Премини към съдържанието

Colt1911

Потребител
  • Публикации

    29
  • Регистрация

  • Последно онлайн

Харесвания

0 Неутрална репутация

1 Последовател

Всичко за Colt1911

  • Титла
    Потребител
  1. Всичко е наред за сега нямам оплакване и поздрави
  2. Malwarebytes' Anti-Malware 1.41 Версия на базата от данни: 3195 Windows 5.1.2600 Service Pack 3 18.11.2009 . 22:53:32 mbam-log-2009-11-18 (22-53-32).txt Тип сканиране: Пълно сканиране (C:\|D:\|) Сканирани обекти: 163822 Изминало време: 31 minute(s), 16 second(s) Заразени процеси в паметта: 0 Заразени модули в паметта: 0 Заразени ключове в регистратурата: 0 Заразени стойности в регистратурата: 0 Заразени информационни обекти в регистратурата: 3 Заразени папки: 0 Заразени файлове: 0 Заразени процеси в паметта: (Не бяха открити заплахи) Заразени модули в паметта: (Не бяха открити заплахи) Заразени ключове в регистратурата: (Не бяха открити заплахи) Заразени стойности в регистратурата: (Не бяха открити заплахи) Заразени информационни обекти в регистратурата: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Заразени папки: (Не бяха открити заплахи) Заразени файлове: (Не бяха открити заплахи) и да изтрия ли комбофикса?
  3. След като свърши със сканирането къде да намяра лог файла или да постна садържаниято от намерените файлове(възможни вируси)това ли е
  4. Malwarebytes' Anti-Malware 1.41 Версия на базата от данни: 3190 Windows 5.1.2600 Service Pack 3 18.11.2009 . 02:06:13 mbam-log-2009-11-18 (02-06-13).txt Тип сканиране: Пълно сканиране (C:\|D:\|) Сканирани обекти: 163738 Изминало време: 20 minute(s), 7 second(s) Заразени процеси в паметта: 0 Заразени модули в паметта: 0 Заразени ключове в регистратурата: 0 Заразени стойности в регистратурата: 0 Заразени информационни обекти в регистратурата: 3 Заразени папки: 0 Заразени файлове: 2 Заразени процеси в паметта: (Не бяха открити заплахи) Заразени модули в паметта: (Не бяха открити заплахи) Заразени ключове в регистратурата: (Не бяха открити заплахи) Заразени стойности в регистратурата: (Не бяха открити заплахи) Заразени информационни обекти в регистратурата: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Заразени папки: (Не бяха открити заплахи) Заразени файлове: C:\WINDOWS\system32\30.scr (Backdoor.IRCBot) -> Quarantined and deleted successfully. C:\_OTM\MovedFiles\11172009_014031\c_windows\system32\43.scr (Backdoor.IRCBot) -> Quarantined and deleted successfully.
  5. Да това е целия лог файл на Win32kdiag. Това са логовете на аваста 07.5.2009 . 21:25:06 SYSTEM 1644 Sign of "Win32:VB-DVG [Wrm]" has been found in "G:\RECYCLER\Lcass.exe" file. 16.5.2009 . 12:20:03 SYSTEM 1648 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 16.5.2009 . 12:22:59 SYSTEM 1648 An error has occured while attempting to update. Please check the logs. 19.5.2009 . 22:08:58 Administrator 1688 Sign of "Win32:Keygen-BI [Tool]" has been found in "C:\Downloads\Avast! Pro BG 4.8.1335\$.exe" file. 24.6.2009 . 22:07:38 SYSTEM 1680 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 24.6.2009 . 22:07:39 SYSTEM 1680 An error has occured while attempting to update. Please check the logs. 08.7.2009 . 12:57:19 SYSTEM 1640 Sign of "Win32:Sality" has been found in "D:\за споделяне от марио\THE LOGO CREATOR MEGAPAK\THE LOGO CREATOR MEGAPAK\THE LOGO CREATOR V5\%PROGRAMFILESDIR%\THE LOGO CREATOR V5\The Logo Creator v5.exe" file. 08.7.2009 . 15:38:02 SYSTEM 1640 Sign of "Win32:Sality" has been found in "D:\за споделяне от марио\THE LOGO CREATOR MEGAPAK\THE LOGO CREATOR MEGAPAK\THE LOGO CREATOR V5\4000001900002I\iexplore.exe" file. 08.7.2009 . 15:38:04 SYSTEM 1640 Sign of "Win32:Sality" has been found in "D:\за споделяне от марио\THE LOGO CREATOR MEGAPAK\THE LOGO CREATOR MEGAPAK\THE LOGO CREATOR V5\40000076600002I\FIREFOX.EXE" file. 10.7.2009 . 23:50:48 SYSTEM 1684 Sign of "HTML:IFrame-EP [Trj]" has been found in "http://digitalgate.org/photography/albums/userpics/10002/text-1466.htm" file. 10.7.2009 . 23:50:54 SYSTEM 1684 Sign of "HTML:IFrame-EP [Trj]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\0dxjckpk.default\Cache\1AB9ED57d01" file. 10.7.2009 . 23:51:04 SYSTEM 1684 Sign of "HTML:IFrame-EP [Trj]" has been found in "http://digitalgate.org/photography/albums/userpics/10002/text-1466.htm" file. 29.7.2009 . 12:42:48 Administrator 1604 Sign of "Win32:Keygen-BH [Tool]" has been found in "D:\Downloads\avast! Pro 4.6.655 BG\KeyGen.exe\[EXEStealth]\[uPX]" file. 15.8.2009 . 19:53:44 SYSTEM 1684 Sign of "BV:AutoRun-S [Wrm]" has been found in "H:\Autorun.inf" file. 17.8.2009 . 22:02:10 SYSTEM 1692 Sign of "BV:AutoRun-S [Wrm]" has been found in "H:\Autorun.inf" file. 18.8.2009 . 20:16:11 SYSTEM 1656 Sign of "BV:AutoRun-S [Wrm]" has been found in "G:\Autorun.inf" file. 22.8.2009 . 11:21:51 SYSTEM 1676 Sign of "BV:AutoRun-S [Wrm]" has been found in "G:\Autorun.inf" file. 23.9.2009 . 21:47:35 SYSTEM 1600 Sign of "Win32:Confi [Wrm]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G0FUVMLN\vswkwyd[1].jpg" file. 23.9.2009 . 21:50:15 SYSTEM 1600 Sign of "Win32:Confi [Wrm]" has been found in "C:\WINDOWS\system32\x" file. 26.9.2009 . 14:00:11 SYSTEM 1608 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142. 26.9.2009 . 14:00:11 SYSTEM 1608 An error has occured while attempting to update. Please check the logs. 08.10.2009 . 15:43:04 SYSTEM 1220 Sign of "Win32:Confi [Wrm]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\L6YQCRLA\pvly[1].jpg" file. 08.10.2009 . 15:43:14 SYSTEM 1220 Sign of "Win32:Confi [Wrm]" has been found in "C:\WINDOWS\system32\x" file. 08.10.2009 . 17:33:21 SYSTEM 1220 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\M5MJ4DGT\x[1]" file. 08.10.2009 . 19:00:39 SYSTEM 1220 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\00.scr" file. 14.10.2009 . 15:32:47 SYSTEM 1680 Sign of "Win32:OnLineGames-FAJ [Trj]" has been found in "F:\crack\RLD-S4ADDKG.EXE" file. 16.10.2009 . 23:32:55 SYSTEM 1604 Sign of "Win32:Trojan-gen" has been found in "F:\HATRED\hatred.exe" file. 01.11.2009 . 03:04:19 SYSTEM 1604 Sign of "Win32:Keygen-BL [Tool]" has been found in "C:\Downloads\Avast! Pro BG 4.8.1335\$.exe" file. 01.11.2009 . 03:27:33 SYSTEM 1604 Sign of "Win32:Keygen-BL [Tool]" has been found in "D:\Downloads\Avast! Pro BG 4.8.1335\$.exe" file. 01.11.2009 . 03:30:18 SYSTEM 1604 Sign of "Win32:Agent-SLA [Trj]" has been found in "D:\Downloads\FlashGet.1.70+keygen+patch+bghelp\FlashGet.1.70\keygen.exe" file. 01.11.2009 . 03:30:24 SYSTEM 1604 Sign of "Win32:Agent-SLA [Trj]" has been found in "D:\Downloads\FlashGet.1.70+keygen+patch+bghelp\FlashGet.1.70\FlashGet.1.70\keygen.exe" file. 01.11.2009 . 03:30:45 SYSTEM 1604 Sign of "Win32:Agent-ABIY [Trj]" has been found in "D:\Downloads\_BI Pack\_Others\CD-RW\CloneCD 5.0\cr-c437f.exe" file. 01.11.2009 . 03:30:55 SYSTEM 1604 Sign of "Win32:Trojan-gen" has been found in "D:\Downloads\_BI Pack\_Others\Internet\DU Meter v3.05 (build 148) + Crack\keygen.exe" file. 01.11.2009 . 15:41:22 SYSTEM 1636 Sign of "Win32:Keygen-BL [Tool]" has been found in "C:\System Volume Information\_restore{FB013217-37CE-42AD-A0C2-6AF98660382B}\RP511\A0154225.exe" file. 06.11.2009 . 12:39:07 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QT2ZAVW9\x[1]" file. 06.11.2009 . 12:40:32 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\08.scr" file. 06.11.2009 . 14:15:11 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3V36MRRD\x[1]" file. 06.11.2009 . 14:17:08 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\03.scr" file. 06.11.2009 . 15:39:42 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\06.scr" file. 07.11.2009 . 09:33:50 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QT2ZAVW9\x[1]" file. 08.11.2009 . 14:16:39 SYSTEM 1772 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QT2ZAVW9\x[2]" file. 08.11.2009 . 14:17:14 SYSTEM 1772 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\21.scr" file. 08.11.2009 . 14:48:07 SYSTEM 1772 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\35.scr" file. 08.11.2009 . 14:51:23 SYSTEM 1772 Sign of "Win32:Agent-ABIY [Trj]" has been found in "D:\Downloads\_BI Pack\_Others\CD-RW\CloneCD 5.0\cr-c437f.exe" file. 08.11.2009 . 14:52:28 SYSTEM 1772 Sign of "Win32:Trojan-gen" has been found in "D:\Downloads\_BI Pack\_Others\Internet\DU Meter v3.05 (build 148) + Crack\keygen.exe" file. 09.11.2009 . 12:46:18 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QT2ZAVW9\x[1]" file. 09.11.2009 . 12:46:36 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\88.scr" file. 09.11.2009 . 16:31:23 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QT2ZAVW9\x[1]" file. 09.11.2009 . 16:31:37 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\65.scr" file. 09.11.2009 . 16:37:31 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\30.scr" file. 09.11.2009 . 16:37:41 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\11.scr" file. 09.11.2009 . 17:53:14 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\38.scr" file. 10.11.2009 . 12:39:21 SYSTEM 1620 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QT2ZAVW9\x[1]" file. 10.11.2009 . 15:32:51 SYSTEM 1620 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\77.scr" file. 10.11.2009 . 17:29:00 SYSTEM 1620 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\20.scr" file. 11.11.2009 . 15:19:01 SYSTEM 1784 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Q16EJ1IK\x[1]" file. 11.11.2009 . 15:52:24 SYSTEM 1784 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\03.scr" file. 11.11.2009 . 18:11:33 SYSTEM 1784 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\32.scr" file. 11.11.2009 . 18:38:00 SYSTEM 1784 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\56.scr" file. 12.11.2009 . 11:43:02 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Q16EJ1IK\x[1]" file. 12.11.2009 . 11:43:18 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\45.scr" file. 12.11.2009 . 15:43:24 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\06.scr" file. 12.11.2009 . 16:25:48 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\24.scr" file. 12.11.2009 . 17:13:38 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9WTGTJTA\x[1]" file. 12.11.2009 . 17:15:29 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\32.scr" file. 12.11.2009 . 17:52:49 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\03.scr" file. 12.11.2009 . 18:47:39 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\83.scr" file. 13.11.2009 . 10:54:04 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QT2ZAVW9\x[1]" file. 13.11.2009 . 10:54:13 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\57.scr" file. 13.11.2009 . 15:22:55 SYSTEM 1776 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3V36MRRD\x[1]" file. 15.11.2009 . 03:18:43 SYSTEM 1664 Sign of "HTML:IFrame-KP [Trj]" has been found in "http://www.realraptalk.com/clientscript/vbulletin_menu.js?v=384" file. 15.11.2009 . 03:18:55 SYSTEM 1664 Sign of "HTML:Framer-inf [Trj]" has been found in "http://diyasmw.cn/s/in.cgi?19" file. 15.11.2009 . 11:41:23 SYSTEM 1660 Sign of "Win32:IRCBot-DOI [Trj]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QT2ZAVW9\x[1]" file. 15.11.2009 . 11:48:53 SYSTEM 1660 Sign of "Win32:IRCBot-DOI [Trj]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QT2ZAVW9\x[2]" file. 15.11.2009 . 11:59:16 SYSTEM 1660 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\System Volume Information\_restore{FB013217-37CE-42AD-A0C2-6AF98660382B}\RP523\A0165354.scr" file. 15.11.2009 . 12:03:59 SYSTEM 1660 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\40.scr" file. 15.11.2009 . 12:06:07 SYSTEM 1660 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\48.scr" file. 15.11.2009 . 12:41:31 SYSTEM 1776 Sign of "Win32:IRCBot-DOI [Trj]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QT2ZAVW9\x[1]" file. 15.11.2009 . 12:41:49 SYSTEM 1776 Sign of "Win32:IRCBot-DOI [Trj]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QT2ZAVW9\x[2]" file. 15.11.2009 . 13:34:42 SYSTEM 1776 Sign of "Win32:IRCBot-DOI [Trj]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3V36MRRD\x[1]" file. 15.11.2009 . 14:01:20 SYSTEM 1776 Sign of "Win32:IRCBot-DOI [Trj]" has been found in "C:\WINDOWS\system32\48.scr" file. 15.11.2009 . 14:44:01 SYSTEM 1776 Sign of "BV:AutoRun-S [Wrm]" has been found in "G:\Autorun.inf" file. 16.11.2009 . 13:06:05 SYSTEM 1780 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QT2ZAVW9\x[1]" file. 16.11.2009 . 13:29:34 SYSTEM 1780 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QT2ZAVW9\x[2]" file. 16.11.2009 . 13:30:23 SYSTEM 1780 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\05.scr" file. 16.11.2009 . 14:07:50 SYSTEM 1780 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\07.scr" file. 16.11.2009 . 14:24:51 SYSTEM 1780 Sign of "Win32:AutoRun-AVH [Wrm]" has been found in "C:\WINDOWS\system32\11.scr" file. Отново го няма.Трябва ли компа да се рестартира два пъти при изпълнението на комбофикса,защото при мен така става.И имаше такъв кеиген на аваста но вече го няма изтрих го.
  6. Ето това ми показва аваста редовно колкото и да го трия се си стои. Running from: C:\Documents and Settings\Administrator\Desktop\Win32kDiag.exe Log file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished!
  7. Този път всичко беше ок но не намирам отново лога.Няма го нито в папката на ComboFix нито в Qoobox
  8. Съжелявам ето го целия. OTL logfile created on: 17.11.2009 . 01:56:10 - Run 1 OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy '.' 1,50 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,77% Memory free 3,35 Gb Paging File | 2,93 Gb Available in Paging File | 87,41% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14,65 Gb Total Space | 0,73 Gb Free Space | 4,96% Space Free | Partition Type: NTFS Drive D: | 59,87 Gb Total Space | 0,19 Gb Free Space | 0,32% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RISTO Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009.11.17 01:55:13 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2009.11.16 21:24:08 | 00,215,104 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe PRC - [2009.11.15 23:39:55 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2009.10.30 01:53:10 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009.09.15 13:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009.09.15 13:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009.09.15 13:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009.09.15 13:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009.09.15 13:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009.04.10 19:30:40 | 01,435,488 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe PRC - [2008.05.30 14:54:16 | 00,076,744 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe PRC - [2008.05.30 14:54:14 | 21,718,312 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2008.04.14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.10.31 14:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe ========== Modules (SafeList) ========== MOD - [2009.11.17 01:55:13 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe MOD - [2008.04.14 05:42:52 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008.04.14 05:42:06 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimeng.dll MOD - [2008.04.14 05:42:00 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll MOD - [2008.04.14 05:41:54 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008.04.14 05:41:50 | 01,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll ========== Win32 Services (SafeList) ========== SRV - [2009.11.16 21:24:08 | 00,215,104 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB) SRV - [2009.11.15 23:39:55 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA) SRV - [2009.09.15 13:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009.09.15 13:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009.09.15 13:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009.09.15 13:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2008.09.08 06:59:00 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.07.29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008.07.29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008.07.29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008.07.25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.07.25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2008.04.14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc) SRV - [2008.04.14 05:41:56 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\irmon.dll -- (Irmon) SRV - [2006.10.31 14:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2006.10.26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://google.bg" FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15 FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.05.06 13:25:55 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.11.09 17:05:50 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.10.30 01:53:17 | 00,000,000 | ---D | M] [2009.03.11 22:37:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2009.03.11 22:37:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009.07.19 22:07:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0dxjckpk.default\extensions [2009.06.09 16:35:28 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0dxjckpk.default\searchplugins\winamp-search.xml [2009.03.11 22:37:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.10.30 01:53:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009.10.30 01:53:10 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009.10.30 01:53:10 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2009.10.30 01:53:13 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2009.04.01 22:01:24 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009.04.01 22:01:24 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009.04.01 22:01:24 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009.04.01 22:01:24 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009.04.01 22:01:24 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009.04.01 22:01:24 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009.04.01 22:01:24 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKCU..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nokia Ovi Suite.lnk = C:\Program Files\Nokia\Ovi\Suite\RunLauncher.exe (Nokia) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Преведи - {60237576-b24c-4ba9-9740-c9f3ec9db557} - C:\Program Files\SkyCode\WebTrance30\wt2ie.dll () O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.08.07 13:40:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.08.07 16:24:46 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation) NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) ========== Files/Folders - Created Within 14 Days ========== [2009.11.17 01:55:12 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2009.11.17 01:40:31 | 00,000,000 | ---D | C] -- C:\_OTM [2009.11.17 01:39:34 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe [2009.11.17 01:37:36 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009.11.17 01:37:10 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe [2009.11.16 23:51:18 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009.11.16 23:51:18 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009.11.16 23:51:18 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009.11.16 23:50:16 | 00,000,000 | ---D | C] -- C:\Qoobox [2009.11.15 13:14:11 | 00,000,000 | ---D | C] -- C:\Program Files\4 Elements [2009.11.05 22:41:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2009.11.05 22:34:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting [2009.11.05 22:34:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2009.11.05 22:34:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en [2009.11.05 22:34:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2009.11.05 22:32:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles [2009.11.05 22:30:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic [2009.11.05 22:26:10 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2009.11.04 15:14:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\4 Elements ========== Files - Modified Within 14 Days ========== [2009.11.17 01:55:44 | 08,912,896 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2009.11.17 01:55:13 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2009.11.17 01:42:32 | 00,088,325 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009.11.17 01:41:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009.11.17 01:41:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009.11.17 01:40:57 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2009.11.17 01:39:35 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe [2009.11.17 01:37:36 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk [2009.11.17 01:37:10 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe [2009.11.17 01:18:37 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr [2009.11.17 00:18:18 | 00,187,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\ACPI_2.sys [2009.11.17 00:17:50 | 00,009,415 | ---- | M] () -- C:\WINDOWS\system.ini [2009.11.17 00:17:33 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009.11.16 23:46:23 | 03,560,773 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [2009.11.16 23:45:50 | 00,283,273 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip [2009.11.16 23:43:26 | 00,002,117 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\EHE.rar [2009.11.16 21:24:08 | 00,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2009.11.16 21:24:08 | 00,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe [2009.11.16 21:01:52 | 00,138,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009.11.16 20:54:13 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009.11.16 20:54:10 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.15 23:39:55 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe [2009.11.15 16:01:04 | 00,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty Modern Warfare 2 SP.lnk [2009.11.15 16:01:04 | 00,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty Modern Warfare 2 MP.lnk [2009.11.15 14:09:16 | 04,217,754 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\No Doubt - Don't Speak.mp3 [2009.11.15 13:15:14 | 00,001,587 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\4 Elements.lnk [2009.11.14 20:10:04 | 00,291,840 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe [2009.11.13 22:01:42 | 00,518,454 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\c.bmp [2009.11.11 12:02:43 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009.11.09 20:07:59 | 00,028,873 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\damage.2009.stv.720p.bluray.x264-hv.rar [2009.11.09 15:38:09 | 00,000,098 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\listen(2).pls [2009.11.09 15:35:16 | 00,000,156 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\radia.m3u [2009.11.09 15:28:46 | 04,606,873 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SEAL - Kiss From A Rose.mp3 [2009.11.09 01:24:52 | 00,030,010 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\The.Hangover.DVDRip.XviD-DoNE.rar [2009.11.08 15:01:14 | 00,025,160 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009.11.06 12:52:24 | 00,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE [2009.11.06 04:14:42 | 00,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll [2009.11.06 00:00:59 | 00,000,212 | RHS- | M] () -- C:\boot.ini [2009.11.05 22:42:41 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009.11.05 22:42:41 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009.11.05 22:42:40 | 00,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009.11.05 22:40:28 | 00,142,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.11.05 22:29:54 | 00,250,048 | RHS- | M] () -- C:\ntldr [2009.11.04 23:26:54 | 01,726,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Picture 698.jpg [2009.11.04 23:26:21 | 01,401,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Picture 151.jpg [2009.11.04 23:25:47 | 01,690,863 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Picture 900.jpg [2009.11.03 16:46:23 | 00,031,600 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ikonomiks.docx [2009.11.03 16:13:57 | 00,062,464 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\prawo.DOC [2009.11.03 11:58:13 | 00,165,888 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\43728_pomagalo_com.doc ========== Files Created - No Company Name ========== [2009.11.17 01:37:36 | 00,001,741 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk [2009.11.17 01:18:34 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr [2009.11.17 00:00:21 | 00,187,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\ACPI_2.sys [2009.11.16 23:51:18 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009.11.16 23:51:18 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009.11.16 23:46:49 | 00,291,840 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe [2009.11.16 23:45:59 | 03,560,773 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [2009.11.16 23:45:49 | 00,283,273 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip [2009.11.16 23:43:26 | 00,002,117 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\EHE.rar [2009.11.15 16:01:04 | 00,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty Modern Warfare 2 SP.lnk [2009.11.15 16:01:04 | 00,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty Modern Warfare 2 MP.lnk [2009.11.15 14:09:12 | 04,217,754 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\No Doubt - Don't Speak.mp3 [2009.11.15 13:15:14 | 00,001,587 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\4 Elements.lnk [2009.11.13 22:01:42 | 00,518,454 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\c.bmp [2009.11.09 20:07:58 | 00,028,873 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\damage.2009.stv.720p.bluray.x264-hv.rar [2009.11.09 15:38:09 | 00,000,098 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\listen(2).pls [2009.11.09 15:35:16 | 00,000,156 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\radia.m3u [2009.11.09 15:28:40 | 04,606,873 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SEAL - Kiss From A Rose.mp3 [2009.11.09 01:24:51 | 00,030,010 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\The.Hangover.DVDRip.XviD-DoNE.rar [2009.11.06 12:52:24 | 00,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE [2009.11.06 04:14:42 | 00,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2009.11.05 22:35:10 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm [2009.11.05 22:35:10 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav [2009.11.05 22:35:10 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav [2009.11.05 22:35:10 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav [2009.11.05 22:35:10 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav [2009.11.05 22:35:10 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav [2009.11.05 22:35:10 | 00,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm [2009.11.05 22:35:10 | 00,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm [2009.11.05 22:35:10 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta [2009.11.05 22:35:10 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css [2009.11.05 22:35:10 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf [2009.11.05 22:35:10 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js [2009.11.05 22:35:09 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav [2009.11.05 22:35:09 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav [2009.11.05 22:35:09 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav [2009.11.05 22:35:09 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav [2009.11.05 22:35:09 | 00,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf [2009.11.05 22:35:09 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf [2009.11.05 22:35:09 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif [2009.11.05 22:35:09 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif [2009.11.05 22:35:09 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif [2009.11.05 22:35:09 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf [2009.11.05 22:35:09 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif [2009.11.05 22:35:09 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif [2009.11.05 22:35:09 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif [2009.11.05 22:35:08 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv [2009.11.05 22:35:08 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv [2009.11.05 22:35:08 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv [2009.11.05 22:35:08 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm [2009.11.05 22:35:08 | 00,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz [2009.11.05 22:35:08 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif [2009.11.05 22:35:08 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip [2009.11.05 22:35:08 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif [2009.11.05 22:35:08 