FREE.lnk ========== Files Created - No Company Name ========== [2012.10.21 11:33:27 | 000,000,906 | ---- | C] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk [2012.10.20 18:44:47 | 000,538,941 | ---- | C] () -- C:UsersкотомановDesktopadwcleaner.exe [2012.10.20 11:33:49 | 000,000,816 | ---- | C] () -- C:UsersPublicDesktopCollageIt.lnk [2012.10.20 09:47:38 | 000,005,065 | ---- | C] () -- C:UsersкотомановDesktopPortfolio Items-1427675-ThumbnailUrl.jpg [2012.10.18 12:35:04 | 000,043,658 | ---- | C] () -- C:UsersкотомановDesktopduomo2.jpg [2012.09.26 21:03:21 | 000,001,109 | ---- | C] () -- C:UsersкотомановAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupFacebook Messenger.lnk [2012.09.25 23:15:52 | 000,000,915 | ---- | C] () -- C:UsersPublicDesktopBS.Player FREE.lnk [2012.06.03 21:11:31 | 000,018,432 | ---- | C] () -- C:UsersкотомановAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.07 12:11:31 | 000,045,056 | ---- | C] () -- C:WindowsSystem32newdll.dll [2011.11.30 20:11:16 | 000,140,288 | ---- | C] () -- C:WindowsSystem32igfxtvcx.dll [2011.11.30 20:01:16 | 000,982,196 | ---- | C] () -- C:WindowsSystem32igkrng500.bin [2011.11.30 20:01:13 | 000,139,824 | ---- | C] () -- C:WindowsSystem32igfcg500.bin [2011.11.30 20:01:13 | 000,097,448 | ---- | C] () -- C:WindowsSystem32igfcg500m.bin [2011.11.30 20:01:11 | 000,417,344 | ---- | C] () -- C:WindowsSystem32igcompkrng500.bin [2011.11.15 20:59:14 | 000,001,356 | ---- | C] () -- C:UsersкотомановAppDataLocald3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 13:53:06 | 000,000,227 | RHS- | M] () -- C:WindowsassemblyDesktop.ini [HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] [HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32] [HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] "" = %SystemRoot%system32shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32] "" = %systemroot%system32wbemfastprox.dll -- [2009.04.11 14:19:30 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32] "" = %systemroot%system32wbemwbemess.dll -- [2009.04.11 14:19:19 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.30 22:12:52 | 000,000,000 | ---D | M] -- C:UsersкотомановAppDataRoamingBSplayer [2012.09.25 23:14:48 | 000,000,000 | ---D | M] -- C:UsersкотомановAppDataRoamingBSplayer Pro [2012.08.02 15:07:28 | 000,000,000 | ---D | M] -- C:UsersкотомановAppDataRoamingDAEMON Tools Lite [2012.10.21 18:52:26 | 000,000,000 | ---D | M] -- C:UsersкотомановAppDataRoamingDropbox [2012.07.05 21:01:26 | 000,000,000 | ---D | M] -- C:UsersкотомановAppDataRoaminggoalbit [2012.09.10 18:13:52 | 000,000,000 | ---D | M] -- C:UsersкотомановAppDataRoamingImagitech [2012.10.20 11:33:49 | 000,000,000 | ---D | M] -- C:UsersкотомановAppDataRoamingPearlMountain [2012.10.22 22:12:35 | 000,000,000 | ---D | M] -- C:UsersкотомановAppDataRoaminguTorrent ========== Purity Check ========== < End of report > OTL Extras logfile created on: 22.10.2012 г. 21:47:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersкотомановDownloads Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000402 | Country: България | Language: BGR | Date Format: d.M.yyyy 'г.' 1,93 Gb Total Physical Memory | 0,68 Gb Available Physical Memory | 35,25% Memory free 4,10 Gb Paging File | 2,42 Gb Available in Paging File | 59,15% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files Drive C: | 170,88 Gb Total Space | 107,21 Gb Free Space | 62,74% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 44,00 Gb Free Space | 88,01% Space Free | Partition Type: NTFS Drive F: | 1,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: КОТОМАНОВ-PC | User Name: котоманов | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>] .cpl [@ = cplfile] -- C:WindowsSystem32control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:Windowswinhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:Program FilesMicrosoft OfficeOffice14msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:Program FilesMicrosoft OfficeOffice14msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center] "cval" = 1 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcS-1-5-21-3941534589-3315542025-358933197-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules] "{0DBFB80B-8737-4C42-910D-309E3DF87723}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%system32svchost.exe | "{29C6D6C4-3F6B-4FD0-B981-105C24A005A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%system32svchost.exe | "{3B26E301-7C90-43DA-8428-820AC27599B9}" = lport=10951 | protocol=6 | dir=in | name=inhatch p2p streaming | "{44778BCE-7659-4126-BE73-2EBF0D6D09E3}" = lport=139 | protocol=6 | dir=in | app=system | "{4B9BB460-F796-4EAD-AF46-DD0C8C2DE4C3}" = lport=6004 | protocol=17 | dir=in | app=c:program filesmicrosoft officeoffice14outlook.exe | "{535D9499-80CC-45A0-811C-667FBF34B08F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{68B6F328-4274-4714-80A8-F666D868C949}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%system32svchost.exe | "{695247B7-858A-479F-B1FB-44C3FD0B2FED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%system32svchost.exe | "{74A389D9-52BF-48DA-94BB-C66A1ACF327D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%system32svchost.exe | "{79B45CE6-790F-4153-9817-83A8A34EA9B7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%system32spoolsv.exe | "{8F92E23C-97EE-46F5-A2EA-326F590179D6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%system32svchost.exe | "{971EF831-8302-4168-9A9E-6501656FFED3}" = lport=10952 | protocol=6 | dir=in | name=inhatch p2p streaming | "{9EB5E068-E347-4848-8547-3511AA3C45C1}" = lport=137 | protocol=17 | dir=in | app=system | "{9F93C0B8-920D-4891-9038-BC95E9A9AA4F}" = rport=137 | protocol=17 | dir=out | app=system | "{A0AC25FF-62EB-4002-9AFB-FCB3D8FB535B}" = lport=138 | protocol=17 | dir=in | app=system | "{BF9BAB67-354E-4308-8545-192A4EA08079}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%system32svchost.exe | "{C3760FE5-0A04-4DCC-A465-51183940D960}" = rport=138 | protocol=17 | dir=out | app=system | "{CF0FD84C-2CEF-4CAD-952F-74E39F2C6F6C}" = lport=445 | protocol=6 | dir=in | app=system | "{D58F0D63-9D8F-41CC-A19E-D2B78D5C6D79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%system32svchost.exe | "{DA2E9DF5-70D9-48B9-AA25-8868FC5BB43E}" = lport=10950 | protocol=6 | dir=in | name=inhatch p2p streaming | "{DF597CA6-BC5D-4220-AF50-BF047B773B0B}" = rport=139 | protocol=6 | dir=out | app=system | "{E26B0538-A611-4A36-8300-D5D95CA46D57}" = lport=49780 | protocol=17 | dir=in | name=inhatch p2p streaming | "{EA8F87D6-BFAA-440B-A0AB-8C97DF351FCB}" = lport=10953 | protocol=6 | dir=in | name=inhatch p2p streaming | "{EEB223BF-5C58-4496-917F-28BD191E0AA9}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules] "{15022631-43A5-4A42-BC23-74A9F9042D84}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1FEA2478-2B94-4C74-973F-76A5DFACBC08}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{4AF2A0E7-B87B-4D25-8ADB-A46AF46F8FDE}" = dir=in | app=c:program filesskypephoneskype.exe | "{6777B1DC-9C72-41D0-8517-264367CAC421}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{67F8C13C-9D4B-4C28-A43C-683EF8EFEEFC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%system32svchost.exe | "{6881FBE3-AB13-484E-8FD1-1AE208F635C1}" = protocol=6 | dir=in | app=c:program filesmicrosoft officeoffice14onenote.exe | "{7AB2C9A1-D7AC-495E-937C-2E039E3C599D}" = protocol=6 | dir=in | app=c:program filesutorrentutorrent.exe | "{8F4373EF-88EE-416D-8C40-3EFCDAFED0F9}" = protocol=6 | dir=in | app=c:usersкотомановappdataroamingdropboxbindropbox.exe | "{96344A13-3537-4DD7-BDC5-AEA6D951B21C}" = protocol=17 | dir=in | app=c:program filesutorrentutorrent.exe | "{A91BBC1A-16F2-4239-BBF1-833422B2FA60}" = protocol=17 | dir=in | app=c:usersкотомановappdataroamingdropboxbindropbox.exe | "{B6DC256E-54DF-4487-926C-66414ABDF5FF}" = protocol=17 | dir=in | app=c:program filesmicrosoft officeoffice14onenote.exe | "{CA7EDDA0-444C-4196-B490-400C3C979607}" = protocol=17 | dir=in | app=c:program filesmicrosoft officeoffice14groove.exe | "{CDD6742D-397B-413A-AD07-A2F40D14FC29}" = protocol=6 | dir=in | app=c:program filesmicrosoft