Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Препоръчан отговор


Здравейте в темата за скайп пуснах пост че скайпа се обажда без да го карам и пише от време на време. Все едно има някой който ми е в скайпа. От там ми казаха че може да е вирус и затова искам да проверя компютъра. Ще се радвам да получа помоща на някой от HJT Teem

Линк към този отговор
Сподели в други сайтове

MBAM не откри нищо

Malwarebytes' Anti-Malware 1.41

Версия на базата от данни: 2797

Windows 5.1.2600 Service Pack 3

15.9.2009 г. 00:51:05

mbam-log-2009-09-15 (00-51-05).txt

Тип сканиране: Пълно сканиране (C:\|D:\|)

Сканирани обекти: 174694

Изминало време: 1 hour(s), 25 minute(s), 35 second(s)

Заразени процеси в паметта: 0

Заразени модули в паметта: 0

Заразени ключове в регистратурата: 0

Заразени стойности в регистратурата: 0

Заразени информационни обекти в регистратурата: 0

Заразени папки: 0

Заразени файлове: 0

Заразени процеси в паметта:

(Не бяха открити заплахи)

Заразени модули в паметта:

(Не бяха открити заплахи)

Заразени ключове в регистратурата:

(Не бяха открити заплахи)

Заразени стойности в регистратурата:

(Не бяха открити заплахи)

Заразени информационни обекти в регистратурата:

(Не бяха открити заплахи)

Заразени папки:

(Не бяха открити заплахи)

Заразени файлове:

(Не бяха открити заплахи)

Trend Micro Hijack This:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:55:35, on 15.9.2009 г.

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bg/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: FlashCatchBHO Class - {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files\IE AddOns\FlashCatch\flashcatch.dll

O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - C:\Program Files\Flash Capture\fcbho.dll

O3 - Toolbar: FlashCatch - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\IE AddOns\FlashCatch\flashcatch.dll

O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Power Video Converter\msdxm.ocx

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\Flash Capture\fciext.dll/FCIEXT.htm

O8 - Extra context menu item: Свали видео съдържанието на FLV с IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Свали всички линкове с IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Свали с IDM - D:\Program Files\Internet Download Manager\IEExt.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\Flash Capture\fciext.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{4C23DFD2-C3E1-4122-8BDB-F4B41F40242C}: NameServer = 80.80.128.161,80.80.128.193

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Prime95 Service - Unknown owner - C:\Documents and Settings\Daniel Stoyanov\Desktop\prime95.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 7338 bytes

Редактирано от daniel1995 (преглед на промените)
Линк към този отговор
Сподели в други сайтове

Не е вирус някой ти е разбрал паролата и ти пише от скайпа.

емиии явно е така sad.gif предпочитах да е вирус :)

Линк към този отговор
Сподели в други сайтове

ми смени си я, бе!


Линк към този отговор
Сподели в други сайтове

Все пак можеш да направиш стъпките от 1 до 3...

СТЪПКА 1

Отвори HijackThis и избери "Do a system Scan only"

Сложи отметки пред следните редове и натисни "Fix Checked".

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

O23 - Service: Prime95 Service - Unknown owner - C:\Documents and Settings\Daniel Stoyanov\Desktop\prime95.exe (file missing)

СТЪПКА 2: (описанието е взето от Night_Raven)

Деинсталирай Skype и го инсталирай без диспечера на на екстрите. Те позволяват на Skype да ползва разни допълнения - детектори на лъжата, допълнения за настроения и всякакви други шарении. Инсталацията на екстрите води и до инсталиране на SkypePM.exe, който се вижда в Task Manager и някои хора се чудят какво е, защото понякога гълта доста памет. Именно с тези екстри се инсталира и Skype4COM протокола, чрез който тази гадинка и всичкия спам, който циркулира в Skype, се разпространява. Традиционния метод е следния: даден потребител е залъган да изтегли и стартира дадена програма, която обещава да добави икони/да разбие парола/нещо друго. Тази програма обаче не е нищо повече от скрипт (VBS в повечето случаи), който не прави нищо от обещаното, а използва споменатия по-горе протокол да се разпрати на всички абонати в списъка.

