Преди време бях хванал някакъв много гаден вирус,който ми изтри 90% от инфо-то в PC-то. Ок...върнах голяма част от файловете след преинсталация на Windows-a с една програма,НО...пак има някакъв проблем. (D:) & (E:) са ми по 68,5 GB,а ми показва,че имам около 3 GB free space,а аз нямам повече от по около 12-15 GB във всеки един от 2-та....Някой някакво предположение как да се оправи ?

Преди време бях хванал някакъв много гаден вирус,който ми изтри 90% от инфо-то в PC-то. Ок...върнах голяма част от файловете след преинсталация на Windows-a с една програма,НО...пак има някакъв проблем. (D:) & (E:) са ми по 68,5 GB,а ми показва,че имам около 3 GB free space,а аз нямам повече от по около 12-15 GB във всеки един от 2-та....Някой някакво предположение как да се оправи ?

На първо време тук:

http://www.kaldata.c...howtopic=132819

Изпълни стъпка 3 и стъпка 4..

Редактирано 1 ноември 200916 г. от icotonev (преглед на промените)

Ето това е лог-а от Malwarebytes' Anti-Malware

(По време на сканиването AVAST! се обади 2 пъти - 1 троянец и 1 червей,след края на сканирането поиска рестарт на PC-to)

Malwarebytes' Anti-Malware 1.41

Database version: 3076

Windows 5.1.2600 Service Pack 2

01.11.2009 г. 16:46:11

mbam-log-2009-11-01 (16-46-11).txt

Scan type: Full Scan (C:\|D:\|E:\|)

Objects scanned: 215173

Time elapsed: 1 hour(s), 38 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 16

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 16

Files Infected: 152

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.

C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\system32 (Backdoor.Bifrose) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:

C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\juicyaccess_installer.exe (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Sony\Sound Forge 9.0\sony.sound.forge.9.0c.build.405-NoPE.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{7C1798CD-8B6B-474F-BBFD-D877794C35CD}\RP23\A0022399.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

E:\vdfsv\Keygen_photoshop_cs3\Keygen photoshop cs3\activator\activator.exe (Trojan.Agent) -> Quarantined and deleted successfully.

E:\vdfsv\Keygen_photoshop_cs3\Keygen photoshop cs3\Serial\keygen2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Program Files\system32\logg.dat (Backdoor.Bifrose) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090719-015149.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090719-015233.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090720-134752.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-120101.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-160002.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-094909.125.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-160101.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-181711.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-001818.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-161856.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-110241.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-131510.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-131546.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-182638.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090725-085101.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090726-032942.484.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090727-065413.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090727-122930.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090727-124000.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090727-182215.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090728-061815.578.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090728-160158.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090728-160500.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090728-175743.484.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090728-190857.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090729-091735.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090729-143327.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090729-143606.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090729-144805.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-094703.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-094707.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-133929.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090808-063847.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090808-153934.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090808-233941.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-013557.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-020947.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-104029.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-105031.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-194008.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-194208.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-002034.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-155056.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-230908.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-093034.828.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-181459.578.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-121610.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090817-090934.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090818-004040.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090818-164011.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090818-183902.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090819-200722.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090821-170218.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090822-160537.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090822-162855.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090822-165125.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090825-163543.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-170116.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-170216.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-170825.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090830-015104.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090830-200434.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090902-142323.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090903-041139.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090903-192323.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090905-035158.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090905-035213.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090905-181435.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090905-232238.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090912-130748.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090912-132617.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\01c9eb2893468d1fba80553d2b75bd30.gif (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\867b44b1158783875052f103c3a2f11a.gif (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\bc83ac54dd36e7479704363c8fbd7e43.gif (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\c14631dd1d688aa0ae8e9c9dd396c653.gif (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Application Data\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.

Ето го и лог-а от TrendMicro™ HijackThis™

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:08:59, on 01.11.2009 г.

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Datecs\Flex2K.exe

C:\Program Files\wskype\wskype.exe

C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe

C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Opera\opera.exe

C:\HiJack This\Kaldata.exe.exe

C:\HiJack This\Kaldata.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll

O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles

O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart

O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ONAIR] C:\Program Files\ONAIR\ONAIR.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe

O4 - Global Startup: FlexType 2K.lnk = ?

O4 - Global Startup: wskype.lnk = ?

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{157D1474-84EC-4C08-8EDD-258123F28169}: NameServer = 10.6.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{157D1474-84EC-4C08-8EDD-258123F28169}: NameServer = 10.6.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{157D1474-84EC-4C08-8EDD-258123F28169}: NameServer = 10.6.0.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 9339 bytes

Редактирано 1 ноември 200916 г. от Djembi (преглед на промените)

Здравейте Djembi!

Аз съм Maniac и ще Ви помагам да почистите вашата система от зловреден софтуер. Анализа на логовете, както и премахването на зловредния софтуер, може да отнеме време, затова моля бъдете търпеливи. Моля, имайте предвид следното:

• Аз ще Ви помагам само за почистването на вашата система от зловреден софтуер. За всякакви други проблеми, моля създайте нова тема в съответния форум и опишете детайлно проблема Ви.
  
• Решението се отнася само за този проблем и само на този компютър.
  
• Задължително трябва да разполагате с администраторски привилегии, за да получим възможността успешно да почистим вашата системата.
  
• Следвайте инструкциите ми стриктно, докато не Ви кажа, че системата Ви е напълно чиста. Това, че симптомите са изчезнали, не значи че всичко е наред.
  
• Ако не разбирате нещо, моля Ви попитайте ме, а не рискувайте. По-добре е малко да се позабавим, отколкото да усложним нещата.
  
• При наличие на руткит, аз не гарантирам 100% почистване.
  
• Проявете търпение, защото процедурата по почистването на вашата система може да отнеме известно време, в зависимост от вида на зловредния софтуер.
  
• Цялата кореспонденция минава през тази тема, не създавайте нова тема и не използвайте друга тема за тази цел.
  

За съжаление, една от откритите инфекции е троянски кон от вида Backdoor.

Той дава възможност на хакерите да управляват от разстояние вашия компютър. Най-често тяхната цел е да крадат личната информация на потребителите, като понякога тя бива продавана на т.нар. черен пазар.

Поради тази причина Ви съветвам да преустановите всякаква работа с банкови сметки през тази система и след като приключим с почистването й да промените всички пароли, които са въведени през този компютър, защото те вече са достъпни и за хакерите.

Стъпка 1:

Изтеглете Security Check от screen317 от тук или тук и го запаметете на вашия десктоп.

• Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.
  
• Накрая, автоматично ще се отвори текстов документ, наречен checkup.txt, моля поставете съдържанието му в следващия Ви коментар в тази тема.

Стъпка 2:

Изтеглете RootRepeal от тук и го запазете на вашия десктоп. След това, разархивирайте го на вашия десктоп, отново.

• Кликнете два пъти върху RootRepeal.exe , за да стартирате програмата
  
• Кликнете на таба Report в долната част на прозореца
  
• Кликнете на бутона Scan
  
• Сложете отметки пред следното:

• 
  
• Drivers
  
• Processes
  
• SSDT
  
• Hidden Services

• Кликнете на бутона OK
  
• На следващия диалогов прозорец, сложете отметки преди всички дялове (C:\ , D:\ ....)
  
• Кликнете на OK, за да започне процеса на сканиране

Бележка: Процеса на сканиране може да отнеме време. Моля, не стартирайте никакви програми, докато програмата сканира.

• Когато сканирането завърши успешно ще се появи бутона Save Report
  
• Кликнете върху Save Report и запишете лог файла на вашия десктоп, с име RootRepeal.txt
  
• Отворете File, след което Exit , за да затворите програмата.

Копирайте и поставете съдържанието на RootRepeal.txt в следващия си пост.

Стъпка 3:

Изтеглете ComboFix от някой от следните линкове:

Линк 1

Линк 2

* ВАЖНО !!! Запазете ComboFix.exe на вашия десктоп

• Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

• Преименувайте ComboFix.exe на Tool.exe

• Стартирайте Tool.exe и следвайте инструкциите.

Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

• Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

• Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

Изберете Yes, за да продължи сканирането за зловреден софтуер.

Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

Бележка:

1. Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
   
2. ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
   
3. ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
   
4. ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
   
5. В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

Results of screen317's Security Check version 0.99.0

Windows XP Service Pack 2

Out of date service pack!!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

avast! Antivirus

Antivirus out of date!

``````````````````````````````

Anti-malware/Other Utilities Check:

HijackThis 2.0.2

Java 6 Update 15

Adobe Flash Player 10

Adobe Reader 9.1.2

``````````````````````````````

Process Check:

objlist.exe by Laurent

Alwil Software Avast4 aswUpdSv.exe

Alwil Software Avast4 ashServ.exe

Alwil Software Avast4 ashDisp.exe

Alwil Software Avast4 ashMaiSv.exe

Alwil Software Avast4 ashWebSv.exe

``````````````````````````````

DNS Vulnerability Check:

POOR! (Vulnerable to DNS cache poisoning!!-- Consider OPENDNS)

`````````End of Log```````````

След като сложих отметки на

Drivers

Processes

SSDT

Hidden Services

Не ми излезе нито бутон ОК нито да слагам отметки на (C:\ , D:\ ....) ,а ми излезе направо този рапорт -

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/11/01 19:11

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP2

==================================================

Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0x9FD44000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xA217E000 Size: 8192 File Visible: No Signed: -

Status: -

Name: PCI_PNP1094

Image Path: \Driver\PCI_PNP1094

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0x9CC38000 Size: 49152 File Visible: No Signed: -

Status: -

Name: sphq.sys

Image Path: sphq.sys

Address: 0xF8464000 Size: 1048576 File Visible: No Signed: -

Status: -

Name: sptd

Image Path: \Driver\sptd

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

SSDT

-------------------

#: 025 Function Name: NtClose

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa75186b8

#: 041 Function Name: NtCreateKey

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7518574

#: 065 Function Name: NtDeleteValueKey

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7518a52

#: 068 Function Name: NtDuplicateObject

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa751814c

#: 071 Function Name: NtEnumerateKey

Status: Hooked by "sphq.sys" at address 0xf8483ca2

#: 073 Function Name: NtEnumerateValueKey

Status: Hooked by "sphq.sys" at address 0xf8484030

#: 119 Function Name: NtOpenKey

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa751864e

#: 122 Function Name: NtOpenProcess

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa751808c

#: 128 Function Name: NtOpenThread

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa75180f0

#: 160 Function Name: NtQueryKey

Status: Hooked by "sphq.sys" at address 0xf8484108

#: 177 Function Name: NtQueryValueKey

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa751876e

#: 204 Function Name: NtRestoreKey

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa751872e

#: 247 Function Name: NtSetValueKey

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa75188ae

Hidden Services

-------------------

Service Name: ubksxhhik

Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs

==EOF==

ComboFix 09-10-30.01 - Administrator 11.2009 г. 19:25.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.511.161 [GMT 2:00]

Running from: c:\documents and settings\Administrator\Desktop\Tool.exe.exe

AV: avast! antivirus 4.8.1356 [VPS 091023-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Application Data\.#

c:\documents and settings\Administrator\Application Data\.#\MBX@E38@962338.###

c:\documents and settings\Administrator\Application Data\.#\MBX@E38@9648C8.###

c:\documents and settings\Administrator\Application Data\.#\MBX@E38@9649B8.###

c:\documents and settings\Administrator\Application Data\.#\MBX@E38@964D08.###

c:\program files\driver

.

((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2070-01-02 04:32 . 2070-01-02 04:32 -------- d-----w- c:\program files\K-Lite Codec Pack

2070-01-02 04:18 . 2070-01-02 04:18 -------- d-----w- c:\program files\Alwil Software

2070-01-02 04:11 . 2070-01-02 04:11 -------- d-----w- c:\program files\Realtek Sound Manager

2070-01-02 04:11 . 2070-01-02 04:11 -------- d-----w- c:\program files\AvRack

2070-01-02 04:11 . 2070-01-02 04:11 -------- d-----w- c:\program files\Realtek AC97

2070-01-02 04:09 . 2070-01-02 04:09 -------- d-----w- c:\program files\NVIDIA Corporation

2070-01-02 04:09 . 2070-01-02 04:09 -------- d-----w- c:\program files\Common Files\NVIDIA Shared

2070-01-02 04:05 . 2070-01-02 04:05 -------- d-----w- c:\program files\ATI Technologies

2070-01-02 03:54 . 2070-01-02 03:54 -------- d-----w- c:\program files\microsoft frontpage

2070-01-02 03:51 . 2070-01-02 03:51 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2009-11-01 17:20 . 2070-01-02 04:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype

2009-11-01 14:00 . 2009-03-02 22:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM

2009-11-01 13:05 . 2009-11-01 13:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-11-01 13:04 . 2009-11-01 13:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-01 13:04 . 2009-11-01 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-31 19:03 . 2009-06-13 13:09 -------- d-----w- c:\program files\Minilyrics

2009-10-31 18:58 . 2009-03-10 19:24 21048 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-31 05:42 . 2009-03-03 00:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-10-31 05:02 . 2009-10-31 05:02 -------- d-----w- c:\program files\Nettsenteret

2009-10-31 02:51 . 2009-10-31 02:51 -------- d-----w- c:\program files\Microsoft Silverlight

2009-10-30 18:48 . 2009-10-30 18:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic

2009-10-30 17:30 . 2009-03-09 10:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent

2009-10-28 01:48 . 2009-10-28 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Socusoft

2009-10-28 01:48 . 2009-10-28 01:47 -------- d-----w- c:\program files\DVD Photo Slideshow Professional

2009-10-28 01:40 . 2070-01-02 04:05 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-10-26 23:48 . 2009-10-26 23:48 0 ----a-w- c:\windows\nsreg.dat

2009-10-19 17:35 . 2009-03-03 01:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\BSplayer

2009-10-15 22:22 . 2009-03-03 18:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer

2009-10-15 22:20 . 2009-10-15 22:18 -------- d-----w- c:\program files\iTunes

2009-10-15 22:20 . 2009-10-15 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-10-15 22:19 . 2009-10-15 22:19 -------- d-----w- c:\program files\iPod

2009-10-15 22:18 . 2009-03-03 21:56 -------- d-----w- c:\program files\Common Files\Apple

2009-10-15 22:15 . 2009-10-15 22:14 -------- d-----w- c:\program files\QuickTime

2009-10-10 22:27 . 2009-10-10 22:27 -------- d-----w- c:\program files\ONAIR

2009-10-05 13:43 . 2009-09-18 23:41 -------- d-----w- c:\program files\SystemRequirementsLab

2009-10-05 13:43 . 2009-09-18 23:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab

2009-10-04 14:02 . 2009-03-02 23:39 -------- d-----w- c:\program files\Opera

2009-10-04 10:58 . 2005-01-01 21:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite

2009-10-03 13:07 . 2009-10-03 13:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf

2009-10-03 13:07 . 2009-10-03 13:07 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf

2009-10-02 14:15 . 2009-10-02 14:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-10-02 14:15 . 2009-10-02 14:15 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-10-02 14:09 . 2009-10-02 13:24 136472 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-10-02 14:08 . 2005-01-01 21:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia

2009-10-02 14:05 . 2009-10-02 13:38 -------- d-----w- c:\program files\Nokia

2009-10-02 14:05 . 2009-10-02 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaMusic

2009-10-02 14:04 . 2009-10-02 14:03 -------- d-----w- c:\program files\Common Files\muvee Technologies

2009-10-02 13:59 . 2005-01-01 21:42 -------- d-----w- c:\program files\Common Files\Nokia

2009-10-02 13:57 . 2005-01-01 21:42 -------- d-----w- c:\program files\DIFX

2009-10-02 13:23 . 2009-10-02 13:23 -------- d-----w- c:\program files\MSBuild

2009-10-02 13:23 . 2009-10-02 13:23 -------- d-----w- c:\program files\Reference Assemblies

2009-10-02 13:14 . 2009-10-02 13:14 -------- d-----w- c:\program files\MSXML 6.0

2009-09-26 15:50 . 2009-09-26 15:49 -------- d-----w- c:\program files\Altiris

2009-09-15 10:59 . 2009-10-09 17:40 1279968 ----a-w- c:\windows\system32\aswBoot.exe

2009-09-15 10:56 . 2009-10-09 17:41 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-09-15 10:56 . 2009-10-09 17:41 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-09-15 10:55 . 2009-10-09 17:41 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-09-15 10:55 . 2009-10-09 17:41 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-09-15 10:54 . 2009-10-09 17:41 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-09-15 10:54 . 2009-10-09 17:41 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-09-15 10:53 . 2009-10-09 17:41 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-09-15 10:53 . 2009-10-09 17:41 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-09-13 08:48 . 2009-09-13 08:48 -------- d-----w- c:\program files\Panerai

2009-09-12 10:21 . 2009-07-18 22:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{11AE5274-ACE4-48DC-8781-BA074146E52A}

2009-09-10 12:54 . 2009-11-01 13:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 12:53 . 2009-11-01 13:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-28 16:42 . 2009-07-06 18:11 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-08-28 16:42 . 2009-03-03 21:56 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-04-15 01:25 . 2009-04-02 23:51 326123 -csha-w- c:\windows\system32\9\klog.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP0.dll" [2009-07-13 2215960]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

2009-07-13 22:10 2215960 ----a-w- c:\program files\MyPlayCity\tbMyP0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2009-04-02 16:50 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP0.dll" [2009-07-13 2215960]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP0.dll" [2009-07-13 2215960]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-21 39408]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]

"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-04 133104]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

"ONAIR"="c:\program files\ONAIR\ONAIR.exe" [2009-10-09 680960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-21 68592]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"PCSuiteTrayApplication"="e:\nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 222720]

"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-22 2331936]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-08-17 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

"PcSync"="e:\nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

ImpulseNow.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-4-7 356352]

Stardock ObjectDock.lnk - c:\program files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe [2009-4-30 3446512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2009-3-3 151552]

wskype.lnk - c:\program files\wskype\wskype.exe [2007-5-5 23552]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7679:TCP"= 7679:TCP:mrppoh

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [09.10.2009 і. 19:41 114768]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [02.1.2070 і. 06:07 13696]

R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [22.8.2009 і. 22:04 24786]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09.10.2009 і. 19:41 20560]

R3 AEXPAM;Philips SmartManage Service;c:\windows\system32\drivers\aexpamdrv.sys [01.9.2004 і. 13:10 21824]

R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 і. 12:29 162176]

S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]

S2 ubksxhhik;Monitor Installer;c:\windows\system32\svchost.exe -k netsvcs [04.8.2004 і. 00:56 14336]

S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [22.8.2009 і. 22:04 45534]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2

*NewlyCreated* - MBR

*Deregistered* - CLASSPNP_2

*Deregistered* - mbr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ubksxhhik

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6455F474-9574-DC40-8169-05DC9F701D2B}]

c:\windows\system32\9\9r.exe s

.

Contents of the 'Scheduled Tasks' folder

2009-10-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1390067357-839522115-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-04 21:14]

2009-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1390067357-839522115-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-04 21:14]

2009-11-01 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2009-04-02 16:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.theprizeday.com/today.php

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TCP: {157D1474-84EC-4C08-8EDD-258123F28169} = 10.6.0.1

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6jycemp8.default\

FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe

AddRemove-HijackThis - c:\hijack this\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-01 19:32

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ubksxhhik]

"ServiceDll"="c:\windows\system32\odxky.dll"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2009-11-01 19:35

ComboFix-quarantined-files.txt 2009-11-01 17:34

Pre-Run: 3 032 506 368 bytes free

Post-Run: 3 207 102 464 bytes free

- - End Of File - - 1974468BA678A389AF7AAE386F515F01

Стъпка 1:

Моля, отидете на Start --> Settings --> Control Panel --> Add or Remove Programs, и деинсталирайте следните програми (Ако присъстват в списъка):

AskToolbar

avast! Antivirus

Стъпка 2:

Отворете Notepad и чрез комбинацията copy/paste поставете следния текст:

http://www.kaldata.com/forums/index.php?showtopic=140370


Killall::


Collect::

c:\windows\system32\odxky.dll


DirLook::

c:\windows\system32\9


Driver::

mrppoh


NetSvc::

ubksxhhik


Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7679:TCP"=-

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ubksxhhik]

"ServiceDll"=-

Запазете файла с името CFScript.txt и го поставете върху ComboFix.

След като, програмата приключи ще Ви изведе лог файла. Отново чрез комбинацията от Copy/Paste поставете информацията тук.

Тук ще имам малък проблем.Премахнах AskToolbar ,но ако премахна avast! Antivirus ,след което,ако вляза в интернен ще ми спре автоматично интернет достъпа,защото интернет доставчика ми ще ми засече,че компютъра ми е незащитен и има вирус/и. Ако може преди да я премахна и нея да ми препоръчаш някоя антивирусна програма....?

Добре, изчакай с премахването на avast, давай нататък.

Не ми изкара никакъв лог

Влез в C:\ComboFix.txt и публикувай съдържанието му.

Влез в C:\ComboFix.txt и публикувай съдържанието му.

Не съществува такъв файл! :{

Изтрийте ComboFix, изтеглете го отново от:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

И следвайте инструкциите, които Ви дадох и накрая публикувайте лог файла.

Бележка:

1. Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
   
2. ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
   
3. ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
   
4. ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
   
5. В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

Справих се сам с проблема с паметта сега,ако може само да кажеш как да си пусна пак autorun-а,IE да не ми е browser-а по подразбиране и как да си вкюча CD,Floppy и USB-то,защото са изключени.

Публикувайте лог файла от ComboFix и когато приключим с всичко ще Ви обясня.

Изтрих ComboFix и отново го инсталирах и пак не ми даде лог файл. Даде ми ето това - Благодаря ти за оказаната помощ,но след около седмица ще си преинсталирам PC-то и ще си слагам Windows 7,но през това време тези неща ще ми трябват (CD,Floppy,USB) и е много дразнещо като IE ми е browser-а по подразбиране! Сега ще ми кажеш ли как да си ги оправя както и autorun-a ? Благодаря!

Това е синия екран на смъртта - BSOD. Прикачи в www.rapidshare.de , dump файла от C:\WINDOWS\MiniDump , като се съобразиш с датата, трябва да бъде най-новият.

И какво правим сега,ако ми е изгубена информация и не мога да си я възтановя?... Кажи ми само как да си оправя autorun-а и CD,Floppy и USB и да спираме до тука докат не е станал fatal error...

А да! и IE да не ми е browser-a по подразбиране

П.С Ето ти линк - http://rapidshare.de/files/48720963/Mini102909-01.dmp.html

Редактирано 22 ноември 200916 г. от Djembi (преглед на промените)

Ето тук е описано как се възстановява тази опция:

http://www.ehow.com/how_5080046_restore-autoplay-xp.html

Ето тук е описано как се възстановява тази опция:

http://www.ehow.com/how_5080046_restore-autoplay-xp.html

А за IE да не ми е browser-a по подразбиране? + това дори не ми засича и дисковете,че са вътре...и това е след тея всички процедури които направихме

Не казваш с кой браузър си, затова ето ти за Firefox:

http://support.mozilla.com/en-US/kb/Como+tornar+o+Firefox+no+navegador+por+omissão

Проблемът с дисковете си е лично твой! Евентуалните промени съм ги описал в инструкциите си, а ComboFix не бара дисковете, само AutoPlay опцията и то я прави за твое добро, но нали трябва само да обвиняваш без да знаеш нищо.

Не те обвинявам Само казвам,че не ми засича дисковете като ги сложа в устройството. Използвам Opera. От тук не става http://www.opera.com/support/kb/view/802/ ....

Редактирано 22 ноември 200916 г. от Djembi (преглед на промените)

ОК Вае пак как да си изтрия вируса ?