Премини към съдържанието
силвия ангелова

разпратен вирус по скайп

Препоръчан отговор


здравейте за новата година получих вирусче по скайп и от два дена се боря с него но без успешно. Единствената информация която можах да получа относно тоя вирус как да го махна е да си сваля харда и да го почистя на друго РС, но гледам че доста хора се спряват ибез това а пък и не съм сигурна че ще се получи. та значи сканирах с ЕSET и с OTL, но нищо не разбирам от дадения резултат. знам само 4е немога да си пусна антивирусната т6а даже и да тегля нещо свързано с антивирусните, немога да вляза под Safe Mode, неможе да си спра Аutorun - ите, а относно регистрите един приятел се помъчи да ми помогне но и там не ми позволява да вляза и с това се изчерпаха мойте опити да си оправя компа. прочетохтук таме и гледам че някои са се справили като са си форматирали РС - то, но аз немога да изпадам в такава крайност по простата причина 4е има доста инфо (т.к. е служебния комп). офффф ако няой може да помогне ще съм много благодарна....та моля за помощ ако може

Пускам резултати от ЕSET & OTL:

OTL logfile created on: 05.1.2010 г. 08:04:59 - Run 1

OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\em-rr\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

503,00 Mb Total Physical Memory | 72,00 Mb Available Physical Memory | 14,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 40,85 Gb Total Space | 22,15 Gb Free Space | 54,21% Space Free | Partition Type: NTFS

Drive D: | 35,83 Gb Total Space | 9,06 Gb Free Space | 25,28% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DARKEDITION

Current User Name: em-rr

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\em-rr\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Documents and Settings\em-rr\Desktop\NIS10TBCS.exe (Symantec Corporation)

PRC - C:\WINDOWS\system32\gyihvpdqnzrjuwcog.exe ()

PRC - C:\Documents and Settings\em-rr\Local Settings\Temp\nuthkt.exe ()

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft)

PRC - C:\Program Files\ClamWin\bin\ClamTray.exe (alch)

PRC - C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\RelevantKnowledge\rlvknlg.exe (TMRG, Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()

PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\VistaDrive\VistaDrive.exe ()

PRC - C:\Program Files\LClock\LClock.exe ()

PRC - C:\Program Files\Datecs\FlexType 2K\FType2K.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\em-rr\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Babylon\Babylon-Pro\captlib.dll (Babylon Ltd.)

MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)

MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()

MOD - C:\WINDOWS\system32\newdll.dll ()

========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (gupdate1ca005d2d41368c) Услуга Google Update (gupdate1ca005d2d41368c) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)

SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS (Macrovision Europe Ltd)

DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)

DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)

DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (vcdrom) -- C:\Program Files\System\CPL Bonus\vcdrom.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home

IE - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\S-1-5-21-1417001333-1123561945-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\S-1-5-21-1417001333-1123561945-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home"

FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.6.18

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.4.0.4

FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2

FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.04 15:35:00 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.12.17 09:02:18 | 00,000,000 | ---D | M]

[2009.07.09 08:33:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\em-rr\Application Data\Mozilla\Extensions

[2010.01.04 14:14:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\em-rr\Application Data\Mozilla\Firefox\Profiles\aekuprwv.default\extensions

[2009.08.08 14:45:49 | 00,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\em-rr\Application Data\Mozilla\Firefox\Profiles\aekuprwv.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

[2009.11.23 15:51:51 | 00,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\em-rr\Application Data\Mozilla\Firefox\Profiles\aekuprwv.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}

[2009.11.26 09:50:35 | 00,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Documents and Settings\em-rr\Application Data\Mozilla\Firefox\Profiles\aekuprwv.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}

[2009.08.08 14:45:53 | 00,001,201 | ---- | M] () -- C:\Documents and Settings\em-rr\Application Data\Mozilla\Firefox\Profiles\aekuprwv.default\searchplugins\winamp-search.xml

[2010.01.04 14:14:19 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009.12.17 01:03:36 | 00,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

[2009.06.24 14:31:54 | 00,001,083 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\911bg.xml

[2009.11.05 10:50:07 | 00,002,204 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

[2009.06.24 14:31:54 | 00,002,442 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\diribg.xml

[2009.06.24 14:31:54 | 00,001,515 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pe-bg.xml

[2009.06.24 14:31:54 | 00,001,857 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\portalbgdict.xml

[2009.06.24 14:31:54 | 00,001,220 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-bg.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)

O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O3 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)

O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)

O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

O4 - HKLM..\Run: [gyihvpdqnzrjuwcog] C:\Documents and Settings\em-rr\Local Settings\Temp\zqzxkdqcyjarbchs.exe ()

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()

O4 - HKLM..\Run: [NIS] C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.1.0.19\InstStub.exe (Symantec Corporation)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RelevantKnowledge] C:\Program Files\RelevantKnowledge\rlvknlg.exe (TMRG, Inc.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [ugkdlzhoflx] C:\WINDOWS\System32\pittidsgerkdpszmfd.exe ()

O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()

O4 - HKLM..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe ()

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft)

O4 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003..\Run: [rgnjulwgajynvu] C:\WINDOWS\System32\aughxtjyxlfzmqymgff.exe ()

O4 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003..\Run: [ugkdlzhoflx] C:\Documents and Settings\em-rr\Local Settings\Temp\zqzxkdqcyjarbchs.exe ()

O4 - HKLM..\RunOnce: [rejdmbkskrer] C:\WINDOWS\System32\nivxolcsshcxlqzojjkn.exe ()

O4 - HKLM..\RunOnce: [zqzxkdqcyjarbchs] C:\Documents and Settings\em-rr\Local Settings\Temp\pittidsgerkdpszmfd.exe ()

O4 - HKU\.DEFAULT..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003..\RunOnce: [rejdmbkskrer] C:\Documents and Settings\em-rr\Local Settings\Temp\aughxtjyxlfzmqymgff.exe ()

O4 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003..\RunOnce: [ukspbtfqlvlbkko] C:\WINDOWS\System32\zqzxkdqcyjarbchs.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: qekfpfpyrznbi = cymphfxopfbxmscsoprvt.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: zknfmzgmch = C:\DOCUME~1\em-rr\LOCALS~1\Temp\cymphfxopfbxmscsoprvt.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1

O7 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()

O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)

O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)

O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)

O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.07.09 03:52:19 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010.01.05 07:29:40 | 00,000,820 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010.01.05 07:29:41 | 00,000,832 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{e23378a6-c906-11de-8a8c-0019665cef58}\Shell\AutoRun\command - "" = F:\gqsjpbhmb.bat -- File not found

O33 - MountPoints2\{e23378a6-c906-11de-8a8c-0019665cef58}\Shell\explore\Command - "" = F:\qekfpfpyrznbi.bat -- File not found

O33 - MountPoints2\{e23378a6-c906-11de-8a8c-0019665cef58}\Shell\open\Command - "" = F:\ugkdlzhoflx.bat -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.01.05 08:03:06 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\em-rr\Desktop\OTL.exe

[2010.01.05 07:55:58 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

[2010.01.05 07:55:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller

[2010.01.04 15:55:07 | 88,519,048 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\em-rr\Desktop\NIS10TBCS.exe

[2009.12.17 09:02:18 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp Detect

[2009.12.17 09:02:14 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp Toolbar

[2009.12.09 12:24:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\em-rr\Desktop\+muzic's+

[2009.12.07 08:54:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates

[2009.12.07 08:53:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2009.12.07 08:52:14 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7

[2009.12.07 08:52:01 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$

[2009.12.07 08:51:38 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$

[2009.12.07 07:23:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2009.12.06 10:34:13 | 00,000,000 | ---D | C] -- C:\241e755efc8c9543515f657590

[2009.12.06 10:32:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel

[2009.08.18 11:57:05 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2009.07.09 08:36:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2009.07.09 08:19:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2009.07.09 03:54:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009.07.09 03:53:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009.07.09 03:52:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[4 C:\Documents and Settings\em-rr\Desktop\*.tmp files -> C:\Documents and Settings\em-rr\Desktop\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.01.05 08:08:51 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2010.01.05 08:08:51 | 00,002,408 | -H-- | M] () -- C:\Program Files\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2010.01.05 08:08:51 | 00,002,408 | -H-- | M] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2010.01.05 08:08:51 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2010.01.05 08:08:51 | 00,000,280 | -H-- | M] () -- C:\Program Files\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2010.01.05 08:08:51 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2010.01.05 08:08:27 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\System32\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2010.01.05 08:08:16 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\tqfjcbumofczpwhyvxafen.exe

[2010.01.05 08:08:15 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\zqzxkdqcyjarbchs.exe

[2010.01.05 08:08:15 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\pittidsgerkdpszmfd.exe

[2010.01.05 08:08:15 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\nivxolcsshcxlqzojjkn.exe

[2010.01.05 08:08:15 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\gyihvpdqnzrjuwcog.exe

[2010.01.05 08:08:15 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\cymphfxopfbxmscsoprvt.exe

[2010.01.05 08:08:15 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\aughxtjyxlfzmqymgff.exe

[2010.01.05 08:07:43 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2010.01.05 08:03:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\em-rr\Desktop\OTL.exe

[2010.01.05 08:02:37 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010.01.05 07:55:58 | 04,980,736 | -H-- | M] () -- C:\Documents and Settings\em-rr\NTUSER.DAT

[2010.01.05 07:29:40 | 00,569,344 | RHS- | M] () -- C:\qekfpfpyrznbi.bat

[2010.01.05 07:29:40 | 00,000,820 | RHS- | M] () -- C:\autorun.inf

[2010.01.05 07:17:51 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010.01.05 07:17:40 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\tqfjcbumofczpwhyvxafen.exe

[2010.01.05 07:17:40 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\pittidsgerkdpszmfd.exe

[2010.01.05 07:17:40 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\nivxolcsshcxlqzojjkn.exe

[2010.01.05 07:17:40 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\cymphfxopfbxmscsoprvt.exe

[2010.01.05 07:17:40 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\aughxtjyxlfzmqymgff.exe

[2010.01.05 07:17:25 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010.01.05 07:17:19 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\zqzxkdqcyjarbchs.exe

[2010.01.05 07:17:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.01.05 07:17:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.01.05 07:17:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.01.04 16:15:00 | 00,000,872 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010.01.04 16:10:40 | 88,519,048 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\em-rr\Desktop\NIS10TBCS.exe

[2010.01.04 13:53:13 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\System32\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2010.01.04 13:53:13 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2010.01.04 13:53:13 | 00,000,426 | -H-- | M] () -- C:\Program Files\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2010.01.04 13:53:13 | 00,000,426 | -H-- | M] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2010.01.04 12:38:19 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\gyihvpdqnzrjuwcog.exe

[2009.12.30 10:32:21 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\em-rr\ntuser.ini

[2009.12.22 16:02:31 | 00,000,463 | -H-- | M] () -- C:\WINDOWS\System32\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy

[2009.12.22 16:02:31 | 00,000,463 | -H-- | M] () -- C:\WINDOWS\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy

[2009.12.22 16:02:31 | 00,000,463 | -H-- | M] () -- C:\Program Files\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy

[2009.12.22 16:02:31 | 00,000,463 | -H-- | M] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy

[2009.12.22 14:25:00 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009.12.22 12:44:09 | 00,354,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009.12.22 12:41:27 | 00,058,368 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\oferta-elektro-.xls

[2009.12.22 12:26:33 | 00,061,952 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\Как да решим безопасно проблеми в Windows XP.doc

[2009.12.22 11:19:53 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs

[2009.12.22 11:19:53 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\System32\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs

[2009.12.22 11:19:53 | 00,004,248 | -H-- | M] () -- C:\Program Files\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs

[2009.12.22 11:19:53 | 00,004,248 | -H-- | M] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs

[2009.12.22 08:11:48 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\Аванс - Декември.xls

[2009.12.22 08:05:58 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\Списък на инструмент в склада-01.09.2009.doc

[2009.12.21 08:13:31 | 00,201,728 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\Технически характеристики-E52.doc

[2009.12.19 14:38:54 | 14,271,3719 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\calendar-2010-A3-orchidea+.eps

[2009.12.19 14:35:25 | 00,002,489 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\CorelDRAW 12.lnk

[2009.12.19 14:34:33 | 30,953,718 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\calendar-2010-A3-orchidea.pdf

[2009.12.18 15:13:15 | 00,026,885 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\Home Alone 1.torrent

[2009.12.18 14:05:22 | 00,073,216 | ---- | M] () -- C:\Documents and Settings\em-rr\My Documents\Холандски сладкиш с ябълки.doc

[2009.12.17 14:30:36 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\ел-материали.xls

[2009.12.14 11:46:45 | 00,063,488 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\tisen-krup-manex.doc

[2009.12.14 11:46:30 | 00,140,781 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\oblicovycni-sistemi.pdf

[2009.12.10 07:42:57 | 00,500,104 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009.12.10 07:42:57 | 00,426,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009.12.10 07:42:57 | 00,065,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009.12.10 07:39:42 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009.12.09 14:47:21 | 00,155,136 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\Tibetian2.pps

[2009.12.07 07:50:14 | 00,098,944 | ---- | M] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009.12.07 07:28:29 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini

[4 C:\Documents and Settings\em-rr\Desktop\*.tmp files -> C:\Documents and Settings\em-rr\Desktop\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009.12.22 12:26:32 | 00,061,952 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\Как да решим безопасно проблеми в Windows XP.doc

[2009.12.22 11:20:23 | 00,000,820 | RHS- | C] () -- C:\autorun.inf

[2009.12.22 11:20:10 | 00,002,408 | -H-- | C] () -- C:\WINDOWS\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2009.12.22 11:20:10 | 00,002,408 | -H-- | C] () -- C:\Program Files\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2009.12.22 11:20:10 | 00,002,408 | -H-- | C] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2009.12.22 11:20:10 | 00,002,402 | -H-- | C] () -- C:\WINDOWS\System32\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2009.12.22 11:20:10 | 00,000,426 | -H-- | C] () -- C:\WINDOWS\System32\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2009.12.22 11:20:10 | 00,000,426 | -H-- | C] () -- C:\WINDOWS\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2009.12.22 11:20:10 | 00,000,426 | -H-- | C] () -- C:\Program Files\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2009.12.22 11:20:10 | 00,000,426 | -H-- | C] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2009.12.22 11:20:09 | 00,000,463 | -H-- | C] () -- C:\WINDOWS\System32\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy

[2009.12.22 11:20:09 | 00,000,463 | -H-- | C] () -- C:\WINDOWS\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy

[2009.12.22 11:20:09 | 00,000,463 | -H-- | C] () -- C:\Program Files\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy

[2009.12.22 11:20:09 | 00,000,463 | -H-- | C] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy

[2009.12.22 11:19:53 | 00,004,248 | -H-- | C] () -- C:\WINDOWS\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs

[2009.12.22 11:19:53 | 00,004,248 | -H-- | C] () -- C:\WINDOWS\System32\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs

[2009.12.22 11:19:53 | 00,004,248 | -H-- | C] () -- C:\Program Files\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs

[2009.12.22 11:19:53 | 00,004,248 | -H-- | C] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs

[2009.12.22 11:19:53 | 00,000,280 | -H-- | C] () -- C:\WINDOWS\System32\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2009.12.22 11:19:53 | 00,000,280 | -H-- | C] () -- C:\WINDOWS\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2009.12.22 11:19:53 | 00,000,280 | -H-- | C] () -- C:\Program Files\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2009.12.22 11:19:53 | 00,000,280 | -H-- | C] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\zqzxkdqcyjarbchs.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\zqzxkdqcyjarbchs.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\tqfjcbumofczpwhyvxafen.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\tqfjcbumofczpwhyvxafen.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\pittidsgerkdpszmfd.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\pittidsgerkdpszmfd.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\nivxolcsshcxlqzojjkn.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\nivxolcsshcxlqzojjkn.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\gyihvpdqnzrjuwcog.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\gyihvpdqnzrjuwcog.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\cymphfxopfbxmscsoprvt.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\cymphfxopfbxmscsoprvt.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\aughxtjyxlfzmqymgff.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\aughxtjyxlfzmqymgff.exe

[2009.12.21 09:18:10 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\Аванс - Декември.xls

[2009.12.21 08:13:30 | 00,201,728 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\Технически характеристики-E52.doc

[2009.12.19 14:38:13 | 14,271,3719 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\calendar-2010-A3-orchidea+.eps

[2009.12.19 14:29:22 | 30,953,718 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\calendar-2010-A3-orchidea.pdf

[2009.12.18 15:13:13 | 00,026,885 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\Home Alone 1.torrent

[2009.12.17 15:07:04 | 00,058,368 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\oferta-elektro-.xls

[2009.12.17 14:17:27 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\ел-материали.xls

[2009.12.17 13:49:06 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\Списък на инструмент в склада-01.09.2009.doc

[2009.12.16 11:50:01 | 00,073,216 | ---- | C] () -- C:\Documents and Settings\em-rr\My Documents\Холандски сладкиш с ябълки.doc

[2009.12.14 11:46:43 | 00,063,488 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\tisen-krup-manex.doc

[2009.12.14 11:46:30 | 00,140,781 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\oblicovycni-sistemi.pdf

[2009.12.09 14:47:18 | 00,155,136 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\Tibetian2.pps

[2009.10.19 12:58:01 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.08.18 11:55:18 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009.07.09 07:44:02 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\newdll.dll

[2009.07.09 04:44:18 | 00,000,502 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP34.INI

[2009.07.09 04:27:42 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009.07.09 03:52:24 | 00,001,651 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009.02.24 14:00:00 | 00,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll

[2009.02.24 14:00:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll

[2003.01.07 10:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009.07.09 05:42:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk

[2010.01.05 07:58:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon

[2009.10.06 13:54:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009.07.09 06:38:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\em-rr\Application Data\Autodesk

[2009.12.22 11:54:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\em-rr\Application Data\Babylon

[2009.07.09 04:49:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\em-rr\Application Data\Canon

[2009.11.23 11:56:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\em-rr\Application Data\com.likno.air.PhotoFrameShow.BA293090D193671BA859C8E310874AAD5CDD8BAD.1

[2009.12.01 12:49:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\em-rr\Application Data\TeamViewer

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 05.1.2010 г. 08:04:59 - Run 1

OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\em-rr\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

503,00 Mb Total Physical Memory | 72,00 Mb Available Physical Memory | 14,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 40,85 Gb Total Space | 22,15 Gb Free Space | 54,21% Space Free | Partition Type: NTFS

Drive D: | 35,83 Gb Total Space | 9,06 Gb Free Space | 25,28% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DARKEDITION

Current User Name: em-rr

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Command Prompt Here] -- cmd.exe /k cd %1 (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Find.Target] -- "explorer.exe" /select,"%1" (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"23437:TCP" = 23437:TCP:*:Enabled:BitComet 23437 TCP

"23437:UDP" = 23437:UDP:*:Enabled:BitComet 23437 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Documents and Settings\em-rr\Local Settings\Temp\~os4.tmp\rlvknlg.exe" = C:\Documents and Settings\em-rr\Local Settings\Temp\~os4.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe -- File not found

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)

"c:\program files\relevantknowledge\rlvknlg.exe" = c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe -- (TMRG, Inc.)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 17

"{284EBA35-4A64-A361-7F50-DBD0CC391DD7}" = Photo Frame Show - AIR desktop application

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{5783F2D7-0201-0409-0002-0060B0CE6BBA}" = AutoCAD 2004

"{5783F2D7-0211-0409-0000-0060B0CE6BBA}" = AutoCAD Express Tools Volumes 1-9

"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf07

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{99A5569D-9F86-4f32-A227-1538B731DA42}" = Canon MF4320-4350

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop 6.0 Tryout" = Adobe Photoshop 6.0 Tryout

"Autodesk Express Viewer" = Autodesk Express Viewer

"Babylon" = Babylon

"BitComet" = BitComet 1.13

"CdaC13Ba" = SafeCast Shared Components

"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.95.3

"com.likno.air.PhotoFrameShow.BA293090D193671BA859C8E310874AAD5CDD8BAD.1" = Photo Frame Show - AIR desktop application

"CPLBonus" = Kels' CPL Bonus Pack!

"FlexType 2K" = FlexType 2K

"Google Chrome" = Google Chrome

"Google Updater" = Google Updater

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"LClock" = LClock

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MOP" = MOP

"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)

"Mp3 Knife_is1" = Mp3 Knife 3.2

"Nero8Lite_is1" = Nero 8 Lite 8.3.2.1

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Strawberry Prolog 2.5 light" = Strawberry Prolog 2.5 light

"VDrive" = Vista Drive Indicator!

"Winamp" = Winamp

"Winamp Toolbar" = Winamp Toolbar

"WinRAR archiver" = Архиватор WinRAR

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"UfasoftLisp" = Ufasoft Lisp 4.23

"Winamp Detect" = Winamp Application Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 07.11.2009 г. 01:38:08 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting

module mshtml.dll, version 6.0.2900.5726, fault address 0x0023d6b2.

Error - 07.11.2009 г. 01:41:23 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting

module mshtml.dll, version 6.0.2900.5726, fault address 0x0023d6b2.

Error - 14.11.2009 г. 08:50:11 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting

module mshtml.dll, version 6.0.2900.5726, fault address 0x000ab09b.

Error - 16.11.2009 г. 01:18:14 | Computer Name = DARKEDITION | Source = Google Update | ID = 20

Description =

Error - 16.11.2009 г. 10:32:24 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting

module shell32.dll, version 6.0.2900.5672, fault address 0x0002cee1.

Error - 16.11.2009 г. 10:32:32 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module

dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 18.11.2009 г. 08:09:04 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting

module shell32.dll, version 6.0.2900.5672, fault address 0x0002cee1.

Error - 18.11.2009 г. 08:09:16 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module

dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 18.11.2009 г. 08:16:22 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting

module shell32.dll, version 6.0.2900.5672, fault address 0x0002cee1.

Error - 18.11.2009 г. 08:16:32 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module

dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

[ Application Events ]

Error - 07.11.2009 г. 01:38:08 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting

module mshtml.dll, version 6.0.2900.5726, fault address 0x0023d6b2.

Error - 07.11.2009 г. 01:41:23 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting

module mshtml.dll, version 6.0.2900.5726, fault address 0x0023d6b2.

Error - 14.11.2009 г. 08:50:11 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting

module mshtml.dll, version 6.0.2900.5726, fault address 0x000ab09b.

Error - 16.11.2009 г. 01:18:14 | Computer Name = DARKEDITION | Source = Google Update | ID = 20

Description =

Error - 16.11.2009 г. 10:32:24 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting

module shell32.dll, version 6.0.2900.5672, fault address 0x0002cee1.

Error - 16.11.2009 г. 10:32:32 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module

dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 18.11.2009 г. 08:09:04 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting

module shell32.dll, version 6.0.2900.5672, fault address 0x0002cee1.

Error - 18.11.2009 г. 08:09:16 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module

dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 18.11.2009 г. 08:16:22 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting

module shell32.dll, version 6.0.2900.5672, fault address 0x0002cee1.

Error - 18.11.2009 г. 08:16:32 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module

dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

[ System Events ]

Error - 23.12.2009 г. 01:17:59 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7023

Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated

with the following error: %%2147500053

Error - 30.12.2009 г. 04:19:16 | Computer Name = DARKEDITION | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000034'

while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has

stopped monitoring the volume.

Error - 30.12.2009 г. 04:19:33 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7023

Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated

with the following error: %%2147500053

Error - 30.12.2009 г. 04:20:02 | Computer Name = DARKEDITION | Source = DCOM | ID = 10010

Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register

with DCOM within the required timeout.

Error - 04.1.2010 г. 01:18:15 | Computer Name = DARKEDITION | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000034'

while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has

stopped monitoring the volume.

Error - 04.1.2010 г. 01:18:31 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7023

Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated

with the following error: %%2147500053

Error - 04.1.2010 г. 06:38:23 | Computer Name = DARKEDITION | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000034'

while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has

stopped monitoring the volume.

Error - 04.1.2010 г. 06:38:35 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7023

Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated

with the following error: %%2147500053

Error - 05.1.2010 г. 01:17:40 | Computer Name = DARKEDITION | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000034'

while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has

stopped monitoring the volume.

Error - 05.1.2010 г. 01:17:54 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7023

Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated

with the following error: %%2147500053

< End of report >

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=75b06effffe5834e8aa93e1e72be40fc

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-01-05 07:57:37

# local_time=2010-01-05 09:57:37 (+0200, FLE Standard Time)

# country="Bulgaria"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=2817 16777215 100 100 4815959 5398729 0 0

# compatibility_mode=8192 67108863 100 0 3849 3849 0 0

# scanned=50847

# found=43

# cleaned=43

# scan_time=1993

C:\autorun.inf INF/Autorun.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\gqsjpbhmb.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\qekfpfpyrznbi.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\ugkdlzhoflx.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\aughxtjyxlfzmqymgff.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\cymphfxopfbxmscsoprvt.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\gyihvpdqnzrjuwcog.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\nivxolcsshcxlqzojjkn.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\nuthkt.exe a variant of Win32/AutoRun.Agent.TG worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\pittidsgerkdpszmfd.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\rdieekwnfzn.exe a variant of Win32/AutoRun.Agent.TG worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\tqfjcbumofczpwhyvxafen.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\zqzxkdqcyjarbchs.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\qekfpfpyrznbi\zknfmzgmch.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\qekfpfpyrznbi\aiixblp\14 Kolko Sloncheto Tezhi.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\My Documents\Program files\Unlocker 1.8.7.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Downloads\MK.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Program Files\RelevantKnowledge\rlvknlg.exe a variant of Win32/Adware.RK.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\aughxtjyxlfzmqymgff.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\cymphfxopfbxmscsoprvt.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\gyihvpdqnzrjuwcog.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\nivxolcsshcxlqzojjkn.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\pittidsgerkdpszmfd.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\tqfjcbumofczpwhyvxafen.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\zqzxkdqcyjarbchs.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\aughxtjyxlfzmqymgff.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\cymphfxopfbxmscsoprvt.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\gyihvpdqnzrjuwcog.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\nivxolcsshcxlqzojjkn.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\pittidsgerkdpszmfd.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\tqfjcbumofczpwhyvxafen.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\zqzxkdqcyjarbchs.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

D:\autorun.inf INF/Autorun.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C

D:\gqsjpbhmb.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

D:\qekfpfpyrznbi.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

D:\ugkdlzhoflx.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

D:\Nero-NE7962\Toolbar.exe Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP1\A0000020.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP1\A0000021.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP1\A0000022.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP1\A0000023.inf INF/Autorun.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

D:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP1\A0000067.exe Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

${Memory} Win32/AutoRun.Agent.TV worm 00000000000000000000000000000000 C

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=75b06effffe5834e8aa93e1e72be40fc

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-01-05 10:00:05

# local_time=2010-01-05 12:00:05 (+0200, FLE Standard Time)

# country="Bulgaria"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=2817 16777215 100 100 4820422 5403192 0 0

# compatibility_mode=8192 67108863 100 0 8312 8312 0 0

# scanned=50843

# found=36

# cleaned=36

# scan_time=4884

C:\autorun.inf INF/Autorun.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\gqsjpbhmb.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\qekfpfpyrznbi.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\ugkdlzhoflx.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\aughxtjyxlfzmqymgff.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\cymphfxopfbxmscsoprvt.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\gyihvpdqnzrjuwcog.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\nivxolcsshcxlqzojjkn.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\NOD13F.tmp a variant of Win32/AutoRun.Agent.TG worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\pittidsgerkdpszmfd.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\rdieekwnfzn.exe a variant of Win32/AutoRun.Agent.TG worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\tqfjcbumofczpwhyvxafen.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\zqzxkdqcyjarbchs.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\qekfpfpyrznbi\zknfmzgmch.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\qekfpfpyrznbi\zknfmzgmch.rar Win32/AutoRun.Agent.TV worm (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\qekfpfpyrznbi\aiixblp\14 Kolko Sloncheto Tezhi.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\aughxtjyxlfzmqymgff.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\cymphfxopfbxmscsoprvt.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\gyihvpdqnzrjuwcog.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\nivxolcsshcxlqzojjkn.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\pittidsgerkdpszmfd.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\tqfjcbumofczpwhyvxafen.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\zqzxkdqcyjarbchs.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\aughxtjyxlfzmqymgff.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\cymphfxopfbxmscsoprvt.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\gyihvpdqnzrjuwcog.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\nivxolcsshcxlqzojjkn.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\pittidsgerkdpszmfd.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\tqfjcbumofczpwhyvxafen.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\zqzxkdqcyjarbchs.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

D:\autorun.inf INF/Autorun.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C

D:\gqsjpbhmb.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

D:\qekfpfpyrznbi.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

D:\ugkdlzhoflx.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

D:\картинки и снимки\screen saviors\Felix.exe Win32/Joke.ScreenMate application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

${Memory} Win32/AutoRun.Agent.TV worm 00000000000000000000000000000000 C

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте!

Инструкциите, които се дават тук от мен или от някой друг член на HJT се отнасят само и единствено за него не за брат му, нито за на леля му 14 братовчед. Само и единствено за него в конкретната ситуация, за конкретния компютър!

Стъпка 1:

Изтеглете SafeBootKeyRepair от тук или тук. Запазете го на вашия десктоп.

1. Стартирайте програмата.

2. Изчакайте, докато тя извърши нужните процедури.

3. Когато завърши, инструментът ще генерира лог файл, намиращ се в C:\SafeBoot_Repair.txt.

Накрая публикувайте съдържанието на SafeBoot_Repair.txt

Стъпка 2:

Изтрийте вашия OTL и изпълнете инструкции наново:

Изтеглете OTL (от OldTimer) и го запазете на вашия десктоп.

Кликнете два пъти върху OTL.exe, за да стартирате програмата.

Сложете отметки преди следните неща:


  • Scan all users
  • Lop check
  • Purity check

Под секцията Extra Registry, изберете Use SafeList

Кликнете на Run Scan и изчакайте да завърши сканирането. (може да отнеме 10-15 минути)

Когато завърши, публикувайте следните два лог файла:

  • OTL.txt (намира се на вашия десктоп)
  • Extras.txt (ще Ви се отвори автоматично)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте!

Инструкциите, които се дават тук от мен или от някой друг член на HJT се отнасят само и единствено за него не за брат му, нито за на леля му 14 братовчед. Само и единствено за него в конкретната ситуация, за конкретния компютър!

Стъпка 1:

Изтеглете SafeBootKeyRepair от тук или тук. Запазете го на вашия десктоп.

1. Стартирайте програмата.

2. Изчакайте, докато тя извърши нужните процедури.

3. Когато завърши, инструментът ще генерира лог файл, намиращ се в C:\SafeBoot_Repair.txt.

Накрая публикувайте съдържанието на SafeBoot_Repair.txt

Стъпка 2:

Изтрийте вашия OTL и изпълнете инструкции наново:

Изтеглете OTL (от OldTimer) и го запазете на вашия десктоп.

Кликнете два пъти върху OTL.exe, за да стартирате програмата.

Сложете отметки преди следните неща:


  • Scan all users
  • Lop check
  • Purity check

Под секцията Extra Registry, изберете Use SafeList

Кликнете на Run Scan и изчакайте да завърши сканирането. (може да отнеме 10-15 минути)

Когато завърши, публикувайте следните два лог файла:

  • OTL.txt (намира се на вашия десктоп)
  • Extras.txt (ще Ви се отвори автоматично)

извинявам се 4е изпълних тия стъпки но незнаех 4е се отнасят само за 1 човек. ето това излезе от стъпка 1:

Reg export of SafeBoot key after repair:

========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]

"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]

@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]

@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]

@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

@="Human Interface Devices"

========================

а това от стъпка 2:

OTL logfile created on: 06.1.2010 г. 09:41:51 - Run 2

OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\em-rr\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

503,00 Mb Total Physical Memory | 84,00 Mb Available Physical Memory | 17,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 60,00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 40,85 Gb Total Space | 22,05 Gb Free Space | 53,98% Space Free | Partition Type: NTFS

Drive D: | 35,83 Gb Total Space | 9,06 Gb Free Space | 25,29% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DARKEDITION

Current User Name: em-rr

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\em-rr\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\system32\zqzxkdqcyjarbchs.exe ()

PRC - C:\Documents and Settings\em-rr\Local Settings\Temp\nuthkt.exe ()

PRC - C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.1.0.19\InstStub.exe (Symantec Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft)

PRC - C:\Program Files\ClamWin\bin\ClamTray.exe (alch)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()

PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\VistaDrive\VistaDrive.exe ()

PRC - C:\Program Files\LClock\LClock.exe ()

PRC - C:\Program Files\Datecs\FlexType 2K\FType2K.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\em-rr\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()

MOD - C:\WINDOWS\system32\newdll.dll ()

========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (gupdate1ca005d2d41368c) Услуга Google Update (gupdate1ca005d2d41368c) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)

SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS (Macrovision Europe Ltd)

DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)

DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)

DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (vcdrom) -- C:\Program Files\System\CPL Bonus\vcdrom.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home

IE - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\S-1-5-21-1417001333-1123561945-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\S-1-5-21-1417001333-1123561945-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home"

FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.6.18

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.4.0.4

FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2

FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.05 13:44:39 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.05 13:44:38 | 00,000,000 | ---D | M]

[2009.07.09 08:33:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\em-rr\Application Data\Mozilla\Extensions

[2010.01.04 14:14:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\em-rr\Application Data\Mozilla\Firefox\Profiles\aekuprwv.default\extensions

[2009.08.08 14:45:49 | 00,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\em-rr\Application Data\Mozilla\Firefox\Profiles\aekuprwv.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

[2009.11.23 15:51:51 | 00,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\em-rr\Application Data\Mozilla\Firefox\Profiles\aekuprwv.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}

[2009.11.26 09:50:35 | 00,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Documents and Settings\em-rr\Application Data\Mozilla\Firefox\Profiles\aekuprwv.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}

[2009.08.08 14:45:53 | 00,001,201 | ---- | M] () -- C:\Documents and Settings\em-rr\Application Data\Mozilla\Firefox\Profiles\aekuprwv.default\searchplugins\winamp-search.xml

[2010.01.04 14:14:19 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009.06.24 14:31:54 | 00,001,083 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\911bg.xml

[2009.11.05 10:50:07 | 00,002,204 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

[2009.06.24 14:31:54 | 00,002,442 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\diribg.xml

[2009.06.24 14:31:54 | 00,001,515 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pe-bg.xml

[2009.06.24 14:31:54 | 00,001,857 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\portalbgdict.xml

[2009.06.24 14:31:54 | 00,001,220 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-bg.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)

O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

O4 - HKLM..\Run: [gyihvpdqnzrjuwcog] C:\Documents and Settings\em-rr\Local Settings\Temp\aughxtjyxlfzmqymgff.exe ()

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()

O4 - HKLM..\Run: [NIS] C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.1.0.19\InstStub.exe (Symantec Corporation)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [ugkdlzhoflx] C:\WINDOWS\System32\gyihvpdqnzrjuwcog.exe ()

O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()

O4 - HKLM..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe ()

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft)

O4 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003..\Run: [rgnjulwgajynvu] C:\WINDOWS\System32\cymphfxopfbxmscsoprvt.exe ()

O4 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003..\Run: [ugkdlzhoflx] C:\Documents and Settings\em-rr\Local Settings\Temp\nivxolcsshcxlqzojjkn.exe ()

O4 - HKLM..\RunOnce: [rejdmbkskrer] C:\WINDOWS\System32\cymphfxopfbxmscsoprvt.exe ()

O4 - HKLM..\RunOnce: [zqzxkdqcyjarbchs] C:\Documents and Settings\em-rr\Local Settings\Temp\aughxtjyxlfzmqymgff.exe ()

O4 - HKU\.DEFAULT..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)

O4 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003..\RunOnce: [rejdmbkskrer] C:\Documents and Settings\em-rr\Local Settings\Temp\aughxtjyxlfzmqymgff.exe ()

O4 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003..\RunOnce: [ukspbtfqlvlbkko] C:\WINDOWS\System32\nivxolcsshcxlqzojjkn.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: qekfpfpyrznbi = zqzxkdqcyjarbchs.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: zknfmzgmch = C:\DOCUME~1\em-rr\LOCALS~1\Temp\cymphfxopfbxmscsoprvt.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1

O7 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.07.09 03:52:19 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010.01.06 07:15:50 | 00,000,813 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010.01.06 07:15:50 | 00,000,839 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{b48b321c-6c60-11de-b27d-806d6172696f}\Shell\AutoRun\command - "" = C:\gqsjpbhmb.bat -- [2009.06.09 07:30:06 | 00,569,344 | RHS- | M] ()

O33 - MountPoints2\{b48b321c-6c60-11de-b27d-806d6172696f}\Shell\explore\Command - "" = C:\qekfpfpyrznbi.bat -- [2009.07.07 07:44:26 | 00,569,344 | RHS- | M] ()

O33 - MountPoints2\{b48b321c-6c60-11de-b27d-806d6172696f}\Shell\open\Command - "" = C:\ugkdlzhoflx.bat -- [2009.07.14 09:48:51 | 00,569,344 | RHS- | M] ()

O33 - MountPoints2\{e23378a6-c906-11de-8a8c-0019665cef58}\Shell\AutoRun\command - "" = F:\gqsjpbhmb.bat -- File not found

O33 - MountPoints2\{e23378a6-c906-11de-8a8c-0019665cef58}\Shell\explore\Command - "" = F:\qekfpfpyrznbi.bat -- File not found

O33 - MountPoints2\{e23378a6-c906-11de-8a8c-0019665cef58}\Shell\open\Command - "" = F:\ugkdlzhoflx.bat -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.01.06 09:40:29 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\em-rr\Desktop\OTL.exe

[2010.01.06 09:37:07 | 00,288,654 | ---- | C] ( ) -- C:\Documents and Settings\em-rr\Desktop\SafeBootKeyRepair.exe

[2010.01.06 09:36:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\em-rr\Desktop\New Folder

[2010.01.05 13:11:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy

[2010.01.05 13:00:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010.01.05 09:20:54 | 00,000,000 | ---D | C] -- C:\Program Files\ESET

[2010.01.05 07:55:58 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

[2010.01.05 07:55:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller

[2010.01.04 15:55:07 | 88,519,048 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\em-rr\Desktop\NIS10TBCS.exe

[2009.12.10 07:20:53 | 00,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys

[2009.12.10 07:20:53 | 00,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmfilt.dll

[2009.12.10 07:20:53 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpapi.dll

[2009.12.10 07:20:47 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rastls.dll

[2009.12.10 07:20:47 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll

[2009.12.10 07:19:36 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll

[2009.12.09 12:24:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\em-rr\Desktop\+muzic's+

[2009.08.18 11:57:05 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2009.07.09 08:36:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2009.07.09 08:19:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2009.07.09 03:54:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009.07.09 03:53:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009.07.09 03:52:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.01.06 09:45:37 | 00,002,402 | -H-- | M] () -- C:\WINDOWS\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2010.01.06 09:45:37 | 00,002,402 | -H-- | M] () -- C:\Program Files\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2010.01.06 09:45:37 | 00,002,402 | -H-- | M] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2010.01.06 09:45:37 | 00,000,280 | -H-- | M] () -- C:\Program Files\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2010.01.06 09:45:37 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2010.01.06 09:45:27 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\tqfjcbumofczpwhyvxafen.exe

[2010.01.06 09:45:27 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\pittidsgerkdpszmfd.exe

[2010.01.06 09:45:27 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\nivxolcsshcxlqzojjkn.exe

[2010.01.06 09:45:27 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\gyihvpdqnzrjuwcog.exe

[2010.01.06 09:45:27 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\cymphfxopfbxmscsoprvt.exe

[2010.01.06 09:45:27 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\aughxtjyxlfzmqymgff.exe

[2010.01.06 09:45:26 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\zqzxkdqcyjarbchs.exe

[2010.01.06 09:45:06 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\System32\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2010.01.06 09:45:06 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2010.01.06 09:44:02 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2010.01.06 09:40:31 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\em-rr\Desktop\OTL.exe

[2010.01.06 09:37:08 | 00,288,654 | ---- | M] ( ) -- C:\Documents and Settings\em-rr\Desktop\SafeBootKeyRepair.exe

[2010.01.06 09:33:24 | 00,059,904 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\toplofikaciq_ruse.doc

[2010.01.06 09:25:18 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010.01.06 09:24:54 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Земя.lnk

[2010.01.06 09:15:00 | 00,000,872 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010.01.06 07:38:31 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\System32\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2010.01.06 07:38:31 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2010.01.06 07:38:31 | 00,000,426 | -H-- | M] () -- C:\Program Files\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2010.01.06 07:38:31 | 00,000,426 | -H-- | M] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2010.01.06 07:15:50 | 00,000,813 | RHS- | M] () -- C:\autorun.inf

[2010.01.06 07:15:10 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\tqfjcbumofczpwhyvxafen.exe

[2010.01.06 07:15:10 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\nivxolcsshcxlqzojjkn.exe

[2010.01.06 07:15:10 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\cymphfxopfbxmscsoprvt.exe

[2010.01.06 07:15:10 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\aughxtjyxlfzmqymgff.exe

[2010.01.06 07:15:09 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\pittidsgerkdpszmfd.exe

[2010.01.06 07:15:09 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\gyihvpdqnzrjuwcog.exe

[2010.01.06 07:14:58 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010.01.06 07:14:52 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.01.06 07:14:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.01.05 16:45:56 | 04,980,736 | -H-- | M] () -- C:\Documents and Settings\em-rr\NTUSER.DAT

[2010.01.05 16:45:56 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\em-rr\ntuser.ini

[2010.01.05 14:40:16 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\zqzxkdqcyjarbchs.exe

[2010.01.05 13:16:17 | 00,000,642 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2010.01.05 10:40:42 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\Microsoft Office Word 2003.lnk

[2010.01.05 07:17:51 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010.01.04 16:10:40 | 88,519,048 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\em-rr\Desktop\NIS10TBCS.exe

[2009.12.22 16:02:31 | 00,000,463 | -H-- | M] () -- C:\WINDOWS\System32\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy

[2009.12.22 16:02:31 | 00,000,463 | -H-- | M] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy

[2009.12.22 14:25:00 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009.12.22 12:44:09 | 00,354,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009.12.22 11:19:53 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\System32\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs

[2009.12.22 11:19:53 | 00,004,248 | -H-- | M] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs

[2009.12.22 08:05:58 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\Списък на инструмент в склада-01.09.2009.doc

[2009.12.19 14:35:25 | 00,002,489 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\CorelDRAW 12.lnk

[2009.12.19 14:34:33 | 30,953,718 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\calendar-2010-A3-orchidea.pdf

[2009.12.18 14:05:22 | 00,073,216 | ---- | M] () -- C:\Documents and Settings\em-rr\My Documents\Холандски сладкиш с ябълки.doc

[2009.12.14 11:46:45 | 00,063,488 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\tisen-krup-manex.doc

[2009.12.14 11:46:30 | 00,140,781 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\oblicovycni-sistemi.pdf

[2009.12.10 07:42:57 | 00,500,104 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009.12.10 07:42:57 | 00,426,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009.12.10 07:42:57 | 00,065,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009.12.10 07:39:42 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009.12.09 14:47:21 | 00,155,136 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\Tibetian2.pps

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.01.06 09:33:23 | 00,059,904 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\toplofikaciq_ruse.doc

[2010.01.06 09:24:54 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Земя.lnk

[2010.01.05 14:40:34 | 00,000,426 | -H-- | C] () -- C:\Program Files\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2010.01.05 14:07:46 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\cymphfxopfbxmscsoprvt.exe

[2010.01.05 14:07:46 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\aughxtjyxlfzmqymgff.exe

[2010.01.05 14:03:31 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\tqfjcbumofczpwhyvxafen.exe

[2010.01.05 14:03:31 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\pittidsgerkdpszmfd.exe

[2010.01.05 14:03:31 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\nivxolcsshcxlqzojjkn.exe

[2010.01.05 14:03:30 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\zqzxkdqcyjarbchs.exe

[2010.01.05 14:03:30 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\gyihvpdqnzrjuwcog.exe

[2010.01.05 14:02:09 | 00,002,408 | -H-- | C] () -- C:\WINDOWS\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2010.01.05 13:21:55 | 00,000,813 | RHS- | C] () -- C:\autorun.inf

[2010.01.05 13:15:45 | 00,000,642 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

[2010.01.05 10:40:35 | 00,002,497 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\Microsoft Office Word 2003.lnk

[2009.12.22 11:20:10 | 00,002,408 | -H-- | C] () -- C:\WINDOWS\System32\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2009.12.22 11:20:10 | 00,002,408 | -H-- | C] () -- C:\Program Files\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2009.12.22 11:20:10 | 00,002,408 | -H-- | C] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2009.12.22 11:20:10 | 00,000,426 | -H-- | C] () -- C:\WINDOWS\System32\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2009.12.22 11:20:10 | 00,000,426 | -H-- | C] () -- C:\WINDOWS\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2009.12.22 11:20:10 | 00,000,426 | -H-- | C] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2009.12.22 11:20:09 | 00,000,463 | -H-- | C] () -- C:\WINDOWS\System32\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy

[2009.12.22 11:20:09 | 00,000,463 | -H-- | C] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy

[2009.12.22 11:19:53 | 00,004,248 | -H-- | C] () -- C:\WINDOWS\System32\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs

[2009.12.22 11:19:53 | 00,004,248 | -H-- | C] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs

[2009.12.22 11:19:53 | 00,000,280 | -H-- | C] () -- C:\WINDOWS\System32\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2009.12.22 11:19:53 | 00,000,280 | -H-- | C] () -- C:\WINDOWS\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2009.12.22 11:19:53 | 00,000,280 | -H-- | C] () -- C:\Program Files\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2009.12.22 11:19:53 | 00,000,280 | -H-- | C] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\zqzxkdqcyjarbchs.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\tqfjcbumofczpwhyvxafen.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\pittidsgerkdpszmfd.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\nivxolcsshcxlqzojjkn.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\gyihvpdqnzrjuwcog.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\cymphfxopfbxmscsoprvt.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\aughxtjyxlfzmqymgff.exe

[2009.12.19 14:29:22 | 30,953,718 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\calendar-2010-A3-orchidea.pdf

[2009.12.17 13:49:06 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\Списък на инструмент в склада-01.09.2009.doc

[2009.12.16 11:50:01 | 00,073,216 | ---- | C] () -- C:\Documents and Settings\em-rr\My Documents\Холандски сладкиш с ябълки.doc

[2009.12.14 11:46:43 | 00,063,488 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\tisen-krup-manex.doc

[2009.12.14 11:46:30 | 00,140,781 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\oblicovycni-sistemi.pdf

[2009.12.09 14:47:18 | 00,155,136 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\Tibetian2.pps

[2009.10.19 12:58:01 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.08.18 11:55:18 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009.07.09 07:44:02 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\newdll.dll

[2009.07.09 04:44:18 | 00,000,502 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP34.INI

[2009.07.09 04:27:42 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009.07.09 03:52:24 | 00,001,651 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009.02.24 14:00:00 | 00,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll

[2009.02.24 14:00:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll

[2003.01.07 10:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009.07.09 05:42:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk

[2009.10.06 13:54:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009.07.09 06:38:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\em-rr\Application Data\Autodesk

[2009.07.09 04:49:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\em-rr\Application Data\Canon

[2009.11.23 11:56:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\em-rr\Application Data\com.likno.air.PhotoFrameShow.BA293090D193671BA859C8E310874AAD5CDD8BAD.1

[2009.12.01 12:49:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\em-rr\Application Data\TeamViewer

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 06.1.2010 г. 09:41:51 - Run 2

OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\em-rr\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

503,00 Mb Total Physical Memory | 84,00 Mb Available Physical Memory | 17,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 60,00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 40,85 Gb Total Space | 22,05 Gb Free Space | 53,98% Space Free | Partition Type: NTFS

Drive D: | 35,83 Gb Total Space | 9,06 Gb Free Space | 25,29% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DARKEDITION

Current User Name: em-rr

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Command Prompt Here] -- cmd.exe /k cd %1 (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Find.Target] -- "explorer.exe" /select,"%1" (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"23437:TCP" = 23437:TCP:*:Enabled:BitComet 23437 TCP

"23437:UDP" = 23437:UDP:*:Enabled:BitComet 23437 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Documents and Settings\em-rr\Local Settings\Temp\~os4.tmp\rlvknlg.exe" = C:\Documents and Settings\em-rr\Local Settings\Temp\~os4.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe -- File not found

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)

"c:\program files\relevantknowledge\rlvknlg.exe" = c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe -- File not found

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 17

"{284EBA35-4A64-A361-7F50-DBD0CC391DD7}" = Photo Frame Show - AIR desktop application

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{5783F2D7-0201-0409-0002-0060B0CE6BBA}" = AutoCAD 2004

"{5783F2D7-0211-0409-0000-0060B0CE6BBA}" = AutoCAD Express Tools Volumes 1-9

"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf07

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Земя

"{99A5569D-9F86-4f32-A227-1538B731DA42}" = Canon MF4320-4350

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop 6.0 Tryout" = Adobe Photoshop 6.0 Tryout

"Autodesk Express Viewer" = Autodesk Express Viewer

"BitComet" = BitComet 1.13

"CdaC13Ba" = SafeCast Shared Components

"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.95.3

"com.likno.air.PhotoFrameShow.BA293090D193671BA859C8E310874AAD5CDD8BAD.1" = Photo Frame Show - AIR desktop application

"CPLBonus" = Kels' CPL Bonus Pack!

"ESET Online Scanner" = ESET Online Scanner v3

"FlexType 2K" = FlexType 2K

"Google Chrome" = Google Chrome

"Google Updater" = Google Updater

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"LClock" = LClock

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MOP" = MOP

"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)

"Mp3 Knife_is1" = Mp3 Knife 3.2

"Nero8Lite_is1" = Nero 8 Lite 8.3.2.1

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Strawberry Prolog 2.5 light" = Strawberry Prolog 2.5 light

"VDrive" = Vista Drive Indicator!

"Winamp" = Winamp

"WinRAR archiver" = Архиватор WinRAR

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"UfasoftLisp" = Ufasoft Lisp 4.23

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 07.11.2009 г. 01:38:08 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting

module mshtml.dll, version 6.0.2900.5726, fault address 0x0023d6b2.

Error - 07.11.2009 г. 01:41:23 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting

module mshtml.dll, version 6.0.2900.5726, fault address 0x0023d6b2.

Error - 14.11.2009 г. 08:50:11 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting

module mshtml.dll, version 6.0.2900.5726, fault address 0x000ab09b.

Error - 16.11.2009 г. 01:18:14 | Computer Name = DARKEDITION | Source = Google Update | ID = 20

Description =

Error - 16.11.2009 г. 10:32:24 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting

module shell32.dll, version 6.0.2900.5672, fault address 0x0002cee1.

Error - 16.11.2009 г. 10:32:32 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module

dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 18.11.2009 г. 08:09:04 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting

module shell32.dll, version 6.0.2900.5672, fault address 0x0002cee1.

Error - 18.11.2009 г. 08:09:16 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module

dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 18.11.2009 г. 08:16:22 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting

module shell32.dll, version 6.0.2900.5672, fault address 0x0002cee1.

Error - 18.11.2009 г. 08:16:32 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module

dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

[ Application Events ]

Error - 07.11.2009 г. 01:38:08 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting

module mshtml.dll, version 6.0.2900.5726, fault address 0x0023d6b2.

Error - 07.11.2009 г. 01:41:23 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting

module mshtml.dll, version 6.0.2900.5726, fault address 0x0023d6b2.

Error - 14.11.2009 г. 08:50:11 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting

module mshtml.dll, version 6.0.2900.5726, fault address 0x000ab09b.

Error - 16.11.2009 г. 01:18:14 | Computer Name = DARKEDITION | Source = Google Update | ID = 20

Description =

Error - 16.11.2009 г. 10:32:24 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting

module shell32.dll, version 6.0.2900.5672, fault address 0x0002cee1.

Error - 16.11.2009 г. 10:32:32 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module

dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 18.11.2009 г. 08:09:04 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting

module shell32.dll, version 6.0.2900.5672, fault address 0x0002cee1.

Error - 18.11.2009 г. 08:09:16 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module

dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 18.11.2009 г. 08:16:22 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting

module shell32.dll, version 6.0.2900.5672, fault address 0x0002cee1.

Error - 18.11.2009 г. 08:16:32 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000

Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module

dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

[ System Events ]

Error - 05.1.2010 г. 01:17:54 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7023

Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated

with the following error: %%2147500053

Error - 05.1.2010 г. 06:13:28 | Computer Name = DARKEDITION | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000034'

while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has

stopped monitoring the volume.

Error - 05.1.2010 г. 06:13:47 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7023

Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated

with the following error: %%2147500053

Error - 05.1.2010 г. 07:20:21 | Computer Name = DARKEDITION | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000034'

while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has

stopped monitoring the volume.

Error - 05.1.2010 г. 07:20:43 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7023

Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated

with the following error: %%2147500053

Error - 05.1.2010 г. 08:40:20 | Computer Name = DARKEDITION | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000034'

while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has

stopped monitoring the volume.

Error - 05.1.2010 г. 08:40:31 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7023

Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated

with the following error: %%2147500053

Error - 05.1.2010 г. 08:41:00 | Computer Name = DARKEDITION | Source = DCOM | ID = 10010

Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register

with DCOM within the required timeout.

Error - 06.1.2010 г. 01:15:15 | Computer Name = DARKEDITION | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000034'

while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has

stopped monitoring the volume.

Error - 06.1.2010 г. 01:15:27 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7023

Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated

with the following error: %%2147500053

< End of report >

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Направeте следното:

1.Стартирайте Task manager. (Десен клавиш върху таск бара-> Task menager) Ako не знаете как се прави де :cheers:

2.(Вируса зарежда 3 файла ф паметта.) В Task menager сложете отметка на "Show processes from all users"

3. Щракнете върху "User name" за да ги подредиш. Сега търсете в em-rr (акунта с, които сте се логнали). 3-те файла са с по-особени имена.

Единия е по-дълъг с безмислено име от рода na liuhdiufrghiudfbif.exe, а другите 2 са с еднакви имена и обикновено с 5 букви.

Първо трябва да се килнат 2-та еднкви файла. Десен клавиш върху фала ->End Process tree.

След като ги убиете, изчакайте малко, възможо е пак да се върнат. Повторете процедурата. Лесно се махат от паметта.

Сега изтеглете от тук:

http://borisman.haskovo.net/ERDExplorer.zip

ErdExplorer

Ще ползвате него, защото вируса забранява показването на скритите и системни файлове. Не се опитвайте да ги покажете, невъзможно е на този етап.

Разрхивирайте някъде и стартирате ERDExplorer.exe

Сега. Вируса се качва в основната директория c:\, c:\windows, c:\windows\system32, C:\Documents and Settings\имета на акаунта\Local Settings\temp, Program files и т.н.

Продължаваме с ERDExplorer.exe Когато го килнете от процесите с ERDExplorer.exe отивате в оснвната директория c:\. В modified подреждате по дата. Триете всички файлове с невъзможни имена като lkjshdfbliudfbgiubdi*.* те са около 6-7 не съм ги броил :cheers: Няколко от тях са с разширение .bat тях задължително! Внимвайте да не си изтриете системните файлове, че ще стане ох :cheers:Не, че е възможно, но всичко става ...

След основната директория отивате в C:\Documents and Settings\имета на акаунта\Local Settings\temp

Там триете наред каквото ви позволи. След това в windows, windows/system32 и т.н. както съм написал по-горе. Има го и другаде, но на първо време е достатъчно да го изтрите от тези места. Ако имате 2-ри дял/диск, там също ще го откриете.

Проверявайте в task manager дали не се е метнал отново. Ако пак се качи, ще се наложи да почнете отначало ... Но съм забелязал, че лесно се маха процесите.

След ръчното триене е време да продължим с combofix. Изтеглете го от тук:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Стартирайте го. Напоследък предлага да качи рековъри козола от сайта ма microsoft. Съгласявайте се с всичко :cheers:

След като приключи изтеглете някоя антивирусна. Аз съм с avira, безплатана и се държи добре, но това е въпрос на предпочитания.

Сканирайте и с антивирусната. Не пускайте combofix преди да го изтриете ръчно. Няма смисъл, ще го килне.

Не рестартирайте преди да го изтриете на ръка!

Успех!

Редактирано от borisMan (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Слушайте само и единствено съветите на Маняка иначе ще оплескате работата:ph34r:


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

оффф 4удя се дали да правя това

Редактирано от силвия ангелова (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Моля, следвайте само моите инструкции и не правете никакви промени по системата (включително сканиране с антивирусни и друг вид защитен софтуер)!

Стъпка 1:

Моля, отидете на Start --> Settings --> Control Panel --> Add or Remove Programs, и деинсталирайте следните програми (Ако присъстват в списъка):

Bonjour

Google Toolbar for Internet Explorer

Adobe Reader 8.1.7

Стъпка 2:

  • Стартирайте OTL.exe
  • Под Custom Scans/Fixes поставете следния скрипт:

:OTL

PRC - C:\WINDOWS\system32\zqzxkdqcyjarbchs.exe ()

PRC - C:\Documents and Settings\em-rr\Local Settings\Temp\nuthkt.exe ()

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home"

FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O4 - HKLM..\Run: [gyihvpdqnzrjuwcog] C:\Documents and Settings\em-rr\Local Settings\Temp\aughxtjyxlfzmqymgff.exe ()

O4 - HKLM..\Run: [ugkdlzhoflx] C:\WINDOWS\System32\gyihvpdqnzrjuwcog.exe ()

O4 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003..\Run: [rgnjulwgajynvu] C:\WINDOWS\System32\cymphfxopfbxmscsoprvt.exe ()

O4 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003..\Run: [ugkdlzhoflx] C:\Documents and Settings\em-rr\Local Settings\Temp\nivxolcsshcxlqzojjkn.exe ()

O4 - HKLM..\RunOnce: [rejdmbkskrer] C:\WINDOWS\System32\cymphfxopfbxmscsoprvt.exe ()

O4 - HKLM..\RunOnce: [zqzxkdqcyjarbchs] C:\Documents and Settings\em-rr\Local Settings\Temp\aughxtjyxlfzmqymgff.exe ()

O4 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003..\RunOnce: [rejdmbkskrer] C:\Documents and Settings\em-rr\Local Settings\Temp\aughxtjyxlfzmqymgff.exe ()

O4 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003..\RunOnce: [ukspbtfqlvlbkko] C:\WINDOWS\System32\nivxolcsshcxlqzojjkn.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1

O7 - HKU\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O32 - AutoRun File - [2009.07.09 03:52:19 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010.01.06 07:15:50 | 00,000,813 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010.01.06 07:15:50 | 00,000,839 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{b48b321c-6c60-11de-b27d-806d6172696f}\Shell\AutoRun\command - "" = C:\gqsjpbhmb.bat -- [2009.06.09 07:30:06 | 00,569,344 | RHS- | M] ()

O33 - MountPoints2\{b48b321c-6c60-11de-b27d-806d6172696f}\Shell\explore\Command - "" = C:\qekfpfpyrznbi.bat -- [2009.07.07 07:44:26 | 00,569,344 | RHS- | M] ()

O33 - MountPoints2\{b48b321c-6c60-11de-b27d-806d6172696f}\Shell\open\Command - "" = C:\ugkdlzhoflx.bat -- [2009.07.14 09:48:51 | 00,569,344 | RHS- | M] ()

O33 - MountPoints2\{e23378a6-c906-11de-8a8c-0019665cef58}\Shell\AutoRun\command - "" = F:\gqsjpbhmb.bat -- File not found

O33 - MountPoints2\{e23378a6-c906-11de-8a8c-0019665cef58}\Shell\explore\Command - "" = F:\qekfpfpyrznbi.bat -- File not found

O33 - MountPoints2\{e23378a6-c906-11de-8a8c-0019665cef58}\Shell\open\Command - "" = F:\ugkdlzhoflx.bat -- File not found

[2010.01.06 09:45:37 | 00,002,402 | -H-- | M] () -- C:\WINDOWS\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2010.01.06 09:45:37 | 00,002,402 | -H-- | M] () -- C:\Program Files\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2010.01.06 09:45:37 | 00,002,402 | -H-- | M] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2010.01.06 09:45:37 | 00,000,280 | -H-- | M] () -- C:\Program Files\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2010.01.06 09:45:37 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2010.01.06 09:45:27 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\tqfjcbumofczpwhyvxafen.exe

[2010.01.06 09:45:27 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\pittidsgerkdpszmfd.exe

[2010.01.06 09:45:27 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\nivxolcsshcxlqzojjkn.exe

[2010.01.06 09:45:27 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\gyihvpdqnzrjuwcog.exe

[2010.01.06 09:45:27 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\cymphfxopfbxmscsoprvt.exe

[2010.01.06 09:45:27 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\aughxtjyxlfzmqymgff.exe

[2010.01.06 09:45:26 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\zqzxkdqcyjarbchs.exe

[2010.01.06 09:45:06 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\System32\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2010.01.06 09:45:06 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2010.01.06 09:44:02 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2010.01.06 07:38:31 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\System32\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2010.01.06 07:38:31 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2010.01.06 07:38:31 | 00,000,426 | -H-- | M] () -- C:\Program Files\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2010.01.06 07:38:31 | 00,000,426 | -H-- | M] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2010.01.06 07:15:50 | 00,000,813 | RHS- | M] () -- C:\autorun.inf

[2010.01.06 07:15:10 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\tqfjcbumofczpwhyvxafen.exe

[2010.01.06 07:15:10 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\nivxolcsshcxlqzojjkn.exe

[2010.01.06 07:15:10 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\cymphfxopfbxmscsoprvt.exe

[2010.01.06 07:15:10 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\aughxtjyxlfzmqymgff.exe

[2010.01.06 07:15:09 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\pittidsgerkdpszmfd.exe

[2010.01.06 07:15:09 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\gyihvpdqnzrjuwcog.exe

[2010.01.05 14:40:16 | 00,569,344 | RHS- | M] () -- C:\WINDOWS\System32\zqzxkdqcyjarbchs.exe

[2009.12.22 16:02:31 | 00,000,463 | -H-- | M] () -- C:\WINDOWS\System32\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy

[2009.12.22 16:02:31 | 00,000,463 | -H-- | M] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy

[2009.12.22 11:19:53 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\System32\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs

[2009.12.22 11:19:53 | 00,004,248 | -H-- | M] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs

[2010.01.05 14:40:34 | 00,000,426 | -H-- | C] () -- C:\Program Files\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2010.01.05 14:07:46 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\cymphfxopfbxmscsoprvt.exe

[2010.01.05 14:07:46 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\aughxtjyxlfzmqymgff.exe

[2010.01.05 14:03:31 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\tqfjcbumofczpwhyvxafen.exe

[2010.01.05 14:03:31 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\pittidsgerkdpszmfd.exe

[2010.01.05 14:03:31 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\nivxolcsshcxlqzojjkn.exe

[2010.01.05 14:03:30 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\zqzxkdqcyjarbchs.exe

[2010.01.05 14:03:30 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\gyihvpdqnzrjuwcog.exe

[2010.01.05 14:02:09 | 00,002,408 | -H-- | C] () -- C:\WINDOWS\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2010.01.05 13:21:55 | 00,000,813 | RHS- | C] () -- C:\autorun.inf

[2009.12.22 11:20:10 | 00,002,408 | -H-- | C] () -- C:\WINDOWS\System32\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2009.12.22 11:20:10 | 00,002,408 | -H-- | C] () -- C:\Program Files\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2009.12.22 11:20:10 | 00,002,408 | -H-- | C] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig

[2009.12.22 11:20:10 | 00,000,426 | -H-- | C] () -- C:\WINDOWS\System32\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2009.12.22 11:20:10 | 00,000,426 | -H-- | C] () -- C:\WINDOWS\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2009.12.22 11:20:10 | 00,000,426 | -H-- | C] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk

[2009.12.22 11:20:09 | 00,000,463 | -H-- | C] () -- C:\WINDOWS\System32\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy

[2009.12.22 11:20:09 | 00,000,463 | -H-- | C] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy

[2009.12.22 11:19:53 | 00,004,248 | -H-- | C] () -- C:\WINDOWS\System32\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs

[2009.12.22 11:19:53 | 00,004,248 | -H-- | C] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs

[2009.12.22 11:19:53 | 00,000,280 | -H-- | C] () -- C:\WINDOWS\System32\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2009.12.22 11:19:53 | 00,000,280 | -H-- | C] () -- C:\WINDOWS\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2009.12.22 11:19:53 | 00,000,280 | -H-- | C] () -- C:\Program Files\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2009.12.22 11:19:53 | 00,000,280 | -H-- | C] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\cigtvdfgrrxdcsmmsdpdldjhuwe.hss

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\zqzxkdqcyjarbchs.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\tqfjcbumofczpwhyvxafen.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\pittidsgerkdpszmfd.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\nivxolcsshcxlqzojjkn.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\gyihvpdqnzrjuwcog.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\cymphfxopfbxmscsoprvt.exe

[2009.12.22 11:19:35 | 00,569,344 | RHS- | C] () -- C:\WINDOWS\System32\aughxtjyxlfzmqymgff.exe


:reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Documents and Settings\em-rr\Local Settings\Temp\~os4.tmp\rlvknlg.exe" =-

"c:\program files\relevantknowledge\rlvknlg.exe" =-


:Commands

[purity]

[emptytemp]

[Reboot]

  • След това, кликнете върху бутона Run Fix
  • Търпеливо изчакайте, докато програмата приключи своята работа. След, като нейната работа приключи, компютърът Ви ще се рестартира.

След рестартирането на компютъра, стартирайте отново OTL.exe и кликнете върху бутона Quick Scan. Накрая ще бъде генериран лог файл, който е необходимо да копирате и публикувате в следващия Ви коментар в тази тема.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

v momenta sym pusnala moita antivirusna da skanira kato po 4udo, ta samo da spomena 4e virusa se kazva "Troyan Agent 134041", ako tova ulesnqva nqkoj. v neta proverqvam dali ima nqkakwa informaciq za toq virus, no i6to ne namiram :P

Аз също те съветвам да послушаш какво ти обяснвяа Маняка,не си първата с подобен проблем,затова не слушай какво ти говорият другите.Аз бих се доверил само на Маняка и Б-Бой Стайл ,знаят си работата момчетет.Успех! :mad:

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

eto tova e ednoto sled kato se restartira:

All processes killed

========== OTL ==========

No active process named zqzxkdqcyjarbchs.exe was found!

No active process named nuthkt.exe was found!

Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename

Prefs.js: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch" removed from browser.search.defaulturl

Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1

Prefs.js: "http://search.babylon.com/home"'>http://search.babylon.com/home" removed from browser.startup.homepage

Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" removed from keyword.URL

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gyihvpdqnzrjuwcog deleted successfully.

File C:\Documents and Settings\em-rr\Local Settings\Temp\aughxtjyxlfzmqymgff.exe not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ugkdlzhoflx deleted successfully.

C:\WINDOWS\system32\gyihvpdqnzrjuwcog.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-1417001333-1123561945-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run\\rgnjulwgajynvu deleted successfully.

C:\WINDOWS\system32\cymphfxopfbxmscsoprvt.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-1417001333-1123561945-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ugkdlzhoflx deleted successfully.

File C:\Documents and Settings\em-rr\Local Settings\Temp\nivxolcsshcxlqzojjkn.exe not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\rejdmbkskrer deleted successfully.

File C:\WINDOWS\System32\cymphfxopfbxmscsoprvt.exe not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\zqzxkdqcyjarbchs deleted successfully.

File C:\Documents and Settings\em-rr\Local Settings\Temp\aughxtjyxlfzmqymgff.exe not found.

Registry value HKEY_USERS\S-1-5-21-1417001333-1123561945-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\rejdmbkskrer deleted successfully.

File C:\Documents and Settings\em-rr\Local Settings\Temp\aughxtjyxlfzmqymgff.exe not found.

Registry value HKEY_USERS\S-1-5-21-1417001333-1123561945-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ukspbtfqlvlbkko deleted successfully.

C:\WINDOWS\system32\nivxolcsshcxlqzojjkn.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMConfigurePrograms deleted successfully.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMConfigurePrograms not found.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks not found.

Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMConfigurePrograms deleted successfully.

Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.

Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMConfigurePrograms deleted successfully.

Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMConfigurePrograms deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

C:\AUTOEXEC.BAT moved successfully.

File C:\autorun.inf not found.

D:\autorun.inf moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b48b321c-6c60-11de-b27d-806d6172696f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b48b321c-6c60-11de-b27d-806d6172696f}\ not found.

File C:\gqsjpbhmb.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b48b321c-6c60-11de-b27d-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b48b321c-6c60-11de-b27d-806d6172696f}\ not found.

File C:\qekfpfpyrznbi.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b48b321c-6c60-11de-b27d-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b48b321c-6c60-11de-b27d-806d6172696f}\ not found.

File C:\ugkdlzhoflx.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e23378a6-c906-11de-8a8c-0019665cef58}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e23378a6-c906-11de-8a8c-0019665cef58}\ not found.

File F:\gqsjpbhmb.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e23378a6-c906-11de-8a8c-0019665cef58}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e23378a6-c906-11de-8a8c-0019665cef58}\ not found.

File F:\qekfpfpyrznbi.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e23378a6-c906-11de-8a8c-0019665cef58}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e23378a6-c906-11de-8a8c-0019665cef58}\ not found.

File F:\ugkdlzhoflx.bat not found.

C:\WINDOWS\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig moved successfully.

C:\Program Files\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig moved successfully.

C:\Documents and Settings\em-rr\Local Settings\Application Data\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig moved successfully.

C:\Program Files\cigtvdfgrrxdcsmmsdpdldjhuwe.hss moved successfully.

C:\Documents and Settings\em-rr\Local Settings\Application Data\cigtvdfgrrxdcsmmsdpdldjhuwe.hss moved successfully.

C:\WINDOWS\tqfjcbumofczpwhyvxafen.exe moved successfully.

C:\WINDOWS\pittidsgerkdpszmfd.exe moved successfully.

C:\WINDOWS\nivxolcsshcxlqzojjkn.exe moved successfully.

C:\WINDOWS\gyihvpdqnzrjuwcog.exe moved successfully.

File C:\WINDOWS\cymphfxopfbxmscsoprvt.exe not found.

File C:\WINDOWS\aughxtjyxlfzmqymgff.exe not found.

C:\WINDOWS\zqzxkdqcyjarbchs.exe moved successfully.

C:\WINDOWS\system32\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig moved successfully.

C:\WINDOWS\cigtvdfgrrxdcsmmsdpdldjhuwe.hss moved successfully.

C:\WINDOWS\system32\cigtvdfgrrxdcsmmsdpdldjhuwe.hss moved successfully.

C:\WINDOWS\system32\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk moved successfully.

C:\WINDOWS\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk moved successfully.

C:\Program Files\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk moved successfully.

C:\Documents and Settings\em-rr\Local Settings\Application Data\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk moved successfully.

File C:\autorun.inf not found.

C:\WINDOWS\system32\tqfjcbumofczpwhyvxafen.exe moved successfully.

File C:\WINDOWS\System32\nivxolcsshcxlqzojjkn.exe not found.

File C:\WINDOWS\System32\cymphfxopfbxmscsoprvt.exe not found.

C:\WINDOWS\system32\aughxtjyxlfzmqymgff.exe moved successfully.

C:\WINDOWS\system32\pittidsgerkdpszmfd.exe moved successfully.

File C:\WINDOWS\System32\gyihvpdqnzrjuwcog.exe not found.

C:\WINDOWS\system32\zqzxkdqcyjarbchs.exe moved successfully.

File C:\WINDOWS\System32\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy not found.

C:\Documents and Settings\em-rr\Local Settings\Application Data\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy moved successfully.

File C:\WINDOWS\System32\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs not found.

C:\Documents and Settings\em-rr\Local Settings\Application Data\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs moved successfully.

File C:\Program Files\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk not found.

File C:\WINDOWS\cymphfxopfbxmscsoprvt.exe not found.

File C:\WINDOWS\aughxtjyxlfzmqymgff.exe not found.

File C:\WINDOWS\tqfjcbumofczpwhyvxafen.exe not found.

File C:\WINDOWS\pittidsgerkdpszmfd.exe not found.

File C:\WINDOWS\nivxolcsshcxlqzojjkn.exe not found.

File C:\WINDOWS\zqzxkdqcyjarbchs.exe not found.

File C:\WINDOWS\gyihvpdqnzrjuwcog.exe not found.

File C:\WINDOWS\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig not found.

File C:\autorun.inf not found.

File C:\WINDOWS\System32\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig not found.

File C:\Program Files\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig not found.

File C:\Documents and Settings\em-rr\Local Settings\Application Data\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig not found.

File C:\WINDOWS\System32\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk not found.

File C:\WINDOWS\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk not found.

File C:\Documents and Settings\em-rr\Local Settings\Application Data\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk not found.

File C:\WINDOWS\System32\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy not found.

File C:\Documents and Settings\em-rr\Local Settings\Application Data\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy not found.

File C:\WINDOWS\System32\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs not found.

File C:\Documents and Settings\em-rr\Local Settings\Application Data\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs not found.

File C:\WINDOWS\System32\cigtvdfgrrxdcsmmsdpdldjhuwe.hss not found.

File C:\WINDOWS\cigtvdfgrrxdcsmmsdpdldjhuwe.hss not found.

File C:\Program Files\cigtvdfgrrxdcsmmsdpdldjhuwe.hss not found.

File C:\Documents and Settings\em-rr\Local Settings\Application Data\cigtvdfgrrxdcsmmsdpdldjhuwe.hss not found.

File C:\WINDOWS\System32\zqzxkdqcyjarbchs.exe not found.

File C:\WINDOWS\System32\tqfjcbumofczpwhyvxafen.exe not found.

File C:\WINDOWS\System32\pittidsgerkdpszmfd.exe not found.

File C:\WINDOWS\System32\nivxolcsshcxlqzojjkn.exe not found.

File C:\WINDOWS\System32\gyihvpdqnzrjuwcog.exe not found.

File C:\WINDOWS\System32\cymphfxopfbxmscsoprvt.exe not found.

File C:\WINDOWS\System32\aughxtjyxlfzmqymgff.exe not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\em-rr\Local Settings\Temp\~os4.tmp\rlvknlg.exe not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\program files\relevantknowledge\rlvknlg.exe not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: em-rr

->Temp folder emptied: 26720792 bytes

->Temporary Internet Files folder emptied: 1124234 bytes

->Java cache emptied: 26425029 bytes

->FireFox cache emptied: 65923178 bytes

->Google Chrome cache emptied: 8362938 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2402044 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

Windows Temp folder emptied: 439 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 7120382 bytes

Total Files Cleaned = 132,00 mb

OTL by OldTimer - Version 3.1.21.0 log created on 01062010_144226

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\em-rr\Local Settings\Temp\Perflib_Perfdata_d18.dat not found!

Registry entries deleted on Reboot...

eto tova e ednoto sled kato se restartira:

All processes killed

========== OTL ==========

No active process named zqzxkdqcyjarbchs.exe was found!

No active process named nuthkt.exe was found!

Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename

Prefs.js: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch" removed from browser.search.defaulturl

Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1

Prefs.js: "http://search.babylon.com/home"'>http://search.babylon.com/home" removed from browser.startup.homepage

Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" removed from keyword.URL

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gyihvpdqnzrjuwcog deleted successfully.

File C:\Documents and Settings\em-rr\Local Settings\Temp\aughxtjyxlfzmqymgff.exe not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ugkdlzhoflx deleted successfully.

C:\WINDOWS\system32\gyihvpdqnzrjuwcog.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-1417001333-1123561945-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run\\rgnjulwgajynvu deleted successfully.

C:\WINDOWS\system32\cymphfxopfbxmscsoprvt.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-1417001333-1123561945-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ugkdlzhoflx deleted successfully.

File C:\Documents and Settings\em-rr\Local Settings\Temp\nivxolcsshcxlqzojjkn.exe not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\rejdmbkskrer deleted successfully.

File C:\WINDOWS\System32\cymphfxopfbxmscsoprvt.exe not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\zqzxkdqcyjarbchs deleted successfully.

File C:\Documents and Settings\em-rr\Local Settings\Temp\aughxtjyxlfzmqymgff.exe not found.

Registry value HKEY_USERS\S-1-5-21-1417001333-1123561945-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\rejdmbkskrer deleted successfully.

File C:\Documents and Settings\em-rr\Local Settings\Temp\aughxtjyxlfzmqymgff.exe not found.

Registry value HKEY_USERS\S-1-5-21-1417001333-1123561945-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ukspbtfqlvlbkko deleted successfully.

C:\WINDOWS\system32\nivxolcsshcxlqzojjkn.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMConfigurePrograms deleted successfully.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMConfigurePrograms not found.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks not found.

Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMConfigurePrograms deleted successfully.

Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.

Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMConfigurePrograms deleted successfully.

Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMConfigurePrograms deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1417001333-1123561945-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

C:\AUTOEXEC.BAT moved successfully.

File C:\autorun.inf not found.

D:\autorun.inf moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b48b321c-6c60-11de-b27d-806d6172696f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b48b321c-6c60-11de-b27d-806d6172696f}\ not found.

File C:\gqsjpbhmb.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b48b321c-6c60-11de-b27d-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b48b321c-6c60-11de-b27d-806d6172696f}\ not found.

File C:\qekfpfpyrznbi.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b48b321c-6c60-11de-b27d-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b48b321c-6c60-11de-b27d-806d6172696f}\ not found.

File C:\ugkdlzhoflx.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e23378a6-c906-11de-8a8c-0019665cef58}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e23378a6-c906-11de-8a8c-0019665cef58}\ not found.

File F:\gqsjpbhmb.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e23378a6-c906-11de-8a8c-0019665cef58}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e23378a6-c906-11de-8a8c-0019665cef58}\ not found.

File F:\qekfpfpyrznbi.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e23378a6-c906-11de-8a8c-0019665cef58}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e23378a6-c906-11de-8a8c-0019665cef58}\ not found.

File F:\ugkdlzhoflx.bat not found.

C:\WINDOWS\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig moved successfully.

C:\Program Files\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig moved successfully.

C:\Documents and Settings\em-rr\Local Settings\Application Data\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig moved successfully.

C:\Program Files\cigtvdfgrrxdcsmmsdpdldjhuwe.hss moved successfully.

C:\Documents and Settings\em-rr\Local Settings\Application Data\cigtvdfgrrxdcsmmsdpdldjhuwe.hss moved successfully.

C:\WINDOWS\tqfjcbumofczpwhyvxafen.exe moved successfully.

C:\WINDOWS\pittidsgerkdpszmfd.exe moved successfully.

C:\WINDOWS\nivxolcsshcxlqzojjkn.exe moved successfully.

C:\WINDOWS\gyihvpdqnzrjuwcog.exe moved successfully.

File C:\WINDOWS\cymphfxopfbxmscsoprvt.exe not found.

File C:\WINDOWS\aughxtjyxlfzmqymgff.exe not found.

C:\WINDOWS\zqzxkdqcyjarbchs.exe moved successfully.

C:\WINDOWS\system32\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig moved successfully.

C:\WINDOWS\cigtvdfgrrxdcsmmsdpdldjhuwe.hss moved successfully.

C:\WINDOWS\system32\cigtvdfgrrxdcsmmsdpdldjhuwe.hss moved successfully.

C:\WINDOWS\system32\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk moved successfully.

C:\WINDOWS\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk moved successfully.

C:\Program Files\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk moved successfully.

C:\Documents and Settings\em-rr\Local Settings\Application Data\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk moved successfully.

File C:\autorun.inf not found.

C:\WINDOWS\system32\tqfjcbumofczpwhyvxafen.exe moved successfully.

File C:\WINDOWS\System32\nivxolcsshcxlqzojjkn.exe not found.

File C:\WINDOWS\System32\cymphfxopfbxmscsoprvt.exe not found.

C:\WINDOWS\system32\aughxtjyxlfzmqymgff.exe moved successfully.

C:\WINDOWS\system32\pittidsgerkdpszmfd.exe moved successfully.

File C:\WINDOWS\System32\gyihvpdqnzrjuwcog.exe not found.

C:\WINDOWS\system32\zqzxkdqcyjarbchs.exe moved successfully.

File C:\WINDOWS\System32\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy not found.

C:\Documents and Settings\em-rr\Local Settings\Application Data\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy moved successfully.

File C:\WINDOWS\System32\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs not found.

C:\Documents and Settings\em-rr\Local Settings\Application Data\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs moved successfully.

File C:\Program Files\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk not found.

File C:\WINDOWS\cymphfxopfbxmscsoprvt.exe not found.

File C:\WINDOWS\aughxtjyxlfzmqymgff.exe not found.

File C:\WINDOWS\tqfjcbumofczpwhyvxafen.exe not found.

File C:\WINDOWS\pittidsgerkdpszmfd.exe not found.

File C:\WINDOWS\nivxolcsshcxlqzojjkn.exe not found.

File C:\WINDOWS\zqzxkdqcyjarbchs.exe not found.

File C:\WINDOWS\gyihvpdqnzrjuwcog.exe not found.

File C:\WINDOWS\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig not found.

File C:\autorun.inf not found.

File C:\WINDOWS\System32\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig not found.

File C:\Program Files\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig not found.

File C:\Documents and Settings\em-rr\Local Settings\Application Data\ukspbtfqlvlbkkoyojfdvxnvsewitoyoennrb.mig not found.

File C:\WINDOWS\System32\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk not found.

File C:\WINDOWS\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk not found.

File C:\Documents and Settings\em-rr\Local Settings\Application Data\pittidsgerkdpszmfdcdydwhhwrgusfyrdgnatrq.mrk not found.

File C:\WINDOWS\System32\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy not found.

File C:\Documents and Settings\em-rr\Local Settings\Application Data\aughxtjyxlfzmqymgffhdjdpqgcshguoivzhvpooq.smy not found.

File C:\WINDOWS\System32\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs not found.

File C:\Documents and Settings\em-rr\Local Settings\Application Data\zqzxkdqcyjarbchsjfcbuxoxviboawhypzafqh.azs not found.

File C:\WINDOWS\System32\cigtvdfgrrxdcsmmsdpdldjhuwe.hss not found.

File C:\WINDOWS\cigtvdfgrrxdcsmmsdpdldjhuwe.hss not found.

File C:\Program Files\cigtvdfgrrxdcsmmsdpdldjhuwe.hss not found.

File C:\Documents and Settings\em-rr\Local Settings\Application Data\cigtvdfgrrxdcsmmsdpdldjhuwe.hss not found.

File C:\WINDOWS\System32\zqzxkdqcyjarbchs.exe not found.

File C:\WINDOWS\System32\tqfjcbumofczpwhyvxafen.exe not found.

File C:\WINDOWS\System32\pittidsgerkdpszmfd.exe not found.

File C:\WINDOWS\System32\nivxolcsshcxlqzojjkn.exe not found.

File C:\WINDOWS\System32\gyihvpdqnzrjuwcog.exe not found.

File C:\WINDOWS\System32\cymphfxopfbxmscsoprvt.exe not found.

File C:\WINDOWS\System32\aughxtjyxlfzmqymgff.exe not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\em-rr\Local Settings\Temp\~os4.tmp\rlvknlg.exe not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\program files\relevantknowledge\rlvknlg.exe not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: em-rr

->Temp folder emptied: 26720792 bytes

->Temporary Internet Files folder emptied: 1124234 bytes

->Java cache emptied: 26425029 bytes

->FireFox cache emptied: 65923178 bytes

->Google Chrome cache emptied: 8362938 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2402044 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

Windows Temp folder emptied: 439 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 7120382 bytes

Total Files Cleaned = 132,00 mb

OTL by OldTimer - Version 3.1.21.0 log created on 01062010_144226

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\em-rr\Local Settings\Temp\Perflib_Perfdata_d18.dat not found!

Registry entries deleted on Reboot...

a tova sled kato pusnah OTL:

OTL logfile created on: 06.1.2010 г. 14:52:26 - Run 3

OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\em-rr\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

503,00 Mb Total Physical Memory | 127,00 Mb Available Physical Memory | 25,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 75,00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 40,85 Gb Total Space | 23,43 Gb Free Space | 57,34% Space Free | Partition Type: NTFS

Drive D: | 35,83 Gb Total Space | 9,06 Gb Free Space | 25,29% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DARKEDITION

Current User Name: em-rr

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\em-rr\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft)

PRC - C:\Program Files\ClamWin\bin\ClamTray.exe (alch)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()

PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\VistaDrive\VistaDrive.exe ()

PRC - C:\Program Files\LClock\LClock.exe ()

PRC - C:\Program Files\Datecs\FlexType 2K\FType2K.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\em-rr\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()

MOD - C:\WINDOWS\system32\newdll.dll ()

========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (gupdate1ca005d2d41368c) Услуга Google Update (gupdate1ca005d2d41368c) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: ""

FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.6.18

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.4.0.4

FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.05 13:44:39 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.06 14:37:17 | 00,000,000 | ---D | M]

[2009.07.09 08:33:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\em-rr\Application Data\Mozilla\Extensions

[2010.01.04 14:14:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\em-rr\Application Data\Mozilla\Firefox\Profiles\aekuprwv.default\extensions

[2009.08.08 14:45:49 | 00,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\em-rr\Application Data\Mozilla\Firefox\Profiles\aekuprwv.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

[2009.11.23 15:51:51 | 00,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\em-rr\Application Data\Mozilla\Firefox\Profiles\aekuprwv.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}

[2009.11.26 09:50:35 | 00,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Documents and Settings\em-rr\Application Data\Mozilla\Firefox\Profiles\aekuprwv.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}

[2009.08.08 14:45:53 | 00,001,201 | ---- | M] () -- C:\Documents and Settings\em-rr\Application Data\Mozilla\Firefox\Profiles\aekuprwv.default\searchplugins\winamp-search.xml

[2010.01.04 14:14:19 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009.06.24 14:31:54 | 00,001,083 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\911bg.xml

[2009.11.05 10:50:07 | 00,002,204 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

[2009.06.24 14:31:54 | 00,002,442 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\diribg.xml

[2009.06.24 14:31:54 | 00,001,515 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pe-bg.xml

[2009.06.24 14:31:54 | 00,001,857 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\portalbgdict.xml

[2009.06.24 14:31:54 | 00,001,220 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-bg.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()

O4 - HKLM..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe ()

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft)

O4 - HKCU..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: qekfpfpyrznbi = aughxtjyxlfzmqymgff.exe

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: zknfmzgmch = C:\DOCUME~1\em-rr\LOCALS~1\Temp\aughxtjyxlfzmqymgff.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010.01.06 14:43:37 | 00,000,000 | ---D | C] -- C:\Program Files\xerox

[2010.01.06 14:43:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom

[2010.01.06 14:43:29 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone

[2010.01.06 14:43:29 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage

[2010.01.06 14:42:26 | 00,000,000 | ---D | C] -- C:\_OTL

[2010.01.06 14:38:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2010.01.06 14:36:54 | 00,000,000 | -HSD | C] -- C:\Config.Msi

[2010.01.06 13:16:45 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2010.01.06 12:56:16 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2010.01.06 12:53:53 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010.01.06 12:53:53 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010.01.06 12:53:53 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010.01.06 12:53:53 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010.01.06 12:53:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010.01.06 12:53:23 | 00,000,000 | ---D | C] -- C:\Qoobox

[2010.01.06 09:40:29 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\em-rr\Desktop\OTL.exe

[2010.01.06 09:37:07 | 00,288,654 | ---- | C] ( ) -- C:\Documents and Settings\em-rr\Desktop\SafeBootKeyRepair.exe

[2010.01.05 13:11:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy

[2010.01.05 13:00:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010.01.05 09:20:54 | 00,000,000 | ---D | C] -- C:\Program Files\ESET

[2010.01.05 07:55:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller

[2010.01.04 15:55:07 | 88,519,048 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\em-rr\Desktop\NIS10TBCS.exe

[2009.08.18 11:57:05 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2009.07.09 08:36:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2009.07.09 08:19:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2009.07.09 03:54:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009.07.09 03:53:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009.07.09 03:52:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010.01.06 14:43:52 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010.01.06 14:43:37 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010.01.06 14:43:34 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.01.06 14:43:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.01.06 14:42:48 | 04,980,736 | -H-- | M] () -- C:\Documents and Settings\em-rr\NTUSER.DAT

[2010.01.06 14:42:48 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\em-rr\ntuser.ini

[2010.01.06 14:15:05 | 00,000,872 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010.01.06 13:02:17 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010.01.06 12:56:20 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2010.01.06 12:20:08 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Земя.lnk

[2010.01.06 09:40:31 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\em-rr\Desktop\OTL.exe

[2010.01.06 09:37:08 | 00,288,654 | ---- | M] ( ) -- C:\Documents and Settings\em-rr\Desktop\SafeBootKeyRepair.exe

[2010.01.06 09:33:24 | 00,059,904 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\toplofikaciq_ruse.doc

[2010.01.05 13:16:17 | 00,000,642 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2010.01.05 10:40:42 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\em-rr\Desktop\Microsoft Office Word 2003.lnk

[2010.01.05 07:17:51 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010.01.04 16:10:40 | 88,519,048 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\em-rr\Desktop\NIS10TBCS.exe

========== Files Created - No Company Name ==========

[2010.01.06 12:56:20 | 00,000,211 | ---- | C] () -- C:\Boot.bak

[2010.01.06 12:56:17 | 00,260,272 | ---- | C] () -- C:\cmldr

[2010.01.06 12:53:53 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010.01.06 12:53:53 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010.01.06 12:53:53 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010.01.06 12:53:53 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010.01.06 12:53:53 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010.01.06 12:20:08 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Земя.lnk

[2010.01.06 09:33:23 | 00,059,904 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\toplofikaciq_ruse.doc

[2010.01.05 13:15:45 | 00,000,642 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

[2010.01.05 10:40:35 | 00,002,497 | ---- | C] () -- C:\Documents and Settings\em-rr\Desktop\Microsoft Office Word 2003.lnk

[2009.10.19 12:58:01 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\em-rr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.08.18 11:55:18 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009.07.09 07:44:02 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\newdll.dll

[2009.07.09 04:44:18 | 00,000,502 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP34.INI

[2009.07.09 04:27:42 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009.07.09 03:52:24 | 00,001,651 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009.02.24 14:00:00 | 00,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll

[2009.02.24 14:00:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll

[2003.01.07 10:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009.07.09 05:42:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk

[2009.10.06 13:54:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009.07.09 06:38:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\em-rr\Application Data\Autodesk

[2009.07.09 04:49:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\em-rr\Application Data\Canon

[2009.11.23 11:56:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\em-rr\Application Data\com.likno.air.PhotoFrameShow.BA293090D193671BA859C8E310874AAD5CDD8BAD.1

[2009.12.01 12:49:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\em-rr\Application Data\TeamViewer

========== Purity Check ==========

< End of report >

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Моля, пишете на кирилица! Първо и последно предупреждение е това!

1) Изтеглете: ESET Online Scanner

2) Стартирайте esetsmartinstaller_enu.exe

3) Сложете отметка на YES, I accept the Terms of Use и изберете Start

4) Скенерът ще започне да изтегля компонентите, които са му необходими.

5) Уверете се, че има отметки на следните редове, включително и тези от менюто Advanced Settings:


  • Remove found threats
  • Scan archives
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

И накрая изберете Start

6) Скенерът ще започне да изтегля последните дефиниции.

7) След, като сканирането завърши изберете Finish.

8) Отидете в:

C:\Program Files\ESET\ESET Online Scanner

Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си пост тук.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

на 50% е сканирането, но ми откри един вирус в Autorun, когато всичко е готово ще го пусна рипорта

значи приключи - има 17 заразени файла в момента, а напреди бяха около 40

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=75b06effffe5834e8aa93e1e72be40fc

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-01-05 07:57:37

# local_time=2010-01-05 09:57:37 (+0200, FLE Standard Time)

# country="Bulgaria"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=2817 16777215 100 100 4815959 5398729 0 0

# compatibility_mode=8192 67108863 100 0 3849 3849 0 0

# scanned=50847

# found=43

# cleaned=43

# scan_time=1993

C:\autorun.inf INF/Autorun.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\gqsjpbhmb.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\qekfpfpyrznbi.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\ugkdlzhoflx.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\aughxtjyxlfzmqymgff.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\cymphfxopfbxmscsoprvt.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\gyihvpdqnzrjuwcog.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\nivxolcsshcxlqzojjkn.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\nuthkt.exe a variant of Win32/AutoRun.Agent.TG worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\pittidsgerkdpszmfd.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\rdieekwnfzn.exe a variant of Win32/AutoRun.Agent.TG worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\tqfjcbumofczpwhyvxafen.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\zqzxkdqcyjarbchs.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\qekfpfpyrznbi\zknfmzgmch.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\qekfpfpyrznbi\aiixblp\14 Kolko Sloncheto Tezhi.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\My Documents\Program files\Unlocker 1.8.7.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Downloads\MK.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Program Files\RelevantKnowledge\rlvknlg.exe a variant of Win32/Adware.RK.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\aughxtjyxlfzmqymgff.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\cymphfxopfbxmscsoprvt.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\gyihvpdqnzrjuwcog.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\nivxolcsshcxlqzojjkn.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\pittidsgerkdpszmfd.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\tqfjcbumofczpwhyvxafen.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\zqzxkdqcyjarbchs.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\aughxtjyxlfzmqymgff.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\cymphfxopfbxmscsoprvt.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\gyihvpdqnzrjuwcog.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\nivxolcsshcxlqzojjkn.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\pittidsgerkdpszmfd.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\tqfjcbumofczpwhyvxafen.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\zqzxkdqcyjarbchs.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

D:\autorun.inf INF/Autorun.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C

D:\gqsjpbhmb.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

D:\qekfpfpyrznbi.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

D:\ugkdlzhoflx.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

D:\Nero-NE7962\Toolbar.exe Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP1\A0000020.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP1\A0000021.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP1\A0000022.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP1\A0000023.inf INF/Autorun.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

D:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP1\A0000067.exe Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

${Memory} Win32/AutoRun.Agent.TV worm 00000000000000000000000000000000 C

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=75b06effffe5834e8aa93e1e72be40fc

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-01-05 10:00:05

# local_time=2010-01-05 12:00:05 (+0200, FLE Standard Time)

# country="Bulgaria"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=2817 16777215 100 100 4820422 5403192 0 0

# compatibility_mode=8192 67108863 100 0 8312 8312 0 0

# scanned=50843

# found=36

# cleaned=36

# scan_time=4884

C:\autorun.inf INF/Autorun.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\gqsjpbhmb.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\qekfpfpyrznbi.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\ugkdlzhoflx.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\aughxtjyxlfzmqymgff.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\cymphfxopfbxmscsoprvt.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\gyihvpdqnzrjuwcog.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\nivxolcsshcxlqzojjkn.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\NOD13F.tmp a variant of Win32/AutoRun.Agent.TG worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\pittidsgerkdpszmfd.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\rdieekwnfzn.exe a variant of Win32/AutoRun.Agent.TG worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\tqfjcbumofczpwhyvxafen.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\zqzxkdqcyjarbchs.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\qekfpfpyrznbi\zknfmzgmch.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\qekfpfpyrznbi\zknfmzgmch.rar Win32/AutoRun.Agent.TV worm (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\em-rr\Local Settings\Temp\qekfpfpyrznbi\aiixblp\14 Kolko Sloncheto Tezhi.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\aughxtjyxlfzmqymgff.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\cymphfxopfbxmscsoprvt.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\gyihvpdqnzrjuwcog.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\nivxolcsshcxlqzojjkn.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\pittidsgerkdpszmfd.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\tqfjcbumofczpwhyvxafen.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\zqzxkdqcyjarbchs.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\aughxtjyxlfzmqymgff.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\cymphfxopfbxmscsoprvt.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\gyihvpdqnzrjuwcog.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\nivxolcsshcxlqzojjkn.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\pittidsgerkdpszmfd.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\tqfjcbumofczpwhyvxafen.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\zqzxkdqcyjarbchs.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

D:\autorun.inf INF/Autorun.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C

D:\gqsjpbhmb.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

D:\qekfpfpyrznbi.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

D:\ugkdlzhoflx.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

D:\картинки и снимки\screen saviors\Felix.exe Win32/Joke.ScreenMate application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

${Memory} Win32/AutoRun.Agent.TV worm 00000000000000000000000000000000 C

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=75b06effffe5834e8aa93e1e72be40fc

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-01-06 02:08:30

# local_time=2010-01-06 04:08:30 (+0200, FLE Standard Time)

# country="Bulgaria"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=2817 16777215 100 100 4922970 5505740 0 0

# compatibility_mode=8192 67108863 100 0 110860 110860 0 0

# scanned=48846

# found=17

# cleaned=17

# scan_time=3626

C:\Qoobox\Quarantine\C\autorun.inf.vir INF/Autorun.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01062010_144226\C_WINDOWS\gyihvpdqnzrjuwcog.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01062010_144226\C_WINDOWS\nivxolcsshcxlqzojjkn.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01062010_144226\C_WINDOWS\pittidsgerkdpszmfd.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01062010_144226\C_WINDOWS\tqfjcbumofczpwhyvxafen.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01062010_144226\C_WINDOWS\zqzxkdqcyjarbchs.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01062010_144226\C_WINDOWS\system32\aughxtjyxlfzmqymgff.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01062010_144226\C_WINDOWS\system32\cymphfxopfbxmscsoprvt.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01062010_144226\C_WINDOWS\system32\gyihvpdqnzrjuwcog.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01062010_144226\C_WINDOWS\system32\nivxolcsshcxlqzojjkn.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01062010_144226\C_WINDOWS\system32\pittidsgerkdpszmfd.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01062010_144226\C_WINDOWS\system32\tqfjcbumofczpwhyvxafen.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01062010_144226\C_WINDOWS\system32\zqzxkdqcyjarbchs.exe Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01062010_144226\D_\autorun.inf INF/Autorun.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

D:\gqsjpbhmb.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\qekfpfpyrznbi.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\ugkdlzhoflx.bat Win32/AutoRun.Agent.TV worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изтеглете Malwarebytes' Anti-Malware от тук

Кликнете два пъти върху mbam-setup.exe за да инсталирате програмата.

  • * Уверете се, че има отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware, след това кликнете на Finish.
    * Ако има намерени по-нови обновления, тя ще ги изтегли и инсталира.
    * Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.
    * Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
    * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
    * Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
    * Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.

Бележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

добро утро, сега ми откри ето това:

Malwarebytes' Anti-Malware 1.43

Версия на базата от данни: 3506

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

07.1.2010 г. 08:25:09

mbam-log-2010-01-07 (08-25-05).txt

Тип сканиране: Пълно сканиране (C:\|D:\|)

Сканирани обекти: 155278

Изминало време: 29 minute(s), 2 second(s)

Заразени процеси в паметта: 0

Заразени модули в паметта: 0

Заразени ключове в регистратурата: 0

Заразени стойности в регистратурата: 0

Заразени информационни обекти в регистратурата: 0

Заразени папки: 1

Заразени файлове: 19

Заразени процеси в паметта:

(Не бяха открити заплахи)

Заразени модули в паметта:

(Не бяха открити заплахи)

Заразени ключове в регистратурата:

(Не бяха открити заплахи)

Заразени стойности в регистратурата:

(Не бяха открити заплахи)

Заразени информационни обекти в регистратурата:

(Не бяха открити заплахи)

Заразени папки:

C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> No action taken.

Заразени файлове:

C:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP5\A0000493.exe (Trojan.Chydo) -> No action taken.

C:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP5\A0000494.exe (Trojan.Chydo) -> No action taken.

C:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP5\A0000495.exe (Trojan.Chydo) -> No action taken.

C:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP5\A0000496.exe (Trojan.Chydo) -> No action taken.

C:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP5\A0000497.exe (Trojan.Chydo) -> No action taken.

C:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP5\A0000498.exe (Trojan.Chydo) -> No action taken.

C:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP5\A0000499.exe (Trojan.Chydo) -> No action taken.

C:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP5\A0000500.exe (Trojan.Chydo) -> No action taken.

C:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP5\A0000501.exe (Trojan.Chydo) -> No action taken.

C:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP5\A0000502.exe (Trojan.Chydo) -> No action taken.

C:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP5\A0000503.exe (Trojan.Chydo) -> No action taken.

C:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP5\A0000504.exe (Trojan.Chydo) -> No action taken.

D:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP5\A0000506.bat (Trojan.Chydo) -> No action taken.

D:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP5\A0000507.bat (Trojan.Chydo) -> No action taken.

D:\System Volume Information\_restore{22C43618-FF0F-4B47-B3ED-F685883A1EC0}\RP5\A0000508.bat (Trojan.Chydo) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> No action taken.

и сега ще рестартирам за да видим дали ще ги махне, по принцип също и аз използвам тая антивирусна, но по стара версия и само когато имам троянци, а ина4е съм с ClamWin и тя е върховна, чисти абсолютно всичко, но малката подробност е че не ме уведомява за заплахи, но както и да е сега да видим какво е станало

Редактирано от силвия ангелова (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

след повторното сканиране което направих не бяха открити заразени файлове :)

много ти благодаря маняк, ти си върховен. ако някога успея да усвоя на половината на това което ти знаеш ще бъде върховно, но явно само от лекциите които ни тананикът няма как да стане, но това съм го разбрала отдавна. та да те питам за някоя антивирусна която би ме уведомявала за заплахи, но не като аваст която пищи на всяка отворена страница и ми създава само главоболие :? (май вече станах нагла)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Моля!

Това, че Avast! Ви сигнализира за проблеми, не означава че всичко е наред, а тъкмо обратното, това не трябва да означава "-".

От платените варианти Ви препоръчвам ESET NOD32 Antivirus:

http://eset.bg/forum/viewtopic.php?f=3&t=1119&sid=e3bb705643ebdaa81fb13c40ce8439ad

От безплатните варианти Ви препоръчвам Microsoft Security Essentials:

http://eset.bg/forum/viewtopic.php?f=3&t=1119&sid=e3bb705643ebdaa81fb13c40ce8439ad

Не забравяйте, че преди това трябва да деинсталирате старата антивирусна програма.

П.П.: Ако някой в този форум, достигне и на половината от нивото ми щях да имам доста свободно време.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване