Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Помогнете за следния проблем


Препоръчан отговор

В същност аз не съм на 100% сигурен, че имам вирус, но сиптомите, които има комютъра ми ме водят натая мисъл. Когато се стартирам НОД-а с идеята да ъпдейтна той се отваря само за част от секундата и веднага сам се затваря. Така става и със тази тема. В момента в който зареди веднага се затваря firefoxa. Ако заредя примерно gong.bg или facebook.com висчко е ОК. Повече от ясно е, че има проблем, който филтрира сайтове в които има ключови думи като nod, online scan ... и т.н.

Под safe mode зарежда всички страници, ъпдейта също тръгва, но не успявам да ъпдейтна. Дава ми conection terminated ... или нещо такова. Скенирах с SUPERAntiSpyware, откри разни работи, изчисти всичко (уж), но този проблем остана.

Има още едно странно нещо. До преди ден-два на компютъра имаше исталирана антивирусна програма Avira, която по много странни причини изчезна. Не знам как е станало, защото аз малко работя на този компютър. Дали по някакъв начин, някой по невнимание я е деинсталирал или самия вирус я е изтрил не знам. Забелязах че имаше някакъв проблем с ъпдейтването на Avira но какъв не мога да кажа. След като усетих, че има проблем с компютъра инсталирах НОД 32, но със стари дефиниции (не знам от кога)

Ето лог-а от Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.42

Database version: 3429

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

25.12.2009 г. 22:59:37

mbam-log-2009-12-25 (22-59-28).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)

Objects scanned: 178012

Time elapsed: 22 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 14

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\user\Desktop\Sofiq.scr (Trojan.Chydo) -> No action taken.

C:\Documents and Settings\user\Local Settings\Temp\gegcazmfdfb.exe (Trojan.Vilsel) -> No action taken.

Ето лога от HJT

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:06:35, on 25.12.2009 г.

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\zxrigyyrkfqykqyhesqkb.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\FixCamera.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZJfox000&ptb=whM5cwpAFDyqWoWgwz7QVg

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [wjsylshpxh] xtlawmkbsluakoubwie.exe

O4 - HKLM\..\Run: [wpeqjwrftjpszadh] C:\DOCUME~1\user\LOCALS~1\Temp\wpeqjwrftjpszadh.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ndpyoyqbmzccg] khaqnedvnhryjovdzmjc.exe

O4 - HKCU\..\Run: [wjsylshpxh] C:\DOCUME~1\user\LOCALS~1\Temp\dxnauietizgksuydw.exe

O4 - HKLM\..\Policies\Explorer\Run: [odowlulvfrts] zxrigyyrkfqykqyhesqkb.exe

O4 - HKLM\..\Policies\Explorer\Run: [dpxcouipw] C:\DOCUME~1\user\LOCALS~1\Temp\mhymhwtjzrzenqvbvg.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Search - ?p=ZJfox000

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Update Service (gupdate1c9e681e6d0ad58) (gupdate1c9e681e6d0ad58) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 8003 bytes

Това от мен. Надявам се да помогнете :cool:

Линк към коментара
Сподели в други сайтове

Защо след като сканирането е приключило успешно не сте цъкнали върху Remove Selected (Премахни избраните). Повтори процедурата, накрая цъкни върху Remove Selected, а накрая публикувай лог файла.

Линк към коментара
Сподели в други сайтове

Хмм, това на HJT или mbam ?

Malwarebytes Anti-Malware:

Malwarebytes' Anti-Malware 1.42

Database version: 3429

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

25.12.2009 г. 23:52:33

mbam-log-2009-12-25 (23-52-33).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)

Objects scanned: 178119

Time elapsed: 22 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:54:51, on 25.12.2009 г.

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\zxrigyyrkfqykqyhesqkb.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\FixCamera.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZJfox000&ptb=whM5cwpAFDyqWoWgwz7QVg

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [wjsylshpxh] xtlawmkbsluakoubwie.exe

O4 - HKLM\..\Run: [wpeqjwrftjpszadh] C:\DOCUME~1\user\LOCALS~1\Temp\wpeqjwrftjpszadh.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ndpyoyqbmzccg] khaqnedvnhryjovdzmjc.exe

O4 - HKCU\..\Run: [wjsylshpxh] C:\DOCUME~1\user\LOCALS~1\Temp\dxnauietizgksuydw.exe

O4 - HKLM\..\Policies\Explorer\Run: [odowlulvfrts] zxrigyyrkfqykqyhesqkb.exe

O4 - HKLM\..\Policies\Explorer\Run: [dpxcouipw] C:\DOCUME~1\user\LOCALS~1\Temp\mhymhwtjzrzenqvbvg.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Search - ?p=ZJfox000

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Update Service (gupdate1c9e681e6d0ad58) (gupdate1c9e681e6d0ad58) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 7970 bytes

Toва е от мен :)

Линк към коментара
Сподели в други сайтове

Изтеглете OTL (от OldTimer) и го запазете на вашия десктоп.

Кликнете два пъти върху OTL.exe, за да стартирате програмата.

Сложете отметки преди следните неща:


  • Scan all users
  • Lop check
  • Purity check

Под секцията Extra Registry, изберете Use SafeList

Кликнете на Run Scan и изчакайте да завърши сканирането. (може да отнеме 10-15 минути)

Когато завърши, публикувайте следните два лог файла:

  • OTL.txt (намира се на вашия десктоп)
  • Extras.txt (ще Ви се отвори автоматично)

Линк към коментара
Сподели в други сайтове

Ето лога от HJT

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:06:35, on 25.12.2009 г.

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\zxrigyyrkfqykqyhesqkb.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\FixCamera.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZJfox000&ptb=whM5cwpAFDyqWoWgwz7QVg

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [wjsylshpxh] xtlawmkbsluakoubwie.exe

O4 - HKLM\..\Run: [wpeqjwrftjpszadh] C:\DOCUME~1\user\LOCALS~1\Temp\wpeqjwrftjpszadh.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ndpyoyqbmzccg] khaqnedvnhryjovdzmjc.exe

O4 - HKCU\..\Run: [wjsylshpxh] C:\DOCUME~1\user\LOCALS~1\Temp\dxnauietizgksuydw.exe

O4 - HKLM\..\Policies\Explorer\Run: [odowlulvfrts] zxrigyyrkfqykqyhesqkb.exe

O4 - HKLM\..\Policies\Explorer\Run: [dpxcouipw] C:\DOCUME~1\user\LOCALS~1\Temp\mhymhwtjzrzenqvbvg.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Search - ?p=ZJfox000

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Update Service (gupdate1c9e681e6d0ad58) (gupdate1c9e681e6d0ad58) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 8003 bytes

Това от мен. Надявам се да помогнете :yanim:

Аз пък съм 100% сигурен че "антивирусната" ти програма за нищо не става. Дори и след "изчистването" бозите в червено остават.

Редактирано от Maniac
Част от цитата е премахнат! (от Maniac) (преглед на промените)
Линк към коментара
Сподели в други сайтове

Антивирусната не е подходяща, защото е твърде стара.

Относно тези неща - тях ще ги премахна и не остават! Прегледайте другите 30 теми в този подфорум и ще се обидете, че с каквото се е захванал нашия екип го е изчистил, особено този Chydo.

Линк към коментара
Сподели в други сайтове

Ето лога на OLT

OTL logfile created on: 26.12.2009 г. 14:19:49 - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\user\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 78,13 Gb Total Space | 61,00 Gb Free Space | 78,08% Space Free | Partition Type: NTFS

Drive D: | 97,65 Gb Total Space | 7,37 Gb Free Space | 7,54% Space Free | Partition Type: NTFS

Drive E: | 146,48 Gb Total Space | 32,27 Gb Free Space | 22,03% Space Free | Partition Type: NTFS

Drive F: | 143,49 Gb Total Space | 143,41 Gb Free Space | 99,95% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USER-PC

Current User Name: user

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2009.12.26 11:04:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

PRC - [2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\system32\zxrigyyrkfqykqyhesqkb.exe

PRC - [2009.12.25 12:02:02 | 00,921,600 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exe

PRC - [2009.12.25 12:02:02 | 00,507,904 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe

PRC - [2009.12.17 09:14:10 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009.03.18 17:50:30 | 04,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

PRC - [2008.04.14 02:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe

PRC - [2008.04.14 02:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008.02.26 06:00:02 | 00,520,192 | R--- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

PRC - [2007.04.16 22:28:22 | 00,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2007.04.04 00:29:15 | 00,165,784 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe

PRC - [2007.02.12 14:50:40 | 00,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe

========== Modules (SafeList) ==========

MOD - [2009.12.26 11:04:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009.12.25 12:02:02 | 00,507,904 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)

SRV - [2009.06.06 10:36:33 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9e681e6d0ad58) Google Update Service (gupdate1c9e681e6d0ad58)

SRV - [2009.06.02 09:10:08 | 00,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2008.04.14 02:11:56 | 00,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)

SRV - [2008.02.26 06:00:02 | 00,520,192 | R--- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)

SRV - [2007.06.04 22:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)

SRV - [2007.06.04 22:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)

SRV - [2006.11.08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)

SRV - [2006.11.08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)

SRV - [2003.07.28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2009.12.25 12:02:02 | 00,502,368 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)

DRV - [2009.08.27 21:42:00 | 00,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009.08.05 15:06:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

DRV - [2009.08.05 15:06:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2009.08.05 15:06:28 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009.02.09 07:37:56 | 00,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2009.02.09 07:37:48 | 00,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2009.02.09 07:37:46 | 00,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2009.02.09 07:37:46 | 00,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2008.04.13 19:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)

DRV - [2008.04.13 18:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2008.04.13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008.02.26 08:51:43 | 02,863,616 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2008.01.25 00:36:16 | 04,127,488 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2007.10.12 16:15:00 | 00,054,144 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2007.10.12 16:15:00 | 00,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2007.05.14 10:12:28 | 03,526,464 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtHDMI.sys -- (RTHDMIAzAudService)

DRV - [2007.04.26 11:03:12 | 10,343,168 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325)

DRV - [2007.03.08 06:20:50 | 00,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)

DRV - [2007.03.08 06:20:49 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)

DRV - [2007.03.08 06:20:48 | 00,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)

DRV - [2007.03.08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)

DRV - [2005.05.31 14:40:20 | 00,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)

DRV - [2005.05.31 08:42:28 | 00,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)

DRV - [2005.04.30 13:50:20 | 00,011,860 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBTEnum.sys -- (BTHidEnum)

DRV - [2005.04.30 13:50:10 | 00,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)

DRV - [2005.04.30 13:48:58 | 00,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)

DRV - [2005.03.25 16:18:48 | 00,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)

DRV - [2004.10.19 12:37:38 | 00,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)

DRV - [2004.08.04 00:29:50 | 00,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)

DRV - [2004.08.04 00:29:48 | 00,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)

DRV - [2004.08.04 00:29:46 | 00,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)

DRV - [2004.08.04 00:29:46 | 00,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)

DRV - [2004.08.04 00:29:46 | 00,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)

DRV - [2004.08.04 00:29:44 | 00,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)

DRV - [2004.08.04 00:29:44 | 00,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)

DRV - [2004.08.04 00:29:42 | 00,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)

DRV - [2004.08.04 00:29:42 | 00,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)

DRV - [2004.08.04 00:29:40 | 00,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)

DRV - [2004.08.04 00:29:40 | 00,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)

DRV - [2004.08.04 00:29:38 | 00,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)

DRV - [2004.08.04 00:29:38 | 00,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)

DRV - [2004.08.04 00:29:38 | 00,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)

DRV - [2004.08.04 00:29:38 | 00,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)

DRV - [2001.08.23 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2001.08.23 14:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)

DRV - [2001.08.17 14:20:04 | 00,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)

DRV - [2001.08.17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®

DRV - [2001.08.17 13:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://paltalk.myway.com

IE - HKCU\..\URLSearchHook: {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (Ask.com)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"

FF - prefs.js..browser.startup.homepage: "http://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZJfox000&ptb=whM5cwpAFDyqWoWgwz7QVg"

FF - prefs.js..extensions.enabledItems: [email protected]:1.01

FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=whM5cwpAFDyqWoWgwz7QVg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.10.13 05:18:51 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.12.17 09:14:15 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.12.17 09:14:15 | 00,000,000 | ---D | M]

[2009.08.27 22:41:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions

[2009.12.25 14:12:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ouj669ax.default\extensions

[2009.12.25 13:35:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ouj669ax.default\extensions\[email protected]

[2009.09.30 23:58:24 | 00,000,325 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ouj669ax.default\searchplugins\mywebsearch.xml

[2009.08.27 22:40:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009.07.31 00:46:07 | 00,001,083 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\911bg.xml

[2009.07.31 00:46:07 | 00,002,442 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\diribg.xml

[2009.07.31 00:46:07 | 00,001,515 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pe-bg.xml

[2009.07.31 00:46:07 | 00,001,857 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\portalbgdict.xml

[2009.07.31 00:46:07 | 00,001,220 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-bg.xml

O1 HOSTS File: (297250 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 10268 more lines...

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (Ask Search Assistant BHO) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (Ask.com)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)

O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)

O2 - BHO: (Ask Toolbar BHO) - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)

O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe ()

O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [wjsylshpxh] C:\WINDOWS\System32\xtlawmkbsluakoubwie.exe ()

O4 - HKLM..\Run: [wpeqjwrftjpszadh] C:\Documents and Settings\user\Local Settings\Temp\wpeqjwrftjpszadh.exe ()

O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [ndpyoyqbmzccg] C:\WINDOWS\System32\khaqnedvnhryjovdzmjc.exe ()

O4 - HKCU..\Run: [wjsylshpxh] C:\Documents and Settings\user\Local Settings\Temp\dxnauietizgksuydw.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: odowlulvfrts = zxrigyyrkfqykqyhesqkb.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: dpxcouipw = C:\DOCUME~1\user\LOCALS~1\Temp\mhymhwtjzrzenqvbvg.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()

O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)

O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, Inc.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\imon.dll (Eset )

O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.9.224.2 217.9.224.3

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003.02.22 19:54:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{504cb3cb-4e39-11de-ab84-001c2538d4e2}\Shell\AutoRun\command - "" = wscript.exe .\.vbs

O33 - MountPoints2\{504cb3cb-4e39-11de-ab84-001c2538d4e2}\Shell\open\command - "" = wscript.exe .\.vbs

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009.12.26 11:03:31 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

[2009.12.26 09:24:02 | 00,000,000 | ---D | C] -- C:\Program Files\AskPBar

[2009.12.26 09:21:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Paltalk

[2009.12.26 09:21:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\PaltalkScene

[2009.12.26 09:21:36 | 00,000,000 | ---D | C] -- C:\Program Files\Paltalk Messenger

[2009.12.25 23:04:07 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009.12.25 22:20:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009.12.25 22:20:57 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009.12.25 22:20:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009.12.25 22:17:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\New Folder (2)

[2009.12.25 21:43:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\da4inka

[2009.12.25 12:02:28 | 00,502,368 | ---- | C] (Eset ) -- C:\WINDOWS\System32\drivers\amon.sys

[2009.12.25 12:02:28 | 00,270,336 | ---- | C] (Eset ) -- C:\WINDOWS\System32\imon.dll

[2009.12.25 12:02:28 | 00,000,000 | ---D | C] -- C:\Program Files\Eset

[2009.12.25 12:01:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\NOD32

[2009.12.17 10:15:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\HERBALIFE

[2009.12.10 16:17:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\N G 2010

[2009.12.09 13:51:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\FACE

[2009.12.07 11:31:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\IZLI6NO :D

[2009.12.07 10:49:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\TikGames

[2009.12.07 10:49:10 | 00,000,000 | ---D | C] -- C:\Program Files\Hasbro

[2009.11.29 09:44:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009.11.29 09:44:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2009.11.27 10:56:13 | 00,000,000 | ---D | C] -- C:\Temp

[2009.11.27 10:56:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Syntrillium

[2009.11.27 10:55:55 | 01,683,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvcore2.dll

[2009.11.27 10:55:55 | 00,665,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv8dmoe.dll

[2009.11.27 10:55:55 | 00,572,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvdmoe.dll

[2009.11.27 10:55:55 | 00,438,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv8dmod.dll

[2009.11.27 10:55:55 | 00,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmidx2.ocx

[2009.11.27 10:54:33 | 00,000,000 | ---D | C] -- C:\Program Files\coolpro2

[2009.11.26 16:34:39 | 00,000,000 | ---D | C] -- C:\Program Files\Qni

[2009.11.26 16:34:35 | 00,000,000 | ---D | C] -- C:\cddatakom

[2009.06.28 12:47:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2009.06.06 10:36:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2009.03.27 15:18:23 | 00,147,456 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp325.dll

[2009.03.27 15:18:23 | 00,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnp325.dll

[2009.03.27 15:18:23 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp325.dll

[2009.02.25 17:47:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2003.02.22 20:02:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2003.02.22 20:02:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009.12.26 13:57:00 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009.12.26 13:50:30 | 08,126,464 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT

[2009.12.26 12:20:00 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009.12.26 12:18:35 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2009.12.26 12:18:22 | 00,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009.12.26 12:18:18 | 00,000,240 | ---- | M] () -- C:\WINDOWS\tasks\NOD32.job

[2009.12.26 12:18:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009.12.26 12:18:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009.12.26 11:04:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

[2009.12.26 09:21:41 | 00,001,640 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk

[2009.12.26 09:21:41 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\user\Desktop\PaltalkScene.lnk

[2009.12.26 09:21:41 | 00,001,312 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Upgrade to Paltalk Extreme.lnk

[2009.12.26 09:16:32 | 10,660,416 | ---- | M] () -- C:\Documents and Settings\user\Desktop\pal_install_r17704.exe

[2009.12.25 23:59:39 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini

[2009.12.25 23:06:13 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\user\Desktop\HijackThis.lnk

[2009.12.25 23:00:56 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db

[2009.12.25 22:21:02 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009.12.25 22:05:08 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\System32\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo

[2009.12.25 22:05:08 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo

[2009.12.25 22:05:08 | 00,000,316 | -H-- | M] () -- C:\Program Files\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo

[2009.12.25 22:05:08 | 00,000,316 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo

[2009.12.25 22:04:50 | 00,002,336 | -H-- | M] () -- C:\WINDOWS\System32\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx

[2009.12.25 22:04:50 | 00,002,336 | -H-- | M] () -- C:\WINDOWS\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx

[2009.12.25 22:04:50 | 00,002,336 | -H-- | M] () -- C:\Program Files\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx

[2009.12.25 22:04:50 | 00,002,336 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx

[2009.12.25 22:04:50 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\bdbwyuyvsrgsiserskmkf.dhe

[2009.12.25 22:04:50 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\bdbwyuyvsrgsiserskmkf.dhe

[2009.12.25 22:04:50 | 00,000,280 | -H-- | M] () -- C:\Program Files\bdbwyuyvsrgsiserskmkf.dhe

[2009.12.25 22:04:50 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\bdbwyuyvsrgsiserskmkf.dhe

[2009.12.25 22:04:07 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\zxrigyyrkfqykqyhesqkb.exe

[2009.12.25 22:04:07 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\xtlawmkbsluakoubwie.exe

[2009.12.25 22:04:07 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\qpkcbuvpjfranudnlazuml.exe

[2009.12.25 22:04:07 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\mhymhwtjzrzenqvbvg.exe

[2009.12.25 22:04:07 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\khaqnedvnhryjovdzmjc.exe

[2009.12.25 22:04:07 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\dxnauietizgksuydw.exe

[2009.12.25 22:04:06 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\wpeqjwrftjpszadh.exe

[2009.12.25 14:15:33 | 00,000,463 | -H-- | M] () -- C:\WINDOWS\System32\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo

[2009.12.25 14:15:33 | 00,000,463 | -H-- | M] () -- C:\WINDOWS\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo

[2009.12.25 14:15:33 | 00,000,463 | -H-- | M] () -- C:\Program Files\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo

[2009.12.25 14:15:33 | 00,000,463 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo

[2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\zxrigyyrkfqykqyhesqkb.exe

[2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\xtlawmkbsluakoubwie.exe

[2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\wpeqjwrftjpszadh.exe

[2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\qpkcbuvpjfranudnlazuml.exe

[2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\mhymhwtjzrzenqvbvg.exe

[2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\khaqnedvnhryjovdzmjc.exe

[2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\dxnauietizgksuydw.exe

[2009.12.25 13:51:55 | 00,000,940 | ---- | M] () -- C:\WINDOWS\win.ini

[2009.12.25 13:51:55 | 00,000,255 | ---- | M] () -- C:\WINDOWS\system.ini

[2009.12.25 13:51:55 | 00,000,211 | -H-- | M] () -- C:\boot.ini

[2009.12.25 13:38:01 | 02,672,312 | ---- | M] () -- C:\Documents and Settings\user\Desktop\esetsmartinstaller_enu.exe

[2009.12.25 12:11:02 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2009.12.25 12:02:03 | 00,270,336 | ---- | M] (Eset ) -- C:\WINDOWS\System32\imon.dll

[2009.12.25 12:02:02 | 00,502,368 | ---- | M] (Eset ) -- C:\WINDOWS\System32\drivers\amon.sys

[2009.12.25 11:50:07 | 09,930,852 | ---- | M] () -- C:\Documents and Settings\user\Desktop\NOD32 2.51.20 + Fixer.rar

[2009.12.25 10:08:36 | 05,595,648 | ---- | M] () -- C:\Documents and Settings\user\Desktop\2010.pps

[2009.12.24 19:31:33 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009.12.24 00:41:52 | 00,100,566 | ---- | M] () -- C:\Documents and Settings\user\Desktop\5B05DE90-A29C-4077-B03C-E485E6B12F27.jpg

[2009.12.23 13:35:26 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl

[2009.12.23 13:35:26 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\System32\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl

[2009.12.23 13:35:26 | 00,004,248 | -H-- | M] () -- C:\Program Files\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl

[2009.12.23 13:35:26 | 00,004,248 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl

[2009.12.22 21:51:13 | 00,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat

[2009.12.22 20:34:34 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009.12.22 12:30:53 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Земя.lnk

[2009.12.21 13:10:32 | 05,246,339 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Emanuela i Krum - Nishto Ne Znaesh.mp3

[2009.12.20 11:09:50 | 00,054,964 | ---- | M] () -- C:\Documents and Settings\user\Desktop\grafik.jpg

[2009.12.19 18:15:29 | 00,000,824 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Yahoo! Messenger (2).lnk

[2009.12.17 16:34:31 | 00,033,972 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Kate.And.Leopold.2001.BRRip.XviD.AC3-KiNGS.rar

[2009.12.17 16:22:45 | 00,074,752 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.12.14 09:35:54 | 00,045,996 | ---- | M] () -- C:\Documents and Settings\user\Desktop\NOKTO.JPG

[2009.12.12 20:40:52 | 04,648,682 | ---- | M] () -- C:\Documents and Settings\user\Desktop\01 Track 1.wma

[2009.12.12 17:23:55 | 00,041,440 | ---- | M] () -- C:\Documents and Settings\user\Desktop\The.Ugly.Truth.BRRip.XviD.AC3_DEViSE.(subs.sab.bz).zip

[2009.12.10 16:34:09 | 00,247,936 | ---- | M] () -- C:\Documents and Settings\user\Desktop\02.Romski Perli - Sadam kjuchek.mp3

[2009.12.10 16:33:54 | 00,247,936 | ---- | M] () -- C:\Documents and Settings\user\Desktop\07.Romski Perli - Buljasa.mp3

[2009.12.10 16:33:30 | 00,247,936 | ---- | M] () -- C:\Documents and Settings\user\Desktop\11.Romski Perli - Ajde romnie.mp3

[2009.12.08 20:36:34 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to MonopolyPB.exe.lnk

[2009.12.08 13:03:13 | 04,778,109 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Tose Proeski - Soba Za Tugu (AtaPulja).mp3

[2009.12.05 09:49:06 | 00,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009.12.05 09:48:50 | 00,029,024 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009.12.05 01:52:43 | 00,000,471 | ---- | M] () -- C:\Documents and Settings\user\Desktop\EuroDictXP.lnk

[2009.12.03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009.12.03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009.12.02 10:01:26 | 00,429,568 | ---- | M] () -- C:\Documents and Settings\user\Desktop\CV-BG_var2.doc

[2009.12.02 10:00:01 | 00,429,568 | ---- | M] () -- C:\Documents and Settings\user\My Documents\CV-BG_var1.doc

[2009.12.01 12:09:26 | 00,000,326 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

[2009.12.01 11:00:13 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

[2009.11.29 23:48:15 | 93,932,317 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Ivan i Koceto.rar

[2009.11.27 10:55:55 | 00,156,910 | ---- | M] () -- C:\WINDOWS\WMSysPr8.prx

[2009.11.27 10:55:53 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Cool Edit Pro 2.0.lnk

[2009.11.26 16:34:40 | 00,000,534 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CD Данъчен коментар.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009.12.26 09:21:41 | 00,001,640 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk

[2009.12.26 09:21:41 | 00,001,620 | ---- | C] () -- C:\Documents and Settings\user\Desktop\PaltalkScene.lnk

[2009.12.26 09:21:41 | 00,001,312 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Upgrade to Paltalk Extreme.lnk

[2009.12.26 08:57:55 | 10,660,416 | ---- | C] () -- C:\Documents and Settings\user\Desktop\pal_install_r17704.exe

[2009.12.25 23:04:09 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\user\Desktop\HijackThis.lnk

[2009.12.25 22:21:02 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009.12.25 13:31:15 | 02,672,312 | ---- | C] () -- C:\Documents and Settings\user\Desktop\esetsmartinstaller_enu.exe

[2009.12.25 13:22:00 | 00,000,240 | ---- | C] () -- C:\WINDOWS\tasks\NOD32.job

[2009.12.25 12:11:02 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2009.12.25 11:32:44 | 09,930,852 | ---- | C] () -- C:\Documents and Settings\user\Desktop\NOD32 2.51.20 + Fixer.rar

[2009.12.24 16:51:51 | 05,595,648 | ---- | C] () -- C:\Documents and Settings\user\Desktop\2010.pps

[2009.12.24 00:41:39 | 00,100,566 | ---- | C] () -- C:\Documents and Settings\user\Desktop\5B05DE90-A29C-4077-B03C-E485E6B12F27.jpg

[2009.12.23 13:35:38 | 00,002,336 | -H-- | C] () -- C:\WINDOWS\System32\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx

[2009.12.23 13:35:38 | 00,002,336 | -H-- | C] () -- C:\WINDOWS\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx

[2009.12.23 13:35:38 | 00,002,336 | -H-- | C] () -- C:\Program Files\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx

[2009.12.23 13:35:38 | 00,002,336 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx

[2009.12.23 13:35:37 | 00,000,463 | -H-- | C] () -- C:\WINDOWS\System32\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo

[2009.12.23 13:35:37 | 00,000,463 | -H-- | C] () -- C:\WINDOWS\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo

[2009.12.23 13:35:37 | 00,000,463 | -H-- | C] () -- C:\Program Files\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo

[2009.12.23 13:35:37 | 00,000,463 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo

[2009.12.23 13:35:37 | 00,000,316 | -H-- | C] () -- C:\WINDOWS\System32\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo

[2009.12.23 13:35:37 | 00,000,316 | -H-- | C] () -- C:\WINDOWS\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo

[2009.12.23 13:35:37 | 00,000,316 | -H-- | C] () -- C:\Program Files\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo

[2009.12.23 13:35:37 | 00,000,316 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo

[2009.12.23 13:35:26 | 00,004,248 | -H-- | C] () -- C:\WINDOWS\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl

[2009.12.23 13:35:26 | 00,004,248 | -H-- | C] () -- C:\WINDOWS\System32\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl

[2009.12.23 13:35:26 | 00,004,248 | -H-- | C] () -- C:\Program Files\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl

[2009.12.23 13:35:26 | 00,004,248 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl

[2009.12.23 13:35:25 | 00,000,280 | -H-- | C] () -- C:\WINDOWS\System32\bdbwyuyvsrgsiserskmkf.dhe

[2009.12.23 13:35:25 | 00,000,280 | -H-- | C] () -- C:\WINDOWS\bdbwyuyvsrgsiserskmkf.dhe

[2009.12.23 13:35:25 | 00,000,280 | -H-- | C] () -- C:\Program Files\bdbwyuyvsrgsiserskmkf.dhe

[2009.12.23 13:35:25 | 00,000,280 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\bdbwyuyvsrgsiserskmkf.dhe

[2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\zxrigyyrkfqykqyhesqkb.exe

[2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\xtlawmkbsluakoubwie.exe

[2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\wpeqjwrftjpszadh.exe

[2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\qpkcbuvpjfranudnlazuml.exe

[2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\mhymhwtjzrzenqvbvg.exe

[2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\khaqnedvnhryjovdzmjc.exe

[2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\dxnauietizgksuydw.exe

[2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\zxrigyyrkfqykqyhesqkb.exe

[2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\xtlawmkbsluakoubwie.exe

[2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\wpeqjwrftjpszadh.exe

[2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\qpkcbuvpjfranudnlazuml.exe

[2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\mhymhwtjzrzenqvbvg.exe

[2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\khaqnedvnhryjovdzmjc.exe

[2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\dxnauietizgksuydw.exe

[2009.12.22 12:30:53 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Земя.lnk

[2009.12.21 13:01:09 | 05,246,339 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Emanuela i Krum - Nishto Ne Znaesh.mp3

[2009.12.20 11:09:50 | 00,054,964 | ---- | C] () -- C:\Documents and Settings\user\Desktop\grafik.jpg

[2009.12.19 18:15:29 | 00,000,824 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Yahoo! Messenger (2).lnk

[2009.12.17 16:34:29 | 00,033,972 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Kate.And.Leopold.2001.BRRip.XviD.AC3-KiNGS.rar

[2009.12.14 09:35:53 | 00,045,996 | ---- | C] () -- C:\Documents and Settings\user\Desktop\NOKTO.JPG

[2009.12.12 20:38:41 | 04,648,682 | ---- | C] () -- C:\Documents and Settings\user\Desktop\01 Track 1.wma

[2009.12.12 17:23:55 | 00,041,440 | ---- | C] () -- C:\Documents and Settings\user\Desktop\The.Ugly.Truth.BRRip.XviD.AC3_DEViSE.(subs.sab.bz).zip

[2009.12.10 16:34:09 | 00,247,936 | ---- | C] () -- C:\Documents and Settings\user\Desktop\02.Romski Perli - Sadam kjuchek.mp3

[2009.12.10 16:33:54 | 00,247,936 | ---- | C] () -- C:\Documents and Settings\user\Desktop\07.Romski Perli - Buljasa.mp3

[2009.12.10 16:33:30 | 00,247,936 | ---- | C] () -- C:\Documents and Settings\user\Desktop\11.Romski Perli - Ajde romnie.mp3

[2009.12.08 20:36:34 | 00,000,806 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to MonopolyPB.exe.lnk

[2009.12.08 13:03:08 | 04,778,109 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Tose Proeski - Soba Za Tugu (AtaPulja).mp3

[2009.12.05 01:52:43 | 00,000,471 | ---- | C] () -- C:\Documents and Settings\user\Desktop\EuroDictXP.lnk

[2009.12.02 10:01:26 | 00,429,568 | ---- | C] () -- C:\Documents and Settings\user\Desktop\CV-BG_var2.doc

[2009.12.02 09:34:40 | 00,429,568 | ---- | C] () -- C:\Documents and Settings\user\My Documents\CV-BG_var1.doc

[2009.11.29 23:47:29 | 93,932,317 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Ivan i Koceto.rar

[2009.11.27 10:55:55 | 00,156,910 | ---- | C] () -- C:\WINDOWS\WMSysPr8.prx

[2009.11.27 10:55:53 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cool Edit Pro 2.0.lnk

[2009.11.26 16:34:40 | 00,000,534 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CD Данъчен коментар.lnk

[2009.10.26 19:10:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI

[2009.10.26 18:55:21 | 00,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2009.10.18 12:59:21 | 00,480,128 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2009.10.14 13:15:49 | 00,000,227 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI

[2009.08.27 21:42:00 | 00,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009.07.01 14:59:19 | 00,014,810 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009.03.27 15:20:18 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys

[2009.03.27 15:20:18 | 00,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBTEnum.sys

[2009.03.27 15:18:25 | 00,015,498 | ---- | C] () -- C:\WINDOWS\snp325.ini

[2009.03.09 12:15:25 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2009.02.25 17:29:53 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009.02.25 17:29:46 | 00,074,752 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.02.24 19:17:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2009.02.24 17:53:41 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004.12.20 12:08:28 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2004.12.20 12:03:26 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2003.01.07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002.12.14 23:46:02 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll

[2002.12.14 23:46:02 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2002.12.14 23:46:02 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[2002.12.14 22:46:04 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

[2002.11.15 14:11:26 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll

< End of report >

Линк към коментара
Сподели в други сайтове

nikolaipapazov, създайте си своя собствена тема!!!!!

pocketrocket,

  • Стартирайте OTL.exe
  • Под Custom Scans/Fixes поставете следния скрипт:

:OTL

PRC - [2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\system32\zxrigyyrkfqykqyhesqkb.exe

FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"

FF - prefs.js..browser.startup.homepage: "http://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZJfox000&ptb=whM5cwpAFDyqWoWgwz7QVg"

FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=whM5cwpAFDyqWoWgwz7QVg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O4 - HKLM..\Run: [wjsylshpxh] C:\WINDOWS\System32\xtlawmkbsluakoubwie.exe ()

O4 - HKLM..\Run: [wpeqjwrftjpszadh] C:\Documents and Settings\user\Local Settings\Temp\wpeqjwrftjpszadh.exe ()

O4 - HKCU..\Run: [ndpyoyqbmzccg] C:\WINDOWS\System32\khaqnedvnhryjovdzmjc.exe ()

O4 - HKCU..\Run: [wjsylshpxh] C:\Documents and Settings\user\Local Settings\Temp\dxnauietizgksuydw.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: odowlulvfrts = zxrigyyrkfqykqyhesqkb.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: dpxcouipw = C:\DOCUME~1\user\LOCALS~1\Temp\mhymhwtjzrzenqvbvg.exe ()

O32 - AutoRun File - [2003.02.22 19:54:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{504cb3cb-4e39-11de-ab84-001c2538d4e2}\Shell\AutoRun\command - "" = wscript.exe .\.vbs

O33 - MountPoints2\{504cb3cb-4e39-11de-ab84-001c2538d4e2}\Shell\open\command - "" = wscript.exe .\.vbs

[2009.12.25 22:05:08 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\System32\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo

[2009.12.25 22:05:08 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo

[2009.12.25 22:05:08 | 00,000,316 | -H-- | M] () -- C:\Program Files\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo

[2009.12.25 22:05:08 | 00,000,316 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo

[2009.12.25 22:04:50 | 00,002,336 | -H-- | M] () -- C:\WINDOWS\System32\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx

[2009.12.25 22:04:50 | 00,002,336 | -H-- | M] () -- C:\WINDOWS\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx

[2009.12.25 22:04:50 | 00,002,336 | -H-- | M] () -- C:\Program Files\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx

[2009.12.25 22:04:50 | 00,002,336 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx

[2009.12.25 22:04:50 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\bdbwyuyvsrgsiserskmkf.dhe

[2009.12.25 22:04:50 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\bdbwyuyvsrgsiserskmkf.dhe

[2009.12.25 22:04:50 | 00,000,280 | -H-- | M] () -- C:\Program Files\bdbwyuyvsrgsiserskmkf.dhe

[2009.12.25 22:04:50 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\bdbwyuyvsrgsiserskmkf.dhe

[2009.12.25 22:04:07 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\zxrigyyrkfqykqyhesqkb.exe

[2009.12.25 22:04:07 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\xtlawmkbsluakoubwie.exe

[2009.12.25 22:04:07 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\qpkcbuvpjfranudnlazuml.exe

[2009.12.25 22:04:07 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\mhymhwtjzrzenqvbvg.exe

[2009.12.25 22:04:07 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\khaqnedvnhryjovdzmjc.exe

[2009.12.25 22:04:07 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\dxnauietizgksuydw.exe

[2009.12.25 22:04:06 | 00,602,112 | RHS- | M] () -- C:\WINDOWS\wpeqjwrftjpszadh.exe

[2009.12.25 14:15:33 | 00,000,463 | -H-- | M] () -- C:\WINDOWS\System32\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo

[2009.12.25 14:15:33 | 00,000,463 | -H-- | M] () -- C:\WINDOWS\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo

[2009.12.25 14:15:33 | 00,000,463 | -H-- | M] () -- C:\Program Files\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo

[2009.12.25 14:15:33 | 00,000,463 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo

[2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\zxrigyyrkfqykqyhesqkb.exe

[2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\xtlawmkbsluakoubwie.exe

[2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\wpeqjwrftjpszadh.exe

[2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\qpkcbuvpjfranudnlazuml.exe

[2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\mhymhwtjzrzenqvbvg.exe

[2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\khaqnedvnhryjovdzmjc.exe

[2009.12.25 14:05:21 | 00,585,728 | RHS- | M] () -- C:\WINDOWS\System32\dxnauietizgksuydw.exe

[2009.12.25 11:50:07 | 09,930,852 | ---- | M] () -- C:\Documents and Settings\user\Desktop\NOD32 2.51.20 + Fixer.rar

[2009.12.23 13:35:26 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl

[2009.12.23 13:35:26 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\System32\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl

[2009.12.23 13:35:26 | 00,004,248 | -H-- | M] () -- C:\Program Files\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl

[2009.12.23 13:35:26 | 00,004,248 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl

[2009.12.23 13:35:38 | 00,002,336 | -H-- | C] () -- C:\WINDOWS\System32\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx

[2009.12.23 13:35:38 | 00,002,336 | -H-- | C] () -- C:\WINDOWS\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx

[2009.12.23 13:35:38 | 00,002,336 | -H-- | C] () -- C:\Program Files\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx

[2009.12.23 13:35:38 | 00,002,336 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\dpxcouipwfeaauqnyamuzlrfmtcbxxr.kvx

[2009.12.23 13:35:37 | 00,000,463 | -H-- | C] () -- C:\WINDOWS\System32\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo

[2009.12.23 13:35:37 | 00,000,463 | -H-- | C] () -- C:\WINDOWS\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo

[2009.12.23 13:35:37 | 00,000,463 | -H-- | C] () -- C:\Program Files\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo

[2009.12.23 13:35:37 | 00,000,463 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\ndpyoyqbmzccgeefuaqclbldozmpptrrshn.pyo

[2009.12.23 13:35:37 | 00,000,316 | -H-- | C] () -- C:\WINDOWS\System32\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo

[2009.12.23 13:35:37 | 00,000,316 | -H-- | C] () -- C:\WINDOWS\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo

[2009.12.23 13:35:37 | 00,000,316 | -H-- | C] () -- C:\Program Files\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo

[2009.12.23 13:35:37 | 00,000,316 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\odowlulvfrtsvsrrfkzkshqhrbnporonnb.vgo

[2009.12.23 13:35:26 | 00,004,248 | -H-- | C] () -- C:\WINDOWS\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl

[2009.12.23 13:35:26 | 00,004,248 | -H-- | C] () -- C:\WINDOWS\System32\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl

[2009.12.23 13:35:26 | 00,004,248 | -H-- | C] () -- C:\Program Files\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl

[2009.12.23 13:35:26 | 00,004,248 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\wjsylshpxhhefaxvhkxgmzgvdlvvstol.vyl

[2009.12.23 13:35:25 | 00,000,280 | -H-- | C] () -- C:\WINDOWS\System32\bdbwyuyvsrgsiserskmkf.dhe

[2009.12.23 13:35:25 | 00,000,280 | -H-- | C] () -- C:\WINDOWS\bdbwyuyvsrgsiserskmkf.dhe

[2009.12.23 13:35:25 | 00,000,280 | -H-- | C] () -- C:\Program Files\bdbwyuyvsrgsiserskmkf.dhe

[2009.12.23 13:35:25 | 00,000,280 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\bdbwyuyvsrgsiserskmkf.dhe

[2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\zxrigyyrkfqykqyhesqkb.exe

[2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\xtlawmkbsluakoubwie.exe

[2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\wpeqjwrftjpszadh.exe

[2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\qpkcbuvpjfranudnlazuml.exe

[2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\mhymhwtjzrzenqvbvg.exe

[2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\khaqnedvnhryjovdzmjc.exe

[2009.12.23 13:35:16 | 00,602,112 | RHS- | C] () -- C:\WINDOWS\dxnauietizgksuydw.exe

[2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\zxrigyyrkfqykqyhesqkb.exe

[2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\xtlawmkbsluakoubwie.exe

[2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\wpeqjwrftjpszadh.exe

[2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\qpkcbuvpjfranudnlazuml.exe

[2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\mhymhwtjzrzenqvbvg.exe

[2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\khaqnedvnhryjovdzmjc.exe

[2009.12.23 13:35:16 | 00,585,728 | RHS- | C] () -- C:\WINDOWS\System32\dxnauietizgksuydw.exe



:Commands

[purity]

[emptytemp]

[Reboot]

[resethosts]

  • След това, кликнете върху бутона Run Fix
  • Търпеливо изчакайте, докато програмата приключи своята работа. След, като нейната работа приключи, компютърът Ви ще се рестартира.

След рестартирането на компютъра, стартирайте отново OTL.exe и кликнете върху бутона Quick Scan. Накрая ще бъде генериран лог файл, който е необходимо да копирате и публикувате в следващия Ви коментар в тази тема.

Линк към коментара
Сподели в други сайтове

OTL logfile created on: 26.12.2009 г. 15:28:49 - Run 3

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\user\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 78,13 Gb Total Space | 61,36 Gb Free Space | 78,54% Space Free | Partition Type: NTFS

Drive D: | 97,65 Gb Total Space | 7,37 Gb Free Space | 7,54% Space Free | Partition Type: NTFS

Drive E: | 146,48 Gb Total Space | 32,27 Gb Free Space | 22,03% Space Free | Partition Type: NTFS

Drive F: | 143,49 Gb Total Space | 143,41 Gb Free Space | 99,95% Space Free | Partition Type: NTFS

Drive G: | 4,14 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USER-PC

Current User Name: user

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2009.12.26 11:04:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

PRC - [2009.12.25 12:02:02 | 00,921,600 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exe

PRC - [2009.12.25 12:02:02 | 00,507,904 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe

PRC - [2009.12.17 09:14:10 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009.06.25 14:12:42 | 01,414,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

PRC - [2009.06.02 09:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

PRC - [2009.05.28 12:45:00 | 00,132,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

PRC - [2009.03.30 09:11:14 | 00,120,320 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

PRC - [2009.03.30 09:06:58 | 00,090,112 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe

PRC - [2009.03.18 17:50:30 | 04,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

PRC - [2008.05.09 01:17:47 | 10,452,992 | ---- | M] (AVM Software Inc.) -- C:\Program Files\Paltalk Messenger\paltalk.exe

PRC - [2008.04.14 02:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe

PRC - [2008.04.14 02:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008.02.26 06:00:02 | 00,520,192 | R--- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

PRC - [2007.04.16 22:28:22 | 00,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2007.04.04 00:29:15 | 00,165,784 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe

PRC - [2007.02.12 14:50:40 | 00,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe

========== Modules (SafeList) ==========

MOD - [2009.12.26 11:04:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009.12.25 12:02:02 | 00,507,904 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)

SRV - [2009.06.06 10:36:33 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9e681e6d0ad58) Google Update Service (gupdate1c9e681e6d0ad58)

SRV - [2009.06.02 09:10:08 | 00,637,952 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2008.04.14 02:11:56 | 00,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)

SRV - [2008.02.26 06:00:02 | 00,520,192 | R--- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)

SRV - [2007.06.04 22:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)

SRV - [2007.06.04 22:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)

SRV - [2006.11.08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)

SRV - [2006.11.08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)

SRV - [2003.07.28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://paltalk.myway.com

IE - HKCU\..\URLSearchHook: {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (Ask.com)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..browser.startup.homepage: ""

FF - prefs.js..extensions.enabledItems: [email protected]:1.01

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.10.13 05:18:51 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.12.17 09:14:15 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.12.17 09:14:15 | 00,000,000 | ---D | M]

[2009.08.27 22:41:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions

[2009.12.26 14:21:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ouj669ax.default\extensions

[2009.12.25 13:35:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ouj669ax.default\extensions\[email protected]

[2009.09.30 23:58:24 | 00,000,325 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ouj669ax.default\searchplugins\mywebsearch.xml

[2009.08.27 22:40:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009.07.31 00:46:07 | 00,001,083 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\911bg.xml

[2009.07.31 00:46:07 | 00,002,442 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\diribg.xml

[2009.07.31 00:46:07 | 00,001,515 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pe-bg.xml

[2009.07.31 00:46:07 | 00,001,857 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\portalbgdict.xml

[2009.07.31 00:46:07 | 00,001,220 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-bg.xml

O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (Ask Search Assistant BHO) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (Ask.com)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)

O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)

O2 - BHO: (Ask Toolbar BHO) - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)

O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe ()

O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()

O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)

O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, Inc.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\imon.dll (Eset )

O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.9.224.2 217.9.224.3

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009.12.26 15:21:57 | 00,000,000 | ---D | C] -- C:\_OTL

[2009.12.26 11:03:31 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

[2009.12.26 09:24:02 | 00,000,000 | ---D | C] -- C:\Program Files\AskPBar

[2009.12.26 09:21:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Paltalk

[2009.12.26 09:21:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\PaltalkScene

[2009.12.26 09:21:36 | 00,000,000 | ---D | C] -- C:\Program Files\Paltalk Messenger

[2009.12.25 23:04:07 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009.12.25 22:20:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009.12.25 22:20:57 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009.12.25 22:20:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009.12.25 22:17:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\New Folder (2)

[2009.12.25 21:43:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\da4inka

[2009.12.25 12:02:28 | 00,502,368 | ---- | C] (Eset ) -- C:\WINDOWS\System32\drivers\amon.sys

[2009.12.25 12:02:28 | 00,270,336 | ---- | C] (Eset ) -- C:\WINDOWS\System32\imon.dll

[2009.12.25 12:02:28 | 00,000,000 | ---D | C] -- C:\Program Files\Eset

[2009.12.25 12:01:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\NOD32

[2009.12.17 10:15:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\HERBALIFE

[2009.11.29 09:44:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009.11.29 09:44:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2009.06.28 12:47:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2009.06.06 10:36:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2009.03.27 15:18:23 | 00,147,456 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp325.dll

[2009.03.27 15:18:23 | 00,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnp325.dll

[2009.03.27 15:18:23 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp325.dll

[2009.02.25 17:47:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2003.02.22 20:02:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2003.02.22 20:02:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2009.12.26 15:29:59 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009.12.26 15:24:17 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2009.12.26 15:23:52 | 00,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009.12.26 15:23:48 | 00,000,240 | ---- | M] () -- C:\WINDOWS\tasks\NOD32.job

[2009.12.26 15:23:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009.12.26 15:23:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009.12.26 15:22:34 | 08,126,464 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT

[2009.12.26 15:22:34 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini

[2009.12.26 15:22:23 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

[2009.12.26 14:57:00 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009.12.26 12:20:00 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009.12.26 11:04:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

[2009.12.26 09:21:41 | 00,001,640 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk

[2009.12.26 09:21:41 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\user\Desktop\PaltalkScene.lnk

[2009.12.26 09:21:41 | 00,001,312 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Upgrade to Paltalk Extreme.lnk

[2009.12.26 09:16:32 | 10,660,416 | ---- | M] () -- C:\Documents and Settings\user\Desktop\pal_install_r17704.exe

[2009.12.25 23:06:13 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\user\Desktop\HijackThis.lnk

[2009.12.25 23:00:56 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db

[2009.12.25 22:21:02 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009.12.25 13:51:55 | 00,000,940 | ---- | M] () -- C:\WINDOWS\win.ini

[2009.12.25 13:51:55 | 00,000,255 | ---- | M] () -- C:\WINDOWS\system.ini

[2009.12.25 13:51:55 | 00,000,211 | -H-- | M] () -- C:\boot.ini

[2009.12.25 13:38:01 | 02,672,312 | ---- | M] () -- C:\Documents and Settings\user\Desktop\esetsmartinstaller_enu.exe

[2009.12.25 12:11:02 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2009.12.25 12:02:03 | 00,270,336 | ---- | M] (Eset ) -- C:\WINDOWS\System32\imon.dll

[2009.12.25 12:02:02 | 00,502,368 | ---- | M] (Eset ) -- C:\WINDOWS\System32\drivers\amon.sys

[2009.12.25 10:08:36 | 05,595,648 | ---- | M] () -- C:\Documents and Settings\user\Desktop\2010.pps

[2009.12.24 00:41:52 | 00,100,566 | ---- | M] () -- C:\Documents and Settings\user\Desktop\5B05DE90-A29C-4077-B03C-E485E6B12F27.jpg

[2009.12.22 21:51:13 | 00,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat

[2009.12.22 20:34:34 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009.12.22 12:30:53 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Земя.lnk

[2009.12.21 13:10:32 | 05,246,339 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Emanuela i Krum - Nishto Ne Znaesh.mp3

[2009.12.20 11:09:50 | 00,054,964 | ---- | M] () -- C:\Documents and Settings\user\Desktop\grafik.jpg

[2009.12.19 18:15:29 | 00,000,824 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Yahoo! Messenger (2).lnk

[2009.12.17 16:34:31 | 00,033,972 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Kate.And.Leopold.2001.BRRip.XviD.AC3-KiNGS.rar

[2009.12.17 16:22:45 | 00,074,752 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.12.14 09:35:54 | 00,045,996 | ---- | M] () -- C:\Documents and Settings\user\Desktop\NOKTO.JPG

[2009.12.12 20:40:52 | 04,648,682 | ---- | M] () -- C:\Documents and Settings\user\Desktop\01 Track 1.wma

[2009.12.12 17:23:55 | 00,041,440 | ---- | M] () -- C:\Documents and Settings\user\Desktop\The.Ugly.Truth.BRRip.XviD.AC3_DEViSE.(subs.sab.bz).zip

========== Files Created - No Company Name ==========

[2009.12.26 09:21:41 | 00,001,640 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk

[2009.12.26 09:21:41 | 00,001,620 | ---- | C] () -- C:\Documents and Settings\user\Desktop\PaltalkScene.lnk

[2009.12.26 09:21:41 | 00,001,312 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Upgrade to Paltalk Extreme.lnk

[2009.12.26 08:57:55 | 10,660,416 | ---- | C] () -- C:\Documents and Settings\user\Desktop\pal_install_r17704.exe

[2009.12.25 23:04:09 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\user\Desktop\HijackThis.lnk

[2009.12.25 22:21:02 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009.12.25 13:31:15 | 02,672,312 | ---- | C] () -- C:\Documents and Settings\user\Desktop\esetsmartinstaller_enu.exe

[2009.12.25 13:22:00 | 00,000,240 | ---- | C] () -- C:\WINDOWS\tasks\NOD32.job

[2009.12.25 12:11:02 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2009.12.24 16:51:51 | 05,595,648 | ---- | C] () -- C:\Documents and Settings\user\Desktop\2010.pps

[2009.12.24 00:41:39 | 00,100,566 | ---- | C] () -- C:\Documents and Settings\user\Desktop\5B05DE90-A29C-4077-B03C-E485E6B12F27.jpg

[2009.12.22 12:30:53 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Земя.lnk

[2009.12.21 13:01:09 | 05,246,339 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Emanuela i Krum - Nishto Ne Znaesh.mp3

[2009.12.20 11:09:50 | 00,054,964 | ---- | C] () -- C:\Documents and Settings\user\Desktop\grafik.jpg

[2009.12.19 18:15:29 | 00,000,824 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Yahoo! Messenger (2).lnk

[2009.12.17 16:34:29 | 00,033,972 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Kate.And.Leopold.2001.BRRip.XviD.AC3-KiNGS.rar

[2009.12.14 09:35:53 | 00,045,996 | ---- | C] () -- C:\Documents and Settings\user\Desktop\NOKTO.JPG

[2009.12.12 20:38:41 | 04,648,682 | ---- | C] () -- C:\Documents and Settings\user\Desktop\01 Track 1.wma

[2009.12.12 17:23:55 | 00,041,440 | ---- | C] () -- C:\Documents and Settings\user\Desktop\The.Ugly.Truth.BRRip.XviD.AC3_DEViSE.(subs.sab.bz).zip

[2009.10.26 19:10:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI

[2009.10.26 18:55:21 | 00,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2009.10.18 12:59:21 | 00,480,128 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2009.10.14 13:15:49 | 00,000,227 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI

[2009.08.27 21:42:00 | 00,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009.07.01 14:59:19 | 00,014,810 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009.03.27 15:20:18 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys

[2009.03.27 15:20:18 | 00,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBTEnum.sys

[2009.03.27 15:18:25 | 00,015,498 | ---- | C] () -- C:\WINDOWS\snp325.ini

[2009.03.09 12:15:25 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2009.02.25 17:29:53 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009.02.25 17:29:46 | 00,074,752 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.02.24 19:17:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2009.02.24 17:53:41 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004.12.20 12:08:28 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2004.12.20 12:03:26 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2003.01.07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002.12.14 23:46:02 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll

[2002.12.14 23:46:02 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2002.12.14 23:46:02 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[2002.12.14 22:46:04 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

[2002.11.15 14:11:26 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll

========== LOP Check ==========

[2009.08.28 19:55:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2009.10.13 05:16:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2009.10.18 12:03:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic

[2009.10.11 15:37:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2009.05.27 02:24:43 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B064F9E5-5CCB-4D7B-A3A5-C00960A6B135}

[2009.02.24 18:53:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ICQ

[2009.10.18 17:49:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nokia

[2009.10.18 12:09:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nseries

[2009.02.24 19:25:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera

[2009.12.26 09:21:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Paltalk

[2009.10.13 22:06:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PC Suite

[2009.12.18 14:45:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\uTorrent

[2009.12.26 15:23:48 | 00,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\NOD32.job

[2009.12.26 15:24:17 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

< End of report >

Линк към коментара
Сподели в други сайтове

Стъпка 1:

Изтеглете ComboFix от някой от следните линкове:

Линк 1

Линк 2

* ВАЖНО !!! Запазете ComboFix.exe на вашия десктоп

  • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

  • Преименувайте ComboFix.exe на Tool.exe

  • Стартирайте Tool.exe и следвайте инструкциите.

Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

  • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

  • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

RcAuto1.gif

След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

whatnext.png

Изберете Yes, за да продължи сканирането за зловреден софтуер.

Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

Бележка:

  1. Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
  2. ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
  3. ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
  4. ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
  5. В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

Стъпка 2:

Отворете C:\Qoobox\Add or Remove Programs.txt и публикувайте съдържанието му.

Линк към коментара
Сподели в други сайтове

ComboFix 09-12-26.05 - user 12.2009 г. 19:26:41.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2047.1539 [GMT 2:00]

Running from: c:\documents and settings\user\Desktop\tool.exe.exe

AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Start Menu\Programs\325 USB PC Camera

c:\documents and settings\All Users\Start Menu\Programs\325 USB PC Camera \AMCap.lnk

c:\documents and settings\All Users\Start Menu\Programs\325 USB PC Camera \Uninstall.lnk

C:\mxeitylr.bat

C:\odowlulvfrts.bat

c:\program files\FunWebProducts

c:\program files\MyWebSearch

c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL

c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE

c:\program files\MyWebSearch\bar\3.bin\MWSSVC.EXE

c:\program files\MyWebSearch\bar\4.bin\MWSSVC.EXE

c:\program files\MyWebSearch\bar\5.bin\MWSSVC.EXE

c:\program files\MyWebSearch\bar\6.bin\MWSSVC.EXE

c:\program files\MyWebSearch\bar\Settings\s_pid.dat

c:\windows\system32\AutoRun.inf

c:\windows\system32\f3PSSavr.scr

C:\wjsylshpxh.bat

D:\mxeitylr.bat

D:\odowlulvfrts.bat

D:\wjsylshpxh.bat

E:\mxeitylr.bat

E:\odowlulvfrts.bat

E:\wjsylshpxh.bat

F:\mxeitylr.bat

F:\odowlulvfrts.bat

F:\wjsylshpxh.bat

.

((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))

.

2009-12-26 13:21 . 2009-12-26 13:21 -------- d-----w- C:\_OTL

2009-12-26 07:24 . 2009-12-26 07:24 -------- d-----w- c:\program files\AskPBar

2009-12-26 07:21 . 2009-12-26 07:21 -------- d-----w- c:\documents and settings\user\Application Data\Paltalk

2009-12-26 07:21 . 2009-12-26 07:21 -------- d-----w- c:\program files\Paltalk Messenger

2009-12-26 07:21 . 2009-12-26 07:21 -------- d-----w- c:\windows\PaltalkScene

2009-12-25 21:04 . 2009-12-25 21:04 -------- d-----w- c:\program files\Trend Micro

2009-12-25 20:20 . 2009-12-03 14:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-25 20:20 . 2009-12-03 14:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-25 20:20 . 2009-12-25 20:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-25 10:02 . 2009-12-25 21:02 -------- d-----w- c:\program files\Eset

2009-12-25 10:02 . 2009-12-25 10:02 270336 ----a-w- c:\windows\system32\imon.dll

2009-12-25 10:02 . 2009-12-25 10:02 502368 ----a-w- c:\windows\system32\drivers\amon.sys

2009-12-07 08:49 . 2009-12-07 08:49 -------- d-----w- c:\program files\Hasbro

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-27 17:10 . 2009-02-24 16:52 -------- d-----w- c:\documents and settings\user\Application Data\Skype

2009-12-27 16:10 . 2009-03-09 12:11 -------- d-----w- c:\documents and settings\user\Application Data\skypePM

2009-12-25 11:16 . 2009-08-25 20:32 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-12-22 19:51 . 2009-07-16 21:28 10 ----a-w- c:\windows\popcinfo.dat

2009-12-22 10:30 . 2009-06-06 08:36 -------- d-----w- c:\program files\Google

2009-12-18 12:45 . 2009-02-24 15:39 -------- d-----w- c:\documents and settings\user\Application Data\uTorrent

2009-12-05 07:48 . 2009-02-24 09:11 29024 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-04 14:36 . 2009-10-20 17:07 -------- d-----w- c:\documents and settings\user\Application Data\dvdcss

2009-12-01 09:04 . 2009-02-24 16:27 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-11-27 08:56 . 2009-11-27 08:56 -------- d-----w- c:\documents and settings\user\Application Data\Syntrillium

2009-11-27 08:55 . 2009-11-27 08:54 -------- d-----w- c:\program files\coolpro2

2009-11-26 14:34 . 2009-11-26 14:34 -------- d-----w- c:\program files\Qni

2009-11-14 17:51 . 2009-11-14 17:51 -------- d-----w- c:\program files\Unlocker

2009-11-13 12:18 . 2009-02-24 16:48 -------- d-----r- c:\program files\Skype

2009-11-13 12:18 . 2009-11-13 12:18 -------- d-----w- c:\program files\Common Files\Skype

2009-11-13 12:18 . 2009-02-24 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2009-11-02 12:10 . 2009-11-02 12:10 28120 ----a-w- c:\documents and settings\D E V I L\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-11-02 12:10 . 2009-11-02 12:10 -------- d-----w- c:\documents and settings\D E V I L\Application Data\PC Suite

2009-10-26 17:03 . 2009-10-26 16:55 145875 ----a-w- c:\windows\hpoins21.dat

2009-10-21 18:56 . 2009-10-18 10:59 480128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-10-13 03:17 . 2009-10-13 03:17 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe

2009-10-13 03:17 . 2009-10-13 03:17 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe

2009-10-13 03:17 . 2009-10-13 03:17 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2009-10-13 03:17 . 2009-10-13 03:17 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe

2009-10-13 03:16 . 2009-10-13 03:17 33816384 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_us.exe

2009-10-11 13:32 . 2009-10-11 13:32 733783 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Packages\Nokia_PC_Suite\CustomActions\NSU_Inst_fix.exe

2009-10-11 13:32 . 2009-10-11 13:32 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstCCD.exe

2009-10-11 13:32 . 2009-10-11 13:32 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2009-10-11 13:32 . 2009-10-11 13:32 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstPCS.exe

2009-10-11 13:32 . 2009-10-11 13:32 27505824 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Nokia PC Suite 6.85 Release 14 Final.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0A94B116-4504-4e26-AB05-E61E474AA38B}"= "c:\program files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL" [2009-12-26 61440]

[HKEY_CLASSES_ROOT\clsid\{0a94b116-4504-4e26-ab05-e61e474aa38b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]

"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-12-25 921600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2008-5-9 10452992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableInstallerDetection"= 0 (0x0)

"EnableSecureUIAPaths"= 0 (0x0)

"EnableVirtualization"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-06 07:40 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk

backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-11-16 17:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

2009-09-03 21:17 3342336 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-11 19:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]

2009-02-26 14:04 2376992 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

2009-06-25 12:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]

2007-04-25 13:36 835584 ----a-w- c:\windows\vsnp325.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2009-12-25 10:10 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]

2007-04-21 07:30 270336 ----a-w- c:\windows\tsnp325.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

"c:\\Program Files\\FlashGet\\FlashGet.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"e:\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=

"e:\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05.8.2009 г. 15:06 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05.8.2009 г. 15:06 74480]

R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [27.3.2009 г. 15:18 10343168]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.8.2009 г. 21:42 682232]

S2 gupdate1c9e681e6d0ad58;Google Update Service (gupdate1c9e681e6d0ad58);c:\program files\Google\Update\GoogleUpdate.exe [06.6.2009 г. 10:36 133104]

S3 FXDrv32;FXDrv32;\??\g:\fxdrv32.sys --> g:\FXDrv32.sys [?]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05.8.2009 г. 15:06 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

------- Supplementary Scan -------

.

uStart Page = hxxp://paltalk.myway.com

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html'>http://www.yahoo.com/ext/search/search.html

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm

IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm

IE: &Search - ?p=ZJfox000

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: c:\windows\system32\imon.dll

FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\ouj669ax.default\

FF - prefs.js: browser.startup.homepage -

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

MSConfigStartUp-ndpyoyqbmzccg - dxnauietizgksuydw.exe

MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe

MSConfigStartUp-wjsylshpxh - wpeqjwrftjpszadh.exe

MSConfigStartUp-wpeqjwrftjpszadh - c:\docume~1\user\LOCALS~1\Temp\mhymhwtjzrzenqvbvg.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-27 19:29

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(756)

c:\windows\system32\imon.dll

.

Completion time: 2009-12-27 19:30:55

ComboFix-quarantined-files.txt 2009-12-27 17:30

Pre-Run: 65 702 772 736 bytes free

Post-Run: 65 656 860 672 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - B49F4473C3A72BB83EB660F7950EB95F

Toва е от Add-Remove Programs

Архиватор WinRAR

µTorrent

32 Bit HP CIO Components Installer

325 USB PC Camera

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9

AIO_Scan

Ask Toolbar

ATI Display Driver

BufferChm

C5200

C5200_doccd

c5200_Help

Compatibility Pack for the 2007 Office system

Cool Edit Pro 2.0

Copy

Critical Update for Windows Media Player 11 (KB959772)

CustomerResearchQFolder

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DocProc

DocProcQFolder

EA Download Manager

Easy CD-DA Extractor 9.0

ESET Online Scanner v3

eSupportQFolder

Fax

FlashGet 1.9.6.1073

Google Земя

Google Update Helper

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

HP Customer Participation Program 9.0

HP Imaging Device Functions 9.0

HP OCR Software 9.0

HP Photosmart All-In-One Software 9.0

HP Photosmart Essential 2.01

HP Photosmart Essential2.01

HP Smart Web Printing

HP Solution Center 9.0

HP Update

HPProductAssistant

HPSSupply

ICQ6.5

KoralSoft - EuroDictXP

Malwarebytes' Anti-Malware

MarketResearch

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.5

Microsoft Visual C++ 2005 Redistributable

Microsoft WSE 3.0 Runtime

Monopoly by Parker Brothers

Mozilla Firefox (3.5.6)

MSVC80_x86

MSXML 6.0 Parser (KB933579)

Nero 7 Ultra Edition

NOD32 antivirus system

Nokia Connectivity Cable Driver

Nokia Flashing Cable Driver

Nokia Music

Nokia Ovi Application Installer

Nokia Ovi Application Installer 6.85.3011

Nokia Ovi Content Copier

Nokia Ovi Content Copier 6.85.3011

Nokia Ovi One Touch Access

Nokia Ovi One Touch Access 6.85.3011

Nokia Ovi Suite

Nokia Ovi System Utilities

Nokia Ovi System Utilities 6.85.3014

Nokia PC Suite

Nokia Photos

Nokia Software Updater

NVIDIA Drivers

Opera 9.63

PaltalkScene

PanoStandAlone

PC Connectivity Solution

PS_AIO_02_ProductContext

PS_AIO_02_Software

PS_AIO_02_Software_min

PSSWCORE

Realtek AC'97 Audio

Realtek High Definition Audio Driver

SA Dictionary 2005 T2

Scan

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Skype web features

Skype™ 4.1

SLD Codec Pack

SolutionCenter

Spybot - Search & Destroy

Status

SUPERAntiSpyware Free Edition

The KMPlayer (remove only)

The Sims 2

The Sims™ 3

Toolbox

TrayApp

UnloadSupport

Unlocker 1.8.7

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB943729)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB973815)

VideoToolkit01

VLC media player 0.9.8a

WebFldrs XP

WebReg

Winamp

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

World of Warcraft

Yahoo! Messenger

Yahoo! Toolbar

Zuma Deluxe RA

Линк към коментара
Сподели в други сайтове

Стъпка 1:

Моля, отидете на Start --> Settings --> Control Panel --> Add or Remove Programs, и деинсталирайте следните програми (Ако присъстват в списъка):

Acrobat.com

Adobe Reader 9

Ask Toolbar

AIO_Scan

NOD32 antivirus system

Yahoo! Toolbar

Стъпка 2:

Отворете Notepad и чрез комбинацията copy/paste поставете следния текст:

Killall::


Driver::

FXDrv32

Запазете файла с името CFScript.txt и го поставете върху ComboFix.

CFScriptB-4.gif

След като, програмата приключи ще Ви изведе лог файла. Отново чрез комбинацията от Copy/Paste поставете информацията тук.

Стъпка 3:

Деинсталирайте ComboFix и всички резервни копия на файлове, които той премахва:

  • * Кликнете върху бутона Start и изберете Run
    * Въведете ComboFix /uninstall в полето и изберете OK

Бележка: Забележете, че има разстояние между ComboFix и /u, което задължително трябва да има.

Тази процедура ще извърши следните действия:

  • Ше изтрие ComboFix и всички свързани с нея файлове и папки.
  • Ше изтрие бакъпа на VundoFix (ако съществува).
  • Ще изтрие папката Deckard (ако съществува).
  • Папката _OtMoveIt (ако съществува).

  • Нулира настройките на часовника.

  • Скрива файлови разширения, ако е необходимо.

  • Скрива системни файлове, ако е необходимо.

  • Нулира
    System Restore
    .


Стъпка 4:

1) Изтеглете: ESET Online Scanner

2) Стартирайте esetsmartinstaller_enu.exe

3) Сложете отметка на YES, I accept the Terms of Use и изберете Start

4) Скенерът ще започне да изтегля компонентите, които са му необходими.

5) Уверете се, че има отметки на следните редове, включително и тези от менюто Advanced Settings:


  • Remove found threats
  • Scan archives
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

И накрая изберете Start

6) Скенерът ще започне да изтегля последните дефиниции.

7) След, като сканирането завърши изберете Finish.

8) Отидете в:

C:\Program Files\ESET\ESET Online Scanner

Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си пост тук.

Линк към коментара
Сподели в други сайтове

Maniac. Съжалявам, но забравих да запазя log file на последния скан, този преди да го деинсталирам. Фатално ли е ако не го побликувам ? В момента свалям online scaner-a на НОД. Скоро ще сканирам и ще публикувам неговия лог

Линк към коментара
Сподели в други сайтове

[email protected] as downloader log:

Can not read file from [email protected] as downloader log:

Can not read file from [email protected] as downloader log:

Can not read file from [email protected] as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=9262fad3e7d90f4cb3b9a3999a5cf442

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-12-29 10:00:40

# local_time=2009-12-29 12:00:40 (+0200, FLE Standard Time)

# country="Bulgaria"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 308138 308138 0 0

# compatibility_mode=8192 67108863 100 0 8422 8422 0 0

# scanned=60693

# found=22

# cleaned=22

# scan_time=1255

C:\Documents and Settings\All Users\Application Data\{B064F9E5-5CCB-4D7B-A3A5-C00960A6B135}\OFFLINE\69E6D3E5\3E688669\stbapp.exe a variant of Win32/Adware.DoubleD.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\{B064F9E5-5CCB-4D7B-A3A5-C00960A6B135}\OFFLINE\B75FA91E\3E688669\stbsvc.exe a variant of Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\{B064F9E5-5CCB-4D7B-A3A5-C00960A6B135}\OFFLINE\BED3DEFB\3E688669\stbasst.exe probably a variant of Win32/Adware.DoubleD.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\{B064F9E5-5CCB-4D7B-A3A5-C00960A6B135}\OFFLINE\EB91CE86\3E688669\stbdl.exe a variant of Win32/Adware.DoubleD.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\{B064F9E5-5CCB-4D7B-A3A5-C00960A6B135}\OFFLINE\mFileBagIDE.dll\bag\stbpx.exe probably a variant of Win32/Adware.DoubleD.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP107\A0031784.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP107\A0031785.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP107\A0031786.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP107\A0031787.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP107\A0031788.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP107\A0031789.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP107\A0031790.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP107\A0031792.scr Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP109\A0032022.DLL Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP109\A0032729.exe a variant of Win32/Adware.DoubleD.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP109\A0032730.exe a variant of Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP109\A0032731.exe probably a variant of Win32/Adware.DoubleD.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP109\A0032732.exe a variant of Win32/Adware.DoubleD.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP109\A0032733.exe probably a variant of Win32/Adware.DoubleD.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{9601D76F-0982-43E0-B819-673ED0CDB7E6}\RP109\A0032734.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

E:\World of Warcraft\la_whi.dll probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

[email protected] as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=9262fad3e7d90f4cb3b9a3999a5cf442

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2009-12-29 01:10:57

# local_time=2009-12-29 03:10:57 (+0200, FLE Standard Time)

# country="Bulgaria"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 316453 316453 0 0

# compatibility_mode=8199 22379925 100 100 6567 3736934 0 0

# scanned=61125

# found=3

# cleaned=3

# scan_time=4357

# nod_component=V3 Build:0x30000000

E:\World of Warcraft\ardamax_keylogger_2.8+serial.rar multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

E:\World of Warcraft\la_whi.dll probably a variant of Win32/Agent trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

E:\World of Warcraft\ardamax_keylogger_2.8+serial\ardamax_keylogger+serial\setup_akl.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

И сега каква антивирусна програма да си кача ?

Линк към коментара
Сподели в други сайтове

Платеното предложение е ESET NOD32 Antivirus:

http://www.eset.bg/forum/viewtopic.php?f=3&t=1119&sid=933260e0704bbe83e9aeeb1ec2c2e866

http://www.eset.bg/orders/

Безплатното е Microsoft Security Essentials:

http://www.kaldata.com/comments.php?catid=1&id=50050

Линк към коментара
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.

 Сподели

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване