Jump to content

sashBB

Потребител
  • Брой теми

    40
  • Регистрация

  • Последно посещение

sashBB's Achievements

Новобранец

Новобранец (1/14)

0

Репутация в общността

  1. Да, проверих и се оказва, че бабешкия метод работи на 100% Мерси за идеята!
  2. Здравейте, Молбата ми се съдържа в темата, но да повторя - трябва ми Daemon tools Lite Portable. Търсачката в сайта не ми помогна, а и Google не ме насочи към нищо полезно. По принцип държа на Daemon tools Lite , но не съм сигурен, че има portable версия. Ако някой е ползвал нещо подобно, но в portable вариант, също може да пише. Поздрави
  3. Честита и успешна 2012 година на всички! B-boy/StyLe/, може ли отново да ми пуснеш линк към Kaspersky Virus Removal Tool 2011, защото този от предния ти пост е с изтекъл срок на доунлоуд.
  4. Здравейте, Много ли е важно да възстановявам стартирането на тези елементи с Windows? Наясно съм, че е по-добре да се направи, но мога ли да го избегна. Питам защото не съм наясно, с това което трябва да направя, което го превръща в начинание с непредвидими последствия! Поздрави!
  5. Здравейте, доскоро обсъждахме проблеми и зарази касаещи лаптопа ми. Така че засега ми остава само настолния компютър за да свърша някоя работа. Обаче не съм сигурен дали той е 100% чист. Между него и инфектирания лаптоп много често разнасях USB флаш памети. Затова сега пускам лог файла, който направих току що с ComboFix. B-boy/StyLe/, когато имаш време, моля да го погледнеш, за да знам как стоят нещата с тази машина. P.S. Предстартова проверка с Avast не открива нищо. ComboFix.txt
  6. Да, така е наистина. Лека вечер и Весели празници на всички !
  7. B-boy/StyLe/, благодаря за отделеното време и полезните съвети! Захващам се за работа, ако изникнат въпроси ще питам пак. Може и с лични съобщения, за да не задръстваме темата с детайли. Поздрави !
  8. Като цяло, най-много държа на снимките, които не са на системния дял и документите, които са на С: в My Documents!
  9. Здравейте, благодаря за изчерпателните инструкции. Ще ги изпълня, но сега ще трябва да спася някои неща, които са важни за мен, преди форматирането. Доколкото виждам *.jpg , *.avi (и други фото и видео формати) не са потенциални мишени, също така *.doc и *.pdf файловете. Тях мога да оставя на D: Как да постъпя с My Documents, която е на системния дял. Мога ли да сканирам само нея с Kaspersky Virus Removal Tool? И последно, но много важно, какво да правя с една USB флаш памет, от която подозирам, че е плъзнала гадинката. На нея има важни неща, които не мога да затрия! Там съм сигурен, че няма споменатите EXE, SCR, ZIP, RAR, 7z, HTM, HTML, PHP, ASP. Единствено може би един, два rar архива, които ще изтрия.
  10. За около час и половина сканиране с Kaspersky Virus Removal Tool прогреса е 4%, открити са 284 заплахи и остават над 24 часа до края на проверката! Avast и Kaspersky не спират да вият, като линейки, долу в трей зоната, че са блокирали и открили съответно троянски коне. Има ли смисъл да чакаме края на сканирането?
  11. В notepad в меню Формат, Word Wrap ми се струва, че беше преведено като "на повече редове"? Ако е така, то нямаше отметка, когато направих предното сканиране. Поздрави!
  12. Това е съдържанието на новия лог файл: (Този път нямаше рестарт след края на сканирането, ако има някакво значение.) ComboFix 11-12-24.10 - Светла 12.2011 г. 19:11:41.2.2 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1251.359.1033.18.3070.1742 [GMT 2:00] Running from: c:\users\TтхЄыр\Desktop\ComboFix.exe Command switches used :: c:\users\TтхЄыр\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-11-25 to 2011-12-25 ))))))))))))))))))))))))))))))) . . 2011-12-25 17:54 . 2011-12-25 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-25 13:10 . 2011-12-25 13:27 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED2C45BD-9EAB-47B3-8039-32A17AF66F2D}\offreg.dll 2011-12-25 13:01 . 2011-12-25 17:54 -------- d-----w- c:\users\Светла\AppData\Local\temp 2011-12-24 09:22 . 2011-12-24 09:23 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-12-24 07:25 . 2011-12-24 07:25 0 ---ha-w- c:\users\Светла\AppData\Local\BITEBF6.tmp 2011-12-24 07:24 . 2011-12-24 07:24 0 ---ha-w- c:\users\Светла\AppData\Local\BIT98C7.tmp 2011-12-22 23:46 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED2C45BD-9EAB-47B3-8039-32A17AF66F2D}\mpengine.dll 2011-12-11 10:48 . 