officeoffice14groove.exe | "{D5B4AD99-28C3-4419-B554-2F2A6BD47D08}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "TCP Query User{222954C1-0786-4B0B-9344-8BBB48080D0D}C:usersкотомановdownloads9fc158e2538f46ddafeb8d94243d0b44_pod13_en-gb (1).exe" = protocol=6 | dir=in | app=c:usersкотомановdownloads9fc158e2538f46ddafeb8d94243d0b44_pod13_en-gb (1).exe | "TCP Query User{40CA9EF9-E362-4C00-B7CF-805D094D21ED}E:easysetupassistantwr741neasysetupassistant.exe" = protocol=6 | dir=in | app=e:easysetupassistantwr741neasysetupassistant.exe | "TCP Query User{84AEF5AE-D3D4-4D63-AE31-AC947F6AF461}C:usersкотомановdownloads65eef7882309497596a6546fcee545ac_pod13_en-gb.exe" = protocol=6 | dir=in | app=c:usersкотомановdownloads65eef7882309497596a6546fcee545ac_pod13_en-gb.exe | "TCP Query User{C15FC886-4664-4AEE-A328-A026EF9C992B}C:program filesinternet exploreriexplore.exe" = protocol=6 | dir=in | app=c:program filesinternet exploreriexplore.exe | "UDP Query User{5FB1C01F-23BA-4E4F-9111-0870BF234D46}E:easysetupassistantwr741neasysetupassistant.exe" = protocol=17 | dir=in | app=e:easysetupassistantwr741neasysetupassistant.exe | "UDP Query User{90FC281C-CFF4-4E8C-9BE2-56660159E46A}C:usersкотомановdownloads9fc158e2538f46ddafeb8d94243d0b44_pod13_en-gb (1).exe" = protocol=17 | dir=in | app=c:usersкотомановdownloads9fc158e2538f46ddafeb8d94243d0b44_pod13_en-gb (1).exe | "UDP Query User{9F63B622-78C7-4CD8-BD05-9C7EAE581FAE}C:program filesinternet exploreriexplore.exe" = protocol=17 | dir=in | app=c:program filesinternet exploreriexplore.exe | "UDP Query User{D7A455EB-6235-491D-89A7-848B3D1C31A2}C:usersкотомановdownloads65eef7882309497596a6546fcee545ac_pod13_en-gb.exe" = protocol=17 | dir=in | app=c:usersкотомановdownloads65eef7882309497596a6546fcee545ac_pod13_en-gb.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall] "{055A5AF0-9FEB-440D-B00A-18935C7C171C}" = SA Dictionary 2008 Beta 4 "{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = GLOBUL Connection Manager "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{D3E72DA8-8467-4DAB-961F-A5B7989B09F0}" = Collage Maker "{D9757258-30B2-496E-86F2-84920C5858E1}_is1" = CollageIt 1.9.1 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F76F1371-8CCB-49B2-9CEA-50F26D2F3089}_is1" = Health, safety and environment test for operatives and specialists 2012 edition "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "avast" = avast! Free Antivirus "blekkotb_031" = blekko search bar "BSPlayerf" = BS.Player FREE "cAudioFilterAgent" = Conexant Audio Filter Agent "DAEMON Tools Lite" = DAEMON Tools Lite "FlexType 2K" = FlexType 2K "HDMI" = Intel® Graphics Media Accelerator Driver "Inhatch web plugins" = Inhatch web plugins "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware, версия 1.65.1.1000 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 8.0.1 (x86 bg)" = Mozilla Firefox 8.0.1 (x86 bg) "OEMInformation" = OEM Logo and Information "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "SmartAudio" = SmartAudio "The KMPlayer" = The KMPlayer (remove only) "TVWiz" = Intel® TV Wizard "uTorrent" = µTorrent "WinRAR archiver" = WinRAR archiver ========== HKEY_USERS Uninstall List ========== [HKEY_USERSS-1-5-21-3941534589-3315542025-358933197-1000SOFTWAREMicrosoftWindowsCurrentVersionUninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10.10.2012 г. 22:21:01 | Computer Name = котоманов-PC | Source = System Restore | ID = 8193 Description = Error - 10.10.2012 г. 22:53:18 | Computer Name = котоманов-PC | Source = Google Update | ID = 20 Description = Error - 15.10.2012 г. 04:39:38 | Computer Name = котоманов-PC | Source = Application Error | ID = 1000 Description = Приложение с грешки chrome.exe, версия 22.0.1229.94, времево клеймо 0x507531a4, модул с грешки chrome.dll, версия 22.0.1229.94, времево клеймо 0x50753154, код на изключение 0x80000003, отместване на грешка 0x00557c64, ИД на процес 0x1600, час на стартиране на приложение 0x01cdaa1e855e21e0. Error - 16.10.2012 г. 17:27:08 | Computer Name = котоманов-PC | Source = Application Error | ID = 1000 Description = Приложение с грешки chrome.exe, версия 22.0.1229.94, времево клеймо 0x507531a4, модул с грешки chrome.dll, версия 22.0.1229.94, времево клеймо 0x50753154, код на изключение 0x80000003, отместване на грешка 0x00557c64, ИД на процес 0x1278, час на стартиране на приложение 0x01cdab085f423150. Error - 17.10.2012 г. 04:47:15 | Computer Name = котоманов-PC | Source = Google Update | ID = 20 Description = Error - 19.10.2012 г. 08:33:04 | Computer Name = котоманов-PC | Source = Windows Search Service | ID = 3013 Description = Error - 19.10.2012 г. 08:33:04 | Computer Name = котоманов-PC | Source = Windows Search Service | ID = 3013 Description = Error - 19.10.2012 г. 11:38:13 | Computer Name = котоманов-PC | Source = Google Update | ID = 20 Description = Error - 20.10.2012 г. 03:29:04 | Computer Name = котоманов-PC | Source = Google Update | ID = 20 Description = Error - 20.10.2012 г. 07:24:06 | Computer Name = котоманов-PC | Source = Application Error | ID = 1000 Description = Приложение с грешки CollageIt.exe, версия 1.9.1.3543, времево клеймо 0x507d3235, модул с грешки gdiplus.dll, версия 5.2.6002.18581, времево клеймо 0x4f2bf90a, код на изключение 0xc0000005, отместване на грешка 0x0001002c, ИД на процес 0x10ac, час на стартиране на приложение 0x01cdaeae6adc7620. [ System Events ] Error - 25.9.2012 г. 16:02:23 | Computer Name = котоманов-PC | Source = Server | ID = 2505 Description = The server could not bind to the transport DeviceNetbiosSmb because another computer on the network has the same name. The server could not start. Error - 26.9.2012 г. 10:58:06 | Computer Name = котоманов-PC | Source = Service Control Manager | ID = 7011 Description = Error - 27.9.2012 г. 12:01:04 | Computer Name = котоманов-PC | Source = DCOM | ID = 10010 Description = Error - 27.9.2012 г. 13:59:08 | Computer Name = котоманов-PC | Source = Service Control Manager | ID = 7011 Description = Error - 28.9.2012 г. 04:03:58 | Computer Name = котоманов-PC | Source = Service Control Manager | ID = 7011 Description = Error - 28.9.2012 г. 09:23:07 | Computer Name = котоманов-PC | Source = Service Control Manager | ID = 7011 Description = Error - 29.9.2012 г. 11:06:15 | Computer Name = котоманов-PC | Source = DCOM | ID = 10010 Description = Error - 30.9.2012 г. 07:14:57 | Computer Name = котоманов-PC | Source = Service Control Manager | ID = 7011 Description = Error - 30.9.2012 г. 12:10:31 | Computer Name = котоманов-PC | Source = DCOM | ID = 10010 Description = Error - 1.10.2012 г. 08:02:06 | Computer Name = котоманов-PC | Source = Service Control Manager | ID = 7011 Description = < End of report >
  2. Malwarebytes Anti-Malware (Пробна версия) 1.65.1.1000 www.malwarebytes.org Версия на базата от данни: v2012.10.21.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 котоманов :: КОТОМАНОВ-PC [администратор] Защита: включена 21.10.2012 г. 11:47 ч. mbam-log-2012-10-21 (11-47-29).txt Тип сканиране: Пълно сканиране (C:|D:|E:|F:|) Включени опции за сканиране: Памет | Автоматично зареждане | Системен регистър | Файлова система | Евристики/Допълнителни | Евристики/Shuriken | PUP | PUM Изключени опции за сканиране: P2P Сканирани обекти: 313748 Изминало време: 2 час(а), 25 минута(и), 56 секунда(и) Открити процеси в паметта: 0 (Не бяха открити зловредни обекти) Открити модули в паметта: 0 (Не бяха открити зловредни обекти) Открити ключове в системния регистър: 0 (Не бяха открити зловредни обекти) Открити стойности в системния регистър: 0 (Не бяха открити зловредни обекти) Открити информационни обекти в системния регистър: 0 (Не бяха открити зловредни обекти) Открити папки: 0 (Не бяха открити зловредни обекти) Открити файлове: 1 C:Program FilesDatecsFlexType 2KRemove.exe (Trojan.FakeAlert.SecGen) -> Поставен под карантина и изтрит успешно. (край) Сега забелязах, че антивирусната ми се е включила отново, след като вчера я спрях временно. Дали трябва отново да пусна Malwarebytes да сканира отново? Сега забелязах, че антивирусната ми се е включила отново, след като вчера я спрях временно. Дали трябва отново да пусна Malwarebytes да сканира отново?
  3. # AdwCleaner v2.005 - Logfile created 10/20/2012 at 19:39:14 # Updated 14/10/2012 by Xplode # Operating system : Windows Vista Ultimate Service Pack 2 (32 bits) # User : котоманов - КОТОМАНОВ-PC # Boot Mode : Normal # Running from : C:\Users\котоманов\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Browser Manager ***** [Files / Folders] ***** Deleted on reboot : C:\ProgramData\Browser Manager File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\user.js File Deleted : C:\Users\котоманов\AppData\Roaming\Mozilla\Firefox\Profiles\hrd7dhd7.default\searchplugins\browsemngr.xml File Deleted : C:\Users\котоманов\AppData\Roaming\Mozilla\Firefox\Profiles\hrd7dhd7.default\searchplugins\Conduit.xml File Deleted : C:\Users\котоманов\AppData\Roaming\Mozilla\Firefox\Profiles\hrd7dhd7.default\searchplugins\softonic.xml Folder Deleted : C:\Program Files\BabylonToolbar Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\Softonic Folder Deleted : C:\Program Files\uTorrentControl2 Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\blekko toolbars Folder Deleted : C:\Users\65F0~1\AppData\Local\Temp\CT3072253 Folder Deleted : C:\Users\котоманов\AppData\Local\Conduit Folder Deleted : C:\Users\котоманов\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Folder Deleted : C:\Users\котоманов\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph Folder Deleted : C:\Users\котоманов\AppData\LocalLow\Conduit Folder Deleted : C:\Users\котоманов\AppData\LocalLow\uTorrentControl2 Folder Deleted : C:\Users\котоманов\AppData\Roaming\Babylon Folder Deleted : C:\Users\котоманов\AppData\Roaming\BabylonToolbar Folder Deleted : C:\Users\котоманов\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager Folder Deleted : C:\Users\котоманов\AppData\Roaming\Mozilla\Firefox\Profiles\hrd7dhd7.default\ConduitCommon Folder Deleted : C:\Users\котоманов\AppData\Roaming\Mozilla\Firefox\Profiles\hrd7dhd7.default\CT3072253 Folder Deleted : C:\Users\котоманов\AppData\Roaming\Mozilla\Firefox\Profiles\hrd7dhd7.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} Folder Deleted : C:\Users\котоманов\AppData\Roaming\Mozilla\Firefox\Profiles\hrd7dhd7.default\extensions\ffxtlbr@babylon.com ***** [Registry] ***** Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2 Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl2 Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\BabylonToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\b Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\Softonic.dskBnd Key Deleted : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr Key Deleted : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41A6F182-D64C-468D-8345-2D6528E11B96} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9EE25410-BFB7-4EA4-AE1A-1DAF9F7E65CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar Key Deleted : HKLM\Software\Softonic Key Deleted : HKLM\Software\uTorrentControl2 Key Deleted : HKU\S-1-5-21-3941534589-3315542025-358933197-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=112059&tt=4212_6&babsrc=HP_ss&mntrId=4e5b402600000000000000269e2cbe20 --> hxxp://www.google.com Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.softonic.com/MON00006/tb_v1?SearchSource=15&cc= --> hxxp://www.google.com -\\ Mozilla Firefox v8.0.1 (bg) Profile name : default File : C:\Users\котоманов\AppData\Roaming\Mozilla\Firefox\Profiles\hrd7dhd7.default\prefs.js C:\Users\котоманов\AppData\Roaming\Mozilla\Firefox\Profiles\hrd7dhd7.default\user.js ... Deleted ! Deleted : user_pref("CT3072253..clientLogIsEnabled", true); Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true); Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true); Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true); Deleted : user_pref("CT3072253.CTID", "CT3072253"); Deleted : user_pref("CT3072253.CurrentServerDate", "20-10-2012"); Deleted : user_pref("CT3072253.DSChangedManually", false); Deleted : user_pref("CT3072253.DSInstall", true); Deleted : user_pref("CT3072253.DSProtectChoice", true); Deleted : user_pref("CT3072253.DSProtectCount", 1); Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR"); Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Sat Oct 20 2012 12:48:30 GMT+0100"); Deleted : user_pref("CT3072253.DownloadReferralCookieData", ""); Deleted : user_pref("CT3072253.FirstServerDate", "1-6-2012"); Deleted : user_pref("CT3072253.FirstTime", true); Deleted : user_pref("CT3072253.FirstTimeFF3", true); Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true); Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT3072253.HPInstall", true); Deleted : user_pref("CT3072253.HPProtectChoice", true); Deleted : user_pref("CT3072253.HPProtectCount", 1); Deleted : user_pref("CT3072253.HasUserGlobalKeys", true); Deleted : user_pref("CT3072253.HomePageProtectorEnabled", true); Deleted : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://search.babylon.com/?affID=112059&tt=4212_6&babsr[...] Deleted : user_pref("CT3072253.Initialize", true); Deleted : user_pref("CT3072253.InitializeCommonPrefs", true); Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT3072253.InstallationId", "fft8DA0.tmp.exe"); Deleted : user_pref("CT3072253.InstallationType", "XPE"); Deleted : user_pref("CT3072253.InstalledDate", "Fri Jun 01 2012 12:08:03 GMT+0300"); Deleted : user_pref("CT3072253.IsAlertDBUpdated", true); Deleted : user_pref("CT3072253.IsGrouping", false); Deleted : user_pref("CT3072253.IsInitSetupIni", true); Deleted : user_pref("CT3072253.IsMulticommunity", false); Deleted : user_pref("CT3072253.IsOpenThankYouPage", true); Deleted : user_pref("CT3072253.IsOpenUninstallPage", false); Deleted : user_pref("CT3072253.IsProtectorsInit", true); Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Sat Oct 20 2012 12:48:30 GMT+0100"); Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT3072253.LastLogin_3.12.0.8", "Sun Jun 03 2012 23:28:03 GMT+0300"); Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Tue Jul 17 2012 17:37:24 GMT+0300"); Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Tue Aug 28 2012 17:03:24 GMT+0100"); Deleted : user_pref("CT3072253.LastLogin_3.15.1.0", "Sat Oct 20 2012 12:48:30 GMT+0100"); Deleted : user_pref("CT3072253.LatestVersion", "3.14.1.0"); Deleted : user_pref("CT3072253.Locale", "en"); Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.12.0.8"); Deleted : user_pref("CT3072253.SavedHomepage", "chrome://branding/locale/browserconfig.properties"); Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search"); Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "Search the web (Babylon)"); Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...] Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true); Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Sat Oct 20 2012 12:48:27 GMT+0100"); Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT3072253.SearchProtectorEnabled", true); Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true); Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Sat Oct 20 2012 12:48:30 GMT+0100"); Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Sat Oct 20 2012 12:48:26 GMT+0100"); Deleted : user_pref("CT3072253.SettingsLastUpdate", "1350318800"); Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13"); Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Fri Oct 12 2012 15:23:10 GMT+0100"); Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997"); Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253"); Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT3072253.UserID", "UN03079150532162389"); Deleted : user_pref("CT3072253.ValidationData_Toolbar", 2); Deleted : user_pref("CT3072253.alertChannelId", "1463702"); Deleted : user_pref("CT3072253.autoDisableScopes", -1); Deleted : user_pref("CT3072253.backendstorage.cbcountry_000", "4247"); Deleted : user_pref("CT3072253.backendstorage.cbcountry_001", "4247"); Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "467269204A756E20303120323031322031323A30383A30382[...] Deleted : user_pref("CT3072253.backendstorage.facebook_mode", "32"); Deleted : user_pref("CT3072253.backendstorage.facebook_user_locale", "656E"); Deleted : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F75732E6D67362E6D61696C2E7961686[...] Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Sat Oct 20 2012 12:48:30 GMT+0100"); Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT3072253.initDone", true); Deleted : user_pref("CT3072253.isAppTrackingManagerOn", false); Deleted : user_pref("CT3072253.myStuffEnabled", true); Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false); Deleted : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129[...] Deleted : user_pref("CT3072253.revertSettingsEnabled", true); Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true); Deleted : user_pref("CT3072253.testingCtid", ""); Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Sat Oct 20 2012 12:48:30 GMT+0100"); Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Mon Oct 15 2012 20:08:15 GMT+0100"); Deleted : user_pref("CT3072253.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3072253&Search[...] Deleted : user_pref("CommunityToolbar.ConduitSearchList", "uTorrentControl2 Customized Web Search"); Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"3b8[...] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\:>B><0=>2\\AppData\\Roaming\\Mozill[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253"); Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253"); Deleted : user_pref("CommunityToolbar.globalUserId", "b361cf43-7dc5-455a-b991-14fdd43870f4"); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253"); Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties"); Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...] Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112059&tt=4212_6&babsrc=NT_ss&mntr[...] Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&Sea[...] Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)"); Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)"); Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112059&tt=4212_6&babsrc=HP_s[...] Deleted : user_pref("extensions.BabylonToolbar.admin", false); Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false); Deleted : user_pref("extensions.BabylonToolbar.id", "4e5b402600000000000000269e2cbe20"); Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15633"); Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...] Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8"); Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8"); Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true); Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112059&tt=4212_[...] Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.812:46:55"); Deleted : user_pref("extensions.Softonic.admin", false); Deleted : user_pref("extensions.Softonic.aflt", "SD"); Deleted : user_pref("extensions.Softonic.autoRvrt", "false"); Deleted : user_pref("extensions.Softonic.dfltLng", ""); Deleted : user_pref("extensions.Softonic.dfltSrch", true); Deleted : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)"); Deleted : user_pref("extensions.Softonic.dspOld", "Blekko"); Deleted : user_pref("extensions.Softonic.excTlbr", false); Deleted : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MON00006/tb_v1?SearchSource=13&[...] Deleted : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/MON00006/tb_v1?SearchSource=13&cc[...] Deleted : user_pref("extensions.Softonic.hpOld", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13"); Deleted : user_pref("extensions.Softonic.id", "4e5b402600000000000000269e2cbe20"); Deleted : user_pref("extensions.Softonic.instlDay", "15503"); Deleted : user_pref("extensions.Softonic.instlRef", "MON00006"); Deleted : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/MON00006/tb_v1?SearchSource=[...] Deleted : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MON00006/tb_v1?SearchSource=1[...] Deleted : user_pref("extensions.Softonic.prdct", "Softonic"); Deleted : user_pref("extensions.Softonic.prtnrId", "softonic"); Deleted : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...] Deleted : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); Deleted : user_pref("extensions.Softonic.tlbrId", "base"); Deleted : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00006/tb_v1?SearchSource[...] Deleted : user_pref("extensions.Softonic.vrsn", "1.5.24.3"); Deleted : user_pref("extensions.Softonic.vrsni", "1.5.24.3"); Deleted : user_pref("extensions.Softonic_i.dnsErr", true); Deleted : user_pref("extensions.Softonic_i.hmpg", true); Deleted : user_pref("extensions.Softonic_i.newTab", true); Deleted : user_pref("extensions.Softonic_i.smplGrp", "none"); Deleted : user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.315:44:02"); Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...] -\\ Google Chrome v22.0.1229.94 File : C:\Users\котоманов\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [29437 octets] - [20/10/2012 18:50:20] AdwCleaner[s1].txt - [29747 octets] - [20/10/2012 19:39:14] ########## EOF - C:\AdwCleaner[s1].txt - [29808 octets] ##########
  4. # AdwCleaner v2.005 - Logfile created 10/20/2012 at 18:50:20 # Updated 14/10/2012 by Xplode # Operating system : Windows Vista Ultimate Service Pack 2 (32 bits) # User : котоманов - КОТОМАНОВ-PC # Boot Mode : Normal # Running from : C:UsersкотомановDesktopadwcleaner.exe # Option [search] ***** [services] ***** Found : Browser Manager ***** [Files / Folders] ***** File Found : C:Program FilesMozilla Firefoxsearchpluginsbabylon.xml File Found : C:user.js File Found : C:UsersкотомановAppDataRoamingMozillaFirefoxProfileshrd7dhd7.defaultsearchpluginsbrowsemngr.xml File Found : C:UsersкотомановAppDataRoamingMozillaFirefoxProfileshrd7dhd7.defaultsearchpluginsConduit.xml File Found : C:UsersкотомановAppDataRoamingMozillaFirefoxProfileshrd7dhd7.defaultsearchpluginssoftonic.xml Folder Found : C:Program FilesBabylonToolbar Folder Found : C:Program FilesConduit Folder Found : C:Program FilesSoftonic Folder Found : C:Program FilesuTorrentControl2 Folder Found : C:ProgramDataAnti-phishing Domain Advisor Folder Found : C:ProgramDataBabylon Folder Found : C:ProgramDatablekko toolbars Folder Found : C:ProgramDataBrowser Manager Folder Found : C:Users65F0~1AppDataLocalTempCT3072253 Folder Found : C:UsersкотомановAppDataLocalConduit Folder Found : C:UsersкотомановAppDataLocalGoogleChromeUser DataDefaultExtensionsdhkplhfnhceodhffomolpfigojocbpcb Folder Found : C:UsersкотомановAppDataLocalGoogleChromeUser DataDefaultExtensionspgafcinpmmpklohkojmllohdhomoefph Folder Found : C:UsersкотомановAppDataLocalLowConduit Folder Found : C:UsersкотомановAppDataLocalLowuTorrentControl2 Folder Found : C:UsersкотомановAppDataRoamingBabylon Folder Found : C:UsersкотомановAppDataRoamingBabylonToolbar Folder Found : C:UsersкотомановAppDataRoamingMicrosoftWindowsStart MenuProgramsBrowser Manager Folder Found : C:UsersкотомановAppDataRoamingMozillaFirefoxProfileshrd7dhd7.defaultConduitCommon Folder Found : C:UsersкотомановAppDataRoamingMozillaFirefoxProfileshrd7dhd7.defaultCT3072253 Folder Found : C:UsersкотомановAppDataRoamingMozillaFirefoxProfileshrd7dhd7.defaultextensions{687578b9-7132-4a7a-80e4-30ee31099e03} Folder Found : C:UsersкотомановAppDataRoamingMozillaFirefoxProfileshrd7dhd7.defaultextensionsffxtlbr@babylon.com ***** [Registry] ***** Data Found : HKLM..Windows [AppInit_DLLs] = c:progra~2browse~123796~1.11{16cdf~1browse~1.dll Key Found : HKCUSoftwareAppDataLowSoftwareConduit Key Found : HKCUSoftwareAppDataLowSoftwareSmartBar Key Found : HKCUSoftwareAppDataLowSoftwareuTorrentControl2 Key Found : HKCUSoftwareAppDataLowToolbar Key Found : HKCUSoftwareBabylonToolbar Key Found : HKCUSoftwareConduit Key Found : HKCUSoftwareDataMngr Key Found : HKCUSoftwareDataMngr_Toolbar Key Found : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheAnti-phishing Domain Advisor Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheSoftonic Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheuTorrentControl2 Toolbar Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtbProtectSettings Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{687578B9-7132-4A7A-80E4-30EE31099E03} Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{687578B9-7132-4A7A-80E4-30EE31099E03} Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Found : HKCUSoftwareSoftonic Key Found : HKLMSoftwareBabylon Key Found : HKLMSoftwareBabylonToolbar Key Found : HKLMSOFTWAREClassesAppID{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLMSOFTWAREClassesAppID{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Found : HKLMSOFTWAREClassesAppID{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLMSOFTWAREClassesAppID{7ABBFE1C-E485-44AA-8F36-353751B4124D} Key Found : HKLMSOFTWAREClassesAppID{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLMSOFTWAREClassesAppID{B15F118E-AF21-45E8-A809-29FDD7362565} Key Found : HKLMSOFTWAREClassesAppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLMSOFTWAREClassesAppID{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLMSOFTWAREClassesAppIDescort.DLL Key Found : HKLMSOFTWAREClassesAppIDescortApp.DLL Key Found : HKLMSOFTWAREClassesAppIDescortEng.DLL Key Found : HKLMSOFTWAREClassesAppIDescorTlbr.DLL Key Found : HKLMSOFTWAREClassesAppIDesrv.EXE Key Found : HKLMSOFTWAREClassesb Key Found : HKLMSOFTWAREClassesBabylon.dskBnd Key Found : HKLMSOFTWAREClassesBabylon.dskBnd.1 Key Found : HKLMSOFTWAREClassesbbylnApp.appCore Key Found : HKLMSOFTWAREClassesbbylnApp.appCore.1 Key Found : HKLMSOFTWAREClassesCLSID{291BCCC1-6890-484A-89D3-318C928DAC1B} Key Found : HKLMSOFTWAREClassesCLSID{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLMSOFTWAREClassesCLSID{44B50C01-4993-48E2-ADEE-D812BAE2E9A2} Key Found : HKLMSOFTWAREClassesCLSID{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Key Found : HKLMSOFTWAREClassesCLSID{687578B9-7132-4A7A-80E4-30EE31099E03} Key Found : HKLMSOFTWAREClassesCLSID{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Found : HKLMSOFTWAREClassesCLSID{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKLMSOFTWAREClassesCLSID{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3} Key Found : HKLMSOFTWAREClassesCLSID{A5679AB0-C59E-49E7-83C4-5289F844A6E0} Key Found : HKLMSOFTWAREClassesCLSID{B8276A94-891D-453C-9FF3-715C042A2575} Key Found : HKLMSOFTWAREClassesCLSID{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9} Key Found : HKLMSOFTWAREClassesCLSID{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955} Key Found : HKLMSOFTWAREClassesCLSID{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Found : HKLMSOFTWAREClassesCLSID{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Key Found : HKLMSOFTWAREClassesescort.escortIEPane Key Found : HKLMSOFTWAREClassesescort.escortIEPane.1 Key Found : HKLMSOFTWAREClassesesrv.BabylonESrvc Key Found : HKLMSOFTWAREClassesesrv.BabylonESrvc.1 Key Found : HKLMSOFTWAREClassesInterface{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Key Found : HKLMSOFTWAREClassesInterface{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Key Found : HKLMSOFTWAREClassesInterface{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Key Found : HKLMSOFTWAREClassesInterface{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Key Found : HKLMSOFTWAREClassesInterface{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Key Found : HKLMSOFTWAREClassesInterface{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Found : HKLMSOFTWAREClassesInterface{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Found : HKLMSOFTWAREClassesInterface{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Key Found : HKLMSOFTWAREClassesInterface{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Key Found : HKLMSOFTWAREClassesInterface{706D4A4B-184A-4434-B331-296B07493D2D} Key Found : HKLMSOFTWAREClassesInterface{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Key Found : HKLMSOFTWAREClassesInterface{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLMSOFTWAREClassesInterface{84F06F7A-F811-48D7-8B34-3F4145183D8F} Key Found : HKLMSOFTWAREClassesInterface{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Key Found : HKLMSOFTWAREClassesInterface{8BE10F21-185F-4CA0-B789-9921674C3993} Key Found : HKLMSOFTWAREClassesInterface{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06} Key Found : HKLMSOFTWAREClassesInterface{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Found : HKLMSOFTWAREClassesInterface{A0F66203-1A86-4812-9603-A57E09A4D7A3} Key Found : HKLMSOFTWAREClassesInterface{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Found : HKLMSOFTWAREClassesInterface{B173667F-8395-4317-8DD6-45AD1FE00047} Key Found : HKLMSOFTWAREClassesInterface{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Found : HKLMSOFTWAREClassesInterface{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Key Found : HKLMSOFTWAREClassesInterface{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Found : HKLMSOFTWAREClassesInterface{C2996524-2187-441F-A398-CD6CB6B3D020} Key Found : HKLMSOFTWAREClassesInterface{DEB85542-1311-4EC6-8A32-5372EB27FC94} Key Found : HKLMSOFTWAREClassesInterface{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Found : HKLMSOFTWAREClassesInterface{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Found : HKLMSOFTWAREClassesInterface{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Found : HKLMSOFTWAREClassesS Key Found : HKLMSOFTWAREClassesSoftonic.dskBnd Key Found : HKLMSOFTWAREClassesSoftonic.dskBnd.1 Key Found : HKLMSOFTWAREClassesSoftonic.SoftonicHlpr Key Found : HKLMSOFTWAREClassesSoftonic.SoftonicHlpr.1 Key Found : HKLMSOFTWAREClassesSoftonicApp.appCore Key Found : HKLMSOFTWAREClassesSoftonicApp.appCore.1 Key Found : HKLMSOFTWAREClassessrv.SoftonicSrvc Key Found : HKLMSOFTWAREClassessrv.SoftonicSrvc.1 Key Found : HKLMSOFTWAREClassesToolbar.CT2786678 