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif [2009.11.05 22:35:08 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif [2009.11.05 22:35:08 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif [2009.11.05 22:35:08 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif [2009.11.05 22:35:08 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js [2009.11.05 22:35:08 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif [2009.11.05 22:35:08 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif [2009.11.05 22:35:08 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif [2009.11.05 22:35:08 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif [2009.11.05 22:35:08 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl [2009.11.05 22:35:08 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl [2009.11.05 22:35:08 | 00,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl [2009.11.05 22:35:08 | 00,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl [2009.11.05 22:35:08 | 00,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl [2009.11.05 22:35:08 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif [2009.11.05 22:35:08 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif [2009.11.05 22:35:08 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif [2009.11.05 22:35:08 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif [2009.11.05 22:35:08 | 00,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl [2009.11.05 22:35:08 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm [2009.11.05 22:35:08 | 00,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl [2009.11.05 22:35:08 | 00,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl [2009.11.05 22:35:08 | 00,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl [2009.11.05 22:35:08 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf [2009.11.05 22:35:08 | 00,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl [2009.11.05 22:35:08 | 00,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl [2009.11.05 22:35:08 | 00,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl [2009.11.05 22:35:08 | 00,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl [2009.11.05 22:35:08 | 00,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl [2009.11.05 22:35:08 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl [2009.11.05 22:35:08 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip [2009.11.05 22:35:07 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv [2009.11.05 22:35:07 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv [2009.11.05 22:35:07 | 00,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz [2009.11.05 22:35:07 | 00,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp [2009.11.05 22:35:07 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf [2009.11.05 22:35:07 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css [2009.11.05 22:35:07 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm [2009.11.05 22:35:07 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js [2009.11.05 22:35:07 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js [2009.11.05 22:35:07 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif [2009.11.05 22:35:07 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif [2009.11.05 22:35:07 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt [2009.11.05 22:35:07 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif [2009.11.05 22:35:07 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif [2009.11.05 22:35:07 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif [2009.11.05 22:35:07 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif [2009.11.05 22:35:07 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif [2009.11.05 22:35:07 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif [2009.11.05 22:30:15 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2009.11.05 22:30:15 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2009.11.05 22:30:13 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2009.11.05 20:24:53 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2009.11.04 23:26:44 | 01,726,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Picture 698.jpg [2009.11.04 23:26:12 | 01,401,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Picture 151.jpg [2009.11.04 23:25:35 | 01,690,863 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Picture 900.jpg [2009.11.03 16:39:59 | 00,031,600 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ikonomiks.docx [2009.11.03 15:44:42 | 00,377,856 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iko.doc [2009.11.03 15:42:34 | 00,062,464 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\prawo.DOC [2009.11.03 11:58:13 | 00,165,888 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\43728_pomagalo_com.doc [2009.08.28 10:26:44 | 00,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI [2009.07.31 20:36:57 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2009.06.26 09:53:34 | 00,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ra3.ini [2009.06.22 12:57:19 | 00,000,258 | ---- | C] () -- C:\WINDOWS\game.ini [2009.05.18 15:21:02 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll [2009.05.18 15:21:02 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll [2009.03.09 20:58:14 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2009.01.07 15:32:32 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll [2009.01.07 15:32:32 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2008.12.29 13:55:30 | 00,000,130 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008.10.05 11:11:56 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2008.08.07 16:29:33 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2008.08.07 15:57:24 | 00,139,152 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys [2008.08.07 15:57:24 | 00,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008.08.07 15:37:50 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.08.07 15:37:45 | 00,018,944 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.07 15:23:09 | 00,000,313 | ---- | C] () -- C:\WINDOWS\CoDUO.INI [2008.08.07 15:16:37 | 00,000,713 | ---- | C] () -- C:\WINDOWS\CoD.INI [2008.08.07 14:36:16 | 00,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008.08.07 14:13:23 | 00,000,761 | ---- | C] () -- C:\WINDOWS\m3jp2k.ini [2008.08.07 14:13:23 | 00,000,714 | ---- | C] () -- C:\WINDOWS\m3jpeg.ini [2008.08.07 14:13:23 | 00,000,702 | ---- | C] () -- C:\WINDOWS\mmtvmj.ini [2008.08.07 14:13:19 | 00,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008.08.07 14:13:19 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2008.08.07 14:13:17 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008.08.07 13:59:22 | 03,709,746 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2008.08.07 13:57:45 | 00,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2008.08.07 13:52:50 | 00,004,247 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2008.08.07 13:52:47 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008.08.07 13:50:59 | 00,025,160 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2008.08.07 13:44:56 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini [2008.04.28 10:11:16 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.04.28 10:11:16 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.04.28 10:11:16 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.04.28 10:11:16 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.04.28 10:11:16 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.04.28 10:11:16 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.04.28 10:11:16 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.04.28 10:11:16 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.04.28 10:11:16 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2007.12.05 01:41:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007.12.05 01:41:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007.12.05 01:41:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007.12.05 01:41:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007.12.05 01:41:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007.12.05 01:41:00 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2007.04.17 14:34:40 | 00,135,716 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2006.06.29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006.06.29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006.04.18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006.04.18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2005.12.07 11:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2004.09.01 11:00:00 | 00,009,415 | ---- | C] () -- C:\WINDOWS\system.ini [2004.09.01 11:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini [1998.03.22 13:50:02 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll ========== LOP Check ========== [2009.10.04 13:44:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Any Video Converter [2008.08.29 17:42:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Datalayer [2008.09.08 13:48:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech [2009.07.06 16:26:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mikrotik [2009.05.06 13:37:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia [2008.09.18 14:09:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player [2008.08.07 14:50:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite [2009.06.26 17:09:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Red Alert 3 [2009.07.04 23:33:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Red Alert 3 Uprising [2009.03.06 19:44:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data\SecuROM [2009.04.05 21:52:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thinstall [2009.11.17 01:19:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent [2008.08.07 14:50:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2009.06.26 09:53:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2009.02.26 13:21:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios [2009.02.19 18:18:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MysteryChronicles [2009.01.02 00:27:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground [2009.05.07 15:13:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2008.08.07 14:51:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2008.08.31 09:32:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft [2004.09.01 11:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009.11.17 01:41:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\atapi.sys /s /md5 > [2004.09.01 11:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2008.04.14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008.04.14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < %SYSTEMDRIVE%\iaStor.sys /s /md5 > < End of report >
  9. OTL logfile created on: 17.11.2009 . 01:56:10 - Run 1 OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy '.' 1,50 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,77% Memory free 3,35 Gb Paging File | 2,93 Gb Available in Paging File | 87,41% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14,65 Gb Total Space | 0,73 Gb Free Space | 4,96% Space Free | Partition Type: NTFS Drive D: | 59,87 Gb Total Space | 0,19 Gb Free Space | 0,32% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RISTO Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009.11.17 01:55:13 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2009.11.16 21:24:08 | 00,215,104 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe PRC - [2009.11.15 23:39:55 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2009.10.30 01:53:10 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009.09.15 13:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009.09.15 13:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009.09.15 13:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009.09.15 13:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009.09.15 13:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009.04.10 19:30:40 | 01,435,488 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe PRC - [2008.05.30 14:54:16 | 00,076,744 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe PRC - [2008.05.30 14:54:14 | 21,718,312 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2008.04.14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.10.31 14:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
  10. All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== FILES ========== C:\ComboFix\N_ folder moved successfully. C:\ComboFix folder moved successfully. c:\windows\sed.exe moved successfully. c:\windows\MBR.exe moved successfully. c:\windows\PEV.exe moved successfully. c:\windows\SWREG.exe moved successfully. c:\windows\system32\43.scr moved successfully. c:\windows\003228_.tmp moved successfully. C:\winsockxpfix folder moved successfully. C:\LinhaDefensiva\rotinas\remocao folder moved successfully. C:\LinhaDefensiva\rotinas folder moved successfully. C:\LinhaDefensiva\relatorios folder moved successfully. C:\LinhaDefensiva\reflist folder moved successfully. C:\LinhaDefensiva\QUA\Pastas folder moved successfully. C:\LinhaDefensiva\QUA\Arquivos folder moved successfully. C:\LinhaDefensiva\QUA folder moved successfully. C:\LinhaDefensiva\lang\vb folder moved successfully. C:\LinhaDefensiva\lang\init folder moved successfully. C:\LinhaDefensiva\lang\bat folder moved successfully. C:\LinhaDefensiva\lang folder moved successfully. C:\LinhaDefensiva\func folder moved successfully. C:\LinhaDefensiva\exec folder moved successfully. C:\LinhaDefensiva\credits folder moved successfully. C:\LinhaDefensiva folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 13005 bytes ->Temporary Internet Files folder emptied: 1996882 bytes ->FireFox cache emptied: 75988468 bytes ->Google Chrome cache emptied: 8641534 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes
  11. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-10-26.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 07.8.2008 . 14:43:14 System Uptime: 17.11.2009 . 00:18:38 (1 hours ago) Motherboard: | | K8NF6G-VSTA Processor: AMD Sempron Processor 2800+ | CPUSocket | 1607/200mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 15 GiB total, 1,177 GiB free. D: is FIXED (NTFS) - 60 GiB total, 0,189 GiB free. E: is CDROM () F: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Hamachi Network Interface Device ID: ROOT\NET\0000 Manufacturer: LogMeIn, Inc. Name: Hamachi Network Interface PNP Device ID: ROOT\NET\0000 Service: hamachi ==== System Restore Points =================== RP517: 06.11.2009 . 00:20:19 - Контролна точка на системата RP518: 07.11.2009 . 01:25:13 - Контролна точка на системата RP519: 08.11.2009 . 13:23:18 - Контролна точка на системата RP520: 10.11.2009 . 09:07:29 - Контролна точка на системата RP521: 11.11.2009 . 12:41:20 - Контролна точка на системата RP522: 12.11.2009 . 14:42:13 - Контролна точка на системата RP523: 13.11.2009 . 15:25:39 - Контролна точка на системата RP524: 14.11.2009 . 13:58:40 - Installed Windows Media Format 9 Series Runtime Setup RP525: 14.11.2009 . 17:40:27 - Removed Need for Speed™ ProStreet RP526: 15.11.2009 . 16:01:21 - Installed DirectX ==== Installed Programs ====================== Архиватор WinRAR µTorrent 4 Elements ACE Mega CoDecS Pack Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader 7.0.5 Adobe® Photoshop® Album Starter Edition 3.0 Any Video Converter 2.5.3 avast! Antivirus AVI Joiner AVI Splitter Bad CD Repair v3.0 Bulgarian Phonetic for WinXP Calculator.NET Call of Duty Call of Duty - United Offensive Call of Duty Modern Warfare 2 Call of Duty® - World at War 1.1 Patch Call of Duty® 2 Call of Duty® 2 Patch 1.3 Call of Duty® 4 - Modern Warfare Call of Duty® 4 - Modern Warfare 1.3 Patch Call of Duty® 4 - Modern Warfare 1.4 Patch Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch Call of Duty® 4 - Modern Warfare 1.5 Patch Call of Duty® 4 - Modern Warfare 1.6 Patch Call of Duty® 4 - Modern Warfare 1.7 Patch CCleaner (remove only) Defraggler (remove only) EAX4 Unified Redist Favorite-Games Sounds Halo 2 for Windows Vista Hamachi 1.0.1.5 High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Windows XP (KB954550-v5) LIVE gaming on Windows Runtime Version 1.0.6027 Malwarebytes' Anti-Malware Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.0.15) MSXML 4.0 SP2 Parser and SDK MSXML 6.0 Parser (KB933579) Nero 7 Ultra Edition Nokia Connectivity Cable Driver Nokia Flashing Cable Driver Nokia Home Media Server Nokia Map Loader Nokia Ovi Application Installer Nokia Ovi Application Installer 6.85.3010 Nokia Ovi Content Copier Nokia Ovi Content Copier 6.85.3010 Nokia Ovi Suite Nokia Ovi System Utilities Nokia Ovi System Utilities 6.85.3010 Nokia PC Suite Nokia Software Updater NVIDIA Drivers NVIDIA PhysX v8.04.25 OpenAL PC Connectivity Solution Prince of Persia T2T PunkBuster Services Realtek High Definition Audio Driver Skype™ 3.8 System Requirements Lab The KMPlayer (remove only) TrackerPro 1.0 Ultra Video Converter 4.1.1008 Ultra Video Joiner 5.2.0822 Ventrilo Client WebFldrs XP WebTrance3.0 (деинсталиране) Winamp WinASO Registry Optimizer 4.0 Windows Bulgarian Interface Pack Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Imaging Component Windows Media Format 11 runtime Windows XP Service Pack 3 Xfire (remove only) ==== Event Viewer Messages From Past Week ======== 16.11.2009 . 23:51:16, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). 16.11.2009 . 23:51:16, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s). 16.11.2009 . 23:51:16, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s). 16.11.2009 . 23:51:16, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). 16.11.2009 . 23:51:16, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). ==== End Of File =========================== DDS (Ver_09-10-26.01) - NTFSx86 Run by Administrator at 1:19:37,28 on 17.11.2009 . Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.1535.1003 [GMT 2:00] AV: avast! antivirus 4.8.1356 [VPS 091116-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.bg/ BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nokiao~1.lnk - c:\program files\nokia\ovi\suite\RunLauncher.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {60237576-b24c-4ba9-9740-c9f3ec9db557} - {EAADF17C-B6EA-4511-8549-A67CFD406EAF} - c:\progra~1\skycode\webtra~1\wt2ie.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll TCP: {E41804A5-FE00-4CAB-9961-9122584C9558} = 84.22.2.62 212.116.131.21 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\0dxjckpk.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://google.bg FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - plugin: c:\program files\ace mega codecs pack\systems\realmedia\browser\plugins\nppl3260.dll FF - plugin: c:\program files\ace mega codecs pack\systems\realmedia\browser\plugins\nprpjplug.dll ============= SERVICES / DRIVERS =============== R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-6 35328] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-7 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-7 20560] =============== Created Last 30 ================ 2009-11-16 22:11:40 105088 ----a-w- c:\windows\system32\drivers\nvata.sys 2009-11-16 22:11:39 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys 2009-11-16 22:11:39 96512 ----a-w- c:\windows\system32\drivers\atapi.sys 2009-11-16 22:09:06 0 d-----w- C:\ComboFix 2009-11-16 22:00:21 187776 ----a-w- c:\windows\system32\drivers\ACPI_2.sys 2009-11-16 21:51:18 98816 ----a-w- c:\windows\sed.exe 2009-11-16 21:51:18 77312 ----a-w- c:\windows\MBR.exe 2009-11-16 21:51:18 260608 ----a-w- c:\windows\PEV.exe 2009-11-16 21:51:18 161792 ----a-w- c:\windows\SWREG.exe 2009-11-16 11:06:05 90112 ----a-w- c:\windows\system32\43.scr 2009-11-15 11:14:11 0 d-----w- c:\program files\4 Elements 2009-11-06 10:52:24 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2009-11-06 02:14:42 41872 ----a-w- c:\windows\system32\xfcodec.dll 2009-11-05 20:34:58 377984 ------w- c:\windows\system32\ati2dvaa.dll 2009-11-05 20:32:30 0 d-----w- c:\windows\ServicePackFiles 2009-11-05 20:32:07 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe 2009-11-05 20:28:50 19569 ----a-w- c:\windows\003228_.tmp 2009-11-04 13:14:00 0 d-----w- c:\windows\4 Elements 2009-11-04 10:45:23 0 d-----w- C:\winsockxpfix 2009-11-01 11:08:42 0 d-----w- C:\LinhaDefensiva 2009-11-01 10:22:36 0 d-----w- c:\windows\system32\SoftwareDistribution 2009-11-01 00:55:25 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-11-01 00:55:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-01 00:55:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-01 00:55:16 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-01 00:55:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes ==================== Find3M ==================== 2009-11-16 19:24:08 215104 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-11-16 19:01:52 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-11-15 21:39:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-09-04 15:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-09-04 15:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2009-09-04 15:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll 2009-09-04 15:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2009-09-04 15:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll 2009-09-04 15:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll 2009-09-04 15:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2009-09-04 15:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll ============= FINISH: 1:20:02,20 ===============
  12. Няма нищо и в C:\ и пише че неможе да го намери ComboFix\Combobatch.bat
  13. Няма друг само този беше в папката Qoobox.
  14. ComboFix 09-10-30.01 - Administrator .11.2009 . 12:52.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.1535.1148 [GMT 2:00] Running from: c:\documents and settings\Administrator\desktop\ComboFix.exe Command switches used :: /KillAll AV: avast! antivirus 4.8.1351 [VPS 091031-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\cbkulrcr.ini c:\windows\system32\cjrxfwem.ini c:\windows\system32\clufrwnm.ini c:\windows\system32\eayuebfj.ini c:\windows\system32\fdbggnmj.ini c:\windows\system32\fulpyvtg.ini c:\windows\system32\gjunobjc.ini c:\windows\system32\hqyrmmrp.ini c:\windows\system32\iaiuppps.ini c:\windows\system32\jbecyaqf.ini c:\windows\system32\jgmandeq.ini c:\windows\system32\jlUFffii.ini c:\windows\system32\jlUFffii.ini2 c:\windows\system32\jvuretak.ini c:\windows\system32\kgbrwdxy.ini c:\windows\system32\kxldtbat.ini c:\windows\system32\lbstvloy.ini c:\windows\system32\pavftbcy.ini c:\windows\system32\pxmesylm.ini c:\windows\system32\qwswsnxf.ini c:\windows\system32\syutuqrp.ini c:\windows\system32\tmp67.tmp c:\windows\system32\tmp68.tmp c:\windows\system32\uituptwh.ini c:\windows\system32\wbgosqxj.ini . ((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 ))))))))))))))))))))))))))))))) . 2009-11-01 10:22 . 2009-11-01 10:22 -------- d-----w- c:\windows\LastGood.Tmp 2009-11-01 00:55 . 2009-11-01 00:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-11-01 00:55 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-01 00:55 . 2009-11-01 00:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-01 00:55 . 2009-11-01 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-01 00:55 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-25 12:05 . 2009-10-25 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-10-14 23:58 . 2009-10-14 23:58 41872 ----a-w- c:\windows\system32\xfcodec.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-01 10:34 . 2008-08-07 12:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype 2009-11-01 10:21 . 2008-08-07 12:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM 2009-11-01 00:51 . 2008-08-07 12:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Xfire 2009-10-31 22:51 . 2008-08-07 13:57 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-10-31 22:51 . 2008-08-07 13:35 103736 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-10-31 12:22 . 2008-08-07 12:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent 2009-10-30 08:59 . 2008-08-07 12:53 -------- d-s---w- c:\program files\Xfire 2009-10-23 22:25 . 2008-08-07 12:18 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-10-20 17:27 . 2008-08-07 11:56 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-04 12:39 . 2009-07-02 14:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Hamachi 2009-10-04 11:44 . 2009-05-06 13:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Any Video Converter 2009-09-19 08:15 . 2009-09-19 08:13 -------- d-----w- c:\program files\Calculator.NET 2009-09-19 08:13 . 2008-08-07 11:50 24384 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-17 16:10 . 2009-05-07 06:34 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-17 16:06 . 2009-05-07 06:35 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-17 16:06 . 2009-05-07 06:35 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-17 16:05 . 2009-05-07 06:35 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-17 16:05 . 2009-05-07 06:35 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-17 16:04 . 2009-05-07 06:35 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-17 16:04 . 2009-05-07 06:35 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-17 16:03 . 2009-05-07 06:35 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-17 16:02 . 2009-05-07 06:35 97480 ----a-w- c:\windows\system32\AvastSS.scr . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-04 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-01 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Nokia Ovi Suite.lnk - c:\program files\Nokia\Ovi\Suite\RunLauncher.exe [2008-11-11 946176] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "d:\\Games\\cod4\\iw3mp.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"= "c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "22841:TCP"= 22841:TCP:BitComet 22841 TCP "22841:UDP"= 22841:UDP:BitComet 22841 UDP R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06.12.2005 . 17:11 35328] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [07.5.2009 . 08:35 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07.5.2009 . 08:35 20560] S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - CLASSPNP_2 *NewlyCreated* - MBR *Deregistered* - CLASSPNP_2 *Deregistered* - mbr . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.bg/ IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{60237576-b24c-4ba9-9740-c9f3ec9db557} - {EAADF17C-B6EA-4511-8549-A67CFD406EAF} - c:\progra~1\SkyCode\WEBTRA~1\wt2ie.dll FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0dxjckpk.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://google.bg FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll . - - - - ORPHANS REMOVED - - - - BHO-{1468C7C6-17BD-49B7-8FA3-53B2DAE30EEF} - (no file) HKLM-Run-NWEReboot - (no file) Notify-WgaLogon - (no file) Notify-xXPjKcYP - xXPjKcYP.dll AddRemove-WOLAPI - c:\westwood\Internet\UnstllAP.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-01 12:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1372) c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll c:\program files\Nokia\PC Connectivity Solution\ConnAPI.DLL c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\nvsvc32.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\windows\system32\PnkBstrA.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\windows\system32\wscntfy.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Completion time: 2009-11-01 13:02 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-01 11:01 Pre-Run: 1 173 204 992 bytes free Post-Run: 1 340 116 992 bytes free - - End Of File - - 16B602574BA7264F88EE5A8E1F3F5B95
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.