[tonitaakg]

Здравейте, проблемът ми е следният:немога да изтегля антивирусна програма. Реших, че проблемът е в това, че антивирусната ми изтичаше, но уви. Истината е там, че сложих една флашка в компютъра и вероятно от там съм лепнала нещо. Към момента не мога да изтегля никаква антивирусна, освен това като напиша името на която и да е съм изхвърлена незабавно от нета.Пробвах с линк- ефекта е нулев, пробвах да ми изпратят изтеглена антивирусна- получих я но немога да я инсталирам. Моля ако някой може да помогне. Предварително благодаря.

[bob4o]

Има няколко човека тук ,които ще ти помогнат ! Заразата явно все повече се разпростира и доста хора получиха помощ точно по твоя проблем

[tonitaakg]

Има няколко човека тук ,които ще ти помогнат !
дано да се отзоват, защото е доста изнервящо

Този пост е редактиран от tonitaakg: 21 януари 2010 - 00:36

[B-boy[StyLe]]

Моля изтеглете OTL.exe и го запазете на десктопа.

Стартирайте файла с двукратен клик на мишката.

Направете следните настройки:



Под "Custom Scans/Fixes" с copy/paste въведете следната информация:

Цитат

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%PROGRAMFILES%\*.
%userprofile%\Desktop\*.*
%userprofile%\Desktop\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Натиснете Run Scan.
Като приключи проверката публикувайте двата лог файла - OTL.Txt и Extras.Txt.

[tonitaakg]

Здравей ето това се получи след сканирането:

OTL.Txt
OTL logfile created on: 21.1.2010 г. 10:25:20 - Run 2
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\!\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,00 Gb Total Space | 3,82 Gb Free Space | 19,09% Space Free | Partition Type: NTFS
Drive D: | 212,87 Gb Total Space | 111,52 Gb Free Space | 52,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-0CCED92A1A
Current User Name: !
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\!\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\fqlguoyplxefmomog.exe ()
PRC - C:\Documents and Settings\!\Local Settings\Temp\zalwakk.exe ()
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\!\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (gupdate1ca8938d8592458) Услуга Google Update (gupdate1ca8938d8592458) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (AtcL001) -- C:\WINDOWS\system32\drivers\l151x86.sys (Atheros Communications, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (amdide) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1757981266-746137067-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1757981266-746137067-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1757981266-746137067-1801674531-1003\S-1-5-21-1757981266-746137067-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.atcomet.com/b/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.12 16:18:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.12 16:18:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009.12.04 11:04:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Mozilla\Extensions
[2010.01.05 20:12:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Mozilla\Firefox\Profiles\w0e6djt8.default\extensions
[2009.12.07 13:33:17 | 00,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\!\Application Data\Mozilla\Firefox\Profiles\w0e6djt8.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010.01.04 12:59:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Mozilla\Firefox\Profiles\w0e6djt8.default\extensions\staged-xpis
[2009.12.07 13:30:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Mozilla\Firefox\Profiles\w0e6djt8.default\extensions\toolbar@ask.com
[2009.09.02 14:52:02 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\!\Application Data\Mozilla\Firefox\Profiles\w0e6djt8.default\searchplugins\askcom.xml
[2010.01.15 14:07:35 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.12.04 11:04:12 | 00,000,000 | ---D | M] (FlashGot) -- C:\Program Files\Mozilla Firefox\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009.07.17 10:40:12 | 00,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2008.04.14 14:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\PROGRAMKI\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [mmwgjs] C:\WINDOWS\System32\maywnkxrqfptdijojbvw.exe ()
O4 - HKLM..\Run: [qwmclafriprn] C:\Documents and Settings\!\Local Settings\Temp\yicwjclbwhnnturs.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003..\Run: [BitComet] D:\PROGRAMKI\BitComet\BitComet.exe (www.BitComet.com)
O4 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003..\Run: [fivioaclz] C:\WINDOWS\System32\fqlguoyplxefmomog.exe ()
O4 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003..\Run: [mmwgjs] C:\Documents and Settings\!\Local Settings\Temp\bqpogesnndotekmsohcew.exe ()
O4 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [tynckycndjk] C:\Documents and Settings\!\Local Settings\Temp\zmjgwsexvjsveiimgxq.exe ()
O4 - HKLM..\RunOnce: [zalwakk] C:\WINDOWS\System32\yicwjclbwhnnturs.exe ()
O4 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003..\RunOnce: [ycqelyblaf] C:\WINDOWS\System32\zmjgwsexvjsveiimgxq.exe ()
O4 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003..\RunOnce: [zalwakk] C:\Documents and Settings\!\Local Settings\Temp\zmjgwsexvjsveiimgxq.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: oqcotefn = yicwjclbwhnnturs.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: bajsu = C:\DOCUME~1\!\LOCALS~1\Temp\bqpogesnndotekmsohcew.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1
O7 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: &D&ownload &with BitComet - D:\PROGRAMKI\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - D:\PROGRAMKI\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - D:\PROGRAMKI\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - D:\PROGRAMKI\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\!\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\!\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.03 10:19:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.01.21 10:11:04 | 00,000,826 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.01.21 10:11:05 | 00,000,820 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{367ad49e-05ac-11df-be33-001fc659768e}\Shell\AutoRun\command - "" = G:\fivioaclz.bat -- File not found
O33 - MountPoints2\{367ad49e-05ac-11df-be33-001fc659768e}\Shell\explore\Command - "" = G:\pwneoekxpxaxa.bat -- File not found
O33 - MountPoints2\{367ad49e-05ac-11df-be33-001fc659768e}\Shell\open\Command - "" = G:\tynckycndjk.bat -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.12.03 11:52:04 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found




ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2010.01.21 10:23:40 | 00,000,000 | ---D | C] -- C:\_OTL
[2010.01.21 10:18:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Desktop\probi
[2010.01.21 10:15:18 | 00,546,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\!\Desktop\OTL.exe
[2010.01.20 22:19:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010.01.20 21:03:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Panda Software
[2010.01.19 21:10:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Desktop\Ice.Age.Dawn.of.the.Dinosaurs.2009.CAM.XViD.BGAUDIO-CheFo
[2010.01.18 17:18:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\URSE Games
[2010.01.18 17:17:26 | 65,102,450 | ---- | C] (Adventurersbg.info ) -- C:\Documents and Settings\!\Desktop\Kellie Stanford - Turn of Fate - BG.exe
[2010.01.17 21:27:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Desktop\The.Da.Vinci.Code[2006]DvDrip[Eng]-aXXo
[2010.01.17 19:51:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Desktop\Ice Age - BG Audio
[2010.01.14 16:07:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\Virtual Prophecy
[2010.01.13 16:35:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\Dragon Altar Games
[2010.01.13 15:42:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\Aisle 5 Games, Inc
[2010.01.13 15:41:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\G.H.O.S.T Chronicles - Phantom of the Renaissance Faire
[2010.01.12 21:14:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Desktop\FLASHKA
[2010.01.12 19:32:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Local Settings\Application Data\Game Mill Files
[2010.01.12 19:04:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Desktop\New Folder
[2010.01.12 16:46:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\TitanicMystery
[2010.01.11 19:08:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Desktop\astrea
[2010.01.11 18:04:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010.01.11 18:03:11 | 00,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade
[2010.01.07 16:29:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\YoudaGames
[2010.01.07 14:52:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\Artogon
[2010.01.06 23:26:40 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2010.01.06 23:26:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010.01.06 17:15:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\Orneon
[2010.01.05 23:44:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\Go-Go Gourmet Chef of the Year
[2010.01.05 22:43:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010.01.05 22:43:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Local Settings\Application Data\JollyBear
[2010.01.05 22:42:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media
[2010.01.05 22:05:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010.01.05 22:05:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\Merscom
[2010.01.05 20:52:59 | 00,000,000 | ---D | C] -- C:\Program Files\Microids
[2010.01.05 14:28:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010.01.05 14:28:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\PlayFirst
[2010.01.03 19:30:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\Media Player Classic
[2009.12.30 15:58:00 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009.12.30 12:25:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009.12.30 12:14:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009.12.30 12:14:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\skypePM
[2009.12.30 12:13:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009.12.22 21:40:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2009.12.22 21:39:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Local Settings\Application Data\Panda Software
[2009.12.22 21:37:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Software
[2009.12.22 21:33:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2009.12.22 21:33:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009.12.22 21:33:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009.12.22 21:33:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2009.12.22 12:51:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Local Settings\Application Data\Identities
[2009.12.03 10:21:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009.12.03 10:19:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009.12.03 10:19:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.01.21 10:25:30 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj
[2010.01.21 10:25:30 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\System32\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj
[2010.01.21 10:25:30 | 00,002,408 | -H-- | M] () -- C:\Program Files\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj
[2010.01.21 10:25:30 | 00,002,408 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj
[2010.01.21 10:25:30 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\bajsucafppkzukwmsvamoewpwwv.npx
[2010.01.21 10:25:30 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\bajsucafppkzukwmsvamoewpwwv.npx
[2010.01.21 10:25:30 | 00,000,280 | -H-- | M] () -- C:\Program Files\bajsucafppkzukwmsvamoewpwwv.npx
[2010.01.21 10:25:30 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\bajsucafppkzukwmsvamoewpwwv.npx
[2010.01.21 10:25:01 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\System32\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv
[2010.01.21 10:25:01 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv
[2010.01.21 10:25:01 | 00,000,316 | -H-- | M] () -- C:\Program Files\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv
[2010.01.21 10:25:01 | 00,000,316 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv
[2010.01.21 10:25:00 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\zmjgwsexvjsveiimgxq.exe
[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\yicwjclbwhnnturs.exe
[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\siiibaplmdpvhoryvploho.exe
[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\oawshcnfcpxzhkjmfv.exe
[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\maywnkxrqfptdijojbvw.exe
[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\fqlguoyplxefmomog.exe
[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\bqpogesnndotekmsohcew.exe
[2010.01.21 10:15:55 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Word 2003.lnk
[2010.01.21 10:15:21 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\!\Desktop\OTL.exe
[2010.01.21 10:14:42 | 00,530,930 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.01.21 10:14:42 | 00,447,614 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.01.21 10:14:42 | 00,073,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.01.21 10:11:04 | 00,577,536 | RHS- | M] () -- C:\pwneoekxpxaxa.bat
[2010.01.21 10:11:04 | 00,000,826 | RHS- | M] () -- C:\autorun.inf
[2010.01.21 10:10:44 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.01.21 10:10:31 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\siiibaplmdpvhoryvploho.exe
[2010.01.21 10:10:31 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\bqpogesnndotekmsohcew.exe
[2010.01.21 10:10:30 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\maywnkxrqfptdijojbvw.exe
[2010.01.21 10:10:29 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\zmjgwsexvjsveiimgxq.exe
[2010.01.21 10:10:28 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\yicwjclbwhnnturs.exe
[2010.01.21 10:10:26 | 00,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.01.21 10:10:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.21 10:10:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.21 10:07:40 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C92D3F70-81D1-4578-85AB-90349F363915}.job
[2010.01.21 10:04:25 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\oawshcnfcpxzhkjmfv.exe
[2010.01.21 00:01:00 | 00,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.01.20 22:52:36 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010.01.20 22:52:12 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\fqlguoyplxefmomog.exe
[2010.01.20 22:13:25 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\!\NTUSER.DAT
[2010.01.20 22:13:25 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\!\ntuser.ini
[2010.01.20 20:49:45 | 00,000,073 | -H-- | M] () -- C:\WINDOWS\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx
[2010.01.20 20:49:45 | 00,000,073 | -H-- | M] () -- C:\WINDOWS\System32\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx
[2010.01.20 20:49:45 | 00,000,073 | -H-- | M] () -- C:\Program Files\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx
[2010.01.20 20:49:45 | 00,000,073 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx
[2010.01.20 20:48:18 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct
[2010.01.20 20:48:18 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\System32\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct
[2010.01.20 20:48:18 | 00,004,248 | -H-- | M] () -- C:\Program Files\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct
[2010.01.20 20:48:18 | 00,004,248 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct
[2010.01.20 20:16:45 | 00,038,489 | ---- | M] () -- C:\Documents and Settings\!\Desktop\_eml.zip
[2010.01.19 22:09:15 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.01.19 22:09:06 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.19 15:31:09 | 00,303,824 | ---- | M] () -- C:\Documents and Settings\!\Desktop\matematika.zip
[2010.01.19 15:25:32 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Excel 2003.lnk
[2010.01.18 17:18:34 | 00,000,721 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Кели Станфорд - Обратът на Съдбата.lnk
[2010.01.18 17:17:38 | 65,102,450 | ---- | M] (Adventurersbg.info ) -- C:\Documents and Settings\!\Desktop\Kellie Stanford - Turn of Fate - BG.exe
[2010.01.17 19:49:45 | 00,013,093 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Ice Age - BG Audio-[rarbg.com].torrent
[2010.01.15 16:51:17 | 04,412,818 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\IconCache.db
[2010.01.15 13:45:43 | 00,055,454 | ---- | M] () -- C:\Documents and Settings\!\Desktop\31_12_2009.zip
[2010.01.14 16:06:58 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Mishap An Accidental Haunting.lnk
[2010.01.14 14:09:38 | 00,000,554 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitComet.lnk
[2010.01.13 19:09:44 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.01.13 15:42:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2010.01.12 16:18:18 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010.01.05 20:21:25 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.12.30 12:14:44 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009.12.30 12:14:09 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.12.30 00:01:01 | 00,048,640 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Диети и Отслабване.doc
[2009.12.22 21:41:08 | 00,000,630 | ---- | M] () -- C:\WINDOWS\win.ini
[2009.12.22 21:30:00 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.01.20 20:49:56 | 00,002,408 | -H-- | C] () -- C:\WINDOWS\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj
[2010.01.20 20:49:56 | 00,002,408 | -H-- | C] () -- C:\WINDOWS\System32\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj
[2010.01.20 20:49:56 | 00,002,408 | -H-- | C] () -- C:\Program Files\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj
[2010.01.20 20:49:56 | 00,002,408 | -H-- | C] () -- C:\Documents and Settings\!\Local Settings\Application Data\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj
[2010.01.20 20:49:45 | 00,000,316 | -H-- | C] () -- C:\WINDOWS\System32\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv
[2010.01.20 20:49:45 | 00,000,316 | -H-- | C] () -- C:\WINDOWS\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv
[2010.01.20 20:49:45 | 00,000,316 | -H-- | C] () -- C:\Program Files\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv
[2010.01.20 20:49:45 | 00,000,316 | -H-- | C] () -- C:\Documents and Settings\!\Local Settings\Application Data\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv
[2010.01.20 20:49:45 | 00,000,073 | -H-- | C] () -- C:\WINDOWS\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx
[2010.01.20 20:49:45 | 00,000,073 | -H-- | C] () -- C:\WINDOWS\System32\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx
[2010.01.20 20:49:45 | 00,000,073 | -H-- | C] () -- C:\Program Files\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx
[2010.01.20 20:49:45 | 00,000,073 | -H-- | C] () -- C:\Documents and Settings\!\Local Settings\Application Data\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx
[2010.01.20 20:48:54 | 00,000,826 | RHS- | C] () -- C:\autorun.inf
[2010.01.20 20:48:18 | 00,004,248 | -H-- | C] () -- C:\WINDOWS\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct
[2010.01.20 20:48:18 | 00,004,248 | -H-- | C] () -- C:\WINDOWS\System32\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct
[2010.01.20 20:48:18 | 00,004,248 | -H-- | C] () -- C:\Program Files\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct
[2010.01.20 20:48:18 | 00,004,248 | -H-- | C] () -- C:\Documents and Settings\!\Local Settings\Application Data\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct
[2010.01.20 20:48:18 | 00,000,280 | -H-- | C] () -- C:\WINDOWS\System32\bajsucafppkzukwmsvamoewpwwv.npx
[2010.01.20 20:48:18 | 00,000,280 | -H-- | C] () -- C:\WINDOWS\bajsucafppkzukwmsvamoewpwwv.npx
[2010.01.20 20:48:18 | 00,000,280 | -H-- | C] () -- C:\Program Files\bajsucafppkzukwmsvamoewpwwv.npx
[2010.01.20 20:48:18 | 00,000,280 | -H-- | C] () -- C:\Documents and Settings\!\Local Settings\Application Data\bajsucafppkzukwmsvamoewpwwv.npx
[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\zmjgwsexvjsveiimgxq.exe
[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\zmjgwsexvjsveiimgxq.exe
[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\yicwjclbwhnnturs.exe
[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\yicwjclbwhnnturs.exe
[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\siiibaplmdpvhoryvploho.exe
[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\siiibaplmdpvhoryvploho.exe
[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\oawshcnfcpxzhkjmfv.exe
[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\oawshcnfcpxzhkjmfv.exe
[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\maywnkxrqfptdijojbvw.exe
[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\maywnkxrqfptdijojbvw.exe
[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\fqlguoyplxefmomog.exe
[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\fqlguoyplxefmomog.exe
[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\bqpogesnndotekmsohcew.exe
[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\bqpogesnndotekmsohcew.exe
[2010.01.20 20:16:45 | 00,038,489 | ---- | C] () -- C:\Documents and Settings\!\Desktop\_eml.zip
[2010.01.19 15:28:33 | 00,303,824 | ---- | C] () -- C:\Documents and Settings\!\Desktop\matematika.zip
[2010.01.18 17:18:34 | 00,000,721 | ---- | C] () -- C:\Documents and Settings\!\Desktop\Кели Станфорд - Обратът на Съдбата.lnk
[2010.01.17 19:48:38 | 00,013,093 | ---- | C] () -- C:\Documents and Settings\!\Desktop\Ice Age - BG Audio-[rarbg.com].torrent
[2010.01.15 15:40:54 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\!\Desktop\Mishap An Accidental Haunting.lnk
[2010.01.15 13:45:41 | 00,055,454 | ---- | C] () -- C:\Documents and Settings\!\Desktop\31_12_2009.zip
[2010.01.13 15:42:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009.12.30 12:20:16 | 00,001,044 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009.12.30 12:20:15 | 00,001,040 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009.12.30 12:14:44 | 00,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009.12.30 12:14:09 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.12.30 00:01:01 | 00,048,640 | ---- | C] () -- C:\Documents and Settings\!\Desktop\Диети и Отслабване.doc
[2009.12.22 21:07:58 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.16 18:54:48 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.12.08 14:22:24 | 00,008,891 | ---- | C] () -- C:\Documents and Settings\!\Application Data\SmarThruOptions.xml
[2009.12.08 14:22:13 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2009.12.08 14:22:00 | 00,000,124 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2009.12.08 14:21:57 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2009.12.04 11:08:12 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.12.04 11:05:45 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.12.04 11:04:29 | 00,000,110 | ---- | C] () -- C:\Program Files\setup.cmd
[2009.12.04 11:01:35 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.12.04 11:01:34 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.12.04 11:01:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.12.04 11:01:28 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.12.04 11:01:28 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.12.04 11:01:24 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.12.04 11:01:23 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.12.03 17:43:52 | 00,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006.08.16 05:05:50 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2006.08.16 05:05:48 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2006.08.16 05:05:48 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2006.08.16 05:05:48 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2003.01.07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010.01.13 15:42:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Aisle 5 Games, Inc
[2010.01.07 14:52:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Artogon
[2009.12.06 19:11:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Auslogics
[2010.01.08 01:35:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Big Fish Games
[2009.12.22 21:21:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\BSplayer PRO
[2009.12.12 15:27:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\casanova
[2009.12.10 15:44:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\ChaYoWo Games
[2009.12.07 13:35:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\CometNetwork
[2010.01.13 16:35:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Dragon Altar Games
[2010.01.06 00:43:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\ERS G-Studio
[2010.01.05 23:44:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Go-Go Gourmet Chef of the Year
[2009.12.15 14:22:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\IronCode
[2009.12.20 16:55:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Meridian93
[2010.01.05 22:05:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Merscom
[2010.01.06 17:15:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Orneon
[2010.01.05 14:28:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\PlayFirst
[2009.12.08 14:22:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\SmarThru4
[2010.01.12 16:46:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\TitanicMystery
[2009.12.17 16:57:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\TMInc
[2010.01.18 17:18:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\URSE Games
[2010.01.11 19:43:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\uTorrent
[2009.12.10 11:44:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\V-Games
[2010.01.14 16:07:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Virtual Prophecy
[2010.01.07 16:29:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\YoudaGames
[2009.12.17 16:55:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarGameBox
[2009.12.03 17:33:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010.01.11 18:04:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010.01.05 22:43:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010.01.05 22:05:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010.01.05 14:28:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009.12.22 21:40:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2010.01.08 01:28:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.01.21 00:01:00 | 00,000,226 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010.01.21 10:07:40 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C92D3F70-81D1-4578-85AB-90349F363915}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009.12.03 10:19:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010.01.21 10:11:04 | 00,000,826 | RHS- | M] () -- C:\autorun.inf
[2009.12.03 10:14:35 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009.12.03 10:19:08 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009.02.19 06:09:24 | 00,577,536 | RHS- | M] () -- C:\fivioaclz.bat
[2009.12.03 10:19:08 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009.12.03 10:19:08 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008.04.14 14:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.04.14 14:00:00 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2010.01.21 10:10:17 | 21,453,86496 | -HS- | M] () -- C:\pagefile.sys
[2010.01.21 10:11:04 | 00,577,536 | RHS- | M] () -- C:\pwneoekxpxaxa.bat
[2007.07.14 02:03:08 | 00,301,090 | ---- | M] () -- C:\Toolbar_Install.bmp
[2009.02.16 06:03:45 | 00,577,536 | RHS- | M] () -- C:\tynckycndjk.bat