Key Found : HKLMSOFTWAREClassesToolbar.CT3072253 Key Found : HKLMSOFTWAREClassesTypeLib{11D9E165-B8C1-4734-A56C-BC4FCACA966B} Key Found : HKLMSOFTWAREClassesTypeLib{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Found : HKLMSOFTWAREClassesTypeLib{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLMSOFTWAREClassesTypeLib{6E8BF012-2C85-4834-B10A-1B31AF173D70} Key Found : HKLMSOFTWAREClassesTypeLib{B15F118E-AF21-45E8-A809-29FDD7362565} Key Found : HKLMSOFTWAREClassesTypeLib{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLMSoftwareConduit Key Found : HKLMSoftwareDataMngr Key Found : HKLMSOFTWAREGoogleChromeExtensionsdhkplhfnhceodhffomolpfigojocbpcb Key Found : HKLMSOFTWAREGoogleChromeExtensionspgafcinpmmpklohkojmllohdhomoefph Key Found : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{41A6F182-D64C-468D-8345-2D6528E11B96} Key Found : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Key Found : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{9CF034EA-7B46-48D3-8895-8A14B32AE445} Key Found : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{9EE25410-BFB7-4EA4-AE1A-1DAF9F7E65CD} Key Found : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{687578B9-7132-4A7A-80E4-30EE31099E03} Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955} Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1} Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallAnti-phishing Domain Advisor Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallBabylonToolbar Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallSoftonic Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstalluTorrentControl2 Toolbar Key Found : HKLMSoftwareSoftonic Key Found : HKLMSoftwareuTorrentControl2 Key Found : HKUS-1-5-21-3941534589-3315542025-358933197-1000SoftwareMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKUS-1-5-21-3941534589-3315542025-358933197-1000SoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKUS-1-5-21-3941534589-3315542025-358933197-1000SoftwareMicrosoftInternet ExplorerSearchScopes{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Value Found : HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}] Value Found : HKCUSoftwareMozillaFirefoxExtensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] Value Found : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}] Value Found : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}] Value Found : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] Value Found : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{D0F4A166-B8D4-48b8-9D63-80849FE137CB}] Value Found : HKLMSOFTWAREMicrosoftInternet ExplorerURLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}] Value Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun [Anti-phishing Domain Advisor] ***** [internet Browsers] ***** - Internet Explorer v9.0.8112.16421 [HKCUSoftwareMicrosoftInternet ExplorerMain - Start Page] = hxxp://search.babylon.com/?affID=112059&tt=4212_6&babsrc=HP_ss&mntrId=4e5b402600000000000000269e2cbe20 [HKCUSoftwareMicrosoftInternet ExplorerMain - bProtector Start Page] = hxxp://search.babylon.com/?affID=112059&tt=4212_6&babsrc=HP_ss&mntrId=4e5b402600000000000000269e2cbe20 [HKLMSOFTWAREMicrosoftInternet ExplorerAboutURls - Tabs] = hxxp://search.softonic.com/MON00006/tb_v1?SearchSource=15&cc= - Mozilla Firefox v8.0.1 (bg) Profile name : default File : C:UsersкотомановAppDataRoamingMozillaFirefoxProfileshrd7dhd7.defaultprefs.js Found : user_pref("CT3072253..clientLogIsEnabled", true); Found : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true); Found : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true); Found : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true); Found : user_pref("CT3072253.CTID", "CT3072253"); Found : user_pref("CT3072253.CurrentServerDate", "20-10-2012"); Found : user_pref("CT3072253.DSChangedManually", false); Found : user_pref("CT3072253.DSInstall", true); Found : user_pref("CT3072253.DSProtectChoice", true); Found : user_pref("CT3072253.DSProtectCount", 1); Found : user_pref("CT3072253.DialogsAlignMode", "LTR"); Found : user_pref("CT3072253.DialogsGetterLastCheckTime", "Sat Oct 20 2012 12:48:30 GMT+0100"); Found : user_pref("CT3072253.DownloadReferralCookieData", ""); Found : user_pref("CT3072253.FirstServerDate", "1-6-2012"); Found : user_pref("CT3072253.FirstTime", true); Found : user_pref("CT3072253.FirstTimeFF3", true); Found : user_pref("CT3072253.FixPageNotFoundErrors", true); Found : user_pref("CT3072253.GroupingServerCheckInterval", 1440); Found : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT3072253.HPInstall", true); Found : user_pref("CT3072253.HPProtectChoice", true); Found : user_pref("CT3072253.HPProtectCount", 1); Found : user_pref("CT3072253.HasUserGlobalKeys", true); Found : user_pref("CT3072253.HomePageProtectorEnabled", true); Found : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://search.babylon.com/?affID=112059&tt=4212_6&babsr[...] Found : user_pref("CT3072253.Initialize", true); Found : user_pref("CT3072253.InitializeCommonPrefs", true); Found : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT3072253.InstallationId", "fft8DA0.tmp.exe"); Found : user_pref("CT3072253.InstallationType", "XPE"); Found : user_pref("CT3072253.InstalledDate", "Fri Jun 01 2012 12:08:03 GMT+0300"); Found : user_pref("CT3072253.IsAlertDBUpdated", true); Found : user_pref("CT3072253.IsGrouping", false); Found : user_pref("CT3072253.IsInitSetupIni", true); Found : user_pref("CT3072253.IsMulticommunity", false); Found : user_pref("CT3072253.IsOpenThankYouPage", true); Found : user_pref("CT3072253.IsOpenUninstallPage", false); Found : user_pref("CT3072253.IsProtectorsInit", true); Found : user_pref("CT3072253.LanguagePackLastCheckTime", "Sat Oct 20 2012 12:48:30 GMT+0100"); Found : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT3072253.LastLogin_3.12.0.8", "Sun Jun 03 2012 23:28:03 GMT+0300"); Found : user_pref("CT3072253.LastLogin_3.13.0.6", "Tue Jul 17 2012 17:37:24 GMT+0300"); Found : user_pref("CT3072253.LastLogin_3.14.1.0", "Tue Aug 28 2012 17:03:24 GMT+0100"); Found : user_pref("CT3072253.LastLogin_3.15.1.0", "Sat Oct 20 2012 12:48:30 GMT+0100"); Found : user_pref("CT3072253.LatestVersion", "3.14.1.0"); Found : user_pref("CT3072253.Locale", "en"); Found : user_pref("CT3072253.MCDetectTooltipHeight", "83"); Found : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT3072253.MCDetectTooltipWidth", "295"); Found : user_pref("CT3072253.MyStuffEnabledAtInstallation", true); Found : user_pref("CT3072253.OriginalFirstVersion", "3.12.0.8"); Found : user_pref("CT3072253.SavedHomepage", "chrome://branding/locale/browserconfig.properties"); Found : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search"); Found : user_pref("CT3072253.SearchEngineBeforeUnload", "Search the web (Babylon)"); Found : user_pref("CT3072253.SearchFromAddressBarIsInit", true); Found : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...] Found : user_pref("CT3072253.SearchInNewTabEnabled", true); Found : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Sat Oct 20 2012 12:48:27 GMT+0100"); Found : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT3072253.SearchProtectorEnabled", true); Found : user_pref("CT3072253.SearchProtectorToolbarDisabled", false); Found : user_pref("CT3072253.SendProtectorDataViaLogin", true); Found : user_pref("CT3072253.ServiceMapLastCheckTime", "Sat Oct 20 2012 12:48:30 GMT+0100"); Found : user_pref("CT3072253.SettingsLastCheckTime", "Sat Oct 20 2012 12:48:26 GMT+0100"); Found : user_pref("CT3072253.SettingsLastUpdate", "1350318800"); Found : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13"); Found : user_pref("CT3072253.ThirdPartyComponentsInterval", 504); Found : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Fri Oct 12 2012 15:23:10 GMT+0100"); Found : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997"); Found : user_pref("CT3072253.ToolbarShrinkedFromSetup", false); Found : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253"); Found : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT3072253.UserID", "UN03079150532162389"); Found : user_pref("CT3072253.ValidationData_Toolbar", 2); Found : user_pref("CT3072253.alertChannelId", "1463702"); Found : user_pref("CT3072253.autoDisableScopes", -1); Found : user_pref("CT3072253.backendstorage.cbcountry_000", "4247"); Found : user_pref("CT3072253.backendstorage.cbcountry_001", "4247"); Found : user_pref("CT3072253.backendstorage.cbfirsttime", "467269204A756E20303120323031322031323A30383A30382[...] Found : user_pref("CT3072253.backendstorage.facebook_mode", "32"); Found : user_pref("CT3072253.backendstorage.facebook_user_locale", "656E"); Found : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F75732E6D67362E6D61696C2E7961686[...] Found : user_pref("CT3072253.generalConfigFromLogin", "{"ApiMaxAlerts":"12","SocialDomains":"social.c[...] Found : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Sat Oct 20 2012 12:48:30 GMT+0100"); Found : user_pref("CT3072253.homepageProtectorEnableByLogin", true); Found : user_pref("CT3072253.initDone", true); Found : user_pref("CT3072253.isAppTrackingManagerOn", false); Found : user_pref("CT3072253.myStuffEnabled", true); Found : user_pref("CT3072253.myStuffPublihserMinWidth", 400); Found : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT3072253.myStuffServiceIntervalMM", 1440); Found : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT3072253.navigateToUrlOnSearch", false); Found : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129[...] Found : user_pref("CT3072253.revertSettingsEnabled", true); Found : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT3072253.searchProtectorEnableByLogin", true); Found : user_pref("CT3072253.testingCtid", ""); Found : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Sat Oct 20 2012 12:48:30 GMT+0100"); Found : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Mon Oct 15 2012 20:08:15 GMT+0100"); Found : user_pref("CT3072253.usagesFlag", 2); Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3072253&Search[...] Found : user_pref("CommunityToolbar.ConduitSearchList", "uTorrentControl2 Customized Web Search"); Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", ""3b8[...] Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:Users:>B><0=>2AppDataRoamingMozill[...] Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Found : user_pref("CommunityToolbar.ToolbarsList", "CT3072253"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253"); Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253"); Found : user_pref("CommunityToolbar.globalUserId", "b361cf43-7dc5-455a-b991-14fdd43870f4"); Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253"); Found : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties"); Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...] Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112059&tt=4212_6&babsrc=NT_ss&mntr[...] Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Found : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search"); Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&Sea[...] Found : user_pref("browser.search.order.1", "Search the web (Babylon)"); Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)"); Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112059&tt=4212_6&babsrc=HP_s[...] Found : user_pref("extensions.BabylonToolbar.admin", false); Found : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); Found : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Found : user_pref("extensions.BabylonToolbar.excTlbr", false); Found : user_pref("extensions.BabylonToolbar.id", "4e5b402600000000000000269e2cbe20"); Found : user_pref("extensions.BabylonToolbar.instlDay", "15633"); Found : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Found : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...] Found : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8"); Found : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8"); Found : user_pref("extensions.BabylonToolbar_i.newTab", true); Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112059&tt=4212_[...] Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.812:46:55"); Found : user_pref("extensions.Softonic.admin", false); Found : user_pref("extensions.Softonic.aflt", "SD"); Found : user_pref("extensions.Softonic.autoRvrt", "false"); Found : user_pref("extensions.Softonic.dfltLng", ""); Found : user_pref("extensions.Softonic.dfltSrch", true); Found : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)"); Found : user_pref("extensions.Softonic.dspOld", "Blekko"); Found : user_pref("extensions.Softonic.excTlbr", false); Found : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MON00006/tb_v1?SearchSource=13&[...] Found : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/MON00006/tb_v1?SearchSource=13&cc[...] Found : user_pref("extensions.Softonic.hpOld", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13"); Found : user_pref("extensions.Softonic.id", "4e5b402600000000000000269e2cbe20"); Found : user_pref("extensions.Softonic.instlDay", "15503"); Found : user_pref("extensions.Softonic.instlRef", "MON00006"); Found : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/MON00006/tb_v1?SearchSource=[...] Found : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MON00006/tb_v1?SearchSource=1[...] Found : user_pref("extensions.Softonic.prdct", "Softonic"); Found : user_pref("extensions.Softonic.prtnrId", "softonic"); Found : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...] Found : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); Found : user_pref("extensions.Softonic.tlbrId", "base"); Found : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00006/tb_v1?SearchSource[...] Found : user_pref("extensions.Softonic.vrsn", "1.5.24.3"); Found : user_pref("extensions.Softonic.vrsni", "1.5.24.3"); Found : user_pref("extensions.Softonic_i.dnsErr", true); Found : user_pref("extensions.Softonic_i.hmpg", true); Found : user_pref("extensions.Softonic_i.newTab", true); Found : user_pref("extensions.Softonic_i.smplGrp", "none"); Found : user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.315:44:02"); Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...] - Google Chrome v22.0.1229.94 File : C:UsersкотомановAppDataLocalGoogleChromeUser DataDefaultPreferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [29306 octets] - [20/10/2012 18:50:20] ########## EOF - C:AdwCleaner[R1].txt - [29367 octets] ##########
  5. Свалих файла dds.exe и това е резултатът от сканирането: DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 9.0.8112.16421 Run by котоманов at 17:49:49 on 2012-10-20 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1251.359.1026.18.1976.782 [GMT 1:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32SLsvc.exe C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Program FilesAVAST SoftwareAvastAvastSvc.exe C:WindowsSystem32hkcmd.exe C:WindowsSystem32igfxpers.exe C:Program FilesAVAST SoftwareAvastAvastUI.exe C:Program FilesConexantcAudioFilterAgentcAudioFilterAgent.exe C:ProgramDataAnti-phishing Domain Advisorvisicom_antiphishing.exe C:Program FilesWindows Sidebarsidebar.exe C:Program FilesuTorrentuTorrent.exe C:Program FilesSkypePhoneSkype.exe C:WindowsSystem32spoolsv.exe C:Windowssystem32taskeng.exe C:Windowssystem32igfxsrvc.exe C:Program FilesDatecsFlexType 2KFType2K.exe C:UsersкотомановAppDataRoamingDropboxbinDropbox.exe C:UsersкотомановAppDataLocalFacebookMessenger2.1.4651.0FacebookMessenger.exe C:Program FilesCommon FilesAdobeARM1.0armsvc.exe C:Windowssystem32taskeng.exe C:ProgramDataBrowser Manager2.3.796.11{16cdff19-861d-48e3-a751-d99a27784753}browsemngr.exe C:Windowssystem32schtasks.exe C:ProgramDataBrowser Manager2.3.796.11{16cdff19-861d-48e3-a751-d99a27784753}browsemngr.exe C:Windowssystem32SearchIndexer.exe C:UsersкотомановAppDataLocalGoogleChromeApplicationchrome.exe C:UsersкотомановAppDataLocalGoogleChromeApplicationchrome.exe C:UsersкотомановAppDataLocalGoogleChromeApplicationchrome.exe C:UsersкотомановAppDataLocalGoogleChromeApplicationchrome.exe C:UsersкотомановAppDataLocalGoogleChromeApplicationchrome.exe C:UsersкотомановAppDataLocalGoogleChromeApplicationchrome.exe C:UsersкотомановAppDataLocalGoogleChromeApplicationchrome.exe C:UsersкотомановAppDataLocalGoogleChromeApplicationchrome.exe C:UsersкотомановAppDataLocalGoogleChromeApplicationchrome.exe C:UsersкотомановAppDataLocalGoogleChromeApplicationchrome.exe C:UsersкотомановAppDataLocalGoogleChromeApplicationchrome.exe C:UsersкотомановAppDataLocalGoogleChromeApplicationchrome.exe C:Windowssystem32wbemwmiprvse.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Windowssystem32svchost.exe -k rpcss C:WindowsSystem32svchost.exe -k secsvcs C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k GPSvcGroup C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32svchost.exe -k NetworkService C:Windowssystem32svchost.exe -k LocalServiceNoNetwork C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted C:Windowssystem32svchost.exe -k imgsvc C:WindowsSystem32svchost.exe -k WerSvcGroup C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?affID=112059&tt=4212_6&babsrc=HP_ss&mntrId=4e5b402600000000000000269e2cbe20 uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned> uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:program filesutorrentcontrol2prxtbuTor.dll mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:program filesutorrentcontrol2prxtbuTor.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - c:program filesbabylontoolbarbabylontoolbar1.8.3.8bhBabylonToolbar.dll BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:program filesutorrentcontrol2prxtbuTor.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:program filesmicrosoft officeoffice14GROOVEEX.DLL BHO: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - c:program filesblekkotb_031blekkotb_019X.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:program filesavast softwareavastaswWebRepIE.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:program filesmicrosoft officeoffice14URLREDIR.DLL BHO: Softonic Helper Object: {E87806B5-E908-45FD-AF5E-957D83E58E68} - c:program filessoftonicsoftonic1.5.24.3bhSoftonic.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:program filesavast softwareavastaswWebRepIE.dll TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:program filesutorrentcontrol2prxtbuTor.dll TB: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - c:program filesblekkotb_031blekkotb_019X.dll TB: Softonic Toolbar: {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - c:program filessoftonicsoftonic1.5.24.3SoftonicTlbr.dll uRun: [sidebar] c:program fileswindows sidebarsidebar.exe /autoRun uRun: [uTorrent] "c:program filesutorrentuTorrent.exe" /MINIMIZED uRun: [Facebook Update] "c:usersкотомановappdatalocalfacebookupdateFacebookUpdate.exe" /c /nocrashserver uRun: [Google Update] "c:usersкотомановappdatalocalgoogleupdateGoogleUpdate.exe" /c uRun: [skype] "c:program filesskypephoneSkype.exe" /minimized /regrun uRun: [DAEMON Tools Lite] "c:program filesdaemon tools liteDTLite.exe" -autorun mRun: [igfxTray] c:windowssystem32igfxtray.exe mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe mRun: [Persistence] c:windowssystem32igfxpers.exe mRun: [avast] "c:program filesavast softwareavastavastUI.exe" /nogui mRun: [cAudioFilterAgent] c:program filesconexantcaudiofilteragentcAudioFilterAgent.exe mRun: [Anti-phishing Domain Advisor] "c:programdataanti-phishing domain advisorvisicom_antiphishing.exe" StartupFolder: c:users65f0~1appdataroamingmicros~1windowsstartm~1programsstartupdropbox.lnk - c:usersкотомановappdataroamingdropboxbinDropbox.exe StartupFolder: c:users65f0~1appdataroamingmicros~1windowsstartm~1programsstartupfacebo~1.lnk - c:usersкотомановappdatalocalfacebookmessenger2.1.4651.0FacebookMessenger.exe StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupflexty~1.lnk - c:program filesdatecsflextype 2kFType2K.exe mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:progra~1micros~2office14EXCEL.EXE/3000 IE: Se&nd to OneNote - c:progra~1micros~2office14ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:program filesmicrosoft officeoffice14ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:program filesmicrosoft officeoffice14ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces{D1300522-110F-4DF7-8646-993D85822A2F} : DHCPNameServer = 192.168.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:program filescommon filesmicrosoft sharedoffice14MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:program filesmicrosoft officeoffice14GROOVEEX.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:usersєѕтѕј°ѕѕіappdataroamingmozillafirefoxprofileshrd7dhd7.default . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys [2011-12-23 435032] R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2011-12-23 314456] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32driversdtsoftbus01.sys [2012-8-2 242240] R2 AdobeARMservice;Adobe Acrobat Update Service;c:program filescommon filesadobearm1.0armsvc.exe [2011-6-6 64952] R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2011-12-23 20568] R2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2011-12-23 55128] R2 avast! Antivirus;avast! Antivirus;c:program filesavast softwareavastAvastSvc.exe [2011-12-23 44768] R2 Browser Manager;Browser Manager;c:programdatabrowser manager2.3.796.11{16cdff19-861d-48e3-a751-d99a27784753}browsemngr.exe [2012-10-20 2312216] R2 FontCache;Windows Font Cache Service;c:windowssystem32svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:windowssystem32driversL1C60x86.sys [2011-11-30 50176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2012-7-13 160944] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:program filesmcafee security scan2.0.181McCHSvc.exe [2010-1-15 227232] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:program filesmicrosoft officeoffice14GROOVE.EXE [2011-6-12 31125880] S3 osppsvc;Office Software Protection Platform;c:program filescommon filesmicrosoft sharedofficesoftwareprotectionplatformOSPPSVC.EXE [2010-1-9 4640000] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsmicrosoft.netframeworkv4.0.30319wpfWPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-10-20 16:34:52 56200 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{3f7a56eb-086e-4af4-a000-3e8134818808}offreg.dll 2012-10-20 11:47:10 -------- d-----w- c:program filesBabylonToolbar 2012-10-20 11:47:08 -------- d-----w- c:usersєѕтѕј°ѕѕіappdataroamingBabylonToolbar 2012-10-20 11:47:05 -------- d-----w- c:programdataBrowser Manager 2012-10-20 11:45:57 -------- d-----w- c:programdataBabylon 2012-10-20 11:45:56 -------- d-----w- c:usersєѕтѕј°ѕѕіappdataroamingBabylon 2012-10-20 11:45:07 -------- d-----w- c:program filesCollage Maker 3.60 2012-10-20 10:33:49 -------- d-----w- c:usersєѕтѕј°ѕѕіappdataroamingPearlMountain 2012-10-20 10:33:49 -------- d-----w- c:programdataPearlMountain 2012-10-20 10:33:36 -------- d-----w- c:program filesCollageIt 2012-10-19 21:47:13 6918632 ------w- c:programdatamicrosoftwindows defenderdefinition updates{3f7a56eb-086e-4af4-a000-3e8134818808}mpengine.dll 2012-10-10 12:02:06 985088 ----a-w- c:windowssystem32crypt32.dll 2012-10-10 12:02:06 133120 ----a-w- c:windowssystem32cryptsvc.dll 2012-10-10 12:02:05 98304 ----a-w- c:windowssystem32cryptnet.dll 2012-10-10 12:01:46 172544 ----a-w- c:windowssystem32wintrust.dll 2012-10-10 12:01:32 2048 ----a-w- c:windowssystem32tzres.dll 2012-10-10 12:01:05 3602816 ----a-w- c:windowssystem32ntkrnlpa.exe 2012-10-10 12:01:04 3550080 ----a-w- c:windowssystem32ntoskrnl.exe 2012-09-25 22:14:48 -------- d-----w- c:usersєѕтѕј°ѕѕіappdataroamingBSplayer Pro 2012-09-25 22:14:48 -------- d-----w- c:usersєѕтѕј°ѕѕіappdataroamingBSplayer 2012-09-25 22:14:44 -------- d-----w- c:program filesWebteh . ==================== Find3M ==================== . 2012-08-24 06:59:17 1800704 ----a-w- c:windowssystem32jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- c:windowssystem32wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- c:windowssystem32inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- c:windowssystem32ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- c:windowssystem32vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- c:windowssystem32mshtml.tlb 2012-08-02 07:00:37 242240 ----a-w- c:windowssystem32driversdtsoftbus01.sys . ============= FINISH: 17:51:10,64 ===============
  6. Здравейте. Пускам тази тема, защото имам следния проблем. От известно време (близо месец) имам проблем със зареждането на видеа в интернет, както и с пускането на вече свалени филми на моя компютър. Примерно, когато си пусна да гледам даден клип в Youtube, дори и да е заредил непрекъснато запича и сече. Същата е ситуацията и когато гледам филм на компютъра си. Не мога да си обясня от къде може да идва проблема. По принцип имам бърза интернет връзка, сканирала съм компютъра за вируси, но е очевидно, че нещо не работи както трябва. Иначе като цяло Windows-а си работи добре. Ще се радвам на вашата помощ. Благодаря предварително!
  7. dilqnkakk

    Нов вирус в Skype

    Да не казвам голяма дума,ако всичко май е наред Рестартирах лаптопа и не ми се появи никакъв надпис,камерата и тя не ми се е включвала цял ден...Изглежда лаптопа е вече чист. Много ти благодаря! Дано да няма никакви проблеми.
  8. dilqnkakk

    Нов вирус в Skype

    Това е резултата от последното сканиране ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=0eb4512739a6634eb73ff095a2bc8a59 # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-03-27 06:01:11 # local_time=2010-03-27 07:01:11 (+0100, Central Europe Standard Time) # country="Bulgaria" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=768 16777215 100 0 22455361 22455361 0 0 # compatibility_mode=1280 16777215 100 0 105471 105471 0 0 # compatibility_mode=5892 16776574 100 95 68827642 107243279 0 0 # compatibility_mode=8192 67108863 100 0 79271 79271 0 0 # scanned=23168 # found=1 # cleaned=1 # scan_time=2320 C:\Program Files\Evrsoft First Page 2006\Iscripts\Games\games-scripts.izs JS/BadJoke.KillFiles.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  9. dilqnkakk

    Нов вирус в Skype

    Сканирането отне доста време,мисля че се оправи, но не съм напълно сигурна. Все пак много, ама много ви благодаря за помощта и дано всичко е наред. Ето и резултата: Malwarebytes' Anti-Malware 1.44 Database version: 3920 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 27.3.2010 г. 16:19:27 mbam-log-2010-03-27 (16-19-27).txt Scan type: Full Scan (C:\|D:\|E:\|G:\|) Objects scanned: 272468 Time elapsed: 1 hour(s), 16 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  10. dilqnkakk

    Нов вирус в Skype

    Здравейте, отново. Ето това е съсържанието на C:\ComboFix.txt : ComboFix 10-03-26.02 - Dilqna 03.2010 ã. 14:18:27.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1251.359.1033.18.2938.1791 [GMT 1:00] Running from: c:\users\Dilqna\Desktop\Tool.txt.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2273277861-2517752245-2772545579-500 c:\$recycle.bin\S-1-5-21-2845043854-106956975-960189050-500 c:\$recycle.bin\S-1-5-21-3936305410-2137453056-829019701-500 c:\program files\FlashGet Network c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm c:\program files\FlashGet Network\FlashGet universal\ComDlls\flashget.xpi c:\program files\FlashGet Network\FlashGet universal\ComDlls\IFlashgetXpi.xpt c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log c:\program files\FlashGet Network\FlashGet universal\Help\license.txt c:\program files\FlashGet Network\FlashGet universal\Help\Readme.txt c:\program files\FlashGet Network\FlashGet universal\Help\WHATSNEW.TXT c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Thumbs.db c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\iexplorer.bmp c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.bmp c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.xml c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\search.bmp c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\subscribe.bmp c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\Thumbs.db c:\program files\FlashGet Network\FlashGet universal\modules\Security\FunctionalRepair.bmp c:\program files\FlashGet Network\FlashGet universal\modules\Security\Scanning.bmp c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.bmp c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.xml c:\program files\FlashGet Network\FlashGet universal\modules\Security\SystemFix.bmp c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat c:\program files\FlashGet Network\FlashGet universal\Skins\close_default.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\close_press.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\close_select.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\max_default.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\max_press.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\max_select.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\min_default.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\min_press.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\min_select.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\notify.wav c:\program files\FlashGet Network\FlashGet universal\Skins\notify_board.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\notify_icon.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Back.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Backward.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\BrowserBarCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\FlashgetResource.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Forward.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Home.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Backward.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\BrowserBarDisableCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Forward.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Home.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Resource.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\Expbar.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\garage.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\resource.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\transfer.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Notify.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Proxy.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\About.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\folder.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\open.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Resource.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\InfoBkg.Bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\MonitorBkg.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\All.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Error.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\hashing.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\OK.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Start.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\Thumbs.db c:\program files\FlashGet Network\FlashGet universal\transaction.log c:\users\Dilqna\AppData\Roaming\addon.dat c:\users\Dilqna\AppData\Roaming\addons.dat c:\users\Dilqna\AppData\Roaming\BITS c:\users\Dilqna\AppData\Roaming\BITS\DHTTable.dat c:\users\Dilqna\AppData\Roaming\server.exe c:\windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf . ((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 ))))))))))))))))))))))))))))))) . 2010-03-27 13:31 . 2010-03-27 13:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-03-26 20:21 . 2010-03-26 20:21 -------- d-----w- c:\program files\ESET 2010-03-26 18:45 . 2010-03-27 10:38 -------- d-----w- c:\users\Dilqna\AppData\Roaming\skypePM 2010-03-26 18:44 . 2010-03-27 13:32 -------- d-----w- c:\users\Dilqna\AppData\Roaming\Skype 2010-03-26 18:43 . 2010-03-26 18:43 -------- d-----w- c:\program files\Common Files\Skype 2010-03-26 18:43 . 2010-03-26 18:43 -------- d-----r- c:\program files\Skype 2010-03-26 17:28 . 2010-03-26 17:28 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-03-26 17:24 . 2010-03-27 12:45 -------- d-----w- c:\users\Dilqna\AppData\Roaming\SUPERAntiSpyware.com 2010-03-26 17:24 . 2010-03-27 12:45 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-03-26 13:47 . 2010-03-26 13:47 932368 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll 2010-03-26 13:47 . 2010-03-26 13:47 678416 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll 2010-03-26 13:47 . 2010-03-26 13:47 604688 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll 2010-03-26 13:47 . 2010-03-26 13:47 1096208 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll 2010-03-26 13:47 . 2010-03-26 13:47 522768 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll 2010-03-26 13:38 . 2010-03-26 13:38 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll 2010-03-26 13:37 . 2010-03-26 13:37 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll 2010-03-26 13:06 . 2010-03-26 13:06 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2010-03-26 13:06 . 2010-03-26 13:06 108059 ----a-w- c:\windows\system32\drivers\klin.dat 2010-03-26 13:04 . 2010-03-27 13:06 -------- d-----w- c:\programdata\Kaspersky Lab 2010-03-26 13:04 . 2010-03-26 13:04 -------- d-----w- c:\program files\Kaspersky Lab 2010-03-26 12:35 . 2010-03-26 12:35 -------- d-----w- c:\users\Dilqna\AppData\Local\Xenocode 2010-03-26 12:35 . 2010-03-26 12:35 -------- d-----w- c:\program files\Xenocode 2010-03-26 12:19 . 2010-03-26 12:19 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files 2010-03-20 08:57 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-03-12 02:00 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-03-12 02:00 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys 2010-03-12 02:00 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll 2010-03-06 10:14 . 2010-03-06 11:13 -------- d-----w- c:\program files\Evrsoft First Page 2006 2010-02-26 14:00 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll 2010-02-26 13:59 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-02-26 13:59 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe 2010-02-26 13:59 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll 2010-02-26 13:59 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-02-26 13:59 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-02-26 13:59 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll 2010-02-26 13:59 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll 2010-02-26 13:59 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-02-26 13:59 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-27 13:06 . 2009-12-12 12:16 -------- d-----w- c:\users\Dilqna\AppData\Roaming\translateclient 2010-03-27 12:45 . 2009-09-19 06:26 -------- d-----w- c:\program files\CometBird 2010-03-26 18:45 . 2010-03-26 18:45 56 ---ha-w- c:\programdata\ezsidmv.dat 2010-03-26 18:43 . 2008-11-27 22:01 -------- d-----w- c:\programdata\Skype 2010-03-16 18:57 . 2009-12-18 16:10 -------- d-----w- c:\users\Dilqna\AppData\Roaming\XnView 2010-03-12 02:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-03-04 00:16 . 2008-11-27 21:32 -------- d-----w- c:\program files\Picasa2 2010-02-27 07:49 . 2009-07-10 19:27 108584 ----a-w- c:\users\Dilqna\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr 2010-02-19 20:44 . 2009-10-03 14:24 -------- d-----w- c:\program files\FlashGet 2010-02-19 20:35 . 2009-07-19 14:51 -------- d-----w- c:\program files\BitComet 2010-02-16 20:47 . 2010-02-16 20:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2010-02-08 22:55 . 2010-02-08 22:55 -------- d-----w- c:\program files\A-Z Typing Test 2009-12-28 12:35 . 2010-02-10 09:23 11776 ----a-w- c:\windows\system32\tsbyuv.dll 2009-12-28 12:35 . 2010-02-10 09:23 1314816 ----a-w- c:\windows\system32\quartz.dll 2009-12-28 12:32 . 2010-02-10 09:23 22528 ----a-w- c:\windows\system32\msyuv.dll 2009-12-28 12:32 . 2010-02-10 09:23 31744 ----a-w- c:\windows\system32\msvidc32.dll 2009-12-28 12:32 . 2010-02-10 09:23 123904 ----a-w- c:\windows\system32\msvfw32.dll 2009-12-28 12:32 . 2010-02-10 09:23 13312 ----a-w- c:\windows\system32\msrle32.dll 2009-12-28 12:31 . 2010-02-10 09:23 82944 ----a-w- c:\windows\system32\mciavi32.dll 2009-12-28 12:31 . 2010-02-10 09:23 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2009-12-28 12:28 . 2010-02-10 09:23 65024 ----a-w- c:\windows\system32\avicap32.dll 2009-12-28 12:28 . 2010-02-10 09:23 91136 ----a-w- c:\windows\system32\avifil32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960] "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-08-30 2259480] [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] 2009-08-30 06:28 2259480 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 2009-07-02 08:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_P.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960] "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-08-30 2259480] [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960] "{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-08-30 2259480] [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-27 39408] "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-11-06 270336] "BitComet"="c:\program files\BitComet\BitComet.exe" [2010-01-21 2956536] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-11-08 160592] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2008-10-17 6295552] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-22 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-22 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-22 145944] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-01 30192] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-08-25 144784] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280] "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-11-27 24576] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456] c:\users\Dilqna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ IMTranslator.lnk - c:\program files\Smart Link\IMTrans\IMTrans.exe [2009-10-26 1065984] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2009-12-9 1048576] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2008-11-06 02:32 98304 ------w- c:\windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-01 30192] R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-10-21 103712] R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-10-21 353568] R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-10-21 62752] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 337184] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-12 83232] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-11-03 21520] S2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [2008-11-06 303104] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032] S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-10-17 104992] S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-09-05 411488] S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-09-12 446464] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-08-22 9344] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Contents of the 'Scheduled Tasks' folder 2010-03-27 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.pageflakes.com/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: {{60237576-b24c-4ba9-9740-c9f3ec9db557} - {EAADF17C-B6EA-4511-8549-A67CFD406EAF} - c:\progra~1\SkyCode\WEBTRA~1\wt2ie.dll TCP: {C1458549-CA0B-4A3B-8F8E-9259653AA0DD} = 149.156.67.233,149.156.89.30 . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-Calendarscope - c:\program files\Calendarscope\csde.exe HKCU-Run-{276B1964-F156-464E-4CA7-B898932C090D} - c:\users\Dilqna\AppData\Roaming:Z_PI.EXE HKCU-Run-HKLM - c:\users\Dilqna\AppData\Roaming:Z_PI.EXE HKCU-Run-AdobeBridge - (no file) HKCU-Run-{BFA41BFD-BAFA-BB62-89AF-9E089B9F8D19} - c:\users\Dilqna\AppData\Roaming\server.exe AddRemove-A&APress - Free IELTS Exercises_is1 - c:\a&apress - free ielts exercises\unins000.exe AddRemove-WebTranslator - c:\program files\Antadis\Translator Internet\Install.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-27 14:32 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run {276B1964-F156-464E-4CA7-B898932C090D} = c:\users\Dilqna\AppData\Roaming:Z_PI.EXE??t?a?\?R?o?a?m?i?n?g????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? HKLM = c:\users\Dilqna\AppData\Roaming:Z_PI.EXE??t?a?\?R?o?a?m?i?n?g????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2010-03-27 14:35:07 ComboFix-quarantined-files.txt 2010-03-27 13:34 Pre-Run: 56 591 396 864 bytes free Post-Run: 57 144 893 440 bytes free - - End Of File - - 580C9DC99F7198ADB3E4778B504C5C4F
  11. dilqnkakk

    Нов вирус в Skype

    Благодаря много за бързия отзив.Пуснах да се сканира, много се надявам да стане, ще пиша после какъв е резултатът. Прикачих двата файла,надявам се да съм направила всичко както трябва. Extras.Txtt.txt OTL.Txtt.txt
  12. Здравейте, вчера си навлякох един проблем и се надявам, че тук ще можете да ми помогнете. Докато разговарях с една приятелка по скайпа изведнъж ми се появи някакво съобщение за приемане на файл. Не се замислих много и го приех, защото трябваше да ми изпрати едни документи. По принцип не се доверявам изобщо на туко така изпратени файлове без да попитам за какво са, но ето, че сега направих тази глупост и си създадох беля на главата. Та въпросното нещо като го отворих ми се появи малка картинка на око. Не очаквах да видя подобно нещо и веднага го изтрих, премахнах го дори и от кошчето. След малко обаче ми се включи камерата... зачудих се много и се опитах да я изключа, но не успях, защото ми изписа, че нямам изобщо такава. Рестартирах лаптопа и след около час пак същото-просто изведнъж ми се появи менюто на камерата и тя пак се включи , но аз изобщо нямах достъп до нея. Пробвах да проведа видео разговор по скайп, но не ми разреши, защото в момента вече се ползвала. Говорех с приятелката ми и тя ми каза, че такова нещо не ми е пращала,но и тя като мене го е приела и то автоматично се е разпратила сред всичките й абонати, интересното е, че аз не съм го разпратила на моите. Нейният компютър забивал, давал грешки, но при мен само периодично се включва камерата. Сканирах си вчера компютъра 3 пъти с 3 различни антивирусни. Намериха ми няколко вируса, изчистих каквото трябваше, но това не се махна. Преинсталирах си и скайпа, смених му паролата, но пак същото. Като си включа компютъра ми изписва следните съобщения: This splikation was crested using an svalution version of xenocode postbuild 2010. There are 11 days renaining in your evaluation period , а това ми излезе само веднъж: setting up personalized setting for c / windows/ sisten 32/ ddnn/ server.exe s
  13. Коментарът от www.3dnews.ru ли го барна?

  14. Да,наистина прав си,но не съм от този тип хора,които ще тръгнат да се карат и да вдигат скандали на хората,макар че понякога това е единствения начин да си защитим правата.Надявам се да си удържат на обещанието и да си нямам повече взимане даване с тях(защото апарата си го дадох на 4 януари,а днес сме 19 февруари!).В противен случай,трябва наистина да предприема някакви по-сериозни действия,за да не ме правят повече на балама.
  15. Днес отидох отново,но този път заедно с приятеля си.Този път ми обещаха,че ще ми донесът новия фотоапарат в сряда.Да видим до колко ще си изпълнят обещанието.Ако пък нещо ме изменкат,този път няма да се правя на примерна,а както каза ще им разкажа играта!
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.