Ако този протокол го няма, дори и да се стартира подобен спам-скрипт, той няма да може да разпрати нищо.

Ето графична илюстрация как да НЕ се инсталират екстрите:

z5pvs.png

2zgx8gp.png

СТЪПКА 3:

Обнови JAVA:

Изтегли JavaRa и го разархивирай на десктопа.

***! Преди да започнеш с процедурата, затвори Internet Explorer !***

Кликни два пъти върху JavaRa.exe, за да стартираш програмата

От падащото меню, избери English ...и избери Select.

JavaRa ще се стартира; избери Remove Older Versions, за да премахнеш по-старата версия от компютъра си.

Посочи Yes, когато бъдеш попитан. Когато JavaRa приключи успешно премахването на старата версия, ще получиш съобщение, че лог файла от извършената процедура е създаден. Избери OK.

Лог файлът ще се визуализира. Запази го на десктопа.

Копирай лог файла от JavaRa в следващия си пост.

А за профилкатика направи следните стъпки:

СТЪПКА 4:

Изтегли DDS от тук.

Запази го на десктопа.

Изключи защитата в реално време на антивирусната си програма (ако е инсталирана такава).Накрая, стартирай инструмента.

  • Когато DDS приключи успешно анализа на системата ще отвори два лог файла.


  1. DDS.txt
  2. Attach.txt

  • Запази ги на десктопа и след това ги прикачи към следващия си пост.

СТЪПКА 5

Изтегли GMER и го разархивирай на десктопа.

Преди да сканираш се увери, че всички останали работещи програми в момента са изключени и антивирусния софтуер няма да предприема никакви действия по време на сканирането на Gmer. Не използвай компютъра си, докато трае сканирането.

Кликни два пъти пъти върху gmer.exe , за да стартираш програмата.

Тя ще направи начално сканиране за секунди. След като то приключи НЕ натискайте бутона Scan, а избери бутона Copy и постави съдържанието на лог файла в следващия си пост.

Линк към този отговор
Сподели в други сайтове

В момента съм на друг компютър и пак. В момента говора с един приятел и по едно време разговора сам завори.

ПАРОЛАТА Я СМЕНИХ

Редактирано от daniel1995 (преглед на промените)
Линк към този отговор
Сподели в други сайтове

Сблъсквал съм се с троянец, разпространяващ се через пращането си през Skype. Не аналогичен на описания тук, но борейки се с него открих една крайно неприятна подробност. Изглежда в някакъв момент разработчиците на Windows версията на Skype са махнали настройките за забрана на Skype API и Plugin Manager-а от криптографски защитения конфигурационен файл и са ги преместили в регистъра. Резултата от това меко казано странно решение (обикновенно такива гадости правят само Майкрософт) е че няма начин да забраниш Skype API от съображения за сигурност, защото всяка зловредна програма, която се разпространява през него може да си го пусне (да, трябва и право да пише в регистъра, но както е исвестно Майкрософт винаги са се грижили зловредния софтуер да разполага с богат избор на начини за повишаване на привилегиите).

За мен този пример за съзнателното създаване на проблеми със сигурноста стана още една от многото причини да отказвам да ползвам Skype.

Линк към този отговор
Сподели в други сайтове

Java Ra

JavaRa 1.15 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Tue Sep 15 22:37:06 2009

Found and removed: C:\Windows\System32\jpicpl32.cplFound and removed: Software\JavaSoft\Java2D\1.5.0_06Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006Found and removed: SOFTWARE\Classes\JavaPlugin.150_06Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zipFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zipFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip------------------------------------Finished reporting.

Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 07.5.2005 г. 18:24:05

System Uptime: 15.9.2009 г. 22:01:50 (0 hours ago)

Motherboard: | | K7Upgrade-600

Processor: AMD Sempron 2500+ | Socket-A | 1749/166mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 24 GiB total, 6,683 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 7,072 GiB free.

