Здравейте, проблемът ми е следният:немога да изтегля антивирусна програма. Реших, че проблемът е в това, че антивирусната ми изтичаше, но уви. Истината е там, че сложих една флашка в компютъра и вероятно от там съм лепнала нещо. Към момента не мога да изтегля никаква антивирусна, освен това като напиша името на която и да е съм изхвърлена незабавно от нета.Пробвах с линк- ефекта е нулев, пробвах да ми изпратят изтеглена антивирусна- получих я но немога да я инсталирам. Моля ако някой може да помогне. Предварително благодаря.

Има няколко човека тук ,които ще ти помогнат ! Заразата явно все повече се разпростира и доста хора получиха помощ точно по твоя проблем

Има няколко човека тук ,които ще ти помогнат !

дано да се отзоват, защото е доста изнервящо

Редактирано 20 януари 201016 г. от tonitaakg (преглед на промените)

Моля изтеглете OTL.exe и го запазете на десктопа.

Стартирайте файла с двукратен клик на мишката.

Направете следните настройки:

Под "Custom Scans/Fixes" с copy/paste въведете следната информация:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%SYSTEMDRIVE%\*.*

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%PROGRAMFILES%\*.

%userprofile%\Desktop\*.*

%userprofile%\Desktop\*.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Натиснете Run Scan.

Като приключи проверката публикувайте двата лог файла - OTL.Txt и Extras.Txt.

Здравей ето това се получи след сканирането:

OTL.Txt

OTL logfile created on: 21.1.2010 г. 10:25:20 - Run 2

OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\!\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 20,00 Gb Total Space | 3,82 Gb Free Space | 19,09% Space Free | Partition Type: NTFS

Drive D: | 212,87 Gb Total Space | 111,52 Gb Free Space | 52,39% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USER-0CCED92A1A

Current User Name: !

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\!\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\system32\fqlguoyplxefmomog.exe ()

PRC - C:\Documents and Settings\!\Local Settings\Temp\zalwakk.exe ()

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)

PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)

PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)

PRC - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\!\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (gupdate1ca8938d8592458) Услуга Google Update (gupdate1ca8938d8592458) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (AtcL001) -- C:\WINDOWS\system32\drivers\l151x86.sys (Atheros Communications, Inc.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - (amdide) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices)

DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1757981266-746137067-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1757981266-746137067-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1757981266-746137067-1801674531-1003\S-1-5-21-1757981266-746137067-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.atcomet.com/b/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.12 16:18:16 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.12 16:18:15 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009.12.04 11:04:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Mozilla\Extensions

[2010.01.05 20:12:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Mozilla\Firefox\Profiles\w0e6djt8.default\extensions

[2009.12.07 13:33:17 | 00,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\!\Application Data\Mozilla\Firefox\Profiles\w0e6djt8.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

[2010.01.04 12:59:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Mozilla\Firefox\Profiles\w0e6djt8.default\extensions\staged-xpis

[2009.12.07 13:30:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Mozilla\Firefox\Profiles\w0e6djt8.default\extensions\[email protected]

[2009.09.02 14:52:02 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\!\Application Data\Mozilla\Firefox\Profiles\w0e6djt8.default\searchplugins\askcom.xml

[2010.01.15 14:07:35 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009.12.04 11:04:12 | 00,000,000 | ---D | M] (FlashGot) -- C:\Program Files\Mozilla Firefox\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

[2009.07.17 10:40:12 | 00,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2008.04.14 14:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\PROGRAMKI\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

O4 - HKLM..\Run: [mmwgjs] C:\WINDOWS\System32\maywnkxrqfptdijojbvw.exe ()

O4 - HKLM..\Run: [qwmclafriprn] C:\Documents and Settings\!\Local Settings\Temp\yicwjclbwhnnturs.exe ()

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe ()

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003..\Run: [bitComet] D:\PROGRAMKI\BitComet\BitComet.exe (www.BitComet.com)

O4 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003..\Run: [fivioaclz] C:\WINDOWS\System32\fqlguoyplxefmomog.exe ()

O4 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003..\Run: [mmwgjs] C:\Documents and Settings\!\Local Settings\Temp\bqpogesnndotekmsohcew.exe ()

O4 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKLM..\RunOnce: [tynckycndjk] C:\Documents and Settings\!\Local Settings\Temp\zmjgwsexvjsveiimgxq.exe ()

O4 - HKLM..\RunOnce: [zalwakk] C:\WINDOWS\System32\yicwjclbwhnnturs.exe ()

O4 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003..\RunOnce: [ycqelyblaf] C:\WINDOWS\System32\zmjgwsexvjsveiimgxq.exe ()

O4 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003..\RunOnce: [zalwakk] C:\Documents and Settings\!\Local Settings\Temp\zmjgwsexvjsveiimgxq.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: oqcotefn = yicwjclbwhnnturs.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: bajsu = C:\DOCUME~1\!\LOCALS~1\Temp\bqpogesnndotekmsohcew.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1

O7 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O8 - Extra context menu item: &D&ownload &with BitComet - D:\PROGRAMKI\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all video with BitComet - D:\PROGRAMKI\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all with BitComet - D:\PROGRAMKI\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - D:\PROGRAMKI\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)

O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)

O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\!\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\!\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.12.03 10:19:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010.01.21 10:11:04 | 00,000,826 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010.01.21 10:11:05 | 00,000,820 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{367ad49e-05ac-11df-be33-001fc659768e}\Shell\AutoRun\command - "" = G:\fivioaclz.bat -- File not found

O33 - MountPoints2\{367ad49e-05ac-11df-be33-001fc659768e}\Shell\explore\Command - "" = G:\pwneoekxpxaxa.bat -- File not found

O33 - MountPoints2\{367ad49e-05ac-11df-be33-001fc659768e}\Shell\open\Command - "" = G:\tynckycndjk.bat -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.12.03 11:52:04 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2010.01.21 10:23:40 | 00,000,000 | ---D | C] -- C:\_OTL

[2010.01.21 10:18:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Desktop\probi

[2010.01.21 10:15:18 | 00,546,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\!\Desktop\OTL.exe

[2010.01.20 22:19:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2010.01.20 21:03:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Panda Software

[2010.01.19 21:10:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Desktop\Ice.Age.Dawn.of.the.Dinosaurs.2009.CAM.XViD.BGAUDIO-CheFo

[2010.01.18 17:18:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\URSE Games

[2010.01.18 17:17:26 | 65,102,450 | ---- | C] (Adventurersbg.info ) -- C:\Documents and Settings\!\Desktop\Kellie Stanford - Turn of Fate - BG.exe

[2010.01.17 21:27:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Desktop\The.Da.Vinci.Code[2006]DvDrip[Eng]-aXXo

[2010.01.17 19:51:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Desktop\Ice Age - BG Audio

[2010.01.14 16:07:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\Virtual Prophecy

[2010.01.13 16:35:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\Dragon Altar Games

[2010.01.13 15:42:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\Aisle 5 Games, Inc

[2010.01.13 15:41:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\G.H.O.S.T Chronicles - Phantom of the Renaissance Faire

[2010.01.12 21:14:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Desktop\FLASHKA

[2010.01.12 19:32:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Local Settings\Application Data\Game Mill Files

[2010.01.12 19:04:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Desktop\New Folder

[2010.01.12 16:46:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\TitanicMystery

[2010.01.11 19:08:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Desktop\astrea

[2010.01.11 18:04:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gogii

[2010.01.11 18:03:11 | 00,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade

[2010.01.07 16:29:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\YoudaGames

[2010.01.07 14:52:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\Artogon

[2010.01.06 23:26:40 | 00,000,000 | ---D | C] -- C:\Program Files\NOS

[2010.01.06 23:26:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS

[2010.01.06 17:15:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\Orneon

[2010.01.05 23:44:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\Go-Go Gourmet Chef of the Year

[2010.01.05 22:43:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\JollyBear

[2010.01.05 22:43:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Local Settings\Application Data\JollyBear

[2010.01.05 22:42:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media

[2010.01.05 22:05:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Merscom

[2010.01.05 22:05:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\Merscom

[2010.01.05 20:52:59 | 00,000,000 | ---D | C] -- C:\Program Files\Microids

[2010.01.05 14:28:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2010.01.05 14:28:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\PlayFirst

[2010.01.03 19:30:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\Media Player Classic

[2009.12.30 15:58:00 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2009.12.30 12:25:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2009.12.30 12:14:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2009.12.30 12:14:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\skypePM

[2009.12.30 12:13:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2009.12.22 21:40:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\sentinel

[2009.12.22 21:39:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Local Settings\Application Data\Panda Software

[2009.12.22 21:37:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Software

[2009.12.22 21:33:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2009.12.22 21:33:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2009.12.22 21:33:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009.12.22 21:33:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google

[2009.12.22 12:51:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\!\Local Settings\Application Data\Identities

[2009.12.03 10:21:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009.12.03 10:19:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009.12.03 10:19:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.01.21 10:25:30 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj

[2010.01.21 10:25:30 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\System32\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj

[2010.01.21 10:25:30 | 00,002,408 | -H-- | M] () -- C:\Program Files\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj

[2010.01.21 10:25:30 | 00,002,408 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj

[2010.01.21 10:25:30 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\bajsucafppkzukwmsvamoewpwwv.npx

[2010.01.21 10:25:30 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\bajsucafppkzukwmsvamoewpwwv.npx

[2010.01.21 10:25:30 | 00,000,280 | -H-- | M] () -- C:\Program Files\bajsucafppkzukwmsvamoewpwwv.npx

[2010.01.21 10:25:30 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\bajsucafppkzukwmsvamoewpwwv.npx

[2010.01.21 10:25:01 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\System32\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv

[2010.01.21 10:25:01 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv

[2010.01.21 10:25:01 | 00,000,316 | -H-- | M] () -- C:\Program Files\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv

[2010.01.21 10:25:01 | 00,000,316 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv

[2010.01.21 10:25:00 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\zmjgwsexvjsveiimgxq.exe

[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\yicwjclbwhnnturs.exe

[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\siiibaplmdpvhoryvploho.exe

[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\oawshcnfcpxzhkjmfv.exe

[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\maywnkxrqfptdijojbvw.exe

[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\fqlguoyplxefmomog.exe

[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\bqpogesnndotekmsohcew.exe

[2010.01.21 10:15:55 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Word 2003.lnk

[2010.01.21 10:15:21 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\!\Desktop\OTL.exe

[2010.01.21 10:14:42 | 00,530,930 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.01.21 10:14:42 | 00,447,614 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.01.21 10:14:42 | 00,073,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.01.21 10:11:04 | 00,577,536 | RHS- | M] () -- C:\pwneoekxpxaxa.bat

[2010.01.21 10:11:04 | 00,000,826 | RHS- | M] () -- C:\autorun.inf

[2010.01.21 10:10:44 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.01.21 10:10:31 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\siiibaplmdpvhoryvploho.exe

[2010.01.21 10:10:31 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\bqpogesnndotekmsohcew.exe

[2010.01.21 10:10:30 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\maywnkxrqfptdijojbvw.exe

[2010.01.21 10:10:29 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\zmjgwsexvjsveiimgxq.exe

[2010.01.21 10:10:28 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\yicwjclbwhnnturs.exe

[2010.01.21 10:10:26 | 00,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010.01.21 10:10:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.01.21 10:10:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.01.21 10:07:40 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C92D3F70-81D1-4578-85AB-90349F363915}.job

[2010.01.21 10:04:25 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\oawshcnfcpxzhkjmfv.exe

[2010.01.21 00:01:00 | 00,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010.01.20 22:52:36 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010.01.20 22:52:12 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\fqlguoyplxefmomog.exe

[2010.01.20 22:13:25 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\!\NTUSER.DAT

[2010.01.20 22:13:25 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\!\ntuser.ini

[2010.01.20 20:49:45 | 00,000,073 | -H-- | M] () -- C:\WINDOWS\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx

[2010.01.20 20:49:45 | 00,000,073 | -H-- | M] () -- C:\WINDOWS\System32\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx

[2010.01.20 20:49:45 | 00,000,073 | -H-- | M] () -- C:\Program Files\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx

[2010.01.20 20:49:45 | 00,000,073 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx

[2010.01.20 20:48:18 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct

[2010.01.20 20:48:18 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\System32\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct

[2010.01.20 20:48:18 | 00,004,248 | -H-- | M] () -- C:\Program Files\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct

[2010.01.20 20:48:18 | 00,004,248 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct

[2010.01.20 20:16:45 | 00,038,489 | ---- | M] () -- C:\Documents and Settings\!\Desktop\_eml.zip

[2010.01.19 22:09:15 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010.01.19 22:09:06 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.01.19 15:31:09 | 00,303,824 | ---- | M] () -- C:\Documents and Settings\!\Desktop\matematika.zip

[2010.01.19 15:25:32 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Excel 2003.lnk

[2010.01.18 17:18:34 | 00,000,721 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Кели Станфорд - Обратът на Съдбата.lnk

[2010.01.18 17:17:38 | 65,102,450 | ---- | M] (Adventurersbg.info ) -- C:\Documents and Settings\!\Desktop\Kellie Stanford - Turn of Fate - BG.exe

[2010.01.17 19:49:45 | 00,013,093 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Ice Age - BG Audio-[rarbg.com].torrent

[2010.01.15 16:51:17 | 04,412,818 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\IconCache.db

[2010.01.15 13:45:43 | 00,055,454 | ---- | M] () -- C:\Documents and Settings\!\Desktop\31_12_2009.zip

[2010.01.14 16:06:58 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Mishap An Accidental Haunting.lnk

[2010.01.14 14:09:38 | 00,000,554 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitComet.lnk

[2010.01.13 19:09:44 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010.01.13 15:42:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat

[2010.01.12 16:18:18 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010.01.05 20:21:25 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini

[2009.12.30 12:14:44 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2009.12.30 12:14:09 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009.12.30 00:01:01 | 00,048,640 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Диети и Отслабване.doc

[2009.12.22 21:41:08 | 00,000,630 | ---- | M] () -- C:\WINDOWS\win.ini

[2009.12.22 21:30:00 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.01.20 20:49:56 | 00,002,408 | -H-- | C] () -- C:\WINDOWS\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj

[2010.01.20 20:49:56 | 00,002,408 | -H-- | C] () -- C:\WINDOWS\System32\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj

[2010.01.20 20:49:56 | 00,002,408 | -H-- | C] () -- C:\Program Files\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj

[2010.01.20 20:49:56 | 00,002,408 | -H-- | C] () -- C:\Documents and Settings\!\Local Settings\Application Data\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj

[2010.01.20 20:49:45 | 00,000,316 | -H-- | C] () -- C:\WINDOWS\System32\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv

[2010.01.20 20:49:45 | 00,000,316 | -H-- | C] () -- C:\WINDOWS\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv

[2010.01.20 20:49:45 | 00,000,316 | -H-- | C] () -- C:\Program Files\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv

[2010.01.20 20:49:45 | 00,000,316 | -H-- | C] () -- C:\Documents and Settings\!\Local Settings\Application Data\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv

[2010.01.20 20:49:45 | 00,000,073 | -H-- | C] () -- C:\WINDOWS\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx

[2010.01.20 20:49:45 | 00,000,073 | -H-- | C] () -- C:\WINDOWS\System32\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx

[2010.01.20 20:49:45 | 00,000,073 | -H-- | C] () -- C:\Program Files\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx

[2010.01.20 20:49:45 | 00,000,073 | -H-- | C] () -- C:\Documents and Settings\!\Local Settings\Application Data\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx

[2010.01.20 20:48:54 | 00,000,826 | RHS- | C] () -- C:\autorun.inf

[2010.01.20 20:48:18 | 00,004,248 | -H-- | C] () -- C:\WINDOWS\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct

[2010.01.20 20:48:18 | 00,004,248 | -H-- | C] () -- C:\WINDOWS\System32\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct

[2010.01.20 20:48:18 | 00,004,248 | -H-- | C] () -- C:\Program Files\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct

[2010.01.20 20:48:18 | 00,004,248 | -H-- | C] () -- C:\Documents and Settings\!\Local Settings\Application Data\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct

[2010.01.20 20:48:18 | 00,000,280 | -H-- | C] () -- C:\WINDOWS\System32\bajsucafppkzukwmsvamoewpwwv.npx

[2010.01.20 20:48:18 | 00,000,280 | -H-- | C] () -- C:\WINDOWS\bajsucafppkzukwmsvamoewpwwv.npx

[2010.01.20 20:48:18 | 00,000,280 | -H-- | C] () -- C:\Program Files\bajsucafppkzukwmsvamoewpwwv.npx

[2010.01.20 20:48:18 | 00,000,280 | -H-- | C] () -- C:\Documents and Settings\!\Local Settings\Application Data\bajsucafppkzukwmsvamoewpwwv.npx

[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\zmjgwsexvjsveiimgxq.exe

[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\zmjgwsexvjsveiimgxq.exe

[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\yicwjclbwhnnturs.exe

[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\yicwjclbwhnnturs.exe

[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\siiibaplmdpvhoryvploho.exe

[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\siiibaplmdpvhoryvploho.exe

[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\oawshcnfcpxzhkjmfv.exe

[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\oawshcnfcpxzhkjmfv.exe

[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\maywnkxrqfptdijojbvw.exe

[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\maywnkxrqfptdijojbvw.exe

[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\fqlguoyplxefmomog.exe

[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\fqlguoyplxefmomog.exe

[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\System32\bqpogesnndotekmsohcew.exe

[2010.01.20 20:48:09 | 00,577,536 | RHS- | C] () -- C:\WINDOWS\bqpogesnndotekmsohcew.exe

[2010.01.20 20:16:45 | 00,038,489 | ---- | C] () -- C:\Documents and Settings\!\Desktop\_eml.zip

[2010.01.19 15:28:33 | 00,303,824 | ---- | C] () -- C:\Documents and Settings\!\Desktop\matematika.zip

[2010.01.18 17:18:34 | 00,000,721 | ---- | C] () -- C:\Documents and Settings\!\Desktop\Кели Станфорд - Обратът на Съдбата.lnk

[2010.01.17 19:48:38 | 00,013,093 | ---- | C] () -- C:\Documents and Settings\!\Desktop\Ice Age - BG Audio-[rarbg.com].torrent

[2010.01.15 15:40:54 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\!\Desktop\Mishap An Accidental Haunting.lnk

[2010.01.15 13:45:41 | 00,055,454 | ---- | C] () -- C:\Documents and Settings\!\Desktop\31_12_2009.zip

[2010.01.13 15:42:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat

[2009.12.30 12:20:16 | 00,001,044 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009.12.30 12:20:15 | 00,001,040 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009.12.30 12:14:44 | 00,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2009.12.30 12:14:09 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009.12.30 00:01:01 | 00,048,640 | ---- | C] () -- C:\Documents and Settings\!\Desktop\Диети и Отслабване.doc

[2009.12.22 21:07:58 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.12.16 18:54:48 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009.12.08 14:22:24 | 00,008,891 | ---- | C] () -- C:\Documents and Settings\!\Application Data\SmarThruOptions.xml

[2009.12.08 14:22:13 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll

[2009.12.08 14:22:00 | 00,000,124 | ---- | C] () -- C:\WINDOWS\Readiris.ini

[2009.12.08 14:21:57 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll

[2009.12.04 11:08:12 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009.12.04 11:05:45 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009.12.04 11:04:29 | 00,000,110 | ---- | C] () -- C:\Program Files\setup.cmd

[2009.12.04 11:01:35 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009.12.04 11:01:34 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009.12.04 11:01:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009.12.04 11:01:28 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009.12.04 11:01:28 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009.12.04 11:01:24 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009.12.04 11:01:23 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009.12.03 17:43:52 | 00,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2006.08.16 05:05:50 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll

[2006.08.16 05:05:48 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll

[2006.08.16 05:05:48 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll

[2006.08.16 05:05:48 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll

[2003.01.07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010.01.13 15:42:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Aisle 5 Games, Inc

[2010.01.07 14:52:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Artogon

[2009.12.06 19:11:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Auslogics

[2010.01.08 01:35:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Big Fish Games

[2009.12.22 21:21:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\BSplayer PRO

[2009.12.12 15:27:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\casanova

[2009.12.10 15:44:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\ChaYoWo Games

[2009.12.07 13:35:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\CometNetwork

[2010.01.13 16:35:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Dragon Altar Games

[2010.01.06 00:43:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\ERS G-Studio

[2010.01.05 23:44:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Go-Go Gourmet Chef of the Year

[2009.12.15 14:22:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\IronCode

[2009.12.20 16:55:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Meridian93

[2010.01.05 22:05:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Merscom

[2010.01.06 17:15:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Orneon

[2010.01.05 14:28:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\PlayFirst

[2009.12.08 14:22:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\SmarThru4

[2010.01.12 16:46:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\TitanicMystery

[2009.12.17 16:57:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\TMInc

[2010.01.18 17:18:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\URSE Games

[2010.01.11 19:43:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\uTorrent

[2009.12.10 11:44:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\V-Games

[2010.01.14 16:07:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Virtual Prophecy

[2010.01.07 16:29:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\YoudaGames

[2009.12.17 16:55:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarGameBox

[2009.12.03 17:33:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET

[2010.01.11 18:04:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii

[2010.01.05 22:43:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear

[2010.01.05 22:05:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom

[2010.01.05 14:28:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2009.12.22 21:40:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel

[2010.01.08 01:28:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010.01.21 00:01:00 | 00,000,226 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

[2010.01.21 10:07:40 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C92D3F70-81D1-4578-85AB-90349F363915}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2009.12.03 10:19:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010.01.21 10:11:04 | 00,000,826 | RHS- | M] () -- C:\autorun.inf

[2009.12.03 10:14:35 | 00,000,211 | -HS- | M] () -- C:\boot.ini

[2009.12.03 10:19:08 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2009.02.19 06:09:24 | 00,577,536 | RHS- | M] () -- C:\fivioaclz.bat

[2009.12.03 10:19:08 | 00,000,000 | RHS- | M] () -- C:\IO.SYS

[2009.12.03 10:19:08 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008.04.14 14:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008.04.14 14:00:00 | 00,250,048 | RHS- | M] () -- C:\ntldr

[2010.01.21 10:10:17 | 21,453,86496 | -HS- | M] () -- C:\pagefile.sys

[2010.01.21 10:11:04 | 00,577,536 | RHS- | M] () -- C:\pwneoekxpxaxa.bat

[2007.07.14 02:03:08 | 00,301,090 | ---- | M] () -- C:\Toolbar_Install.bmp

[2009.02.16 06:03:45 | 00,577,536 | RHS- | M] () -- C:\tynckycndjk.bat

< MD5 for: AGP440.SYS >

[2008.04.14 14:00:00 | 20,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >

[2008.04.14 14:00:00 | 20,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008.04.14 14:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2008.04.14 14:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

[2008.04.14 14:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008.04.14 14:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll

[2008.04.14 14:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >

[2008.04.14 14:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll

[2008.04.14 14:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >

[2008.04.14 14:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll

[2008.04.14 14:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2008.06.25 10:11:26 | 00,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll

[2009.03.08 04:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll

[2009.03.08 04:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %PROGRAMFILES%\*. >

[2009.12.08 10:47:45 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe

[2009.12.17 18:00:27 | 00,000,000 | ---D | M] -- C:\Program Files\Alawar

[2009.12.08 18:33:06 | 00,000,000 | ---D | M] -- C:\Program Files\Alwil Software

[2009.12.07 13:30:54 | 00,000,000 | ---D | M] -- C:\Program Files\Ask.com

[2009.12.04 10:55:38 | 00,000,000 | ---D | M] -- C:\Program Files\ATI Technologies

[2009.12.04 11:01:19 | 00,000,000 | ---D | M] -- C:\Program Files\Auslogics

[2010.01.20 21:10:33 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files

[2009.12.03 10:16:25 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications

[2009.12.04 11:09:28 | 00,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools

[2010.01.20 22:14:11 | 00,000,000 | ---D | M] -- C:\Program Files\ESET

[2010.01.21 10:17:30 | 00,000,000 | ---D | M] -- C:\Program Files\FlashGet

[2009.12.30 12:14:48 | 00,000,000 | ---D | M] -- C:\Program Files\Google

[2010.01.20 21:04:52 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information

[2009.12.20 16:19:03 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer

[2009.12.04 11:01:41 | 00,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack

[2009.12.10 23:20:49 | 00,000,000 | ---D | M] -- C:\Program Files\KONAMI

[2009.12.04 09:30:55 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger

[2010.01.05 21:16:29 | 00,000,000 | ---D | M] -- C:\Program Files\Microids

[2009.12.04 11:05:14 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync

[2009.12.03 10:19:25 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage

[2009.12.04 11:04:57 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office

[2009.12.04 11:04:40 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET

[2009.12.03 10:17:28 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker

[2010.01.20 22:24:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox

[2009.12.07 00:05:38 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild

[2009.12.03 10:15:29 | 00,000,000 | ---D | M] -- C:\Program Files\MSN

[2009.12.03 10:16:06 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone

[2009.12.09 23:47:27 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0

[2009.12.04 11:03:13 | 00,000,000 | ---D | M] -- C:\Program Files\Nero

[2009.12.03 10:17:42 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting

[2010.01.06 23:26:40 | 00,000,000 | ---D | M] -- C:\Program Files\NOS

[2009.12.03 10:16:15 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services

[2009.12.04 09:28:38 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express

[2009.12.08 14:22:00 | 00,000,000 | ---D | M] -- C:\Program Files\Readiris10

[2009.12.03 17:32:24 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek

[2009.12.07 00:05:34 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies

[2010.01.11 18:03:11 | 00,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade

[2009.12.08 14:19:03 | 00,000,000 | ---D | M] -- C:\Program Files\SAMSUNG

[2009.12.30 12:13:58 | 00,000,000 | R--D | M] -- C:\Program Files\Skype

[2009.12.08 14:22:24 | 00,000,000 | ---D | M] -- C:\Program Files\SmarThru 4

[2009.12.03 10:23:57 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information

[2009.12.04 11:04:29 | 00,000,000 | ---D | M] -- C:\Program Files\Winamp

[2009.12.03 10:19:08 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player

[2009.12.03 10:15:58 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT

[2009.12.03 10:18:12 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate

[2009.12.04 11:08:59 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR

[2009.12.03 10:19:25 | 00,000,000 | ---D | M] -- C:\Program Files\xerox

< %userprofile%\Desktop\*.* >

[2010.01.15 13:45:43 | 00,055,454 | ---- | M] () -- C:\Documents and Settings\!\Desktop\31_12_2009.zip

[2009.12.04 11:01:20 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Auslogics Disk Defrag.lnk

[2010.01.21 10:23:43 | 00,039,138 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Extras.Txt

[2009.12.04 11:01:44 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\!\Desktop\FlashGet.lnk

[2010.01.17 19:49:45 | 00,013,093 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Ice Age - BG Audio-[rarbg.com].torrent

[2010.01.18 17:17:38 | 65,102,450 | ---- | M] (Adventurersbg.info ) -- C:\Documents and Settings\!\Desktop\Kellie Stanford - Turn of Fate - BG.exe

[2010.01.19 15:31:09 | 00,303,824 | ---- | M] () -- C:\Documents and Settings\!\Desktop\matematika.zip

[2010.01.14 16:06:58 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Mishap An Accidental Haunting.lnk

[2009.12.04 11:03:42 | 00,000,678 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Nero Burning ROM.lnk

[2010.01.21 10:15:21 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\!\Desktop\OTL.exe

[2010.01.21 10:23:42 | 00,168,034 | ---- | M] () -- C:\Documents and Settings\!\Desktop\OTL.Txt

[2009.12.04 11:04:30 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Winamp.lnk

[2010.01.20 20:16:45 | 00,038,489 | ---- | M] () -- C:\Documents and Settings\!\Desktop\_eml.zip

[2009.12.30 00:01:01 | 00,048,640 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Диети и Отслабване.doc

[2010.01.18 17:18:34 | 00,000,721 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Кели Станфорд - Обратът на Съдбата.lnk

< %userprofile%\Desktop\*. >

[2010.01.12 14:25:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Desktop\astrea

[2010.01.12 21:17:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Desktop\FLASHKA

[2010.01.17 20:10:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Desktop\Ice Age - BG Audio

[2010.01.19 22:06:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Desktop\Ice.Age.Dawn.of.the.Dinosaurs.2009.CAM.XViD.BGAUDIO-CheFo

[2010.01.11 20:20:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Desktop\kari

[2010.01.19 15:22:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Desktop\New Folder

[2010.01.21 10:18:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Desktop\probi

[2010.01.17 21:28:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\!\Desktop\The.Da.Vinci.Code[2006]DvDrip[Eng]-aXXo

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-13 17:09:49

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5216CD26

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB77E2C4

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:981349EA

@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C

< End of report >

Extras.Txt

OTL Extras logfile created on: 21.1.2010 г. 10:25:20 - Run 2

OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\!\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 20,00 Gb Total Space | 3,82 Gb Free Space | 19,09% Space Free | Partition Type: NTFS

Drive D: | 212,87 Gb Total Space | 111,52 Gb Free Space | 52,39% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USER-0CCED92A1A

Current User Name: !

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1757981266-746137067-1801674531-1003\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"25403:TCP" = 25403:TCP:*:Enabled:BitComet 25403 TCP

"25403:UDP" = 25403:UDP:*:Enabled:BitComet 25403 UDP

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\FlashGet\FlashGet.exe" = C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget -- (FlashGet.com)

"D:\BitComet\BitComet.exe" = D:\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- File not found

"D:\PROGRAMKI\BitComet\BitComet.exe" = D:\PROGRAMKI\BitComet\BitComet.exe:*:Enabled:BitComet -- (www.BitComet.com)

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)

"D:\utorrent.exe" = D:\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03E256CC-9C17-16AE-CA3E-8285D3B29674}" = Catalyst Control Center Localization Dutch

"{04E6C9A8-05A7-ED51-6004-D51DCB0F6C3C}" = CCC Help Russian

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{0BD0239E-4BF7-AADE-BF65-15591AD85E7E}" = Catalyst Control Center Localization French

"{1131DBA1-6C25-AD3F-8466-76A6D0F18D86}" = Catalyst Control Center Localization Czech

"{1289965E-A50A-759C-C365-2062F94CD55C}" = ccc-utility

"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1D2D8F2F-C012-98B1-155B-BE08FE7A944D}" = CCC Help Korean

"{231731CD-27FF-DAF9-16CD-4EB28CE747DA}" = CCC Help Greek

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2675DE6E-4083-9491-14A1-AA99E3F126EA}" = Skins

"{3100925A-26D6-E406-BB72-0ECE1BD44798}" = Catalyst Control Center Localization Japanese

"{31CD452E-9415-7244-07EE-0DDD20C54326}" = CCC Help Czech

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{37099F28-2B3D-5BB8-4634-A513B85B7B54}" = Catalyst Control Center Localization Swedish

"{376F7462-36DA-F929-3329-86CD85076974}" = Catalyst Control Center Localization Chinese Standard

"{3A398E1C-BB28-5396-B3FE-76C35A302A2F}" = Catalyst Control Center Localization German

"{3B0EC1C1-7A64-D405-3374-CE893AFA7597}" = CCC Help Finnish

"{469BFD44-46D4-5A50-2B39-2662158361E5}" = CCC Help Danish

"{4A44F3B9-A208-5457-24E6-448C88A329DA}" = CCC Help Japanese

"{4E25D959-1080-2CB3-5408-AD88CE1D22F4}" = Catalyst Control Center Core Implementation

"{53CA7C0D-3D10-E53E-6FE6-8CEA4170D659}" = Catalyst Control Center Graphics Full Existing

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{552332F5-8904-E6DB-6708-4D40A852DD9C}" = CCC Help Portuguese

"{5811BFA6-916D-992E-2550-DAF921A72BA2}" = CCC Help Spanish

"{5C14D074-7A75-B3B6-F734-F652EBC126C9}" = CCC Help Dutch

"{61585999-E891-AB93-2C1A-BCFCB86F9EA1}" = Catalyst Control Center Graphics Full New

"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.® L1 Gigabit Ethernet Driver

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{75D21040-CF6D-B67F-E794-13A49B5EFD90}" = Catalyst Control Center Localization Thai

"{771DAF24-33A1-2EC4-2161-9DB6F0B4BB4F}" = Catalyst Control Center Localization Portuguese

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114643957}" = Big City Adventure Sydney

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{893D6516-88C7-97F2-FF21-93FDFBC075D5}" = Catalyst Control Center Localization Hungarian

"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{901E0402-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Bulgarian User Interface Pack

"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4

"{9299FBD5-3A59-F73B-0EA1-EE0E2E49EFCF}" = ccc-core-static

"{9BF5501A-BA5F-E1E6-AD12-A00C54D253A1}" = CCC Help French

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC63D770-6466-6DA6-1893-A98F7E4979A9}" = CCC Help Norwegian

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AE04A701-0B3D-80AF-1514-9676BC2B7E2D}" = CCC Help English

"{AE7EA6CC-C55D-3C57-6540-4D73514E578A}" = CCC Help Italian

"{AF9DF04A-4B60-61A7-3C56-6A7A231ADFFF}" = ccc-core-preinstall

"{B2E88616-DB58-7570-2047-884C09841F0A}" = CCC Help Polish

"{B5BD948A-408C-34EF-CA08-79F79D91EE63}" = CCC Help Chinese Traditional

"{B8F66A22-6C6D-26ED-B69A-3DC704C274F4}" = CCC Help Chinese Standard

"{BAB9CF35-B641-2D02-CF12-E8929150AE61}" = Catalyst Control Center Localization Chinese Traditional

"{BD61A312-FC04-5FE8-3FA1-18FBA7068A26}" = Catalyst Control Center Graphics Light

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C557E258-E9DB-B062-3E95-DCC3DF1DF6FD}" = Catalyst Control Center Graphics Previews Common

"{C6FBE7BB-D63B-63AC-D856-791F70FAF2AC}" = Catalyst Control Center Localization Norwegian

"{CB2BBE97-230C-641A-45C3-171E812FFF2B}" = Catalyst Control Center Localization Danish

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}" = DAMN NFO Viewer 2.10.0031 RC3

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{DFD9146F-CC1D-09AE-223F-F0F23A8D702C}" = Catalyst Control Center Localization Korean

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E2963C46-06B4-2C13-06A4-967AC62EA44E}" = CCC Help German

"{E34E9B33-46EC-4252-A52F-DDA3978CC0AF}" = Syberia

"{E4628D0D-5DC8-49EC-985A-F0C12EDBF1D2}" = Agatha Christie - And Then There Were None

"{E8B5AAC3-AA42-BA50-ED23-50691ACA9A68}" = Catalyst Control Center Localization Spanish

"{EBCC80A8-4CE8-F0D8-2417-D07837152464}" = Catalyst Control Center Localization Russian

"{EC625543-C1BC-52DA-E923-0D1611A8C33D}" = Catalyst Control Center Localization Italian

"{EDC7CB81-59D7-9934-148C-458F1A4527BC}" = CCC Help Thai

"{F0DC188E-E456-BFE0-F039-5D6EDDB322CA}" = CCC Help Turkish

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1D42B14-EA0F-3A0B-9E58-7A2BD6D2D695}" = CCC Help Hungarian

"{F2BFA1B3-F7A2-7DA1-EF5F-55E57D091942}" = Catalyst Control Center Localization Greek

"{F33CD8AA-45B3-033B-29BA-7ACBDC049F96}" = CCC Help Swedish

"{F4992E7A-C58D-4BC8-0957-A21D28F62479}" = Catalyst Control Center Localization Turkish

"{F8D7DD12-6CE1-4A6B-C2EC-28EC3761B880}" = Catalyst Control Center Localization Finnish

"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding

"{FF59611E-238D-249F-B002-59CF89B3E7CA}" = Catalyst Control Center Localization Polish

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"All ATI Software" = ATI - Software Uninstall Utility

"ATI Display Driver" = ATI Display Driver

"BitComet" = BitComet 1.17

"Bulgarian_KBD'S_Atanasov" = Bulgarian Keyboards XP by G. Atanasov

"Cate West - The Velvet Keys" = Cate West - The Velvet Keys

"CometBird (3.5.5)" = CometBird (3.5.5)

"FlashGet" = FlashGet 1.9.6.1073

"G.H.O.S.T Chronicles - Phantom of the Renaissance Faire" = G.H.O.S.T Chronicles - Phantom of the Renaissance Faire

"Google Chrome" = Google Chrome

"ie8" = Windows Internet Explorer 8

"Kellie Stanford - Turn of Fate 1.00" = Kellie Stanford - Turn of Fate 1.00

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.0

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mishap An Accidental Haunting 1.00" = Mishap An Accidental Haunting 1.00

"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)

"Nero 7 Lite_is1" = Nero 7 Lite 7.9.6.0

"Samsung SCX-4200 Series" = Samsung SCX-4200 Series

"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 04.12.2009 г. 05:08:07 | Computer Name = USER-0CCED92A1A | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: An internal certificate chaining error has occurred.

Error - 06.12.2009 г. 13:17:39 | Computer Name = USER-0CCED92A1A | Source = MsiInstaller | ID = 11706

Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.

Setup cannot find the required files. Check your connection to the network, or

CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft

Office\OFFICE11\1033\SETUP.CHM.

Error - 07.12.2009 г. 06:03:10 | Computer Name = USER-0CCED92A1A | Source = LoadPerf | ID = 3001

Description = The performance counter name string value in the registry is incorrectly

formatted.

The bogus string is 3994, the bogus index value is the first DWORD in Data section

while the last valid index values are the second and third DWORD in Data section.

Error - 07.12.2009 г. 06:03:10 | Computer Name = USER-0CCED92A1A | Source = LoadPerf | ID = 3011

Description = Unloading the performance counter strings for service ASP.NET_2.0.50727

(ASP.NET_2.0.50727) failed. The Error code is the first DWORD in Data section.

Error - 07.12.2009 г. 06:03:11 | Computer Name = USER-0CCED92A1A | Source = LoadPerf | ID = 3001

Description = The performance counter name string value in the registry is incorrectly

formatted.

The bogus string is 3994, the bogus index value is the first DWORD in Data section

while the last valid index values are the second and third DWORD in Data section.

Error - 07.12.2009 г. 06:03:11 | Computer Name = USER-0CCED92A1A | Source = LoadPerf | ID = 3011

Description = Unloading the performance counter strings for service aspnet_state

(ASP.NET State Service) failed. The Error code is the first DWORD in Data section.

Error - 07.12.2009 г. 06:03:11 | Computer Name = USER-0CCED92A1A | Source = LoadPerf | ID = 3001

Description = The performance counter name string value in the registry is incorrectly

formatted.

The bogus string is 3994, the bogus index value is the first DWORD in Data section

while the last valid index values are the second and third DWORD in Data section.

Error - 10.12.2009 г. 17:39:35 | Computer Name = USER-0CCED92A1A | Source = MsiInstaller | ID = 1013

Description = Product: SILENT HILL 3 -- 1: This installation cannot be run by directly

launching the MSI package. You must run setup.exe.

Error - 10.12.2009 г. 17:39:52 | Computer Name = USER-0CCED92A1A | Source = MsiInstaller | ID = 1013

Description = Product: SILENT HILL 3 -- 1: This installation cannot be run by directly

launching the MSI package. You must run setup.exe.

[ System Events ]

Error - 12.1.2010 г. 08:52:22 | Computer Name = USER-0CCED92A1A | Source = Service Control Manager | ID = 7000

Description = The DgiVecp service failed to start due to the following error: %%20

Error - 13.1.2010 г. 06:12:26 | Computer Name = USER-0CCED92A1A | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.2 for the Network Card with network

address 001FC659768E has been denied by the DHCP server 192.168.1.1 (The DHCP Server

sent a DHCPNACK message).

Error - 13.1.2010 г. 06:13:17 | Computer Name = USER-0CCED92A1A | Source = Service Control Manager | ID = 7000

Description = The DgiVecp service failed to start due to the following error: %%20

Error - 13.1.2010 г. 13:49:46 | Computer Name = USER-0CCED92A1A | Source = Service Control Manager | ID = 7000

Description = The DgiVecp service failed to start due to the following error: %%20

Error - 14.1.2010 г. 08:06:28 | Computer Name = USER-0CCED92A1A | Source = Service Control Manager | ID = 7000

Description = The DgiVecp service failed to start due to the following error: %%20

Error - 15.1.2010 г. 07:28:22 | Computer Name = USER-0CCED92A1A | Source = Service Control Manager | ID = 7000

Description = The DgiVecp service failed to start due to the following error: %%20

Error - 17.1.2010 г. 12:38:06 | Computer Name = USER-0CCED92A1A | Source = Service Control Manager | ID = 7000

Description = The DgiVecp service failed to start due to the following error: %%20

Error - 18.1.2010 г. 10:12:03 | Computer Name = USER-0CCED92A1A | Source = Service Control Manager | ID = 7000

Description = The DgiVecp service failed to start due to the following error: %%20

Error - 19.1.2010 г. 04:10:43 | Computer Name = USER-0CCED92A1A | Source = Service Control Manager | ID = 7000

Description = The DgiVecp service failed to start due to the following error: %%20

Error - 19.1.2010 г. 06:53:55 | Computer Name = USER-0CCED92A1A | Source = Service Control Manager | ID = 7000

Description = The DgiVecp service failed to start due to the following error: %%20

< End of report >

СТЪПКА 1

Стартирайте OTL.exe и с copy/paste под колонката "Custom Scans/Fixes" и въведете следната информация:

Важно е да копирате скрипта точно, както съм го написал - започва с двуточието преди OTL !

:OTL

PRC - C:\WINDOWS\system32\fqlguoyplxefmomog.exe ()

PRC - C:\Documents and Settings\!\Local Settings\Temp\zalwakk.exe ()

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: [mmwgjs] C:\WINDOWS\System32\maywnkxrqfptdijojbvw.exe ()

O4 - HKLM..\Run: [qwmclafriprn] C:\Documents and Settings\!\Local Settings\Temp\yicwjclbwhnnturs.exe ()

O4 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003..\Run: [fivioaclz] C:\WINDOWS\System32\fqlguoyplxefmomog.exe ()

O4 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003..\Run: [mmwgjs] C:\Documents and Settings\!\Local Settings\Temp\bqpogesnndotekmsohcew.exe ()

O4 - HKLM..\RunOnce: [tynckycndjk] C:\Documents and Settings\!\Local Settings\Temp\zmjgwsexvjsveiimgxq.exe ()

O4 - HKLM..\RunOnce: [zalwakk] C:\WINDOWS\System32\yicwjclbwhnnturs.exe ()

O4 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003..\RunOnce: [ycqelyblaf] C:\WINDOWS\System32\zmjgwsexvjsveiimgxq.exe ()

O4 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003..\RunOnce: [zalwakk] C:\Documents and Settings\!\Local Settings\Temp\zmjgwsexvjsveiimgxq.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: oqcotefn = yicwjclbwhnnturs.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: bajsu = C:\DOCUME~1\!\LOCALS~1\Temp\bqpogesnndotekmsohcew.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\S-1-5-21-1757981266-746137067-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O32 - AutoRun File - [2009.12.03 10:19:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010.01.21 10:11:04 | 00,000,826 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010.01.21 10:11:05 | 00,000,820 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{367ad49e-05ac-11df-be33-001fc659768e}\Shell\AutoRun\command - "" = G:\fivioaclz.bat -- File not found

O33 - MountPoints2\{367ad49e-05ac-11df-be33-001fc659768e}\Shell\explore\Command - "" = G:\pwneoekxpxaxa.bat -- File not found

O33 - MountPoints2\{367ad49e-05ac-11df-be33-001fc659768e}\Shell\open\Command - "" = G:\tynckycndjk.bat -- File not found

[2010.01.21 10:25:30 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj

[2010.01.21 10:25:30 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\System32\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj

[2010.01.21 10:25:30 | 00,002,408 | -H-- | M] () -- C:\Program Files\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj

[2010.01.21 10:25:30 | 00,002,408 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj

[2010.01.21 10:25:30 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\bajsucafppkzukwmsvamoewpwwv.npx

[2010.01.21 10:25:30 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\bajsucafppkzukwmsvamoewpwwv.npx

[2010.01.21 10:25:30 | 00,000,280 | -H-- | M] () -- C:\Program Files\bajsucafppkzukwmsvamoewpwwv.npx

[2010.01.21 10:25:30 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\bajsucafppkzukwmsvamoewpwwv.npx

[2010.01.21 10:25:01 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\System32\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv

[2010.01.21 10:25:01 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv

[2010.01.21 10:25:01 | 00,000,316 | -H-- | M] () -- C:\Program Files\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv

[2010.01.21 10:25:01 | 00,000,316 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv

[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\zmjgwsexvjsveiimgxq.exe

[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\yicwjclbwhnnturs.exe

[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\siiibaplmdpvhoryvploho.exe

[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\oawshcnfcpxzhkjmfv.exe

[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\maywnkxrqfptdijojbvw.exe

[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\fqlguoyplxefmomog.exe

[2010.01.21 10:24:36 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\bqpogesnndotekmsohcew.exe

[2010.01.21 10:11:04 | 00,577,536 | RHS- | M] () -- C:\pwneoekxpxaxa.bat

[2010.01.21 10:11:04 | 00,000,826 | RHS- | M] () -- C:\autorun.inf

[2010.01.21 10:10:31 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\siiibaplmdpvhoryvploho.exe

[2010.01.21 10:10:31 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\bqpogesnndotekmsohcew.exe

[2010.01.21 10:10:30 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\maywnkxrqfptdijojbvw.exe

[2010.01.21 10:10:29 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\zmjgwsexvjsveiimgxq.exe

[2010.01.21 10:10:28 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\yicwjclbwhnnturs.exe

[2010.01.21 10:04:25 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\oawshcnfcpxzhkjmfv.exe

[2010.01.21 00:01:00 | 00,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010.01.20 22:52:12 | 00,577,536 | RHS- | M] () -- C:\WINDOWS\System32\fqlguoyplxefmomog.exe

[2010.01.20 20:49:45 | 00,000,073 | -H-- | M] () -- C:\WINDOWS\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx

[2010.01.20 20:49:45 | 00,000,073 | -H-- | M] () -- C:\WINDOWS\System32\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx

[2010.01.20 20:49:45 | 00,000,073 | -H-- | M] () -- C:\Program Files\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx

[2010.01.20 20:49:45 | 00,000,073 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx

[2010.01.20 20:48:18 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct

[2010.01.20 20:48:18 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\System32\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct

[2010.01.20 20:48:18 | 00,004,248 | -H-- | M] () -- C:\Program Files\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct

[2010.01.20 20:48:18 | 00,004,248 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct

[2009.02.19 06:09:24 | 00,577,536 | RHS- | M] () -- C:\fivioaclz.bat

[2010.01.21 10:11:04 | 00,577,536 | RHS- | M] () -- C:\pwneoekxpxaxa.bat

[2009.02.16 06:03:45 | 00,577,536 | RHS- | M] () -- C:\tynckycndjk.bat

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5216CD26

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB77E2C4

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:981349EA

@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C

:files

C:\WINDOWS\system32\fqlguoyplxefmomog.exe

C:\Documents and Settings\!\Local Settings\Temp\zalwakk.exe

C:\WINDOWS\*.tmp

C:\WINDOWS\System32\*.tmp

C:\Program Files\Ask.com

C:\RECYCLER

D:\RECYCLER

:reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\BitComet\BitComet.exe"=-

:Commands

[purity]

[emptytemp]

[Reboot]

Натиснете бутона Run Fix

Ще се създаде лог файл. Публикувайте го в следващия си пост.

СТЪПКА 2

1) Изтеглете: ESET Online Scanner

2) Стартирайте esetsmartinstaller_enu.exe

3) Сложете отметка на YES, I accept the Terms of Use и изберете Start

4) Скенерът ще започне да изтегля компонентите, които са му необходими.

5) Уверете се, че има отметки на следните редове, включително и тези от менюто Advanced Settings:

• 
  
• Remove found threats
  
• Scan archives
  
• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
  
• Enable Anti-Stealth technology
  

И накрая изберете Start

6) Скенерът ще започне да изтегля последните дефиниции.

7) След, като сканирането завърши изберете Finish.

8) Отидете в:

C:\Program Files\ESET\ESET Online Scanner

Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си пост.

СТЪПКА 3

Моля, изтеглете SystemLook и запазете програмата на десктопа.

# Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.

# Копирайте съдържанието на следния код в текстовото поле на програмата

:filefind

ATIDEMGX.dll

dxtmsft.dll

dxtrans.dll

* Кликнете на бутона Look, за да започне сканирането.

* Когато сканирането завърши ще Ви се отвори Notepad с резултата от сканирането. Моля, публикувайте лог файла в следващия си коментар.

След Run Fix последва това?

All processes killed

========== OTL ==========

No active process named fqlguoyplxefmomog.exe was found!

No active process named zalwakk.exe was found!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_USERS\S-1-5-21-1757981266-746137067-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mmwgjs deleted successfully.

C:\WINDOWS\system32\maywnkxrqfptdijojbvw.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\qwmclafriprn deleted successfully.

C:\Documents and Settings\!\Local Settings\Temp\yicwjclbwhnnturs.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-1757981266-746137067-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\fivioaclz deleted successfully.

C:\WINDOWS\system32\fqlguoyplxefmomog.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-1757981266-746137067-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\mmwgjs deleted successfully.

C:\Documents and Settings\!\Local Settings\Temp\bqpogesnndotekmsohcew.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tynckycndjk deleted successfully.

C:\Documents and Settings\!\Local Settings\Temp\zmjgwsexvjsveiimgxq.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\zalwakk deleted successfully.

C:\WINDOWS\system32\yicwjclbwhnnturs.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-1757981266-746137067-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ycqelyblaf deleted successfully.

C:\WINDOWS\system32\zmjgwsexvjsveiimgxq.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-1757981266-746137067-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\zalwakk deleted successfully.

File C:\Documents and Settings\!\Local Settings\Temp\zmjgwsexvjsveiimgxq.exe not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\oqcotefn deleted successfully.

C:\WINDOWS\yicwjclbwhnnturs.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\bajsu deleted successfully.

File C:\DOCUME~1\!\LOCALS~1\Temp\bqpogesnndotekmsohcew.exe not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1757981266-746137067-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

C:\AUTOEXEC.BAT moved successfully.

C:\autorun.inf moved successfully.

D:\autorun.inf moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{367ad49e-05ac-11df-be33-001fc659768e}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{367ad49e-05ac-11df-be33-001fc659768e}\ not found.

File G:\fivioaclz.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{367ad49e-05ac-11df-be33-001fc659768e}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{367ad49e-05ac-11df-be33-001fc659768e}\ not found.

File G:\pwneoekxpxaxa.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{367ad49e-05ac-11df-be33-001fc659768e}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{367ad49e-05ac-11df-be33-001fc659768e}\ not found.

File G:\tynckycndjk.bat not found.

C:\WINDOWS\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj moved successfully.

C:\WINDOWS\system32\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj moved successfully.

C:\Program Files\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj moved successfully.

C:\Documents and Settings\!\Local Settings\Application Data\tcvoasapjtyxccyyobqmyyaduengzldlaueji.njj moved successfully.

C:\WINDOWS\system32\bajsucafppkzukwmsvamoewpwwv.npx moved successfully.

C:\WINDOWS\bajsucafppkzukwmsvamoewpwwv.npx moved successfully.

C:\Program Files\bajsucafppkzukwmsvamoewpwwv.npx moved successfully.

C:\Documents and Settings\!\Local Settings\Application Data\bajsucafppkzukwmsvamoewpwwv.npx moved successfully.

C:\WINDOWS\system32\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv moved successfully.

C:\WINDOWS\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv moved successfully.

C:\Program Files\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv moved successfully.

C:\Documents and Settings\!\Local Settings\Application Data\oawshcnfcpxzhkjmfvnmbejpjwieapkvnkxfhpsr.ndv moved successfully.

C:\WINDOWS\zmjgwsexvjsveiimgxq.exe moved successfully.

File C:\WINDOWS\yicwjclbwhnnturs.exe not found.

C:\WINDOWS\siiibaplmdpvhoryvploho.exe moved successfully.

C:\WINDOWS\oawshcnfcpxzhkjmfv.exe moved successfully.

C:\WINDOWS\maywnkxrqfptdijojbvw.exe moved successfully.

C:\WINDOWS\fqlguoyplxefmomog.exe moved successfully.

C:\WINDOWS\bqpogesnndotekmsohcew.exe moved successfully.

C:\pwneoekxpxaxa.bat moved successfully.

File C:\autorun.inf not found.

C:\WINDOWS\system32\siiibaplmdpvhoryvploho.exe moved successfully.

C:\WINDOWS\system32\bqpogesnndotekmsohcew.exe moved successfully.

File C:\WINDOWS\System32\maywnkxrqfptdijojbvw.exe not found.

File C:\WINDOWS\System32\zmjgwsexvjsveiimgxq.exe not found.

File C:\WINDOWS\System32\yicwjclbwhnnturs.exe not found.

C:\WINDOWS\system32\oawshcnfcpxzhkjmfv.exe moved successfully.

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.

File C:\WINDOWS\System32\fqlguoyplxefmomog.exe not found.

C:\WINDOWS\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx moved successfully.

C:\WINDOWS\system32\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx moved successfully.

C:\Program Files\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx moved successfully.

C:\Documents and Settings\!\Local Settings\Application Data\zmjgwsexvjsveiimgxqqgkqxsgtqndzlecqzclppt.exx moved successfully.

C:\WINDOWS\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct moved successfully.

C:\WINDOWS\system32\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct moved successfully.

C:\Program Files\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct moved successfully.

C:\Documents and Settings\!\Local Settings\Application Data\yicwjclbwhnntursjxnkxybfxismgtmvlgrxxd.bct moved successfully.

C:\fivioaclz.bat moved successfully.

File C:\pwneoekxpxaxa.bat not found.

C:\tynckycndjk.bat moved successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:5216CD26 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:DB77E2C4 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:981349EA deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C deleted successfully.

========== FILES ==========

File\Folder C:\WINDOWS\system32\fqlguoyplxefmomog.exe not found.

C:\Documents and Settings\!\Local Settings\Temp\zalwakk.exe moved successfully.

C:\WINDOWS\SET1C.tmp moved successfully.

C:\WINDOWS\SET1F.tmp moved successfully.

C:\WINDOWS\SET2B.tmp moved successfully.

C:\WINDOWS\SET3.tmp moved successfully.

C:\WINDOWS\SET4.tmp moved successfully.

C:\WINDOWS\SET8.tmp moved successfully.

C:\WINDOWS\System32\CONFIG.TMP moved successfully.

C:\Program Files\Ask.com folder moved successfully.

C:\RECYCLER\S-1-5-21-1757981266-746137067-1801674531-1003 folder moved successfully.

C:\RECYCLER folder moved successfully.

D:\RECYCLER\S-1-5-21-854245398-515967899-1801674531-1004 folder moved successfully.

D:\RECYCLER\S-1-5-21-1757981266-746137067-1801674531-1003 folder moved successfully.

D:\RECYCLER folder moved successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\BitComet\BitComet.exe deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: !

->Temp folder emptied: 379220967 bytes

->Temporary Internet Files folder emptied: 109659478 bytes

->FireFox cache emptied: 55166982 bytes

->Google Chrome cache emptied: 5876372 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 4928363 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 17328227 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 33679926 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 578,00 mb

OTL by OldTimer - Version 3.1.25.3 log created on 01212010_143508

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Положението след онлайн скенера според мен е плачевен, но все пак резултата е следния:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=2a5fbc392633864383e5632c77b12241

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-01-21 01:21:21

# local_time=2010-01-21 03:21:21 (+0200, FLE Standard Time)

# country="Bulgaria"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=768 16777215 100 0 3792276 3792276 0 0

# compatibility_mode=1536 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 3784 3784 0 0

# scanned=42757

# found=28

# cleaned=28

# scan_time=1419

C:\Documents and Settings\!\Desktop\FLASHKA\autorun.inf Win32/AutoRun.Agent.TE worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_\autorun.inf INF/Autorun.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_\fivioaclz.bat Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_\pwneoekxpxaxa.bat Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_\tynckycndjk.bat Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_Documents and Settings\!\Local Settings\Temp\bqpogesnndotekmsohcew.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_Documents and Settings\!\Local Settings\Temp\yicwjclbwhnnturs.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_Documents and Settings\!\Local Settings\Temp\zalwakk.exe a variant of Win32/AutoRun.Agent.TG worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_Documents and Settings\!\Local Settings\Temp\zmjgwsexvjsveiimgxq.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\bqpogesnndotekmsohcew.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\fqlguoyplxefmomog.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\maywnkxrqfptdijojbvw.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\oawshcnfcpxzhkjmfv.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\siiibaplmdpvhoryvploho.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\yicwjclbwhnnturs.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\zmjgwsexvjsveiimgxq.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\system32\bqpogesnndotekmsohcew.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\system32\fqlguoyplxefmomog.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\system32\maywnkxrqfptdijojbvw.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\system32\oawshcnfcpxzhkjmfv.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\system32\siiibaplmdpvhoryvploho.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\system32\yicwjclbwhnnturs.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\C_WINDOWS\system32\zmjgwsexvjsveiimgxq.exe Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\01212010_143508\D_\autorun.inf INF/Autorun.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

D:\fivioaclz.bat Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\pwneoekxpxaxa.bat Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\tynckycndjk.bat Win32/AutoRun.Agent.UD worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\PROGRAMKI\Nero_BackItUpAndBurn-1.0.5_update.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

След сканирането със SystemLook резултата е следния:

SystemLook v1.0 by jpshortstuff (11.01.10)

Log created at 15:27 on 21/01/2010 by ! (Administrator - Elevation successful)

========== filefind ==========

Searching for "ATIDEMGX.dll"

C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\ATIDEMGX.dll --a--- 421888 bytes [12:23 27/05/2008] [12:23 27/05/2008] DB527D8FE56923A44F3E8D844F167C5F

C:\WINDOWS\system32\ATIDEMGX.dll --a--- 421888 bytes [08:47 04/12/2009] [08:11 25/06/2008] 576913F2B928327B57538E4110FA9977

Searching for "dxtmsft.dll"

C:\WINDOWS\ie8\dxtmsft.dll --a--c 357888 bytes [08:48 04/12/2009] [12:00 14/04/2008] FB8B75D3BE728E4D41C19AFBA339151E

C:\WINDOWS\system32\dllcache\dxtmsft.dll --a--c 348160 bytes [12:00 14/04/2008] [02:31 08/03/2009] 057D53F1490598D41D9D4DEE9A92B0B1

C:\WINDOWS\system32\dxtmsft.dll --a--- 348160 bytes [12:00 14/04/2008] [02:31 08/03/2009] 057D53F1490598D41D9D4DEE9A92B0B1

Searching for "dxtrans.dll"

C:\WINDOWS\ie8\dxtrans.dll --a--c 205312 bytes [08:48 04/12/2009] [12:00 14/04/2008] F3B0AC8A0C792544BF56999ABDB25F0C

C:\WINDOWS\system32\dllcache\dxtrans.dll --a--c 216064 bytes [12:00 14/04/2008] [02:31 08/03/2009] 5E1A0476E009A1930A524DFF4CA13982

C:\WINDOWS\system32\dxtrans.dll --a--- 216064 bytes [12:00 14/04/2008] [02:31 08/03/2009] 5E1A0476E009A1930A524DFF4CA13982

-=End Of File=-

*. Временно спрете защитата на антивирусната си програма!

*. Изтеглете Combofix.

*. Запазете го на на декстопа.

*. Отворете notepad.exe и въведете следната информация с copy/paste:

KILLALL::

Fcopy::

C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\ATIDEMGX.dll | C:\WINDOWS\system32\ATIDEMGX.dll

C:\WINDOWS\ie8\dxtmsft.dll | C:\WINDOWS\system32\dxtmsft.dll

C:\WINDOWS\ie8\dxtmsft.dll | C:\WINDOWS\system32\dllcache\dxtmsft.dll

C:\WINDOWS\ie8\dxtrans.dll | C:\WINDOWS\system32\dxtrans.dll

C:\WINDOWS\ie8\dxtrans.dll | C:\WINDOWS\system32\dllcache\dxtrans.dll

*. Запазете файла с име CFScript и го провлачете в Combofix.exe

*. По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !

*. Публикувайте лог файла, който ще се създаде след рестарта на компютъра в следващия си пост.

ComboFix 10-01-20.05 - ! 01.2010 г. 16:47:46.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.1791.1404 [GMT 2:00]

Running from: c:\documents and settings\!\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\!\Desktop\CFScript.txt

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\!\Start Menu\Programs\Startup\desktop.ini

c:\documents and settings\All Users\Start Menu\Programs\Startup\desktop.ini

c:\documents and settings\Default User\Start Menu\Programs\Startup\desktop.ini

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini

.

--------------- FCopy ---------------

c:\program files\ATI Technologies\ATI.ACE\Core-Implementation\ATIDEMGX.dll --> c:\windows\system32\ATIDEMGX.dll

c:\windows\ie8\dxtmsft.dll --> c:\windows\system32\dxtmsft.dll

c:\windows\ie8\dxtmsft.dll --> c:\windows\system32\dllcache\dxtmsft.dll

c:\windows\ie8\dxtrans.dll --> c:\windows\system32\dxtrans.dll

c:\windows\ie8\dxtrans.dll --> c:\windows\system32\dllcache\dxtrans.dll

.

((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))

.

2010-01-21 13:42 . 2010-01-21 13:42 -------- d-----w- c:\documents and settings\!\Application Data\Malwarebytes

2010-01-21 13:42 . 2010-01-21 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-21 08:23 . 2010-01-21 08:23 -------- d-----w- C:\_OTL

2010-01-20 20:19 . 2010-01-20 20:19 -------- d-----w- c:\windows\system32\LogFiles

2010-01-20 19:56 . 2001-08-17 20:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll

2010-01-20 19:56 . 2001-08-17 20:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll

2010-01-20 19:56 . 2001-08-17 20:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll

2010-01-20 19:56 . 2001-08-17 20:36 8192 ----a-w- c:\windows\system32\kbdkor.dll

2010-01-20 19:56 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll

2010-01-20 19:56 . 2001-08-17 12:55 6144 ----a-w- c:\windows\system32\kbd101c.dll

2010-01-20 19:56 . 2001-08-17 12:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll

2010-01-20 19:56 . 2001-08-17 12:55 5632 ----a-w- c:\windows\system32\kbd103.dll

2010-01-20 19:56 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll

2010-01-20 19:56 . 2001-08-17 12:55 6144 ----a-w- c:\windows\system32\kbd101b.dll

2010-01-20 19:56 . 2008-04-14 03:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll

2010-01-20 19:56 . 2008-04-14 03:39 6144 ----a-w- c:\windows\system32\kbd106.dll

2010-01-18 15:18 . 2010-01-18 15:18 -------- d-----w- c:\documents and settings\!\Application Data\URSE Games

2010-01-14 14:07 . 2010-01-14 14:07 -------- d-----w- c:\documents and settings\!\Application Data\Virtual Prophecy

2010-01-13 14:35 . 2010-01-13 14:35 -------- d-----w- c:\documents and settings\!\Application Data\Dragon Altar Games

2010-01-13 13:42 . 2010-01-13 13:42 -------- d-----w- c:\documents and settings\!\Application Data\Aisle 5 Games, Inc

2010-01-13 13:42 . 2010-01-13 13:42 4096 ----a-w- c:\windows\d3dx.dat

2010-01-13 13:41 . 2010-01-13 13:41 -------- d-----w- c:\windows\G.H.O.S.T Chronicles - Phantom of the Renaissance Faire

2010-01-12 17:32 . 2010-01-12 17:32 -------- d-----w- c:\documents and settings\!\Local Settings\Application Data\Game Mill Files

2010-01-12 16:55 . 2008-04-14 03:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2010-01-12 16:55 . 2008-04-14 03:41 21504 ----a-w- c:\windows\system32\hidserv.dll

2010-01-12 16:55 . 2001-08-17 11:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2010-01-12 16:55 . 2001-08-17 11:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-01-12 16:55 . 2008-04-13 22:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-01-12 16:55 . 2008-04-13 22:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-01-12 14:46 . 2010-01-12 14:46 -------- d-----w- c:\documents and settings\!\Application Data\TitanicMystery

2010-01-11 16:04 . 2010-01-11 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Gogii

2010-01-11 16:03 . 2010-01-11 16:03 -------- d-----w- c:\program files\ReflexiveArcade

2010-01-07 14:29 . 2010-01-07 14:29 -------- d-----w- c:\documents and settings\!\Application Data\YoudaGames

2010-01-07 12:52 . 2010-01-07 12:52 -------- d-----w- c:\documents and settings\!\Application Data\Artogon

2010-01-06 21:26 . 2010-01-12 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-01-06 21:26 . 2010-01-06 21:26 -------- d-----w- c:\program files\NOS

2010-01-06 15:15 . 2010-01-06 15:15 -------- d-----w- c:\documents and settings\!\Application Data\Orneon

2010-01-05 21:44 . 2010-01-05 21:44 -------- d-----w- c:\documents and settings\!\Application Data\Go-Go Gourmet Chef of the Year

2010-01-05 20:43 . 2010-01-05 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\JollyBear

2010-01-05 20:43 . 2010-01-05 20:43 -------- d-----w- c:\documents and settings\!\Local Settings\Application Data\JollyBear

2010-01-05 20:42 . 2010-01-05 20:42 -------- d-----w- c:\program files\Common Files\Oberon Media

2010-01-05 20:05 . 2010-01-05 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom

2010-01-05 20:05 . 2010-01-05 20:05 -------- d-----w- c:\documents and settings\!\Application Data\Merscom

2010-01-05 18:52 . 2010-01-05 19:16 -------- d-----w- c:\program files\Microids

2010-01-05 12:28 . 2010-01-05 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst

2010-01-05 12:28 . 2010-01-05 12:28 -------- d-----w- c:\documents and settings\!\Application Data\PlayFirst

2010-01-03 17:30 . 2010-01-03 17:30 -------- d-----w- c:\documents and settings\!\Application Data\Media Player Classic

2009-12-30 13:58 . 2009-12-30 13:58 -------- d--h--w- c:\windows\PIF

2009-12-30 10:25 . 2009-12-30 10:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2009-12-30 10:14 . 2009-12-30 10:14 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-12-30 10:14 . 2010-01-21 09:21 -------- d-----w- c:\documents and settings\!\Application Data\skypePM

2009-12-30 10:13 . 2009-12-30 10:13 -------- d-----w- c:\program files\Common Files\Skype

2009-12-22 19:40 . 2010-01-20 19:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Panda Software

2009-12-22 19:40 . 2009-12-22 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\sentinel

2009-12-22 19:39 . 2010-01-20 19:03 -------- d-----w- c:\documents and settings\!\Local Settings\Application Data\Panda Software

2009-12-22 19:37 . 2010-01-20 19:04 -------- d-----w- c:\program files\Common Files\Panda Software

2009-12-22 19:33 . 2009-12-22 19:33 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2009-12-22 19:33 . 2009-12-30 10:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2009-12-22 19:33 . 2009-12-22 19:33 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache

2009-12-22 19:20 . 2008-12-17 17:41 884237 ----a-w- c:\documents and settings\!\Application Data\BSplayer PRO\FFDShow\ff_x264.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-21 14:43 . 2009-12-03 15:41 -------- d-----w- c:\program files\FlashGet

2010-01-21 14:27 . 2009-12-06 17:23 -------- d-----w- c:\documents and settings\!\Application Data\Skype

2010-01-21 12:54 . 2009-12-04 08:57 -------- d-----w- c:\program files\ESET

2010-01-21 12:40 . 2009-12-03 08:26 42168 ----a-w- c:\documents and settings\!\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-01-20 19:04 . 2009-12-03 08:31 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-11 17:43 . 2009-12-07 11:29 -------- d-----w- c:\documents and settings\!\Application Data\uTorrent

2010-01-07 23:35 . 2009-12-12 17:02 -------- d-----w- c:\documents and settings\!\Application Data\Big Fish Games

2010-01-07 23:28 . 2009-12-17 11:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-01-05 22:43 . 2009-12-18 13:18 -------- d-----w- c:\documents and settings\!\Application Data\ERS G-Studio

2009-12-30 10:14 . 2009-12-06 17:32 -------- d-----w- c:\program files\Google

2009-12-30 10:13 . 2009-12-04 09:02 -------- d-----r- c:\program files\Skype

2009-12-30 10:13 . 2009-12-04 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2009-12-22 19:21 . 2009-12-11 15:43 -------- d-----w- c:\documents and settings\!\Application Data\BSplayer PRO

2009-12-20 14:55 . 2009-12-20 14:55 -------- d-----w- c:\documents and settings\!\Application Data\Meridian93

2009-12-17 16:00 . 2009-12-17 14:54 -------- d-----w- c:\program files\Alawar

2009-12-17 14:57 . 2009-12-17 14:57 -------- d-----w- c:\documents and settings\!\Application Data\TMInc

2009-12-17 14:55 . 2009-12-17 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarGameBox

2009-12-17 11:56 . 2009-12-17 11:56 -------- d-----w- c:\documents and settings\!\Application Data\SunRay Games

2009-12-15 14:22 . 2009-12-15 14:22 8854 ----a-r- c:\documents and settings\!\Application Data\Microsoft\Installer\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}\Uninstall_DAMN_NFO_V_DA5E6A2DDEAA4152A43AFDBDE29AA724.exe

2009-12-15 14:22 . 2009-12-15 14:22 49152 ----a-r- c:\documents and settings\!\Application Data\Microsoft\Installer\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}\DAMN_NFO_Viewer.exe_DA5E6A2DDEAA4152A43AFDBDE29AA724.exe

2009-12-15 14:22 . 2009-12-15 14:22 49152 ----a-r- c:\documents and settings\!\Application Data\Microsoft\Installer\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}\ARPPRODUCTICON.exe

2009-12-15 12:22 . 2009-12-15 12:22 -------- d-----w- c:\documents and settings\!\Application Data\IronCode

2009-12-12 13:27 . 2009-12-12 13:27 -------- d-----w- c:\documents and settings\!\Application Data\casanova

2009-12-12 06:45 . 2009-12-12 06:45 -------- d-----w- c:\program files\Common Files\DirectX

2009-12-10 21:20 . 2009-12-10 21:20 -------- d-----w- c:\program files\KONAMI

2009-12-10 13:44 . 2009-12-10 13:44 -------- d-----w- c:\documents and settings\!\Application Data\ChaYoWo Games

2009-12-10 09:44 . 2009-12-10 09:44 -------- d-----w- c:\documents and settings\!\Application Data\V-Games

2009-12-09 21:47 . 2009-12-09 21:47 -------- d-----w- c:\program files\MSXML 4.0

2009-12-08 16:33 . 2009-12-08 16:33 -------- d-----w- c:\program files\Alwil Software

2009-12-08 12:22 . 2009-12-08 12:22 -------- d-----w- c:\documents and settings\!\Application Data\SmarThru4

2009-12-08 12:22 . 2009-12-08 12:21 -------- d-----w- c:\program files\SmarThru 4

2009-12-08 12:22 . 2009-12-08 12:22 -------- d-----w- c:\program files\Common Files\SRC Shared

2009-12-08 12:22 . 2009-12-08 12:21 -------- d-----w- c:\program files\Readiris10

2009-12-08 12:19 . 2009-12-08 12:19 -------- d-----w- c:\program files\SAMSUNG

2009-12-08 08:47 . 2009-12-04 09:02 -------- d-----w- c:\program files\Common Files\Adobe

2009-12-07 11:35 . 2009-12-07 11:35 0 ----a-w- c:\windows\nsreg.dat

2009-12-07 11:35 . 2009-12-07 11:35 -------- d-----w- c:\documents and settings\!\Application Data\CometNetwork

2009-12-07 11:33 . 2009-12-07 11:33 1032192 ----a-w- c:\documents and settings\!\Application Data\Mozilla\Firefox\Profiles\w0e6djt8.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll

2009-12-07 10:09 . 2009-12-07 10:09 1961720 ----a-w- c:\documents and settings\!\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

2009-12-06 22:05 . 2009-12-06 22:05 -------- d-----w- c:\program files\MSBuild

2009-12-06 22:05 . 2009-12-06 22:05 -------- d-----w- c:\program files\Reference Assemblies

2009-12-06 17:11 . 2009-12-06 17:11 -------- d-----w- c:\documents and settings\!\Application Data\Auslogics

2009-12-06 17:11 . 2009-12-06 17:11 -------- d-----w- c:\documents and settings\!\Application Data\Ahead

2009-12-04 09:09 . 2009-12-04 09:09 -------- d-----w- c:\program files\DAEMON Tools

2009-12-04 09:08 . 2009-12-04 09:08 685816 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-12-04 09:07 . 2009-12-04 09:07 177024 ----a-w- c:\documents and settings\!\Application Data\Mozilla\Firefox\Profiles\w0e6djt8.default\FlashGot.exe

2009-12-04 09:05 . 2009-12-04 09:05 -------- d-----w- c:\program files\Microsoft ActiveSync

2009-12-04 09:04 . 2009-12-04 09:04 -------- d-----w- c:\program files\Microsoft.NET

2009-12-04 09:04 . 2009-12-04 09:04 -------- d-----w- c:\program files\Winamp

2009-12-04 09:03 . 2009-12-04 09:03 -------- d-----w- c:\program files\Common Files\Ahead

2009-12-04 09:03 . 2009-12-04 09:03 -------- d-----w- c:\program files\Nero

2009-12-04 09:01 . 2009-12-04 09:01 -------- d-----w- c:\program files\K-Lite Codec Pack

2009-12-04 09:01 . 2009-12-04 09:01 -------- d-----w- c:\program files\Auslogics

2009-12-04 08:57 . 2009-12-04 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI

2009-12-04 08:57 . 2009-12-04 08:57 -------- d-----w- c:\documents and settings\!\Application Data\ATI

2009-12-04 08:56 . 2009-12-04 08:56 0 ----a-w- c:\windows\ativpsrm.bin

2009-12-04 08:55 . 2009-12-04 08:51 -------- d-----w- c:\program files\ATI Technologies

2009-12-04 08:54 . 2009-12-03 08:31 -------- d-----w- c:\program files\Common Files\InstallShield

2009-12-04 08:54 . 2009-12-04 08:54 9158 ----a-r- c:\documents and settings\!\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe

2009-12-04 08:54 . 2009-12-04 08:54 -------- d-----w- c:\program files\Common Files\ATI Technologies

2009-12-04 08:27 . 2009-12-03 08:18 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-12-03 15:33 . 2009-12-03 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2009-12-03 15:32 . 2009-12-03 15:32 -------- d-----w- c:\program files\Realtek

2009-12-03 15:32 . 2009-12-03 15:32 315392 ----a-w- c:\windows\HideWin.exe

2009-12-03 08:19 . 2009-12-03 08:19 -------- d-----w- c:\program files\microsoft frontpage

2009-12-03 08:16 . 2009-12-03 08:16 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2009-11-24 21:57 . 2009-12-04 09:04 110 ----a-w- c:\program files\setup.cmd

2009-11-21 15:51 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-10-29 07:45 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-06 39408]

"BitComet"="d:\programki\BitComet\BitComet.exe" [2009-12-28 2940664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-06 122368]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-08-16 503808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableInstallerDetection"= 0 (0x0)

"EnableSecureUIAPaths"= 0 (0x0)

"EnableVirtualization"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\FlashGet\\FlashGet.exe"=

"d:\\PROGRAMKI\\BitComet\\BitComet.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"d:\\utorrent.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"25403:TCP"= 25403:TCP:BitComet 25403 TCP

"25403:UDP"= 25403:UDP:BitComet 25403 UDP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04.12.2009 г. 11:08 685816]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [03.12.2009 г. 10:31 37376]

S2 gupdate1ca8938d8592458;Услуга Google Update (gupdate1ca8938d8592458);c:\program files\Google\Update\GoogleUpdate.exe [30.12.2009 г. 12:14 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 10:14]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 10:14]

2010-01-21 c:\windows\Tasks\User_Feed_Synchronization-{C92D3F70-81D1-4578-85AB-90349F363915}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

IE: &D&ownload &with BitComet - d:\programki\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - d:\programki\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - d:\programki\BitComet\BitComet.exe/AddAllLink.htm

IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm

IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\!\Application Data\Mozilla\Firefox\Profiles\w0e6djt8.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

AddRemove-CometBird (3.5.5) - c:\program files\CometBird\uninstall\helper.exe

AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114643957} - c:\program files\Games Of The Month\Big City Adventure Sydney\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-21 16:50

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x89C408AC]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28

\Driver\ACPI -> ACPI.sys @ 0xb9e7dcb8

\Driver\atapi -> atapi.sys @ 0xb9e12b40

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

NDIS: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d1bbb0

PacketIndicateHandler -> NDIS.sys @ 0xb9d28a21

SendHandler -> NDIS.sys @ 0xb9d0687b

user & kernel MBR OK

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4080)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\program files\Google\Quick Search Box\bin\1.2.1151.235\qsb.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\RTHDCPL.EXE

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-01-21 16:51:54 - machine was rebooted

ComboFix-quarantined-files.txt 2010-01-21 14:51

Pre-Run: 7 230 296 064 bytes free

Post-Run: 7 195 320 320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F59033BAD38D0884D0AF96F8FD381B4C

Супер.

СТЪПКА 1

Деинсталирайте Combofix => Start => Run => въведете Combofix /Uninstall => (има празно място между Combofix и /Uninstall) => Enter => това ще стартира и ще деинсталира Combofix. Ще затрие и файловете асоциирани с този инструмент, както и папката C:\Qoobox - карантината на Combofix.

Стартирайте OTL.exe => натиснете Cleanup! бутона => за да изтриете някои от използваните от нас програми. Това ще изтрие и папката C:\_OTL => карантинната папка на OTL.exe.

СТЪПКА 2

Изтеглете SafeBootKeyRepair.exe и го стартирайте.

Следвайте инструкциите.

СТЪПКА 3

Изтеглете Malwarebytes' Anti-Malware от тук

Кликнете два пъти върху mbam-setup.exe за да инсталирате програмата.

• * Уверете се, че има отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware, след това кликнете на Finish.
  * Ако има намерени по-нови обновления, тя ще ги изтегли и инсталира.
  * Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.
  * Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
  * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
  * Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
  * Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.
  

Бележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

След стартирането на SafeBootReprir.exe ми се появи това:

Reg export of SafeBoot key after repair:

========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]

"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]

@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]

@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]

@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

@="Human Interface Devices"

========================

Продължете със стъпка номер 3 и проверете с Malwarebytes.

Публикувайте лог файла.

Ето това е логът:

Malwarebytes' Anti-Malware 1.44

Версия на базата от данни: 3608

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

21.1.2010 г. 18:06:46

mbam-log-2010-01-21 (18-06-46).txt

Тип сканиране: Пълно сканиране (C:\|D:\|E:\|F:\|)

Сканирани обекти: 149075

Изминало време: 11 minute(s), 21 second(s)

Заразени процеси в паметта: 0

Заразени модули в паметта: 0

Заразени ключове в регистратурата: 0

Заразени стойности в регистратурата: 0

Заразени информационни обекти в регистратурата: 0

Заразени папки: 0

Заразени файлове: 26

Заразени процеси в паметта:

(Не бяха открити заплахи)

Заразени модули в паметта:

(Не бяха открити заплахи)

Заразени ключове в регистратурата:

(Не бяха открити заплахи)

Заразени стойности в регистратурата:

(Не бяха открити заплахи)

Заразени информационни обекти в регистратурата:

(Не бяха открити заплахи)

Заразени папки:

(Не бяха открити заплахи)

Заразени файлове:

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001062.bat (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001063.bat (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001064.exe (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001065.exe (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001067.exe (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001068.exe (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001069.exe (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001070.exe (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001071.exe (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001072.exe (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001073.exe (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001074.exe (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001075.exe (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001076.exe (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001077.exe (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001078.exe (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001080.exe (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001081.exe (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001061.bat (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001079.exe (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001202.sys (Malware.Trace) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001354.sys (Malware.Trace) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001406.sys (Malware.Trace) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001083.bat (Trojan.KillAV) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001084.bat (Trojan.KillAV) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{2ACA4347-3042-4DDE-B1A5-C2CFD120346C}\RP2\A0001085.bat (Trojan.KillAV) -> Quarantined and deleted successfully.

СТЪПКА 1

Временно спрете System Restore => Десен бутон на My Computer => Properties => System Restore => сложете отметка пред => Turn Off System Restore on all drives.

СТЪПКА 2

* Изтеглете Panda USB Vaccine

* Натиснете бутона Vaccinate Computer.

СТЪПКА 3

Преинсталирайте Скайп без "добавките":

(описанието е взето от Night_Raven)

1. Деинсталирай Skype и го инсталирай без диспечера на на екстрите. Те позволяват на Skype да ползва разни допълнения - детектори на лъжата, допълнения за настроения и всякакви други шарении. Инсталацията на екстрите води и до инсталиране на SkypePM.exe, който се вижда в Task Manager и някои хора се чудят какво е, защото понякога гълта доста памет. Именно с тези екстри се инсталира и Skype4COM протокола, чрез който тази гадинка и всичкия спам, който циркулира в Skype, се разпространява. Традиционния метод е следния: даден потребител е залъган да изтегли и стартира дадена програма, която обещава да добави икони/да разбие парола/нещо друго. Тази програма обаче не е нищо повече от скрипт (VBS в повечето случаи), който не прави нищо от обещаното, а използва споменатия по-горе протокол да се разпрати на всички абонати в списъка.

Ако този протокол го няма, дори и да се стартира подобен спам-скрипт, той няма да може да разпрати нищо.

Ето графична илюстрация как да НЕ се инсталират екстрите:

2. Не стартирайте съмнителни файлове получени по Скайп (дори от познати в контакт листата) без преди това да сте ги проверила с антивирусната си програма или на адрес:

http://www.virustotal.com

СТЪПКА 4

Изтеглете и инсталирайте антивирусна по-ваш избор. Обновете я и направете пълна проверка на системата си с нея.

Може да пробвате новата версия на avast! 5.0.377 Final, която се появи тези дни.

Много, много, ама много ти благодаря страхотен си

Имам още един въпрос да деинсталирам ли Malwarebytes' Anti-Malware , и дали Panda USB Vaccine и avast! 5.0.377 Final няма ли да си пречат

Редактирано 21 януари 201016 г. от tonitaakg (преглед на промените)

Имам още един въпрос да деинсталирам ли Malwarebytes' Anti-Malware , и дали Panda USB Vaccine и avast! 5.0.377 Final няма ли да си пречат

Не, оставете си Malwarebytes и често сканирайте с нея. Безплатната версия няма защита в реално време (а и да имаше пак нямаше да пречи), защото е създадена да допълва антивирусните програми. Малко са приложенията които имат проблеми с нея.

Нарочно ви дадох линк към по-стара версия на Panda USB VAccine, която не се инсталира. Инструмента можете да го изтриете, след като си е свършил вече работата (предполагам сте натиснали опцията Vaccinate Computer).

След като инсталирате avast! и като направите пълна проверка на системата кажете дали е открил нещо, за да знам дали имате нужда от още методи за превенция или сме си свършили работата. Засега няма да слагам статус РЕШЕН, докато не се убедя, че червея няма да се завърне.

Невероятен си пълната проверка с Avast!5.0.377 Final не откри нищо благодаря за което

Невероятен си пълната проверка с Avast!5.0.377 Final не откри нищо благодаря за което

Хах, чак невероятен не съм. Заразата е стара и просто следвам стандартната процедура, която сме тествали, че е ефективна срещу нея.

Радвам се, че всичко е ОК. При нови проблеми пишете отново.

Надявам се да няма проблеми, но все пак ще следя с интерес форума

Здравейте!

Аз искам да попитам, даденият алгоритъм за отстраняване на този проблем универсален ли е или решението му е индивидуално за всеки компютър?

Поздрави!

Здравейте!

Аз искам да попитам, даденият алгоритъм за отстраняване на този проблем универсален ли е или решението му е индивидуално за всеки компютър?

Поздрави!

Сканирането с ESET Online Scanner и Malwarebytes' Anti-Malware е универсално, но се предполага, че вируса ще ги е блокирал. Затова преди тях се използват специализирани инструменти за които се пишат скриптове за всяка индивидуална машина да почистят някои от заразите и да направят възможно използването на ESET Online Scanner и на Malwarebytes' Anti-Malware. Предлагам Ви ако имате този проблем, да си отворите нова тема в подраздела публикувайки нужните логове от OTL.exe.

Имах същия проблем като tonitaakg и ползвах същата стратегия...И се получи! Регистрирах се единствено, за да мога да ви се отблагодаря! Страшни сте!!!