2011-12-11 10:48 -------- d-----w- c:\program files\BACL . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-25 13:11 . 2008-09-19 21:39 45056 ----a-w- c:\windows\system32\acovcnt.exe 2011-12-24 07:25 . 2011-12-24 07:25 0 ---ha-w- c:\users\Светла\AppData\Local\BITEBF6.tmp 2011-12-24 07:25 . 2011-12-24 07:25 0 ---ha-w- c:\users\Светла\AppData\Local\BITEBF6.tmp 2011-12-24 07:24 . 2011-12-24 07:24 0 ---ha-w- c:\users\Светла\AppData\Local\BIT98C7.tmp 2011-12-24 07:24 . 2011-12-24 07:24 0 ---ha-w- c:\users\Светла\AppData\Local\BIT98C7.tmp 2011-11-28 18:01 . 2010-06-30 19:08 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 18:01 . 2008-11-27 21:56 199816 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-28 17:53 . 2011-02-25 19:35 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53 . 2008-11-27 21:56 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-28 17:52 . 2008-11-27 21:56 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-28 17:52 . 2008-11-27 21:56 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-28 17:52 . 2008-11-27 21:56 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-11-28 17:51 . 2008-11-27 21:56 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-17 05:27 . 2011-06-04 07:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-03 03:06 . 2010-05-14 10:48 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-23 05:34 . 2011-04-24 06:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "UIWatcher"="c:\program files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe" [2011-07-04 2535808] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-27 4702208] "Skytel"="Skytel.exe" [2007-08-03 1826816] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-03 857648] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-09-19 37232] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-09-19 33136] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-29 49152] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . c:\users\Светла\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 14:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\APSHook.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Светла^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk] path=c:\users\Светла\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk backup=c:\windows\pss\CCC.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Светла^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Configure Bulgarian Speech.lnk] path=c:\users\Светла\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Configure Bulgarian Speech.lnk backup=c:\windows\pss\Configure Bulgarian Speech.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-01-05 14:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2006-09-18 08:08 29696 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-10-13 07:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2008-09-03 12:07 1576176 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:21 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:23 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 136176] R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2008-07-10 15872] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-01-15 13224] R3 gupdatem;Услуга на Google Актуализация (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 136176] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 21504] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-04-20 152064] R4 Sen2grxstm;Sen2grxstm; [x] S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2007-09-26 15416] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-02-09 717296] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-17 23232] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2006-12-08 5120] S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2007-10-31 46592] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel bthsvcs REG_MULTI_SZ BthServ nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] 2008-04-11 14:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] 2008-08-28 07:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe . Contents of the 'Scheduled Tasks' folder . 2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 15:26] . 2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 15:26] . 2011-12-25 c:\windows\Tasks\User_Feed_Synchronization-{AE56BB78-CFA9-4343-A1AF-CB719897D228}.job - c:\windows\system32\msfeedssync.exe [2011-07-15 04:32] . . ------- Supplementary Scan ------- . uStart Page = about:blank uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: dskdirect.bg\www Trusted Zone: rbb.bg\online TCP: Interfaces\{36C0EE45-68D6-41F3-8576-3AA329F8DCD4}: NameServer = 93.183.188.1 195.24.94.65 FF - ProfilePath - c:\users\Светла\AppData\Roaming\Mozilla\Firefox\Profiles\tl1zg2dc.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-25 19:54 Windows 6.0.6001 Service Pack 1 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3480) c:\windows\system32\APSHook.dll c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll . Completion time: 2011-12-25 19:57:56 ComboFix-quarantined-files.txt 2011-12-25 17:57 ComboFix2.txt 2011-12-25 13:22 . Pre-Run: 5 670 944 768 bytes free Post-Run: 5 491 810 304 bytes free . - - End Of File - - BF47DE8E6B95A0BB8AD4838E44359F4A
  13. ComboFix 11-12-24.10 - Светла 12.2011 г. 14:16:52.1.2 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1251.359.1033.18.3070.1880 [GMT 2:00] Running from: c:\users\TтхЄыр\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini c:\users\Светла\Documents\~WRL0004.tmp c:\users\Светла\videos\PocketDivXEncoder_0.3.96.exe c:\users\Public\Documents\trz139.tmp c:\users\Public\Documents\trz1E5.tmp c:\users\Public\Documents\trz7D.tmp c:\users\Public\Documents\trz97E2.tmp c:\users\Public\Documents\trz987F.tmp c:\users\Public\Documents\trz991C.tmp c:\users\Public\Documents\trz99AA.tmp c:\users\Public\Documents\trz9A28.tmp c:\users\Public\Documents\trzBE96.tmp c:\users\Public\Documents\trzBE98.tmp c:\users\Public\Documents\trzBF33.tmp c:\users\Public\Documents\trzBF35.tmp c:\users\Public\Documents\trzBFB1.tmp c:\users\Public\Documents\trzBFE2.tmp c:\users\Public\Documents\trzC03F.tmp c:\users\Public\Documents\trzC0AD.tmp c:\users\Public\Documents\trzC0AE.tmp c:\users\Public\Documents\trzC15A.tmp c:\users\Public\Documents\trzDEE2.tmp c:\users\Public\Documents\trzDF6F.tmp c:\users\Public\Documents\trzDFFD.tmp c:\users\Public\Documents\trzE08A.tmp c:\users\Public\Documents\trzE127.tmp c:\users\Public\Documents\trzEFFA.tmp c:\users\Public\Documents\trzF097.tmp c:\users\Public\Documents\trzF143.tmp c:\users\Public\Documents\trzF1E0.tmp c:\users\Public\Documents\trzF27D.tmp c:\users\Public\Documents\trzFF33.tmp c:\users\Public\Documents\trzFFE0.tmp c:\users\Public\Favorites\trz11B8.tmp c:\users\Public\Favorites\trz1255.tmp c:\users\Public\Favorites\trz1302.tmp c:\users\Public\Favorites\trz138F.tmp c:\users\Public\Favorites\trz141D.tmp c:\users\Public\Favorites\trz1A09.tmp c:\users\Public\Favorites\trz1AB6.tmp c:\users\Public\Favorites\trz1BFF.tmp c:\users\Public\Favorites\trz1CBB.tmp c:\users\Public\Favorites\trz1D58.tmp c:\users\Public\Favorites\trz29A1.tmp c:\users\Public\Favorites\trz2A6C.tmp c:\users\Public\Favorites\trz2B29.tmp c:\users\Public\Favorites\trz2BD5.tmp c:\users\Public\Favorites\trz2C91.tmp c:\users\Public\Favorites\trzBB5D.tmp c:\users\Public\Favorites\trzBC29.tmp c:\users\Public\Favorites\trzBCC6.tmp c:\users\Public\Favorites\trzBD63.tmp c:\users\Public\Favorites\trzBE00.tmp c:\users\Public\Favorites\trzEDC5.tmp c:\users\Public\Favorites\trzEE52.tmp c:\users\Public\Favorites\trzEEEF.tmp c:\users\Public\Favorites\trzEFAB.tmp c:\users\Public\Favorites\trzF048.tmp c:\users\Public\Favorites\trzF102.tmp c:\users\Public\Favorites\trzF1AE.tmp c:\users\Public\Favorites\trzF27A.tmp c:\users\Public\Favorites\trzF346.tmp c:\users\Public\Favorites\trzF412.tmp c:\users\Public\trz7917.tmp c:\users\Public\trz878A.tmp c:\users\Public\trz8817.tmp c:\users\Public\trz8895.tmp c:\users\Public\trz8932.tmp c:\users\Public\trzAC6B.tmp c:\users\Public\trzAE9A.tmp c:\users\Public\trzBC05.tmp c:\users\Public\trzBC61.tmp c:\users\Public\trzBC83.tmp c:\users\Public\trzBCEE.tmp c:\users\Public\trzBD10.tmp c:\users\Public\trzBD6C.tmp c:\users\Public\trzBD8E.tmp c:\users\Public\trzBDDA.tmp c:\users\Public\trzCB9B.tmp c:\users\Public\trzCFE7.tmp c:\users\Public\trzD9F2.tmp c:\users\Public\trzDB74.tmp c:\users\Public\trzDCEC.tmp c:\users\Public\trzDDA8.tmp c:\users\Public\trzDE3A.tmp c:\users\Public\trzDE45.tmp c:\users\Public\trzDEF6.tmp c:\users\Public\trzDFC2.tmp c:\users\Public\trzE9FA.tmp c:\users\Public\trzEBFE.tmp c:\users\Public\trzEEEF.tmp c:\users\Public\trzFD0F.tmp c:\users\Public\trzFDBC.tmp c:\windows\PFRO.log . . ((((((((((((((((((((((((( Files Created from 2011-11-25 to 2011-12-25 ))))))))))))))))))))))))))))))) . . 2011-12-25 13:10 . 2011-12-25 13:10 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED2C45BD-9EAB-47B3-8039-32A17AF66F2D}\offreg.dll 2011-12-25 13:01 . 2011-12-25 13:13 -------- d-----w- c:\users\Светла\AppData\Local\temp 2011-12-25 13:01 . 2011-12-25 13:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-24 09:22 . 2011-12-24 09:23 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-12-24 07:25 . 2011-12-24 07:25 0 ---ha-w- c:\users\Светла\AppData\Local\BITEBF6.tmp 2011-12-24 07:24 . 2011-12-24 07:24 0 ---ha-w- c:\users\Светла\AppData\Local\BIT98C7.tmp 2011-12-22 23:46 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED2C45BD-9EAB-47B3-8039-32A17AF66F2D}\mpengine.dll 2011-12-11 10:48 . 2011-12-11 10:48 -------- d-----w- c:\program files\BACL . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-25 13:11 . 2008-09-19 21:39 45056 ----a-w- c:\windows\system32\acovcnt.exe 2011-12-24 07:25 . 2011-12-24 07:25 0 ---ha-w- c:\users\Светла\AppData\Local\BITEBF6.tmp 2011-12-24 07:25 . 2011-12-24 07:25 0 ---ha-w- c:\users\Светла\AppData\Local\BITEBF6.tmp 2011-12-24 07:24 . 2011-12-24 07:24 0 ---ha-w- c:\users\Светла\AppData\Local\BIT98C7.tmp 2011-12-24 07:24 . 2011-12-24 07:24 0 ---ha-w- c:\users\Светла\AppData\Local\BIT98C7.tmp 2011-11-28 18:01 . 2010-06-30 19:08 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 18:01 . 2008-11-27 21:56 199816 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-28 17:53 . 2011-02-25 19:35 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53 . 2008-11-27 21:56 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-28 17:52 . 2008-11-27 21:56 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-28 17:52 . 2008-11-27 21:56 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-28 17:52 . 2008-11-27 21:56 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-11-28 17:51 . 2008-11-27 21:56 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-17 05:27 . 2011-06-04 07:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-03 03:06 . 2010-05-14 10:48 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-23 05:34 . 2011-04-24 06:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "UIWatcher"="c:\program files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe" [2011-07-04 2535808] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-27 4702208] "Skytel"="Skytel.exe" [2007-08-03 1826816] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-03 857648] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-09-19 37232] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-09-19 33136] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-29 49152] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . c:\users\Светла\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 14:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\APSHook.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Светла^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk] path=c:\users\Светла\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk backup=c:\windows\pss\CCC.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Светла^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Configure Bulgarian Speech.lnk] path=c:\users\Светла\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Configure Bulgarian Speech.lnk backup=c:\windows\pss\Configure Bulgarian Speech.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-01-05 14:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2006-09-18 08:08 29696 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-10-13 07:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2008-09-03 12:07 1576176 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:21 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:23 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 136176] R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2008-07-10 15872] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-01-15 13224] R3 gupdatem;Услуга на Google Актуализация (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 136176] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 21504] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-04-20 152064] R4 Sen2grxstm;Sen2grxstm; [x] S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2007-09-26 15416] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-02-09 717296] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-17 23232] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2006-12-08 5120] S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2007-10-31 46592] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel bthsvcs REG_MULTI_SZ BthServ nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] 2008-04-11 14:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] 2008-08-28 07:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe . Contents of the 'Scheduled Tasks' folder . 2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 15:26] . 2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 15:26] . 2011-12-25 c:\windows\Tasks\User_Feed_Synchronization-{AE56BB78-CFA9-4343-A1AF-CB719897D228}.job - c:\windows\system32\msfeedssync.exe [2011-07-15 04:32] . . ------- Supplementary Scan ------- . uStart Page = about:blank uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: dskdirect.bg\www Trusted Zone: rbb.bg\online TCP: Interfaces\{36C0EE45-68D6-41F3-8576-3AA329F8DCD4}: NameServer = 93.183.188.1 195.24.94.65 FF - ProfilePath - c:\users\Светла\AppData\Roaming\Mozilla\Firefox\Profiles\tl1zg2dc.default\ . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe AddRemove-Samsung ML-2010 Series - c:\program files\Samsung\Samsung ML-2010 Series\Install\Setup.exe . . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(5444) c:\windows\system32\APSHook.dll c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\WLANExt.exe c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe c:\program files\ASUS\SmartLogon\sensorsrv.exe c:\program files\ATK Hotkey\Hcontrol.exe c:\program files\ATKOSD2\ATKOSD2.exe c:\program files\Wireless Console 2\wcourier.exe c:\program files\ASUS\ASUS CopyProtect\aspg.exe c:\program files\P4G\BatteryLife.exe c:\program files\ASUS\Splendid\ACMON.exe c:\windows\System32\ACEngSvr.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\ATK Hotkey\KBFiltr.exe c:\program files\ATK Hotkey\WDC.exe c:\windows\system32\agrsmsvc.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\ASUS\NB Probe\SPM\spmgr.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conime.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2011-12-25 15:22:50 - machine was rebooted ComboFix-quarantined-files.txt 2011-12-25 13:22 . Pre-Run: 6 141 935 616 bytes free Post-Run: 5 692 530 688 bytes free . - - End Of File - - 960029017D9E75BE8894416F6199ACB0
  14. Май не си лош пророк! Това са резултатите от VirusTotal http://www.virustotal.com/file-scan/report.html?id=30858fdd7377cd786d356a5f62e9eb86800e5d126bcdd298a41e9aecbd686c4f-1324804741#
  15. Здравейте, използвам avast! Безплатен антивирус 6.0.1367. Операционната система е Windows Vista Ultimate, SP1. От вчера получавам многобройни съобщение от файловия щит на Аваст, че са е блокиран малуеър, заплаха - Win32:Kukacka. http://img407.imageshack.us/img407/6511/33743874.th.jpg Отброява 51 блокирания (долу дясно) и съобщението изчезва. Това се повтаря многократно. В С:\Users\Publiс... се създават безброй *.tmp файлове (например trzCB9B.tmp). Сканирах предстартово с Аваст - нищо не е открито. Трябва да спомена, че преди няколко дни с такова сканиране открих Win32:Downloader-LWR[Trj], който успешно е преместен в клетката. Само сканиране със SUPERAntiSpyware дава резултат. Програмата открива точно толкова заплахи, колкото заразени файла ми показва Аваст (т.е. стотици). Изчиства ги, рестарт на ОС и след малко съобщенията за блокиран малуеър започват наново. Търся съвет какво е най-правилно да се направи в този случай. Ако някой се е сблъсквал с такъв проблем или има идея. Смятам, че това няма да спре докато не изчистя Win32:Kukacka, но не ми е ясно как да го направя правилно. Поздрави и Честита Коледа!
×
×
  • Създай ново...