E: is CDROM ()

F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Ethernet Controller

Device ID: PCI\VEN_1904&DEV_8139&SUBSYS_00000000&REV_01\3&61AAA01&0&48

Manufacturer:

Name: Ethernet Controller

PNP Device ID: PCI\VEN_1904&DEV_8139&SUBSYS_00000000&REV_01\3&61AAA01&0&48

Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: RAID Controller

Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_31491849&REV_80\3&61AAA01&0&78

Manufacturer:

Name: RAID Controller

PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_31491849&REV_80\3&61AAA01&0&78

Service:

==== System Restore Points ===================

RP64: 31.8.2009 г. 00:22:20 - Supprime Converter

RP65: 31.8.2009 г. 00:24:50 - Removed Xenocode Virtual Application Studio 2009

RP66: 01.9.2009 г. 08:19:02 - System Checkpoint

RP67: 02.9.2009 г. 22:22:43 - Software Distribution Service 3.0

RP68: 02.9.2009 г. 22:48:05 - Installed DirectX

RP69: 03.9.2009 г. 22:31:44 - Removed Microangelo On Display.

RP70: 03.9.2009 г. 22:32:06 - Removed Microangelo Toolset 6.

RP71: 04.9.2009 г. 22:55:59 - Installed VP-EYE

RP72: 04.9.2009 г. 23:02:08 - Removed VP-EYE

RP73: 04.9.2009 г. 23:03:59 - Инсталиран A4 TECH USB2.0 PC Camera J

RP74: 06.9.2009 г. 16:26:02 - Installed Image Resizer Powertoy for Windows XP

RP75: 06.9.2009 г. 16:31:18 - Removed Image Resizer Powertoy for Windows XP

RP76: 07.9.2009 г. 20:40:07 - Installed GTA San Andreas

RP77: 08.9.2009 г. 23:34:51 - System Checkpoint

RP78: 10.9.2009 г. 11:31:32 - System Checkpoint

RP79: 10.9.2009 г. 22:36:12 - Software Distribution Service 3.0

RP80: 11.9.2009 г. 21:12:03 - Installed Windows Media Player Firefox Plugin

RP81: 11.9.2009 г. 21:56:20 - Installed Windows Media Player Firefox Plugin

RP82: 11.9.2009 г. 22:13:51 - Installed Windows Media Player Firefox Plugin

RP83: 12.9.2009 г. 18:25:01 - Изтрит A4 TECH USB2.0 PC Camera J

RP84: 13.9.2009 г. 00:05:08 - Removed Microsoft Virtual PC 2007 SP1

RP85: 13.9.2009 г. 01:46:00 - Инсталиран A4 TECH USB2.0 PC Camera J

RP86: 13.9.2009 г. 15:46:44 - Installed Macromedia Flash 8

RP87: 14.9.2009 г. 20:55:41 - Installed J2SE Runtime Environment 5.0 Update 6

RP88: 15.9.2009 г. 21:28:42 - System Checkpoint

RP89: 15.9.2009 г. 22:26:50 - Премахнат Skype™ 4.1

RP90: 15.9.2009 г. 22:28:31 - Removed Skype web features

==== Installed Programs ======================

Архиватор WinRAR

µTorrent

Български интерфейсен пакет за PowerDVD v7.0

A4 TECH USB2.0 PC Camera J

Adobe Flash Player 10 Plugin

Adobe Photoshop CS

Adobe Shockwave Player 11.5

AoA DVD Ripper

Audacity 1.2.6

Auto Gordian Knot 2.55

avast! Antivirus

AviSynth 2.5

CCleaner (remove only)

DVD Photo Slideshow Pro 7.92

ESET Online Scanner v3

EVEREST Ultimate Edition v5.02

Flash Capture v3.0.1.1308

FlashCatch

FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1108

FormatFactory 2.10

Foxit Reader

GTA San Andreas

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

ImgBurn

Internet Download Manager

Macromedia Extension Manager

Macromedia Flash 8

Macromedia Flash 8 Video Encoder

Macromedia Flash Player 8

Macromedia Flash Player 8 Plugin

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft VM for Java

Mozilla Firefox (1.5)

MSVC80_x86

MSXML 6.0 Parser (KB933579)

Naturpic Video Cutter 2.20

Nero 7 Premium

NetBeans IDE 6.7.1

nLite 1.4.9.1

Nokia Connectivity Cable Driver

Nokia PC Suite

Nokia Software Updater

NVIDIA Drivers

Opera 9.64

PC Connectivity Solution

PhotoScape

PicturesToExe 5.6

Power AMR MP3 WAV WMA M4A AC3 Audio Converter 1.6

PowerDVD

Right Click Image Converter

RM Converter 2.21

save2pc Light 3.44

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Skype™ 4.1

SMS version 3.0.1.0

Spider Player 2.3.11

SQL Server System CLR Types

Subtitle Workshop 2.51

TeamViewer 4

Thinstall Virtualization Suite 3.358

Universal Extractor 1.6

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Outlook 2007 Junk Email Filter (kb973514)

Update for Windows XP (KB973815)

version 4.9.1

VIA Rhine-Family Fast-Ethernet Adapter

Video Converter 3

Video Edit Magic 4.2

VMware ThinApp

VobSub v2.23 (Remove Only)

Web Page Maker V2

WebFldrs XP

WinAVI Video Converter

Windows Driver Package - Nokia Modem (06/01/2009 4.1)

Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Media Player Firefox Plugin

WinMPG VideoConvert 8.9.7.0

Xvid 1.1.3 final uninstall

XviD MPEG4 Video Codec (remove only)

==== Event Viewer Messages From Past Week ========

15.9.2009 г. 22:05:49, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).

15.9.2009 г. 22:05:03, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

15.9.2009 г. 22:05:03, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

15.9.2009 г. 22:04:29, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

15.9.2009 г. 22:04:29, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

15.9.2009 г. 22:03:52, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

15.9.2009 г. 22:03:51, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

15.9.2009 г. 21:10:57, error: Service Control Manager [7000] - The Prime95 Service service failed to start due to the following error: The system cannot find the file specified.

14.9.2009 г. 22:08:02, error: Service Control Manager [7000] - The Prime95 Service service failed to start due to the following error: The system cannot find the file specified.

14.9.2009 г. 21:40:43, error: Service Control Manager [7000] - The Prime95 Service service failed to start due to the following error: The system cannot find the file specified.

14.9.2009 г. 18:40:37, error: Service Control Manager [7000] - The Prime95 Service service failed to start due to the following error: The system cannot find the file specified.

13.9.2009 г. 15:12:54, error: Service Control Manager [7000] - The Prime95 Service service failed to start due to the following error: The system cannot find the file specified.

09.9.2009 г. 21:27:31, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).

09.9.2009 г. 21:24:24, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:24:24, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09.9.2009 г. 21:23:52, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:23:52, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09.9.2009 г. 21:23:21, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09.9.2009 г. 21:23:20, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:22:48, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:22:48, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09.9.2009 г. 21:22:18, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:22:18, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09.9.2009 г. 21:21:45, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:21:45, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09.9.2009 г. 21:21:12, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:21:12, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09.9.2009 г. 21:20:40, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:20:40, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09.9.2009 г. 21:17:52, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:16:49, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:16:49, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09.9.2009 г. 21:16:13, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:16:13, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09.9.2009 г. 21:15:38, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:15:38, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09.9.2009 г. 21:14:59, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:14:59, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09.9.2009 г. 21:14:20, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:14:20, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09.9.2009 г. 21:13:49, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:13:49, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09.9.2009 г. 21:13:17, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:13:17, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09.9.2009 г. 21:12:46, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:12:46, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09.9.2009 г. 21:12:13, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:12:13, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09.9.2009 г. 21:11:41, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:11:41, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09.9.2009 г. 21:11:10, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:11:10, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09.9.2009 г. 21:10:36, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:10:36, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09.9.2009 г. 21:10:01, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

09.9.2009 г. 21:10:01, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

DDS

DDS (Ver_09-07-30.01) - NTFSx86

Run by Daniel Stoyanov at 22:44:04,79 on 15.09.2009 Ј.

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.255.109 [GMT 3:00]

AV: avast! antivirus 4.8.1351 [VPS 090914-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Daniel Stoyanov\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.bg/

mWinlogon: SfcDisable=-99 (0xffffff9d)

BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - d:\program files\internet download manager\IDMIECC.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

BHO: FlashCatchBHO Class: {88618a96-6d8a-42e7-b932-9073d5b2080f} - c:\program files\ie addons\flashcatch\flashcatch.dll

BHO: BHO Class: {8b3868b4-eba8-48fa-a19b-e1dfb99066fa} - c:\program files\flash capture\fcbho.dll

TB: FlashCatch: {10cecf4f-a96e-4803-8ac2-f565fb29ff47} - c:\program files\ie addons\flashcatch\flashcatch.dll

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Save F&lash with FlashCapture - c:\program files\flash capture\fciext.dll/FCIEXT.htm

IE: Свали видео съдържанието на FLV с IDM - d:\program files\internet download manager\IEGetVL.htm

IE: Свали всички линкове с IDM - d:\program files\internet download manager\IEGetAll.htm

IE: Свали с IDM - d:\program files\internet download manager\IEExt.htm

IE: {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - res://c:\program files\flash capture\fciext.dll/FCIEXT.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

LSP: c:\windows\system32\idmmbc.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

TCP: {4C23DFD2-C3E1-4122-8BDB-F4B41F40242C} = 80.80.128.161,80.80.128.193

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-11 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-11 20560]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-11 138680]

R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2009-9-13 247552]

R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2009-9-13 476032]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-11 254040]

S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-11 352920]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest ultimate edition\kerneld.wnt [2009-8-27 26736]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-8-11 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-8-11 8320]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-8-14 91472]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]

=============== Created Last 30 ================

2009-09-15 22:30 <DIR> --d--r-- c:\program files\Skype

2009-09-15 00:55 <DIR> --d----- c:\program files\Trend Micro

2009-09-14 23:23 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-14 23:23 19,160 a------- c:\windows\system32\drivers\mbam.sys

2009-09-14 23:23 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-09-14 21:07 <DIR> --d----- c:\documents and settings\daniel stoyanov\.netbeans

2009-09-14 21:06 <DIR> --d----- c:\documents and settings\daniel stoyanov\.netbeans-registration

2009-09-14 21:02 <DIR> --d----- c:\program files\NetBeans 6.7.1

2009-09-14 21:01 <DIR> --d----- c:\documents and settings\daniel stoyanov\.nbi

2009-09-14 20:32 95 a------- c:\windows\system32\productregistry

2009-09-14 01:40 <DIR> --d----- c:\program files\ADShareit

2009-09-13 15:44 <DIR> --d----- c:\program files\Macromedia

2009-09-13 15:44 <DIR> --d----- c:\program files\common files\Macromedia

2009-09-13 01:48 73,728 a------- c:\windows\system32\exvmuvc.ax

2009-09-13 01:48 247,552 a------- c:\windows\system32\drivers\VMUVC.sys

2009-09-13 01:48 188,416 a------- c:\windows\system32\vvftUVC.ax

2009-09-13 01:48 516,096 a------- c:\windows\system32\VMUVC.ax

2009-09-13 01:48 94,208 a------- c:\windows\system32\VvFtCtrl.dll

2009-09-13 01:48 11,776 a------- c:\windows\system32\VMUVC.dll

2009-09-13 01:48 476,032 a------- c:\windows\system32\drivers\vvftUVC.sys

2009-09-13 01:48 98,304 a------- c:\windows\system32\VMCtrl.ax

2009-09-13 01:46 <DIR> --d----- c:\program files\Vimicro Corporation

2009-09-12 23:51 <DIR> --d----- c:\program files\CCleaner

2009-09-12 18:22 1,700,352 a------- c:\windows\system32\gdiplus.dll

2009-09-12 18:22 <DIR> --d----- c:\program files\Naturpic Video Cutter

2009-09-12 17:48 356,352 a------- c:\windows\eSellerateEngine.dll

2009-09-12 17:46 <DIR> --d----- c:\program files\common files\DeskShare Shared

2009-09-12 17:46 258,352 a------- c:\windows\system32\Unicows.dll

2009-09-12 17:46 224,016 a------- c:\windows\system32\TABCTL32.OCX

2009-09-12 17:46 <DIR> --d----- c:\program files\Deskshare

2009-09-11 01:12 <DIR> --d----- c:\program files\ESET

2009-09-10 12:17 54,156 a---h--- c:\windows\QTFont.qfn

2009-09-10 12:17 1,409 a------- c:\windows\QTFont.for

2009-09-10 11:00 <DIR> --d----- c:\program files\Audacity

2009-09-10 09:36 153,088 -------- c:\windows\system32\dllcache\triedit.dll

2009-09-10 09:36 512,000 -------- c:\windows\system32\dllcache\jscript.dll

2009-09-07 20:58 98,304 a------- c:\windows\system32\CmdLineExt.dll

2009-09-07 20:39 <DIR> --d----- c:\program files\Rockstar Games

2009-09-07 20:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite

2009-09-07 20:33 <DIR> --d----- c:\program files\DAEMON Tools Toolbar

2009-09-07 20:32 <DIR> --d----- c:\program files\DAEMON Tools Lite

2009-09-07 20:32 <DIR> --d----- c:\docume~1\daniel~1\applic~1\DAEMON Tools Lite

2009-09-06 16:24 <DIR> --d----- c:\windows\Downloaded Installations

2009-09-04 23:05 <DIR> --d----- c:\windows\VMUVC

2009-09-02 22:48 229,376 -------- c:\windows\system32\AudDevicePlugin.dll

2009-09-02 22:48 585,728 -------- c:\windows\system32\AReadyLB.dll

2009-09-02 22:48 76 a------- c:\windows\system32\mspstpl.vxd

2009-09-02 22:48 183,129 -------- c:\windows\system32\AM Install1.INF

2009-09-02 22:48 3,851,784 a------- c:\windows\system32\D3DX9_39.dll

2009-09-02 22:47 <DIR> --d----- c:\windows\Logs

2009-09-02 22:47 <DIR> --d----- c:\docume~1\daniel~1\applic~1\J River

2009-09-01 07:58 <DIR> --d----- c:\program files\AviSynth 2.5

2009-09-01 07:54 <DIR> --d----- c:\program files\AutoGK

2009-09-01 01:02 <DIR> --d----- c:\windows\system32\Adobe

2009-08-31 23:51 45,056 a------- c:\windows\system32\CxxProgressBar.ocx

2009-08-31 23:51 808,700 a------- c:\windows\system32\Win.tlb

2009-08-30 19:08 <DIR> --d----- c:\program files\URUSoft

2009-08-30 18:54 <DIR> --d----- c:\program files\FreeTime

2009-08-30 18:21 <DIR> --d----- c:\program files\QuickMediaConverter

2009-08-30 16:57 1 a------- c:\windows\system32\SysDVDtoAVI.dat

2009-08-30 16:50 66 a------- c:\windows\Power Video Converter.INI

2009-08-30 16:48 <DIR> --d----- c:\program files\Power Video Converter

2009-08-30 16:48 <DIR> --d----- c:\program files\WinAVI Video Converter

2009-08-28 00:01 466,944 a------- c:\windows\system32\iviaudio.ax

2009-08-28 00:01 <DIR> --d----- c:\program files\WinMPG VideoConvert

2009-08-27 22:24 69 a------- c:\windows\NeroDigital.ini

2009-08-27 18:52 <DIR> --d----- c:\program files\Xilisoft

2009-08-27 17:16 <DIR> --d----- c:\program files\sms

2009-08-27 17:03 <DIR> --d----- c:\program files\FDRLab

2009-08-27 15:46 169,064 a------- c:\windows\system32\everest_cpl.cpl

2009-08-27 15:46 63 a------- c:\windows\system32\everest_cpl.ini

2009-08-27 15:40 <DIR> --d----- c:\program files\Lavalys

2009-08-27 13:45 <DIR> --d----- c:\docume~1\daniel~1\applic~1\GrabPro

2009-08-27 13:45 <DIR> --d----- c:\program files\Orbitdownloader

2009-08-27 03:12 56,832 -------- c:\windows\system32\dllcache\secur32.dll

2009-08-27 03:12 989,696 -------- c:\windows\system32\dllcache\kernel32.dll

2009-08-27 03:10 58,880 -------- c:\windows\system32\dllcache\atl.dll

2009-08-27 03:10 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll

2009-08-27 03:10 354,304 -------- c:\windows\system32\dllcache\winhttp.dll

2009-08-27 03:10 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat

2009-08-27 03:10 2,067,968 -------- c:\windows\system32\dllcache\mstscax.dll

2009-08-27 03:08 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll

2009-08-27 03:07 2,560 -------- c:\windows\system32\xpsp4res.dll

2009-08-27 03:07 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb

2009-08-27 03:07 215,552 -------- c:\windows\system32\dllcache\wordpad.exe

2009-08-27 02:36 <DIR> --d----- c:\program files\Flash Capture

2009-08-27 01:56 <DIR> --d----- c:\program files\common files\SWFEXE

2009-08-27 01:28 <DIR> --d----- c:\windows\Blaiz Enterprises

2009-08-26 23:28 77 a------- c:\windows\system32\winitn.dll

2009-08-26 23:28 2,535,424 a------- c:\windows\system32\agsaamj.dll

2009-08-26 23:28 90,112 a------- c:\windows\system32\agsaami.dll

2009-08-26 23:28 610,304 a------- c:\windows\system32\agsaamg.dll

2009-08-26 23:28 372,736 a------- c:\windows\system32\agsaamc.dll

2009-08-26 23:28 53,760 a------- c:\windows\system\ppacklib.dll

2009-08-26 23:28 1 a------- c:\windows\sslzdlt.dll

2009-08-26 23:28 487,424 a------- c:\windows\system32\msvcp70.dll

2009-08-26 23:28 344,064 a------- c:\windows\system32\msvcr70.dll

2009-08-26 23:28 647,872 a------- c:\windows\system32\MSCOMCT2.OCX

2009-08-26 23:28 974,848 a------- c:\windows\system32\mfc70.dll

2009-08-26 23:28 <DIR> --d----- c:\program files\AML Products

2009-08-26 23:08 <DIR> --d----- c:\program files\Nero

2009-08-26 22:35 <DIR> --d----- c:\program files\AoA DVD Ripper

2009-08-26 02:09 32,592 a------- c:\windows\system32\msonpmon.dll

2009-08-26 01:59 <DIR> --d----- c:\program files\Microsoft Visual Studio 8

2009-08-26 01:58 <DIR> --d----- c:\windows\SHELLNEW

2009-08-25 14:05 <DIR> --d----- c:\docume~1\daniel~1\applic~1\Eclipsit

2009-08-25 13:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Microangelo On Display

2009-08-24 22:40 <DIR> --d----- c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter

2009-08-24 14:12 <DIR> --d----- c:\docume~1\daniel~1\applic~1\IDM

2009-08-24 14:12 <DIR> --d----- c:\docume~1\daniel~1\applic~1\DMCache

2009-08-21 20:19 <DIR> --d----- c:\docume~1\daniel~1\applic~1\ViGlance

2009-08-21 19:44 <DIR> --d----- c:\program files\nLite

2009-08-20 23:32 306,688 a------- c:\windows\IsUninst.exe

2009-08-20 22:59 <DIR> --d----- c:\program files\common files\Adobe Systems Shared

2009-08-20 16:04 <DIR> --d----- c:\docume~1\daniel~1\applic~1\Spider Player

2009-08-20 16:04 <DIR> --d----- c:\program files\Spider Player

2009-08-20 14:45 <DIR> --d----- c:\docume~1\daniel~1\applic~1\BITS

2009-08-20 12:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Anvsoft

2009-08-20 12:55 <DIR> --d----- c:\program files\DVD Photo Slideshow Professional

2009-08-18 18:49 8 a------- c:\windows\system32\nvModes.dat

2009-08-18 18:44 35,840 a----r-- c:\windows\system32\nvcodins.dll

2009-08-18 18:44 35,840 a----r-- c:\windows\system32\nvcod.dll

2009-08-18 18:44 <DIR> --d----- c:\windows\NV33762712.TMP

2009-08-18 18:44 286,720 a----r-- c:\windows\system32\nvnt4cpl.dll

2009-08-18 18:44 229,376 a----r-- c:\windows\system32\nvmccs.dll

2009-08-18 18:44 81,920 a----r-- c:\windows\system32\nvwddi.dll

2009-08-18 18:44 86,016 a----r-- c:\windows\system32\nvmctray.dll

2009-08-18 18:44 7,700,480 a----r-- c:\windows\system32\nvcpl.dll

2009-08-18 18:44 5,644,288 a----r-- c:\windows\system32\nvoglnt.dll

2009-08-18 18:44 581,632 a----r-- c:\windows\system32\nvhwvid.dll

2009-08-18 18:44 212,992 a----r-- c:\windows\system32\nvapi.dll

2009-08-18 18:44 159,810 a----r-- c:\windows\system32\nvsvc32.exe

2009-08-18 18:32 <DIR> --d----- C:\NVIDIA

2009-08-18 18:20 88,691 a------- c:\windows\system32\nvapps.nvb

2009-08-18 16:20 <DIR> --d----- c:\windows\RegisteredPackages

2009-08-18 16:18 470,528 a------- c:\windows\system32\dllcache\qdvd.dll

2009-08-18 13:26 <DIR> --d----- c:\program files\VMware

2009-08-18 11:15 <DIR> --d----- c:\program files\Real Alternative

2009-08-18 11:05 <DIR> --d----- c:\windows\pss

2009-08-17 23:37 <DIR> --d----- c:\docume~1\daniel~1\applic~1\Phoenix

2009-08-17 19:31 6,463 a------- c:\windows\mozver.dat

2009-08-17 15:14 <DIR> --d----- c:\program files\Web Page Maker V2

==================== Find3M ====================

2009-08-14 17:25 2,678 a------- c:\windows\java\packages\data\G0VP7JZR.DAT

2009-08-14 17:25 2,678 a------- c:\windows\java\packages\data\QL79JFXJ.DAT

2009-08-14 17:25 2,678 a------- c:\windows\java\packages\data\ENDF9FZJ.DAT

2009-08-14 17:25 2,678 a------- c:\windows\java\packages\data\6CG35VJX.DAT

2009-08-12 21:17 2,560 a------- c:\windows\_MSRSTRT.EXE

2009-08-12 03:19 722,416 a------- c:\windows\system32\drivers\sptd.sys

2009-08-11 19:59 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2009-08-11 05:20 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-08-11 05:19 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-08-11 02:05 8,992 a------- c:\windows\system32\kbdbph.dll

2009-08-11 01:22 21,640 a------- c:\windows\system32\emptyregdb.dat

2009-08-05 16:21 41,424 a------- c:\windows\system32\drivers\VBoxUSBMon.sys

2009-08-05 16:20 91,472 a------- c:\windows\system32\drivers\VBoxNetAdp.sys

2009-08-05 16:19 115,856 a------- c:\windows\system32\drivers\VBoxDrv.sys

2009-08-05 12:01 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-08-05 12:01 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll

2009-07-29 07:37 119,808 a------- c:\windows\system32\t2embed.dll

2009-07-29 07:37 81,920 a------- c:\windows\system32\fontsub.dll

2009-07-29 07:37 119,808 -------- c:\windows\system32\dllcache\t2embed.dll

2009-07-29 07:37 81,920 -------- c:\windows\system32\dllcache\fontsub.dll

2009-07-19 19:03 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll

2009-07-19 16:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll

2009-07-17 22:01 58,880 a------- c:\windows\system32\atl.dll

2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll

2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll

2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll

2009-06-29 14:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe

2009-06-29 14:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe

2009-06-29 11:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe

2009-06-29 11:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat

2009-06-29 11:33 161,792 -------- c:\windows\system32\dllcache\ieakui.dll

============= FINISH: 22:44:30,40 ===============

Gmer

GMER 1.0.15.15087 - http://www.gmer.net

Rootkit quick scan 2009-09-15 22:46:05

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\pfwyifoc.sys

---- System - GMER 1.0.15 ----

SSDT spbn.sys ZwEnumerateKey [0xF992FDA4]

SSDT spbn.sys ZwEnumerateValueKey [0xF9930132]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 81B8C1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \Fat 81552500

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

Линк към този отговор
Сподели в други сайтове

Всъщност не, не е чист, но просто нямам време в момента да се занимая с това. Някой друг от екипа ще те поеме.

Линк към този отговор
Сподели в други сайтове

Еми давайте докът имам време. :( Че с тфа даскало, ся кат е началото няма толкуз уроци имам малко повече време за компютър.

Линк към този отговор
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване