Tsvetan Mitev

ComboFix 12-03-04.02 - TSURI_MITEV 03.2012 г. 11:27:37.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.3327.2482 [GMT 1:00] Running from: c:\documents and settings\TSURI_MITEV\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini c:\documents and settings\TSURI_MITEV\Application Data\.# c:\documents and settings\TSURI_MITEV\System c:\documents and settings\TSURI_MITEV\System\win_qs8.jqx c:\windows\system32\SETB02.tmp c:\windows\system32\SETB06.tmp c:\windows\system32\SETB0E.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NVMINI -------\Service_nvmini . . ((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 ))))))))))))))))))))))))))))))) . . 2012-03-05 15:34 . 2012-03-05 15:34 -------- d-----w- c:\documents and settings\TSURI_MITEV\Application Data\Malwarebytes 2012-03-05 15:32 . 2012-03-05 15:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-05 15:32 . 2012-03-05 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-03-05 15:32 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-01 20:00 . 2012-03-01 20:00 -------- d-----w- C:\Downloads 2012-02-16 17:00 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-02-16 17:00 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll 2012-02-12 10:57 . 2012-02-12 10:57 -------- d-----w- c:\documents and settings\TSURI_MITEV\Application Data\vlc 2012-02-12 10:55 . 2012-02-12 10:55 -------- d-----w- c:\program files\VideoLAN 2012-02-12 10:53 . 2012-02-12 10:53 16742799 ----a-w- C:\vlc-0.9.9-win32.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-20 19:36 . 2011-05-27 17:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-12 16:53 . 2004-08-03 23:17 1859968 ----a-w- c:\windows\system32\win32k.sys 2011-12-17 19:46 . 2004-08-04 00:56 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-12-17 19:46 . 2004-08-04 00:56 916992 ----a-w- c:\windows\system32\wininet.dll 2011-12-17 19:46 . 2004-08-04 00:56 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-12-16 12:22 . 2004-08-03 22:59 385024 ----a-w- c:\windows\system32\html.iec 2010-01-18 22:56 . 2010-01-18 22:54 16832288 ----a-w- c:\program files\jre-6u17-windows-i586-s.exe 2009-08-25 11:15 . 2009-08-25 11:15 16909168 ----a-w- c:\program files\IE8-WindowsXP-x86-BGR.exe 2012-02-13 13:14 . 2011-05-13 21:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] "VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2011-08-23 13872432] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-23 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "TBSysTray"="c:\program files\UPDD\TBSystry.exe" [2002-11-20 344064] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AntiVirus Plus.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk backup=c:\windows\pss\AntiVirus Plus.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^TSURI_MITEV^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk] path=c:\documents and settings\TSURI_MITEV\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aidaemon] 2010-01-19 16:58 315392 ----a-w- c:\program files\UPDD\AIDAEMON.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] 2011-09-23 07:02 11515184 ----a-w- c:\program files\BitComet\BitComet.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUCI_AVS] 2007-12-10 14:55 323584 ----a-w- c:\windows\PixArt\PAP7501\GUCI_AVS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarminAgent] 2010-03-16 08:36 337256 ----a-w- c:\program files\Garmin\MyGarminAgent\myGarminAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4] 2010-10-29 15:59 5178664 ----a-w- c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAP7501_Monitor] 2007-12-10 14:55 323584 ----a-w- c:\windows\PixArt\PAP7501\GUCI_AVS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-12-10 17:00 18789920 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-06-23 10:19 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbdaemon] 2010-01-19 16:58 442368 ----a-w- c:\program files\UPDD\TBDAEMON.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telefonica] 2007-09-17 12:58 16384 ----a-w- c:\program files\Telefonica\bin\StartCmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster] 2011-08-23 12:10 13872432 ----a-w- c:\program files\VoipBuster.com\VoipBuster\voipbuster.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"= "c:\\Program Files\\Opera\\opera.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Telefonica\\AsistCfg90\\awcbrwsr.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25625:TCP"= 25625:TCP:BitComet 25625 TCP "25625:UDP"= 25625:UDP:BitComet 25625 UDP . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 і. 15:27 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07.9.2010 і. 03:48 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08.12.2010 і. 04:12 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12.11.2010 і. 13:19 295248] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12.10.2011 і. 06:25 4433248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02.8.2011 і. 06:09 192776] R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [04.8.2004 і. 01:56 14336] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [05.3.2012 і. 16:32 652360] R2 sprtsvc_Telefonica;SupportSoft Sprocket Service (Telefonica);c:\program files\Telefonica\bin\sprtsvc.exe [08.3.2007 і. 19:22 202280] R2 tbupddwu;tbupddwu;c:\program files\UPDD\TBUPDDWU.EXE [14.11.2010 і. 22:48 573440] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [03.8.2010 і. 15:23 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [03.8.2010 і. 15:23 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [03.8.2010 і. 15:23 16720] R3 hidkmdf;HID Class Shim for KMDF;c:\windows\system32\drivers\HIDKMDF.SYS [14.11.2010 і. 22:48 5632] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05.3.2012 і. 16:32 20464] R3 upddvh;Touch-Base Serial Multi-touch Driver;c:\windows\system32\drivers\UPDDVH.SYS [14.11.2010 і. 22:48 26600] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 і. 13:16 130384] S2 gupdate1ca1761e381e3cc;Ус»уі° Google Update (gupdate1ca1761e381e3cc);c:\program files\Google\Update\GoogleUpdate.exe [07.8.2009 і. 14:20 133104] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16.12.2009 і. 21:45 1691480] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [13.11.2010 і. 20:25 23456] S3 GUCI_AVS;Generic USB Controller Interface (AVS);c:\windows\system32\drivers\GUCI_AVS.sys [22.1.2010 і. 14:37 540160] S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [07.8.2009 і. 14:20 133104] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [03.12.2011 і. 14:22 155344] S3 TBUPDD;TBUPDD;c:\windows\system32\drivers\TBUPDDWD.SYS [14.11.2010 і. 12:17 339657] S3 tbupddsu;Universal Pointer Device Driver;c:\windows\system32\drivers\TBUPDDSU.SYS [14.11.2010 і. 22:48 65600] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 і. 13:16 753504] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezGOSvc . Contents of the 'Scheduled Tasks' folder . 2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 13:20] . 2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 13:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.bg/ uInternet Settings,ProxyServer = hxxp://87.246.55.154:8080 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &С&валяне &с BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &С&валяне на всички с BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm TCP: DhcpNameServer = 80.58.61.250 80.58.61.254 FF - ProfilePath - c:\documents and settings\TSURI_MITEV\Application Data\Mozilla\Firefox\Profiles\rzkc9neg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.bg FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4d5977ec&i=23&tp=ab&nt=1&q= . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) MSConfigStartUp-AntiVirus Plus - c:\program files\AntiVirus Plus\AntiVirus Plus.70106.exe MSConfigStartUp-ares - c:\program files\Ares\Ares.exe MSConfigStartUp-ares vista - c:\program files\Ares Vista\AresVista.exe MSConfigStartUp-JP595IR86O - c:\docume~1\TSURI_~1\LOCALS~1\Temp\Wpk.exe MSConfigStartUp-Make A Voozie - c:\documents and settings\All Users\Application Data\Make A Voozie\VoozieMaker.exe MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe AddRemove-PhotoFiltre - c:\documents and settings\TSURI_MITEV\Desktop\PhotoFiltre\Uninst.exe AddRemove-Пакет за езиков интерфейс на The KMPlayer - c:\program files\The KMPlayer\uninsall_bg.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-06 11:39 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(968) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . - - - - - - - > 'explorer.exe'(2548) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll c:\program files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\AVG\AVG2012\avgnsx.exe c:\program files\AVG\AVG2012\avgemcx.exe c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2012-03-06 11:44:18 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-06 10:44 . Pre-Run: 5 181 161 472 bytes free Post-Run: 7 154 733 056 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 319BBFFA8E81B44FF504241274F84E99

OTL.TxtOTL.Txtсега излезе само този файл: разбирам ,че правиш всичко възможно ,за да ме "изчистиш",но в същото време ми става съвестно като ти създавам толкова работа!!това е последното , което опитваме сега и ако не се получи ,няма да ти дотягам повече тази нощ!може-би утре ако няма резултат дотогава!!!само един въпрос!мога ли да препоръчам на тези ,които смятам че са заразени , да прегледат темата в този форум?благодаря ти и лека нощ или по-лека работа!!!

ми отново се появяват тези дискусии!вече се чудя дали не може от настройките на скайпа да направя нещо?!

извини ме!!!не съм искал да бъда досаден!прочетох и темата която си поставил!сега ти благодаря че ми помагаш !!!и ето и файла:Malwarebytes Anti-Malware (Пробна версия) 1.60.1.1000 www.malwarebytes.org Версия на базата от данни: v2012.03.05.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 TSURI_MITEV :: WORKGROU-E24652 [администратор] Защита: включена 05.3.2012 г. 16:36:18 mbam-log-2012-03-05 (16-36-18).txt Тип сканиране: Бързо сканиране Включени опции за сканиране: Памет | Автоматично зареждане | Системен регистър | Файлова система | Евристики/Допълнителни | Евристики/Shuriken | PUP | PUM Изключени опции за сканиране: P2P Сканирани обекти: 207860 Изминало време: 19 минута(и), 15 секунда(и) Открити процеси в паметта: 0 (Не бяха открити зловредни обекти) Открити модули в паметта: 0 (Не бяха открити зловредни обекти) Открити ключове в системния регистър: 4 HKCU\SOFTWARE\B60JHDGR6V (Trojan.FakeAlert) -> Поставен под карантина и изтрит успешно. HKCU\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Поставен под карантина и изтрит успешно. HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Поставен под карантина и изтрит успешно. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Поставен под карантина и изтрит успешно. Открити стойности в системния регистър: 0 (Не бяха открити зловредни обекти) Открити информационни обекти в системния регистър: 0 (Не бяха открити зловредни обекти) Открити папки: 0 (Не бяха открити зловредни обекти) Открити файлове: 2 C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Поставен под карантина и изтрит успешно. C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Поставен под карантина и изтрит успешно. (край)

продължавам да получавам скапаните съобщения с покана за дискусии от по десетки абонати!!!помогнете!!!моля!!!

трябва ли да задържа файловете на раб. плот или мога да ги изтрия?

Extras.Txt .OTL.Txt.благодаря ви!!!изпълних указанията и надявам се че съм решил проблема!!!