< MD5 for: AGP440.SYS >
[2008.04.14 14:00:00 | 20,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 20,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 14:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[2008.04.14 14:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008.04.14 14:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008.06.25 10:11:26 | 00,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2009.03.08 04:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 04:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %PROGRAMFILES%\*. >
[2009.12.08 10:47:45 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009.12.17 18:00:27 | 00,000,000 | ---D | M] -- C:\Program Files\Alawar
[2009.12.08 18:33:06 | 00,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2009.12.07 13:30:54 | 00,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2009.12.04 10:55:38 | 00,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009.12.04 11:01:19 | 00,000,000 | ---D | M] -- C:\Program Files\Auslogics
[2010.01.20 21:10:33 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009.12.03 10:16:25 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009.12.04 11:09:28 | 00,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools
[2010.01.20 22:14:11 | 00,000,000 | ---D | M] -- C:\Program Files\ESET
[2010.01.21 10:17:30 | 00,000,000 | ---D | M] -- C:\Program Files\FlashGet
[2009.12.30 12:14:48 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2010.01.20 21:04:52 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009.12.20 16:19:03 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009.12.04 11:01:41 | 00,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2009.12.10 23:20:49 | 00,000,000 | ---D | M] -- C:\Program Files\KONAMI
[2009.12.04 09:30:55 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010.01.05 21:16:29 | 00,000,000 | ---D | M] -- C:\Program Files\Microids
[2009.12.04 11:05:14 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009.12.03 10:19:25 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009.12.04 11:04:57 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009.12.04 11:04:40 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009.12.03 10:17:28 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010.01.20 22:24:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009.12.07 00:05:38 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009.12.03 10:15:29 | 00,000,000 | ---D | M] -- C:\Program Files\MSN
[2009.12.03 10:16:06 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009.12.09 23:47:27 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009.12.04 11:03:13 | 00,000,000 | ---D | M] -- C:\Program Files\Nero
[2009.12.03 10:17:42 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010.01.06 23:26:40 | 00,000,000 | ---D | M] -- C:\Program Files\NOS
[2009.12.03 10:16:15 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009.12.04 09:28:38 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009.12.08 14:22:00 | 00,000,000 | ---D | M] -- C:\Program Files\Readiris10
[2009.12.03 17:32:24 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009.12.07 00:05:34 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010.01.11 18:03:11 | 00,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2009.12.08 14:19:03 | 00,000,000 | ---D | M] -- C:\Program Files\SAMSUNG
[2009.12.30 12:13:58 | 00,000,000 | R--D | M] -- C:\Program Files\Skype
[2009.12.08 14:22:24 | 00,000,000 | ---D | M] -- C:\Program Files\SmarThru 4
[2009.12.03 10:23:57 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009.12.04 11:04:29 | 00,000,000 | ---D | M] -- C:\Program Files\Winamp
[2009.12.03 10:19:08 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009.12.03 10:15:58 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009.12.03 10:18:12 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009.12.04 11:08:59 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009.12.03 10:19:25 | 00,000,000 | ---D | M] -- C:\Program Files\xerox

< %userprofile%\Desktop\*.* >
[2010.01.15 13:45:43 | 00,055,454 | ---- | M] () -- C:\Documents and Settings\!\Desktop\31_12_2009.zip
[2009.12.04 11:01:20 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Auslogics Disk Defrag.lnk
[2010.01.21 10:23:43 | 00,039,138 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Extras.Txt
[2009.12.04 11:01:44 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\!\Desktop\FlashGet.lnk
[2010.01.17 19:49:45 | 00,013,093 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Ice Age - BG Audio-[rarbg.com].torrent
[2010.01.18 17:17:38 | 65,102,450 | ---- | M] (Adventurersbg.info ) -- C:\Documents and Settings\!\Desktop\Kellie Stanford - Turn of Fate - BG.exe
[2010.01.19 15:31:09 | 00,303,824 | ---- | M] () -- C:\Documents and Settings\!\Desktop\matematika.zip
[2010.01.14 16:06:58 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Mishap An Accidental Haunting.lnk
[2009.12.04 11:03:42 | 00,000,678 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Nero Burning ROM.lnk
[2010.01.21 10:15:21 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\!\Desktop\OTL.exe
[2010.01.21 10:23:42 | 00,168,034 | ---- | M] () -- C:\Documents and Settings\!\Desktop\OTL.Txt
[2009.12.04 11:04:30 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Winamp.lnk
[2010.01.20 20:16:45 | 00,038,489 | ---- | M] () -- C:\Documents and Settings\!\Desktop\_eml.zip
[2009.12.30 00:01:01 | 00,048,640 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Диети и Отслабване.doc
[2010.01.18 17:18:34 | 00,000,721 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Кели Станфорд - Обратът на Съдбата.lnk

< %userprofile%\Desktop\*. >
[2010.01.12 14:25:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Desktop\astrea
[2010.01.12 21:17:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Desktop\FLASHKA
[2010.01.17 20:10:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Desktop\Ice Age - BG Audio
[2010.01.19 22:06:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Desktop\Ice.Age.Dawn.of.the.Dinosaurs.2009.CAM.XViD.BGAUDIO-CheFo
[2010.01.11 20:20:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Desktop\kari
[2010.01.19 15:22:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Desktop\New Folder
[2010.01.21 10:18:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Desktop\probi
[2010.01.17 21:28:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Desktop\The.Da.Vinci.Code[2006]DvDrip[Eng]-aXXo

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-13 17:09:49

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5216CD26
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB77E2C4
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:981349EA
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C
< End of report >


Extras.Txt


OTL Extras logfile created on: 21.1.2010 г. 10:25:20 - Run 2
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\!\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,00 Gb Total Space | 3,82 Gb Free Space | 19,09% Space Free | Partition Type: NTFS
Drive D: | 212,87 Gb Total Space | 111,52 Gb Free Space | 52,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-0CCED92A1A
Current User Name: !
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1757981266-746137067-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"25403:TCP" = 25403:TCP:*:Enabled:BitComet 25403 TCP
"25403:UDP" = 25403:UDP:*:Enabled:BitComet 25403 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet\FlashGet.exe" = C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget -- (FlashGet.com)
"D:\BitComet\BitComet.exe" = D:\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- File not found
"D:\PROGRAMKI\BitComet\BitComet.exe" = D:\PROGRAMKI\BitComet\BitComet.exe:*:Enabled:BitComet -- (www.BitComet.com)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"D:\utorrent.exe" = D:\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03E256CC-9C17-16AE-CA3E-8285D3B29674}" = Catalyst Control Center Localization Dutch
"{04E6C9A8-05A7-ED51-6004-D51DCB0F6C3C}" = CCC Help Russian
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0BD0239E-4BF7-AADE-BF65-15591AD85E7E}" = Catalyst Control Center Localization French
"{1131DBA1-6C25-AD3F-8466-76A6D0F18D86}" = Catalyst Control Center Localization Czech
"{1289965E-A50A-759C-C365-2062F94CD55C}" = ccc-utility
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D2D8F2F-C012-98B1-155B-BE08FE7A944D}" = CCC Help Korean
"{231731CD-27FF-DAF9-16CD-4EB28CE747DA}" = CCC Help Greek
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2675DE6E-4083-9491-14A1-AA99E3F126EA}" = Skins
"{3100925A-26D6-E406-BB72-0ECE1BD44798}" = Catalyst Control Center Localization Japanese
"{31CD452E-9415-7244-07EE-0DDD20C54326}" = CCC Help Czech
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37099F28-2B3D-5BB8-4634-A513B85B7B54}" = Catalyst Control Center Localization Swedish
"{376F7462-36DA-F929-3329-86CD85076974}" = Catalyst Control Center Localization Chinese Standard
"{3A398E1C-BB28-5396-B3FE-76C35A302A2F}" = Catalyst Control Center Localization German
"{3B0EC1C1-7A64-D405-3374-CE893AFA7597}" = CCC Help Finnish
"{469BFD44-46D4-5A50-2B39-2662158361E5}" = CCC Help Danish
"{4A44F3B9-A208-5457-24E6-448C88A329DA}" = CCC Help Japanese
"{4E25D959-1080-2CB3-5408-AD88CE1D22F4}" = Catalyst Control Center Core Implementation
"{53CA7C0D-3D10-E53E-6FE6-8CEA4170D659}" = Catalyst Control Center Graphics Full Existing
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{552332F5-8904-E6DB-6708-4D40A852DD9C}" = CCC Help Portuguese
"{5811BFA6-916D-992E-2550-DAF921A72BA2}" = CCC Help Spanish
"{5C14D074-7A75-B3B6-F734-F652EBC126C9}" = CCC Help Dutch
"{61585999-E891-AB93-2C1A-BCFCB86F9EA1}" = Catalyst Control Center Graphics Full New
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.® L1 Gigabit Ethernet Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D21040-CF6D-B67F-E794-13A49B5EFD90}" = Catalyst Control Center Localization Thai
"{771DAF24-33A1-2EC4-2161-9DB6F0B4BB4F}" = Catalyst Control Center Localization Portuguese
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114643957}" = Big City Adventure Sydney
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{893D6516-88C7-97F2-FF21-93FDFBC075D5}" = Catalyst Control Center Localization Hungarian
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{901E0402-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Bulgarian User Interface Pack
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{9299FBD5-3A59-F73B-0EA1-EE0E2E49EFCF}" = ccc-core-static
"{9BF5501A-BA5F-E1E6-AD12-A00C54D253A1}" = CCC Help French
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC63D770-6466-6DA6-1893-A98F7E4979A9}" = CCC Help Norwegian
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE04A701-0B3D-80AF-1514-9676BC2B7E2D}" = CCC Help English
"{AE7EA6CC-C55D-3C57-6540-4D73514E578A}" = CCC Help Italian
"{AF9DF04A-4B60-61A7-3C56-6A7A231ADFFF}" = ccc-core-preinstall
"{B2E88616-DB58-7570-2047-884C09841F0A}" = CCC Help Polish
"{B5BD948A-408C-34EF-CA08-79F79D91EE63}" = CCC Help Chinese Traditional
"{B8F66A22-6C6D-26ED-B69A-3DC704C274F4}" = CCC Help Chinese Standard
"{BAB9CF35-B641-2D02-CF12-E8929150AE61}" = Catalyst Control Center Localization Chinese Traditional
"{BD61A312-FC04-5FE8-3FA1-18FBA7068A26}" = Catalyst Control Center Graphics Light
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C557E258-E9DB-B062-3E95-DCC3DF1DF6FD}" = Catalyst Control Center Graphics Previews Common
"{C6FBE7BB-D63B-63AC-D856-791F70FAF2AC}" = Catalyst Control Center Localization Norwegian
"{CB2BBE97-230C-641A-45C3-171E812FFF2B}" = Catalyst Control Center Localization Danish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}" = DAMN NFO Viewer 2.10.0031 RC3
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFD9146F-CC1D-09AE-223F-F0F23A8D702C}" = Catalyst Control Center Localization Korean
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2963C46-06B4-2C13-06A4-967AC62EA44E}" = CCC Help German
"{E34E9B33-46EC-4252-A52F-DDA3978CC0AF}" = Syberia
"{E4628D0D-5DC8-49EC-985A-F0C12EDBF1D2}" = Agatha Christie - And Then There Were None
"{E8B5AAC3-AA42-BA50-ED23-50691ACA9A68}" = Catalyst Control Center Localization Spanish
"{EBCC80A8-4CE8-F0D8-2417-D07837152464}" = Catalyst Control Center Localization Russian
"{EC625543-C1BC-52DA-E923-0D1611A8C33D}" = Catalyst Control Center Localization Italian
"{EDC7CB81-59D7-9934-148C-458F1A4527BC}" = CCC Help Thai
"{F0DC188E-E456-BFE0-F039-5D6EDDB322CA}" = CCC Help Turkish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D42B14-EA0F-3A0B-9E58-7A2BD6D2D695}" = CCC Help Hungarian
"{F2BFA1B3-F7A2-7DA1-EF5F-55E57D091942}" = Catalyst Control Center Localization Greek
"{F33CD8AA-45B3-033B-29BA-7ACBDC049F96}" = CCC Help Swedish
"{F4992E7A-C58D-4BC8-0957-A21D28F62479}" = Catalyst Control Center Localization Turkish
"{F8D7DD12-6CE1-4A6B-C2EC-28EC3761B880}" = Catalyst Control Center Localization Finnish
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FF59611E-238D-249F-B002-59CF89B3E7CA}" = Catalyst Control Center Localization Polish
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BitComet" = BitComet 1.17
"Bulgarian_KBD'S_Atanasov" = Bulgarian Keyboards XP by G. Atanasov
"Cate West - The Velvet Keys" = Cate West - The Velvet Keys
"CometBird (3.5.5)" = CometBird (3.5.5)
"FlashGet" = FlashGet 1.9.6.1073
"G.H.O.S.T Chronicles - Phantom of the Renaissance Faire" = G.H.O.S.T Chronicles - Phantom of the Renaissance Faire
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Kellie Stanford - Turn of Fate 1.00" = Kellie Stanford - Turn of Fate 1.00
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mishap An Accidental Haunting 1.00" = Mishap An Accidental Haunting 1.00
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Nero 7 Lite_is1" = Nero 7 Lite 7.9.6.0
"Samsung SCX-4200 Series" = Samsung SCX-4200 Series
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04.12.2009 г. 05:08:07 | Computer Name = USER-0CCED92A1A | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 06.12.2009 г. 13:17:39 | Computer Name = USER-0CCED92A1A | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 07.12.2009 г. 06:03:10 | Computer Name = USER-0CCED92A1A | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 3994, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 07.12.2009 г. 06:03:10 | Computer Name = USER-0CCED92A1A | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET_2.0.50727
(ASP.NET_2.0.50727) failed. The Error code is the first DWORD in Data section.

Error - 07.12.2009 г. 06:03:11 | Computer Name = USER-0CCED92A1A | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 3994, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 07.12.2009 г. 06:03:11 | Computer Name = USER-0CCED92A1A | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service aspnet_state
(ASP.NET State Service) failed. The Error code is the first DWORD in Data section.

Error - 07.12.2009 г. 06:03:11 | Computer Name = USER-0CCED92A1A | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 3994, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 10.12.2009 г. 17:39:35 | Computer Name = USER-0CCED92A1A | Source = MsiInstaller | ID = 1013
Description = Product: SILENT HILL 3 -- 1: This installation cannot be run by directly
launching the MSI package. You must run setup.exe.

Error - 10.12.2009 г. 17:39:52 | Computer Name = USER-0CCED92A1A | Source = MsiInstaller | ID = 1013
Description = Product: SILENT HILL 3 -- 1: This installation cannot be run by directly
launching the MSI package. You must run setup.exe.

[ System Events ]
Error - 12.1.2010 г. 08:52:22 | Computer Name = USER-0CCED92A1A | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 13.1.2010 г. 06:12:26 | Computer Name = USER-0CCED92A1A | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001FC659768E has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 13.1.2010 г. 06:13:17 | Computer Name = USER-0CCED92A1A | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 13.1.2010 г. 13:49:46 | Computer Name = USER-0CCED92A1A | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 14.1.2010 г. 08:06:28 | Computer Name = USER-0CCED92A1A | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 15.1.2010 г. 07:28:22 | Computer Name = USER-0CCED92A1A | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 17.1.2010 г. 12:38:06 | Computer Name = USER-0CCED92A1A | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 18.1.2010 г. 10:12:03 | Computer Name = USER-0CCED92A1A | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 19.1.2010 г. 04:10:43 | Computer Name = USER-0CCED92A1A | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 19.1.2010 г. 06:53:55 | Computer Name = USER-0CCED92A1A | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20


< End of report >

[B-boy[StyLe]]

СТЪПКА 1

Стартирайте OTL.exe и с copy/paste под колонката "Custom Scans/Fixes" и въведете следната информация:

Важно е да копирате скрипта точно, както съм го написал - започва с двуточието преди OTL !

Цитат

:OTL
PRC - C:\WINDOWS\system32\fqlguoyplxefmomog.exe ()
PRC - C:\Documents and Settings\!\Local Settings\Temp\zalwakk.exe ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [mmwgjs] C:\WINDOWS\System32\maywnkxrqfptdijojbvw.exe ()
O4 - HKLM..\Run: [qwmclafriprn] C:\Documents and Settings\!\Local Settings\Temp\yicwjclbwhnnturs.exe ()
O4 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003..\Run: [fivioaclz] C:\WINDOWS\System32\fqlguoyplxefmomog.exe ()
O4 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003..\Run: [mmwgjs] C:\Documents and Settings\!\Local Settings\Temp\bqpogesnndotekmsohcew.exe ()
O4 - HKLM..\RunOnce: [tynckycndjk] C:\Documents and Settings\!\Local Settings\Temp\zmjgwsexvjsveiimgxq.exe ()
O4 - HKLM..\RunOnce: [zalwakk] C:\WINDOWS\System32\yicwjclbwhnnturs.exe ()
O4 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003..\RunOnce: [ycqelyblaf] C:\WINDOWS\System32\zmjgwsexvjsveiimgxq.exe ()
O4 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003..\RunOnce: [zalwakk] C:\Documents and Settings\!\Local Settings\Temp\zmjgwsexvjsveiimgxq.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: oqcotefn = yicwjclbwhnnturs.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: bajsu = C:\DOCUME~1\!\LOCALS~1\Temp\bqpogesnndotekmsohcew.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O32 - AutoRun File - [2009.12.03 10:19:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.01.21 10:11:04 | 00,000,826 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.01.21 10:11:05 | 00,000,820 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{367ad49e-05ac-11df-be33-001fc659768e}\Shell\AutoRun\command - "" = G:\fivioaclz.bat -- File not found
O33 - MountPoints2\{367ad49e-05ac-11df-be33-001fc659768e}\Shell\explore\Command - "" = G:\pwneoekxpxaxa.bat -- File not found
O33 - MountPoints2\{367ad49e-05ac-11df-be33-001fc659768e}\Shell\open\Command - "" = G:\tynckycndjk.bat -- File not found
[2010.01.21 10:25:30 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj
[2010.01.21 10:25:30 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\System32\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj
[2010.01.21 10:25:30 | 00,002,408 | -H-- | M] () -- C:\Program Files\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj
[2010.01.21 10:25:30 | 00,002,408 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj
[2010.01.21 10:25:30 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\bajsucafppkzukwmsvamoewpwwv.npx
[2010.01.21 10:25:30 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\bajsucafppkzukwmsvamoewpwwv.npx
[2010.01.21 10:25:30 | 00,000,280 | -H-- | M] () -- C:\Program Files\bajsucafppkzukwmsvamoewpwwv.npx
[2010.01.21 10:25:30 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\bajsucafppkzukwmsvamoewpwwv.npx
[2010.01.21 10:25:01 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\System32\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv
[2010.01.21 10:25:01 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv
[2010.01.21 10:25:01 | 00,000,316 | -H-- | M] () -- C:\Program Files\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv
[2010.01.21 10:25:01 | 00,000,316 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv
[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\zmjgwsexvjsveiimgxq.exe
[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\yicwjclbwhnnturs.exe
[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\siiibaplmdpvhoryvploho.exe
[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\oawshcnfcpxzhkjmfv.exe
[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\maywnkxrqfptdijojbvw.exe
[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\fqlguoyplxefmomog.exe
[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\bqpogesnndotekmsohcew.exe
[2010.01.21 10:11:04 | 00,577,536 | RHS- | M] () -- C:\pwneoekxpxaxa.bat
[2010.01.21 10:11:04 | 00,000,826 | RHS- | M] () -- C:\autorun.inf
[2010.01.21 10:10:31 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\siiibaplmdpvhoryvploho.exe
[2010.01.21 10:10:31 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\bqpogesnndotekmsohcew.exe
[2010.01.21 10:10:30 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\maywnkxrqfptdijojbvw.exe
[2010.01.21 10:10:29 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\zmjgwsexvjsveiimgxq.exe
[2010.01.21 10:10:28 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\yicwjclbwhnnturs.exe
[2010.01.21 10:04:25 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\oawshcnfcpxzhkjmfv.exe
[2010.01.21 00:01:00 | 00,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.01.20 22:52:12 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\fqlguoyplxefmomog.exe
[2010.01.20 20:49:45 | 00,000,073 | -H-- | M] () -- C:\WINDOWS\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx
[2010.01.20 20:49:45 | 00,000,073 | -H-- | M] () -- C:\WINDOWS\System32\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx
[2010.01.20 20:49:45 | 00,000,073 | -H-- | M] () -- C:\Program Files\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx
[2010.01.20 20:49:45 | 00,000,073 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx
[2010.01.20 20:48:18 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct
[2010.01.20 20:48:18 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\System32\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct
[2010.01.20 20:48:18 | 00,004,248 | -H-- | M] () -- C:\Program Files\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct
[2010.01.20 20:48:18 | 00,004,248 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct
[2009.02.19 06:09:24 | 00,577,536 | RHS- | M] () -- C:\fivioaclz.bat
[2010.01.21 10:11:04 | 00,577,536 | RHS- | M] () -- C:\pwneoekxpxaxa.bat
[2009.02.16 06:03:45 | 00,577,536 | RHS- | M] () -- C:\tynckycndjk.bat
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5216CD26
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB77E2C4
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:981349EA
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C
:files
C:\WINDOWS\system32\fqlguoyplxefmomog.exe
C:\Documents and Settings\!\Local Settings\Temp\zalwakk.exe
C:\WINDOWS\*.tmp
C:\WINDOWS\System32\*.tmp
C:\Program Files\Ask.com
C:\RECYCLER
D:\RECYCLER
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\BitComet\BitComet.exe"=-
:Commands
[purity]
[emptytemp]
[Reboot]

Натиснете бутона Run Fix

Ще се създаде лог файл. Публикувайте го в следващия си пост.

СТЪПКА 2

1) Изтеглете: ESET Online Scanner
2) Стартирайте esetsmartinstaller_enu.exe
3) Сложете отметка на YES, I accept the Terms of Use и изберете Start
4) Скенерът ще започне да изтегля компонентите, които са му необходими.
5) Уверете се, че има отметки на следните редове, включително и тези от менюто Advanced Settings:

• Remove found threats
  
• Scan archives
  
• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
  
• Enable Anti-Stealth technology

И накрая изберете Start

6) Скенерът ще започне да изтегля последните дефиниции.
7) След, като сканирането завърши изберете Finish.
8) Отидете в:
C:\Program Files\ESET\ESET Online Scanner

Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си пост.

СТЪПКА 3

Моля, изтеглете SystemLook и запазете програмата на десктопа.

# Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
# Копирайте съдържанието на следния код в текстовото поле на програмата

Цитат

:filefind
ATIDEMGX.dll
dxtmsft.dll
dxtrans.dll

* Кликнете на бутона Look, за да започне сканирането.
* Когато сканирането завърши ще Ви се отвори Notepad с резултата от сканирането. Моля, публикувайте лог файла в следващия си коментар.

[tonitaakg]

След Run Fix последва това?

All processes killed
========== OTL ==========
No active process named fqlguoyplxefmomog.exe was found!
No active process named zalwakk.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1757981266-746137067-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mmwgjs deleted successfully.
C:\WINDOWS\system32\maywnkxrqfptdijojbvw.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\qwmclafriprn deleted successfully.
C:\Documents and Settings\!\Local Settings\Temp\yicwjclbwhnnturs.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1757981266-746137067-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\fivioaclz deleted successfully.
C:\WINDOWS\system32\fqlguoyplxefmomog.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1757981266-746137067-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\mmwgjs deleted successfully.
C:\Documents and Settings\!\Local Settings\Temp\bqpogesnndotekmsohcew.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tynckycndjk deleted successfully.
C:\Documents and Settings\!\Local Settings\Temp\zmjgwsexvjsveiimgxq.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\zalwakk deleted successfully.
C:\WINDOWS\system32\yicwjclbwhnnturs.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1757981266-746137067-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ycqelyblaf deleted successfully.
C:\WINDOWS\system32\zmjgwsexvjsveiimgxq.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1757981266-746137067-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\zalwakk deleted successfully.
File C:\Documents and Settings\!\Local Settings\Temp\zmjgwsexvjsveiimgxq.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\oqcotefn deleted successfully.
C:\WINDOWS\yicwjclbwhnnturs.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\bajsu deleted successfully.
File C:\DOCUME~1\!\LOCALS~1\Temp\bqpogesnndotekmsohcew.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1757981266-746137067-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
C:\AUTOEXEC.BAT moved successfully.
C:\autorun.inf moved successfully.
D:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{367ad49e-05ac-11df-be33-001fc659768e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{367ad49e-05ac-11df-be33-001fc659768e}\ not found.
File G:\fivioaclz.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{367ad49e-05ac-11df-be33-001fc659768e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{367ad49e-05ac-11df-be33-001fc659768e}\ not found.
File G:\pwneoekxpxaxa.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{367ad49e-05ac-11df-be33-001fc659768e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{367ad49e-05ac-11df-be33-001fc659768e}\ not found.
File G:\tynckycndjk.bat not found.
C:\WINDOWS\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj moved successfully.
C:\WINDOWS\system32\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj moved successfully.
C:\Program Files\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj moved successfully.
C:\Documents and Settings\!\Local Settings\Application Data\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj moved successfully.
C:\WINDOWS\system32\bajsucafppkzukwmsvamoewpwwv.npx moved successfully.
C:\WINDOWS\bajsucafppkzukwmsvamoewpwwv.npx moved successfully.
C:\Program Files\bajsucafppkzukwmsvamoewpwwv.npx moved successfully.
C:\Documents and Settings\!\Local Settings\Application Data\bajsucafppkzukwmsvamoewpwwv.npx moved successfully.
C:\WINDOWS\system32\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv moved successfully.
C:\WINDOWS\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv moved successfully.
C:\Program Files\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv moved successfully.
C:\Documents and Settings\!\Local Settings\Application Data\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv moved successfully.
C:\WINDOWS\zmjgwsexvjsveiimgxq.exe moved successfully.
File C:\WINDOWS\yicwjclbwhnnturs.exe not found.
C:\WINDOWS\siiibaplmdpvhoryvploho.exe moved successfully.
C:\WINDOWS\oawshcnfcpxzhkjmfv.exe moved successfully.
C:\WINDOWS\maywnkxrqfptdijojbvw.exe moved successfully.
C:\WINDOWS\fqlguoyplxefmomog.exe moved successfully.
C:\WINDOWS\bqpogesnndotekmsohcew.exe moved successfully.
C:\pwneoekxpxaxa.bat moved successfully.
File C:\autorun.inf not found.
C:\WINDOWS\system32\siiibaplmdpvhoryvploho.exe moved successfully.
C:\WINDOWS\system32\bqpogesnndotekmsohcew.exe moved successfully.
File C:\WINDOWS\System32\maywnkxrqfptdijojbvw.exe not found.
File C:\WINDOWS\System32\zmjgwsexvjsveiimgxq.exe not found.
File C:\WINDOWS\System32\yicwjclbwhnnturs.exe not found.
C:\WINDOWS\system32\oawshcnfcpxzhkjmfv.exe moved successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
File C:\WINDOWS\System32\fqlguoyplxefmomog.exe not found.
C:\WINDOWS\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx moved successfully.
C:\WINDOWS\system32\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx moved successfully.
C:\Program Files\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx moved successfully.
C:\Documents and Settings\!\Local Settings\Application Data\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx moved successfully.
C:\WINDOWS\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct moved successfully.
C:\WINDOWS\system32\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct moved successfully.
C:\Program Files\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct moved successfully.
C:\Documents and Settings\!\Local Settings\Application Data\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct moved successfully.
C:\fivioaclz.bat moved successfully.
File C:\pwneoekxpxaxa.bat not found.
C:\tynckycndjk.bat moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5216CD26 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DB77E2C4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:981349EA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\fqlguoyplxefmomog.exe not found.
C:\Documents and Settings\!\Local Settings\Temp\zalwakk.exe moved successfully.
C:\WINDOWS\SET1C.tmp moved successfully.
C:\WINDOWS\SET1F.tmp moved successfully.
C:\WINDOWS\SET2B.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\Program Files\Ask.com folder moved successfully.
C:\RECYCLER\S-1-5-21-1757981266-746137067-1801674531-1003 folder moved successfully.
C:\RECYCLER folder moved successfully.
D:\RECYCLER\S-1-5-21-854245398-515967899-1801674531-1004 folder moved successfully.
D:\RECYCLER\S-1-5-21-1757981266-746137067-1801674531-1003 folder moved successfully.
D:\RECYCLER folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\BitComet\BitComet.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: !
->Temp folder emptied: 379220967 bytes
->Temporary Internet Files folder emptied: 109659478 bytes
->FireFox cache emptied: 55166982 bytes
->Google Chrome cache emptied: 5876372 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 4928363 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17328227 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 33679926 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 578,00 mb


OTL by OldTimer - Version 3.1.25.3 log created on 01212010_143508

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[tonitaakg]

Положението след онлайн скенера според мен е плачевен, но все пак резултата е следния:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=2a5fbc392633864383e5632c77b12241
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-01-21 01:21:21
# local_time=2010-01-21 03:21:21 (+0200, FLE Standard Time)
# country="Bulgaria"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 3792276 3792276 0 0
# compatibility_mode=1536 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3784 3784 0 0
# scanned=42757
# found=28
# cleaned=28
# scan_time=1419
C:\Documents and Settings\!\Desktop\FLASHKA\autorun.inf Win32/AutoRun.Agent.TE worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_\autorun.inf INF/Autorun.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_\fivioaclz.bat Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_\pwneoekxpxaxa.bat Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_\tynckycndjk.bat Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_Documents and Settings\!\Local Settings\Temp\bqpogesnndotekmsohcew.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_Documents and Settings\!\Local Settings\Temp\yicwjclbwhnnturs.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_Documents and Settings\!\Local Settings\Temp\zalwakk.exe a variant of Win32/AutoRun.Agent.TG worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_Documents and Settings\!\Local Settings\Temp\zmjgwsexvjsveiimgxq.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\bqpogesnndotekmsohcew.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\fqlguoyplxefmomog.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\maywnkxrqfptdijojbvw.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\oawshcnfcpxzhkjmfv.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\siiibaplmdpvhoryvploho.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\yicwjclbwhnnturs.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\zmjgwsexvjsveiimgxq.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\system32\bqpogesnndotekmsohcew.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\system32\fqlguoyplxefmomog.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\system32\maywnkxrqfptdijojbvw.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\system32\oawshcnfcpxzhkjmfv.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\system32\siiibaplmdpvhoryvploho.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\system32\yicwjclbwhnnturs.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\system32\zmjgwsexvjsveiimgxq.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01212010_143508\D_\autorun.inf INF/Autorun.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
D:\fivioaclz.bat Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\pwneoekxpxaxa.bat Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\tynckycndjk.bat Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\PROGRAMKI\Nero_BackItUpAndBurn-1.0.5_update.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

След сканирането със SystemLook резултата е следния:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 15:27 on 21/01/2010 by ! (Administrator - Elevation successful)

========== filefind ==========

Searching for "ATIDEMGX.dll"
C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\ATIDEMGX.dll --a--- 421888 bytes [12:23 27/05/2008] [12:23 27/05/2008] DB527D8FE56923A44F3E8D844F167C5F
C:\WINDOWS\system32\ATIDEMGX.dll --a--- 421888 bytes [08:47 04/12/2009] [08:11 25/06/2008] 576913F2B928327B57538E4110FA9977

Searching for "dxtmsft.dll"
C:\WINDOWS\ie8\dxtmsft.dll --a--c 357888 bytes [08:48 04/12/2009] [12:00 14/04/2008] FB8B75D3BE728E4D41C19AFBA339151E
C:\WINDOWS\system32\dllcache\dxtmsft.dll --a--c 348160 bytes [12:00 14/04/2008] [02:31 08/03/2009] 057D53F1490598D41D9D4DEE9A92B0B1
C:\WINDOWS\system32\dxtmsft.dll --a--- 348160 bytes [12:00 14/04/2008] [02:31 08/03/2009] 057D53F1490598D41D9D4DEE9A92B0B1

Searching for "dxtrans.dll"
C:\WINDOWS\ie8\dxtrans.dll --a--c 205312 bytes [08:48 04/12/2009] [12:00 14/04/2008] F3B0AC8A0C792544BF56999ABDB25F0C
C:\WINDOWS\system32\dllcache\dxtrans.dll --a--c 216064 bytes [12:00 14/04/2008] [02:31 08/03/2009] 5E1A0476E009A1930A524DFF4CA13982
C:\WINDOWS\system32\dxtrans.dll --a--- 216064 bytes [12:00 14/04/2008] [02:31 08/03/2009] 5E1A0476E009A1930A524DFF4CA13982

-=End Of File=-

[B-boy[StyLe]]

*. Временно спрете защитата на антивирусната си програма!

*. Изтеглете Combofix.

*. Запазете го на на декстопа.

*. Отворете notepad.exe и въведете следната информация с copy/paste:

Цитат

KILLALL::
Fcopy::
C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\ATIDEMGX.dll | C:\WINDOWS\system32\ATIDEMGX.dll
C:\WINDOWS\ie8\dxtmsft.dll | C:\WINDOWS\system32\dxtmsft.dll
C:\WINDOWS\ie8\dxtmsft.dll | C:\WINDOWS\system32\dllcache\dxtmsft.dll
C:\WINDOWS\ie8\dxtrans.dll | C:\WINDOWS\system32\dxtrans.dll
C:\WINDOWS\ie8\dxtrans.dll | C:\WINDOWS\system32\dllcache\dxtrans.dll

*. Запазете файла с име CFScript и го провлачете в Combofix.exe



*. По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !

*. Публикувайте лог файла, който ще се създаде след рестарта на компютъра в следващия си пост.

[tonitaakg]

ComboFix 10-01-20.05 - ! 01.2010 г. 16:47:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.1791.1404 [GMT 2:00]
Running from: c:\documents and settings\!\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\!\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\!\Start Menu\Programs\Startup\desktop.ini
c:\documents and settings\All Users\Start Menu\Programs\Startup\desktop.ini
c:\documents and settings\Default User\Start Menu\Programs\Startup\desktop.ini
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini

.
--------------- FCopy ---------------

c:\program files\ATI Technologies\ATI.ACE\Core-Implementation\ATIDEMGX.dll --> c:\windows\system32\ATIDEMGX.dll
c:\windows\ie8\dxtmsft.dll --> c:\windows\system32\dxtmsft.dll
c:\windows\ie8\dxtmsft.dll --> c:\windows\system32\dllcache\dxtmsft.dll
c:\windows\ie8\dxtrans.dll --> c:\windows\system32\dxtrans.dll
c:\windows\ie8\dxtrans.dll --> c:\windows\system32\dllcache\dxtrans.dll
.
((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 13:42 . 2010-01-21 13:42 -------- d-----w- c:\documents and settings\!\Application Data\Malwarebytes
2010-01-21 13:42 . 2010-01-21 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-21 08:23 . 2010-01-21 08:23 -------- d-----w- C:\_OTL
2010-01-20 20:19 . 2010-01-20 20:19 -------- d-----w- c:\windows\system32\LogFiles
2010-01-20 19:56 . 2001-08-17 20:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-01-20 19:56 . 2001-08-17 20:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-01-20 19:56 . 2001-08-17 20:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-01-20 19:56 . 2001-08-17 20:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-01-20 19:56 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-01-20 19:56 . 2001-08-17 12:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-01-20 19:56 . 2001-08-17 12:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-01-20 19:56 . 2001-08-17 12:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-01-20 19:56 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-01-20 19:56 . 2001-08-17 12:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-01-20 19:56 . 2008-04-14 03:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-01-20 19:56 . 2008-04-14 03:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-01-18 15:18 . 2010-01-18 15:18 -------- d-----w- c:\documents and settings\!\Application Data\URSE Games
2010-01-14 14:07 . 2010-01-14 14:07 -------- d-----w- c:\documents and settings\!\Application Data\Virtual Prophecy
2010-01-13 14:35 . 2010-01-13 14:35 -------- d-----w- c:\documents and settings\!\Application Data\Dragon Altar Games
2010-01-13 13:42 . 2010-01-13 13:42 -------- d-----w- c:\documents and settings\!\Application Data\Aisle 5 Games, Inc
2010-01-13 13:42 . 2010-01-13 13:42 4096 ----a-w- c:\windows\d3dx.dat
2010-01-13 13:41 . 2010-01-13 13:41 -------- d-----w- c:\windows\G.H.O.S.T Chronicles - Phantom of the Renaissance Faire
2010-01-12 17:32 . 2010-01-12 17:32 -------- d-----w- c:\documents and settings\!\Local Settings\Application Data\Game Mill Files
2010-01-12 16:55 . 2008-04-14 03:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-01-12 16:55 . 2008-04-14 03:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-01-12 16:55 . 2001-08-17 11:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-01-12 16:55 . 2001-08-17 11:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-01-12 16:55 . 2008-04-13 22:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-01-12 16:55 . 2008-04-13 22:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-01-12 14:46 . 2010-01-12 14:46 -------- d-----w- c:\documents and settings\!\Application Data\TitanicMystery
2010-01-11 16:04 . 2010-01-11 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Gogii
2010-01-11 16:03 . 2010-01-11 16:03 -------- d-----w- c:\program files\ReflexiveArcade
2010-01-07 14:29 . 2010-01-07 14:29 -------- d-----w- c:\documents and settings\!\Application Data\YoudaGames
2010-01-07 12:52 . 2010-01-07 12:52 -------- d-----w- c:\documents and settings\!\Application Data\Artogon
2010-01-06 21:26 . 2010-01-12 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-06 21:26 . 2010-01-06 21:26 -------- d-----w- c:\program files\NOS
2010-01-06 15:15 . 2010-01-06 15:15 -------- d-----w- c:\documents and settings\!\Application Data\Orneon
2010-01-05 21:44 . 2010-01-05 21:44 -------- d-----w- c:\documents and settings\!\Application Data\Go-Go Gourmet Chef of the Year
2010-01-05 20:43 . 2010-01-05 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\JollyBear
2010-01-05 20:43 . 2010-01-05 20:43 -------- d-----w- c:\documents and settings\!\Local Settings\Application Data\JollyBear
2010-01-05 20:42 . 2010-01-05 20:42 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-01-05 20:05 . 2010-01-05 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2010-01-05 20:05 . 2010-01-05 20:05 -------- d-----w- c:\documents and settings\!\Application Data\Merscom
2010-01-05 18:52 . 2010-01-05 19:16 -------- d-----w- c:\program files\Microids
2010-01-05 12:28 . 2010-01-05 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-01-05 12:28 . 2010-01-05 12:28 -------- d-----w- c:\documents and settings\!\Application Data\PlayFirst
2010-01-03 17:30 . 2010-01-03 17:30 -------- d-----w- c:\documents and settings\!\Application Data\Media Player Classic
2009-12-30 13:58 . 2009-12-30 13:58 -------- d--h--w- c:\windows\PIF
2009-12-30 10:25 . 2009-12-30 10:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-12-30 10:14 . 2009-12-30 10:14 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-30 10:14 . 2010-01-21 09:21 -------- d-----w- c:\documents and settings\!\Application Data\skypePM
2009-12-30 10:13 . 2009-12-30 10:13 -------- d-----w- c:\program files\Common Files\Skype
2009-12-22 19:40 . 2010-01-20 19:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Panda Software
2009-12-22 19:40 . 2009-12-22 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\sentinel
2009-12-22 19:39 . 2010-01-20 19:03 -------- d-----w- c:\documents and settings\!\Local Settings\Application Data\Panda Software
2009-12-22 19:37 . 2010-01-20 19:04 -------- d-----w- c:\program files\Common Files\Panda Software
2009-12-22 19:33 . 2009-12-22 19:33 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-12-22 19:33 . 2009-12-30 10:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-12-22 19:33 . 2009-12-22 19:33 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2009-12-22 19:20 . 2008-12-17 17:41 884237 ----a-w- c:\documents and settings\!\Application Data\BSplayer PRO\FFDShow\ff_x264.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 14:43 . 2009-12-03 15:41 -------- d-----w- c:\program files\FlashGet
2010-01-21 14:27 . 2009-12-06 17:23 -------- d-----w- c:\documents and settings\!\Application Data\Skype
2010-01-21 12:54 . 2009-12-04 08:57 -------- d-----w- c:\program files\ESET
2010-01-21 12:40 . 2009-12-03 08:26 42168 ----a-w- c:\documents and settings\!\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-20 19:04 . 2009-12-03 08:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-11 17:43 . 2009-12-07 11:29 -------- d-----w- c:\documents and settings\!\Application Data\uTorrent
2010-01-07 23:35 . 2009-12-12 17:02 -------- d-----w- c:\documents and settings\!\Application Data\Big Fish Games
2010-01-07 23:28 . 2009-12-17 11:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-05 22:43 . 2009-12-18 13:18 -------- d-----w- c:\documents and settings\!\Application Data\ERS G-Studio
2009-12-30 10:14 . 2009-12-06 17:32 -------- d-----w- c:\program files\Google
2009-12-30 10:13 . 2009-12-04 09:02 -------- d-----r- c:\program files\Skype
2009-12-30 10:13 . 2009-12-04 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-22 19:21 . 2009-12-11 15:43 -------- d-----w- c:\documents and settings\!\Application Data\BSplayer PRO
2009-12-20 14:55 . 2009-12-20 14:55 -------- d-----w- c:\documents and settings\!\Application Data\Meridian93
2009-12-17 16:00 . 2009-12-17 14:54 -------- d-----w- c:\program files\Alawar
2009-12-17 14:57 . 2009-12-17 14:57 -------- d-----w- c:\documents and settings\!\Application Data\TMInc
2009-12-17 14:55 . 2009-12-17 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarGameBox
2009-12-17 11:56 . 2009-12-17 11:56 -------- d-----w- c:\documents and settings\!\Application Data\SunRay Games
2009-12-15 14:22 . 2009-12-15 14:22 8854 ----a-r- c:\documents and settings\!\Application Data\Microsoft\Installer\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}\Uninstall_DAMN_NFO_V_DA5E6A2DDEAA4152A43AFDBDE29AA724.exe
2009-12-15 14:22 . 2009-12-15 14:22 49152 ----a-r- c:\documents and settings\!\Application Data\Microsoft\Installer\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}\DAMN_NFO_Viewer.exe_DA5E6A2DDEAA4152A43AFDBDE29AA724.exe
2009-12-15 14:22 . 2009-12-15 14:22 49152 ----a-r- c:\documents and settings\!\Application Data\Microsoft\Installer\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}\ARPPRODUCTICON.exe
2009-12-15 12:22 . 2009-12-15 12:22 -------- d-----w- c:\documents and settings\!\Application Data\IronCode
2009-12-12 13:27 . 2009-12-12 13:27 -------- d-----w- c:\documents and settings\!\Application Data\casanova
2009-12-12 06:45 . 2009-12-12 06:45 -------- d-----w- c:\program files\Common Files\DirectX
2009-12-10 21:20 . 2009-12-10 21:20 -------- d-----w- c:\program files\KONAMI
2009-12-10 13:44 . 2009-12-10 13:44 -------- d-----w- c:\documents and settings\!\Application Data\ChaYoWo Games
2009-12-10 09:44 . 2009-12-10 09:44 -------- d-----w- c:\documents and settings\!\Application Data\V-Games
2009-12-09 21:47 . 2009-12-09 21:47 -------- d-----w- c:\program files\MSXML 4.0
2009-12-08 16:33 . 2009-12-08 16:33 -------- d-----w- c:\program files\Alwil Software
2009-12-08 12:22 . 2009-12-08 12:22 -------- d-----w- c:\documents and settings\!\Application Data\SmarThru4
2009-12-08 12:22 . 2009-12-08 12:21 -------- d-----w- c:\program files\SmarThru 4
2009-12-08 12:22 . 2009-12-08 12:22 -------- d-----w- c:\program files\Common Files\SRC Shared
2009-12-08 12:22 . 2009-12-08 12:21 -------- d-----w- c:\program files\Readiris10
2009-12-08 12:19 . 2009-12-08 12:19 -------- d-----w- c:\program files\SAMSUNG
2009-12-08 08:47 . 2009-12-04 09:02 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-07 11:35 . 2009-12-07 11:35 0 ----a-w- c:\windows\nsreg.dat
2009-12-07 11:35 . 2009-12-07 11:35 -------- d-----w- c:\documents and settings\!\Application Data\CometNetwork
2009-12-07 11:33 . 2009-12-07 11:33 1032192 ----a-w- c:\documents and settings\!\Application Data\Mozilla\Firefox\Profiles\w0e6djt8.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2009-12-07 10:09 . 2009-12-07 10:09 1961720 ----a-w- c:\documents and settings\!\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-12-06 22:05 . 2009-12-06 22:05 -------- d-----w- c:\program files\MSBuild
2009-12-06 22:05 . 2009-12-06 22:05 -------- d-----w- c:\program files\Reference Assemblies
2009-12-06 17:11 . 2009-12-06 17:11 -------- d-----w- c:\documents and settings\!\Application Data\Auslogics
2009-12-06 17:11 . 2009-12-06 17:11 -------- d-----w- c:\documents and settings\!\Application Data\Ahead
2009-12-04 09:09 . 2009-12-04 09:09 -------- d-----w- c:\program files\DAEMON Tools
2009-12-04 09:08 . 2009-12-04 09:08 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-04 09:07 . 2009-12-04 09:07 177024 ----a-w- c:\documents and settings\!\Application Data\Mozilla\Firefox\Profiles\w0e6djt8.default\FlashGot.exe
2009-12-04 09:05 . 2009-12-04 09:05 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-04 09:04 . 2009-12-04 09:04 -------- d-----w- c:\program files\Microsoft.NET
2009-12-04 09:04 . 2009-12-04 09:04 -------- d-----w- c:\program files\Winamp
2009-12-04 09:03 . 2009-12-04 09:03 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-04 09:03 . 2009-12-04 09:03 -------- d-----w- c:\program files\Nero
2009-12-04 09:01 . 2009-12-04 09:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-04 09:01 . 2009-12-04 09:01 -------- d-----w- c:\program files\Auslogics
2009-12-04 08:57 . 2009-12-04 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-12-04 08:57 . 2009-12-04 08:57 -------- d-----w- c:\documents and settings\!\Application Data\ATI
2009-12-04 08:56 . 2009-12-04 08:56 0 ----a-w- c:\windows\ativpsrm.bin
2009-12-04 08:55 . 2009-12-04 08:51 -------- d-----w- c:\program files\ATI Technologies
2009-12-04 08:54 . 2009-12-03 08:31 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-04 08:54 . 2009-12-04 08:54 9158 ----a-r- c:\documents and settings\!\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-12-04 08:54 . 2009-12-04 08:54 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-12-04 08:27 . 2009-12-03 08:18 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-03 15:33 . 2009-12-03 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-12-03 15:32 . 2009-12-03 15:32 -------- d-----w- c:\program files\Realtek
2009-12-03 15:32 . 2009-12-03 15:32 315392 ----a-w- c:\windows\HideWin.exe
2009-12-03 08:19 . 2009-12-03 08:19 -------- d-----w- c:\program files\microsoft frontpage
2009-12-03 08:16 . 2009-12-03 08:16 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-24 21:57 . 2009-12-04 09:04 110 ----a-w- c:\program files\setup.cmd
2009-11-21 15:51 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:45 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-06 39408]
"BitComet"="d:\programki\BitComet\BitComet.exe" [2009-12-28 2940664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-06 122368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-08-16 503808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"d:\\PROGRAMKI\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25403:TCP"= 25403:TCP:BitComet 25403 TCP
"25403:UDP"= 25403:UDP:BitComet 25403 UDP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04.12.2009 г. 11:08 685816]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [03.12.2009 г. 10:31 37376]
S2 gupdate1ca8938d8592458;Услуга Google Update (gupdate1ca8938d8592458);c:\program files\Google\Update\GoogleUpdate.exe [30.12.2009 г. 12:14 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 10:14]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 10:14]

2010-01-21 c:\windows\Tasks\User_Feed_Synchronization-{C92D3F70-81D1-4578-85AB-90349F363915}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &D&ownload &with BitComet - d:\programki\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - d:\programki\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - d:\programki\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\!\Application Data\Mozilla\Firefox\Profiles\w0e6djt8.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-CometBird (3.5.5) - c:\program files\CometBird\uninstall\helper.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114643957} - c:\program files\Games Of The Month\Big City Adventure Sydney\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 16:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x89C408AC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e7dcb8
\Driver\atapi -> atapi.sys @ 0xb9e12b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d1bbb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d28a21
SendHandler -> NDIS.sys @ 0xb9d0687b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4080)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.235\qsb.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-21 16:51:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-21 14:51

Pre-Run: 7 230 296 064 bytes free
Post-Run: 7 195 320 320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F59033BAD38D0884D0AF96F8FD381B4C

[B-boy[StyLe]]

Супер.

СТЪПКА 1

Деинсталирайте Combofix => Start => Run => въведете Combofix /Uninstall => (има празно място между Combofix и /Uninstall) => Enter => това ще стартира и ще деинсталира Combofix. Ще затрие и файловете асоциирани с този инструмент, както и папката C:\Qoobox - карантината на Combofix.

Стартирайте OTL.exe => натиснете Cleanup! бутона => за да изтриете някои от използваните от нас програми. Това ще изтрие и папката C:\_OTL => карантинната папка на OTL.exe.



СТЪПКА 2

Изтеглете SafeBootKeyRepair.exe и го стартирайте.

Следвайте инструкциите.

СТЪПКА 3

Изтеглете Malwarebytes' Anti-Malware от тук

Кликнете два пъти върху mbam-setup.exe за да инсталирате програмата.

* Уверете се, че има отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware, след това кликнете на Finish.
* Ако има намерени по-нови обновления, тя ще ги изтегли и инсталира.
* Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.
* Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
* Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
* Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
* Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.

Бележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

[tonitaakg]

След стартирането на SafeBootReprir.exe ми се появи това:

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

[B-boy[StyLe]]

Продължете със стъпка номер 3 и проверете с Malwarebytes.

Публикувайте лог файла.

[tonitaakg]

Ето това е логът:


Malwarebytes' Anti-Malware 1.44
Версия на базата от данни: 3608
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21.1.2010 г. 18:06:46
mbam-log-2010-01-21 (18-06-46).txt

Тип сканиране: Пълно сканиране (C:\|D:\|E:\|F:\|)
Сканирани обекти: 149075
Изминало време: 11 minute(s), 21 second(s)

Заразени процеси в паметта: 0
Заразени модули в паметта: 0
Заразени ключове в регистратурата: 0
Заразени стойности в регистратурата: 0
Заразени информационни обекти в регистратурата: 0
Заразени папки: 0
Заразени файлове: 26

Заразени процеси в паметта:
(Не бяха открити заплахи)

Заразени модули в паметта:
(Не бяха открити заплахи)

Заразени ключове в регистратурата:
(Не бяха открити заплахи)

Заразени стойности в регистратурата:
(Не бяха открити заплахи)

Заразени информационни обекти в регистратурата:
(Не бяха открити заплахи)

Заразени папки:
(Не бяха открити заплахи)

Заразени файлове:
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001062.bat (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001063.bat (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001064.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001065.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001067.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001068.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001069.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001070.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001071.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001072.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001073.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001074.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001075.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001076.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001077.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001078.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001080.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001081.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001061.bat (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001079.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001202.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001354.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001406.sys (Malware.Trace) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001083.bat (Trojan.KillAV) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001084.bat (Trojan.KillAV) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001085.bat (Trojan.KillAV) -> Quarantined and deleted successfully.

[B-boy[StyLe]]

СТЪПКА 1

Временно спрете System Restore => Десен бутон на My Computer => Properties => System Restore => сложете отметка пред => Turn Off System Restore on all drives.

СТЪПКА 2

* Изтеглете Panda USB Vaccine

* Натиснете бутона Vaccinate Computer.

СТЪПКА 3

Преинсталирайте Скайп без "добавките":

(описанието е взето от Night_Raven)

1. Деинсталирай Skype и го инсталирай без диспечера на на екстрите. Те позволяват на Skype да ползва разни допълнения - детектори на лъжата, допълнения за настроения и всякакви други шарении. Инсталацията на екстрите води и до инсталиране на SkypePM.exe, който се вижда в Task Manager и някои хора се чудят какво е, защото понякога гълта доста памет. Именно с тези екстри се инсталира и Skype4COM протокола, чрез който тази гадинка и всичкия спам, който циркулира в Skype, се разпространява. Традиционния метод е следния: даден потребител е залъган да изтегли и стартира дадена програма, която обещава да добави икони/да разбие парола/нещо друго. Тази програма обаче не е нищо повече от скрипт (VBS в повечето случаи), който не прави нищо от обещаното, а използва споменатия по-горе протокол да се разпрати на всички абонати в списъка.
Ако този протокол го няма, дори и да се стартира подобен спам-скрипт, той няма да може да разпрати нищо.

Ето графична илюстрация как да НЕ се инсталират екстрите:





2. Не стартирайте съмнителни файлове получени по Скайп (дори от познати в контакт листата) без преди това да сте ги проверила с антивирусната си програма или на адрес:

http://www.virustotal.com

СТЪПКА 4

Изтеглете и инсталирайте антивирусна по-ваш избор. Обновете я и направете пълна проверка на системата си с нея.
Може да пробвате новата версия на avast! 5.0.377 Final, която се появи тези дни.