PC Security Guardian

10 юни 201115 г.

Интересно, сега пък логовете изглеждат чисти. Изглежда сте се справили със заместването на файла под Recovery Console.

Все пак да проверим това:

Стартирайте файла с двукратен клик на мишката.
Под с Copy/ Paste въведете следната текстова информация:

/md5start
update.sys
tcpip.sys
usbVM31b.sys
/md5stop

Натиснете маркираният в синьо бутон: .
Като приключи проверката, ще се създадe файл - OTL.Txt
Публикувайте съдържанието на лог файла в следващия си коментар.

Може ли да направите и още една проверка с TDSSKiller - лог файла, който сте публикували в предишния си пост нещо е доста късичък...

Поздрави !

Цитирай

10 юни 201115 г.

Автор

TDSSKiller:

2011/06/10 12:03:34.0812 3160 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/10 12:03:35.0140 3160 ================================================================================
2011/06/10 12:03:35.0140 3160 SystemInfo:
2011/06/10 12:03:35.0140 3160
2011/06/10 12:03:35.0140 3160 OS Version: 5.1.2600 ServicePack: 2.0
2011/06/10 12:03:35.0140 3160 Product type: Workstation
2011/06/10 12:03:35.0140 3160 ComputerName: PC
2011/06/10 12:03:35.0140 3160 UserName: name
2011/06/10 12:03:35.0140 3160 Windows directory: C:\WINDOWS
2011/06/10 12:03:35.0140 3160 System windows directory: C:\WINDOWS
2011/06/10 12:03:35.0140 3160 Processor architecture: Intel x86
2011/06/10 12:03:35.0140 3160 Number of processors: 1
2011/06/10 12:03:35.0140 3160 Page size: 0x1000
2011/06/10 12:03:35.0140 3160 Boot type: Normal boot
2011/06/10 12:03:35.0140 3160 ================================================================================
2011/06/10 12:03:38.0406 3160 Initialize success

Незнам защо е толкова кратък..

OTL:

OTL logfile created on: 10.6.2011 г. 11:32:09 - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\name\Desktop
Windows XP Professional Edition Service Pack 2, v.2149 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2149)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

767,23 Mb Total Physical Memory | 183,06 Mb Available Physical Memory | 23,86% Memory free
1,83 Gb Paging File | 1,17 Gb Available in Paging File | 63,91% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,51 Gb Total Space | 10,81 Gb Free Space | 52,69% Space Free | Partition Type: NTFS
Drive D: | 27,98 Gb Total Space | 12,35 Gb Free Space | 44,14% Space Free | Partition Type: NTFS
Drive E: | 28,20 Gb Total Space | 26,27 Gb Free Space | 93,15% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: name | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.06.09 21:45:28 | 001,111,552 | ---- | M] () -- C:\Documents and Settings\name\Desktop\FSCapture.exe
PRC - [2011.06.06 11:11:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\name\Desktop\OTL.exe
PRC - [2011.05.29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.04.30 08:29:14 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.09.07 19:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.09.07 19:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2006.11.16 19:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.11.16 18:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2004.06.10 17:15:42 | 001,030,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.05.05 08:57:30 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2003.01.21 15:19:24 | 000,040,960 | ---- | M] (VM.) -- C:\WINDOWS\Vm_sti.exe
PRC - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (SafeList) ==========

MOD - [2011.06.06 11:11:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\name\Desktop\OTL.exe
MOD - [2004.06.10 17:15:50 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2149_x-ww_a84b1f06\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.09.07 19:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.09.07 19:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.09.07 19:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.09.07 18:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.09.07 18:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.09.07 18:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.09.07 18:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.09.07 18:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.09.07 18:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2004.08.05 18:05:02 | 000,090,532 | ---- | M] (VM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2004.06.10 18:49:12 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim&ncid=snsusaimc00000001"
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.2.16749
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 12:21:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.20 11:35:10 | 000,000,000 | ---D | M]

[2010.09.01 15:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\name\Application Data\Mozilla\Extensions
[2011.06.10 08:58:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\name\Application Data\Mozilla\Firefox\Profiles\s7l8pd6b.default\extensions
[2011.05.26 13:01:23 | 000,000,000 | ---D | M] (PandoraTV Toolbar) -- C:\Documents and Settings\name\Application Data\Mozilla\Firefox\Profiles\s7l8pd6b.default\extensions\[email protected]
[2010.09.28 14:25:12 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\name\Application Data\Mozilla\Firefox\Profiles\s7l8pd6b.default\searchplugins\AOL Search.xml
[2011.06.10 08:58:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.06.05 06:44:56 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.01.14 01:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.09.28 14:25:12 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml

O1 HOSTS File: ([2011.06.06 20:30:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE (VM.)
O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDesktopIniCache = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Coffee Bean.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Coffee Bean.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.01 14:26:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.06.10 09:29:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\name\Desktop\Butterfly.On.A.Wheel.DVDRip.XviD.AC3.5.1Ch-IcY
[2011.06.10 08:29:23 | 000,220,024 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\sigcheck.exe
[2011.06.10 08:23:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdrive
[2011.06.09 21:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\name\Desktop\bgmafia
[2011.06.09 21:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\name\Application Data\FastStone
[2011.06.09 18:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\name\Desktop\Law.Abiding.Citizen.2009.UNRATED.DC.BRRip.XviD-KiNGS
[2011.06.09 17:45:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.06.07 14:20:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011.06.07 14:20:45 | 000,022,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2011.06.07 14:20:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011.06.07 08:45:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011.06.07 08:35:31 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2011.06.07 08:35:31 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2011.06.07 08:35:31 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2011.06.07 08:35:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011.06.07 08:35:28 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2011.06.07 08:35:28 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2011.06.07 08:25:52 | 000,000,000 | ---D | C] -- C:\SP3
[2011.06.06 20:24:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.06.06 20:23:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.06.06 20:20:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.06.06 20:20:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.06.06 20:20:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.06.06 20:20:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.06.06 20:20:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.06.06 11:54:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.06.06 11:11:08 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\name\Desktop\OTL.exe
[2011.06.06 10:51:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\name\My Documents\My Videos
[2011.06.06 09:55:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\PSQKGJOG
[2011.06.04 13:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\name\Desktop\Arthur.3.The.War.of.the.Two.Worlds.2010.DVDRip.XviD-CM8
[2011.05.28 17:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\name\Application Data\go
[2011.05.28 17:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2011.05.20 11:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Xvid
[2011.05.20 11:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2011.05.18 10:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011.05.18 10:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011.05.18 10:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.06.10 10:01:59 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.06.10 10:01:51 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\name\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.10 09:30:06 | 000,189,252 | ---- | M] () -- C:\Documents and Settings\name\Desktop\ScreenShot033.jpg
[2011.06.10 08:44:43 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\name\Desktop\~$мощник за ЧатМод.rtf
[2011.06.10 08:34:25 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.06.10 08:27:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.06.10 08:27:07 | 804,573,184 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.10 08:23:47 | 000,008,975 | ---- | M] () -- C:\WINDOWS\look.bat
[2011.06.10 08:20:58 | 001,139,112 | ---- | M] () -- C:\Documents and Settings\name\Desktop\maxlook.exe
[2011.06.09 21:45:28 | 001,111,552 | ---- | M] () -- C:\Documents and Settings\name\Desktop\FSCapture.exe
[2011.06.09 21:43:44 | 000,020,524 | ---- | M] () -- C:\Documents and Settings\name\Desktop\Помощник за ЧатМод.rtf
[2011.06.09 17:52:32 | 281,860,613 | ---- | M] () -- C:\Documents and Settings\name\Desktop\[Narutoverse]_NARUTO_Shippuden_215_[720p].mkv
[2011.06.08 21:15:07 | 005,292,054 | ---- | M] () -- C:\Documents and Settings\name\My Documents\1G.bmp
[2011.06.08 21:08:11 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\name\Desktop\untitled.bmp
[2011.06.06 20:30:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.06.06 20:23:10 | 000,000,310 | RHS- | M] () -- C:\boot.ini
[2011.06.06 19:03:59 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\name\Desktop\MBR.dat
[2011.06.06 11:11:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\name\Desktop\OTL.exe
[2011.06.06 07:49:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.06.03 23:22:36 | 000,489,655 | ---- | M] () -- C:\Documents and Settings\name\My Documents\IMG_03062011_232224.png
[2011.06.03 19:16:20 | 000,068,966 | ---- | M] () -- C:\Documents and Settings\name\My Documents\71734_163586767000698_100000481273510_520013_2718188_n.jpg
[2011.06.01 10:44:50 | 000,491,479 | ---- | M] () -- C:\Documents and Settings\name\My Documents\2011-06-01_104400.png
[2011.05.29 12:32:00 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\name\Desktop\tool.exe
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.05.28 15:04:06 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.05.28 15:04:06 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.05.25 10:21:51 | 000,185,949 | ---- | M] () -- C:\Documents and Settings\name\My Documents\MotorqgA(1078).jpg
[2011.05.17 18:43:22 | 000,066,422 | ---- | M] () -- C:\Documents and Settings\name\My Documents\45007_1177125484374_1715247879_319626_780481_n.jpg
[2011.05.17 18:22:48 | 000,021,781 | ---- | M] () -- C:\Documents and Settings\name\My Documents\hot-emo-girls-with-blonde-cute-hair.jpg
[2011.05.15 21:36:43 | 000,014,958 | ---- | M] () -- C:\Documents and Settings\name\My Documents\Ico10.jpg
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.06.10 09:29:53 | 000,189,252 | ---- | C] () -- C:\Documents and Settings\name\Desktop\ScreenShot033.jpg
[2011.06.10 08:44:43 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\name\Desktop\~$мощник за ЧатМод.rtf
[2011.06.10 08:32:32 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\name\Desktop\tool.exe
[2011.06.10 08:23:46 | 000,008,975 | ---- | C] () -- C:\WINDOWS\look.bat
[2011.06.10 08:20:55 | 001,139,112 | ---- | C] () -- C:\Documents and Settings\name\Desktop\maxlook.exe
[2011.06.09 21:45:18 | 001,111,552 | ---- | C] () -- C:\Documents and Settings\name\Desktop\FSCapture.exe
[2011.06.09 21:43:43 | 000,020,524 | ---- | C] () -- C:\Documents and Settings\name\Desktop\Помощник за ЧатМод.rtf
[2011.06.09 17:46:01 | 281,860,613 | ---- | C] () -- C:\Documents and Settings\name\Desktop\[Narutoverse]_NARUTO_Shippuden_215_[720p].mkv
[2011.06.08 21:12:38 | 005,292,054 | ---- | C] () -- C:\Documents and Settings\name\My Documents\1G.bmp
[2011.06.08 21:08:11 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\name\Desktop\untitled.bmp
[2011.06.06 20:23:10 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2011.06.06 20:23:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011.06.06 20:20:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.06.06 20:20:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.06.06 20:20:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.06.06 20:20:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.06.06 20:20:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.06.06 19:03:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\name\Desktop\MBR.dat
[2011.06.03 23:22:34 | 000,489,655 | ---- | C] () -- C:\Documents and Settings\name\My Documents\IMG_03062011_232224.png
[2011.06.03 19:16:17 | 000,068,966 | ---- | C] () -- C:\Documents and Settings\name\My Documents\71734_163586767000698_100000481273510_520013_2718188_n.jpg
[2011.06.01 10:44:42 | 000,491,479 | ---- | C] () -- C:\Documents and Settings\name\My Documents\2011-06-01_104400.png
[2011.05.28 17:09:32 | 000,001,829 | ---- | C] () -- C:\Documents and Settings\name\Start Menu\Programs\Играене на игри (EasyBits GO).lnk
[2011.05.25 10:21:48 | 000,185,949 | ---- | C] () -- C:\Documents and Settings\name\My Documents\MotorqgA(1078).jpg
[2011.05.20 11:21:29 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.05.20 11:21:28 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2011.05.18 10:13:09 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.05.17 18:43:21 | 000,066,422 | ---- | C] () -- C:\Documents and Settings\name\My Documents\45007_1177125484374_1715247879_319626_780481_n.jpg
[2011.05.17 18:22:47 | 000,021,781 | ---- | C] () -- C:\Documents and Settings\name\My Documents\hot-emo-girls-with-blonde-cute-hair.jpg
[2011.05.15 21:36:42 | 000,014,958 | ---- | C] () -- C:\Documents and Settings\name\My Documents\Ico10.jpg
[2011.01.01 20:37:45 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\newdll.dll
[2010.10.09 10:35:46 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.09 10:35:36 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\name\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.01 17:38:13 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.09.01 17:17:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.09.01 17:14:44 | 000,197,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.09.01 15:29:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.09.01 15:23:07 | 000,000,761 | ---- | C] () -- C:\WINDOWS\m3jp2k.ini
[2010.09.01 15:23:07 | 000,000,714 | ---- | C] () -- C:\WINDOWS\m3jpeg.ini
[2010.09.01 15:23:07 | 000,000,702 | ---- | C] () -- C:\WINDOWS\mmtvmj.ini
[2010.09.01 15:23:02 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2010.09.01 15:23:00 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.09.01 15:22:58 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.09.01 15:10:44 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2010.09.01 15:05:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.09.01 14:29:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.09.01 14:22:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.06.10 17:25:44 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.06.10 17:15:34 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.06.01 14:40:12 | 000,006,848 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.05.23 15:57:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003.01.07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.10.16 09:29:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\amcap.exe
[2001.08.23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 14:00:00 | 000,392,296 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 14:00:00 | 000,058,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.23 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========

< MD5 for: TCPIP.SYS >
[2010.04.13 11:19:46 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=7CF2D4019E17A97C466FA5F68CE0F635 -- C:\WINDOWS\maxdrive\tcpip.sys
[2010.04.13 11:19:46 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=7CF2D4019E17A97C466FA5F68CE0F635 -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: UPDATE.SYS >
[2008.04.14 00:09:48 | 000,384,768 | ---- | M] (Microsoft Corporation) MD5=402DDC88356B1BAC0EE3DD1580C76A31 -- C:\SP3\update.sys
[2004.06.10 15:17:20 | 000,199,040 | ---- | M] (Microsoft Corporation) MD5=F5943A5EDB2D5D99A0B175E7B64DF8BC -- C:\WINDOWS\system32\dllcache\update.sys

< MD5 for: USBVM31B.SYS >
[2004.08.05 18:05:02 | 000,090,532 | ---- | M] (VM) MD5=617C6711EA9049F39043CAB2886418BF -- C:\Program Files\CANYON CN-WCAM23 PC-Camera\usbVM31b.sys
[2004.08.05 18:05:02 | 000,090,532 | ---- | M] (VM) MD5=617C6711EA9049F39043CAB2886418BF -- C:\WINDOWS\maxdrive\usbVM31b.sys
[2004.08.05 18:05:02 | 000,090,532 | ---- | M] (VM) MD5=617C6711EA9049F39043CAB2886418BF -- C:\WINDOWS\system32\drivers\usbVM31b.sys

< End of report >

Цитирай

10 юни 201115 г.

Така...значи разбрах какво е станало. Вие просто сте преименували файла C:\Windows\system32\drivers\update.sys без да сте успели да го заместите с чистото копие.

Всъщност аз се съмнявам и да успеем да го заместим, защото вие използвате Windows XP Service Pack 2, а файла е от Service Pack 3.

За капак, не ми харесва и MD5 на tcpip.sys.

Разполагате ли с инсталационен диск на Windows XP Service Pack 2 ?

Ако ли не, пробвайте да инсталирате Service Pack 3 (от файла който свалихте преди => windowsxp-kb936929-sp3-x86-enu_c81472f7eeea2eca421e116cd4c03e2300ebfde4.exe)

След инсталацията (ако изобщо е успешна), рестартирайте компютъра и направете нова проверка с OTL и публикувайте резултатите.

Цитирай

10 юни 201115 г.

Автор

Имам въпрос:Нужно ли е да правя това,и тези драйвери могат ли да повредят компютъра ми?

Цитирай

10 юни 201115 г.

Имам въпрос:Нужно ли е да правя това,и тези драйвери могат ли да повредят компютъра ми?

Повече от нужно е...update.sys (който все още има заразено копие в dllcache) е поразен от РУУТКИТ - TDL3.

За tcpip.sys не съм напълно убеден (може да е модифициран от някоя програма или торент клиент или download manager), но при всички случаи не е оригиналния вариант от Microsoft (проверете лично MD5 в Google за този файл) и вижте колко резултата ще излезнат...само 1 и то към вашата тема.

Цитирай

12 юни 201114 г.

Автор

Това изречение ми хареса! :whist:

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600)

ОТЛ:

OTL logfile created on: 12.6.2011 г. 10:58:44 - Run 4

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\name\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600)- Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

767,23 Mb Total Physical Memory | 188,88 Mb Available Physical Memory | 24,62% Memory free

1,83 Gb Paging File | 1,33 Gb Available in Paging File | 72,71% Paging File free

Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 20,51 Gb Total Space | 7,45 Gb Free Space | 36,34% Space Free | Partition Type: NTFS

Drive D: | 27,98 Gb Total Space | 12,35 Gb Free Space | 44,14% Space Free | Partition Type: NTFS

Drive E: | 28,20 Gb Total Space | 26,15 Gb Free Space | 92,75% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: name | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.06.06 11:11:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\name\Desktop\OTL.exe

PRC - [2011.05.29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.04.30 08:29:14 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010.09.07 19:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010.09.07 19:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.11.16 19:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2006.11.16 18:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2003.05.05 08:57:30 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

PRC - [2003.01.21 15:19:24 | 000,040,960 | ---- | M] (VM.) -- C:\WINDOWS\Vm_sti.exe

PRC - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (SafeList) ==========

MOD - [2011.06.06 11:11:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\name\Desktop\OTL.exe

MOD - [2008.04.14 05:42:52 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010.09.07 19:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010.09.07 19:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010.09.07 19:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010.09.07 18:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010.09.07 18:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010.09.07 18:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010.09.07 18:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2010.09.07 18:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010.09.07 18:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})

DRV - [2004.08.05 18:05:02 | 000,090,532 | ---- | M] (VM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)

DRV - [2004.06.10 18:49:12 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim&ncid=snsusaimc00000001"

FF - prefs.js..extensions.enabledItems: [email protected]:3.12.2.16749

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550

FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 12:21:01 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.20 11:35:10 | 000,000,000 | ---D | M]

[2010.09.01 15:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\name\Application Data\Mozilla\Extensions

[2011.06.12 09:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\name\Application Data\Mozilla\Firefox\Profiles\s7l8pd6b.default\extensions

[2011.05.26 13:01:23 | 000,000,000 | ---D | M] (PandoraTV Toolbar) -- C:\Documents and Settings\name\Application Data\Mozilla\Firefox\Profiles\s7l8pd6b.default\extensions\[email protected]

[2010.09.28 14:25:12 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\name\Application Data\Mozilla\Firefox\Profiles\s7l8pd6b.default\searchplugins\AOL Search.xml

[2011.06.12 09:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011.06.05 06:44:56 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2010.01.14 01:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

[2010.09.28 14:25:12 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml

O1 HOSTS File: ([2011.06.06 20:30:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE (VM.)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDesktopIniCache = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Coffee Bean.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Coffee Bean.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.09.01 14:26:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.06.12 10:52:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2011.06.12 10:34:05 | 001,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll

[2011.06.12 10:34:05 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll

[2011.06.12 10:34:05 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll

[2011.06.12 10:34:04 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger

[2011.06.12 10:34:01 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm

[2011.06.12 10:33:59 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm

[2011.06.12 10:33:59 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm

[2011.06.12 10:33:56 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll

[2011.06.12 10:33:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys

[2011.06.12 10:33:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe

[2011.06.12 10:33:44 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll

[2011.06.12 10:33:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll

[2011.06.12 10:33:38 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll

[2011.06.12 10:33:38 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll

[2011.06.12 10:33:38 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll

[2011.06.12 10:33:38 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll

[2011.06.12 10:33:37 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll

[2011.06.12 10:33:37 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll

[2011.06.12 10:33:37 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll

[2011.06.12 10:33:37 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll

[2011.06.12 10:33:37 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll

[2011.06.12 10:33:37 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax

[2011.06.12 10:33:37 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax

[2011.06.12 10:33:37 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll

[2011.06.12 10:33:35 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll

[2011.06.12 10:33:35 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll

[2011.06.12 10:33:35 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll

[2011.06.12 10:33:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll

[2011.06.12 10:33:35 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll

[2011.06.12 10:33:35 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll

[2011.06.12 10:33:35 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll

[2011.06.12 10:33:35 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll

[2011.06.12 10:33:34 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll

[2011.06.12 10:33:34 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll

[2011.06.12 10:33:34 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll

[2011.06.12 10:33:34 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll

[2011.06.12 10:33:34 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll

[2011.06.12 10:33:34 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll

[2011.06.12 10:33:34 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll

[2011.06.12 10:33:34 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll

[2011.06.12 10:33:33 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irprops.cpl

[2011.06.12 10:33:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll

[2011.06.12 10:33:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll

[2011.06.12 10:33:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll

[2011.06.12 10:33:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll

[2011.06.12 10:33:31 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll

[2011.06.12 10:33:31 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll

[2011.06.12 10:33:31 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll

[2011.06.12 10:33:31 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll

[2011.06.12 10:33:31 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll

[2011.06.12 10:33:31 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe

[2011.06.12 10:33:30 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll

[2011.06.12 10:33:30 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll

[2011.06.12 10:33:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe

[2011.06.12 10:33:30 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll

[2011.06.12 10:33:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll

[2011.06.12 10:33:30 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll

[2011.06.12 10:33:29 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll

[2011.06.12 10:33:28 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll

[2011.06.12 10:33:28 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll

[2011.06.12 10:33:28 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll

[2011.06.12 10:33:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll

[2011.06.12 10:33:28 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll

[2011.06.12 10:33:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll

[2011.06.12 10:33:27 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll

[2011.06.12 10:33:27 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll

[2011.06.12 10:33:27 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll

[2011.06.12 10:33:27 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe

[2011.06.12 10:33:26 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll

[2011.06.12 10:33:26 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe

[2011.06.12 10:33:26 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll

[2011.06.12 10:33:26 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe

[2011.06.12 10:33:25 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe

[2011.06.12 10:33:23 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll

[2011.06.12 10:33:22 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll

[2011.06.12 10:33:22 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll

[2011.06.12 10:33:19 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll

[2011.06.12 10:33:19 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe

[2011.06.12 10:33:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us

[2011.06.12 10:33:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting

[2011.06.12 10:33:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas

[2011.06.12 10:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\msn

[2011.06.12 10:33:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en

[2011.06.12 10:33:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits

[2011.06.12 10:29:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles

[2011.06.12 10:28:50 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe

[2011.06.12 10:26:50 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll

[2011.06.12 10:26:50 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll

[2011.06.12 10:26:50 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll

[2011.06.12 10:26:50 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll

[2011.06.12 10:26:50 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll

[2011.06.12 10:26:50 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll

[2011.06.12 10:26:50 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll

[2011.06.12 10:26:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic

[2011.06.12 10:26:49 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys

[2011.06.12 10:26:49 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys

[2011.06.12 10:26:49 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys

[2011.06.12 10:26:49 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys

[2011.06.12 10:26:49 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys

[2011.06.12 10:26:49 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys

[2011.06.12 10:26:49 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys

[2011.06.12 10:26:49 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys

[2011.06.12 10:26:49 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys

[2011.06.12 10:26:49 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys

[2011.06.12 10:26:49 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys

[2011.06.12 10:26:49 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys

[2011.06.12 10:26:49 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys

[2011.06.12 10:26:49 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys

[2011.06.12 10:26:49 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys

[2011.06.12 10:26:49 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys

[2011.06.12 10:26:49 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys

[2011.06.12 10:26:49 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys

[2011.06.12 10:26:49 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys

[2011.06.12 10:26:49 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys

[2011.06.12 10:26:49 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys

[2011.06.12 10:26:49 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys

[2011.06.12 10:26:48 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll

[2011.06.12 10:26:48 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll

[2011.06.12 10:26:48 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll

[2011.06.12 10:26:48 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll

[2011.06.12 10:26:48 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll

[2011.06.12 10:26:47 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys

[2011.06.12 10:26:47 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll

[2011.06.12 10:26:46 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys

[2011.06.12 10:26:46 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys

[2011.06.12 10:26:46 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys

[2011.06.12 10:26:45 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys

[2011.06.12 10:26:45 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys

[2011.06.12 10:26:45 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys

[2011.06.12 10:26:45 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys

[2011.06.12 10:26:45 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys

[2011.06.12 10:26:44 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys

[2011.06.12 10:26:44 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys

[2011.06.12 10:26:44 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys

[2011.06.12 10:26:44 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys

[2011.06.12 10:26:44 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll

[2011.06.12 10:26:44 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys

[2011.06.12 10:26:44 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll

[2011.06.12 10:26:43 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys

[2011.06.12 10:26:43 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys

[2011.06.12 10:26:43 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys

[2011.06.12 10:26:43 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys

[2011.06.12 10:26:43 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys

[2011.06.12 10:26:43 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys

[2011.06.12 10:19:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

[2011.06.11 12:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\name\Application Data\TeamViewer

[2011.06.11 09:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\name\Desktop\Signs

[2011.06.10 15:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\name\Desktop\1408[2007]DvDrip[Eng]-aXXo

[2011.06.10 14:53:45 | 003,248,416 | ---- | C] (TeamViewer GmbH) -- C:\Documents and Settings\name\Desktop\TeamViewer_Setup_bg.exe

[2011.06.10 09:29:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\name\Desktop\Butterfly.On.A.Wheel.DVDRip.XviD.AC3.5.1Ch-IcY

[2011.06.10 08:29:23 | 000,220,024 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\sigcheck.exe

[2011.06.10 08:23:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdrive

[2011.06.09 21:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\name\Desktop\bgmafia

[2011.06.09 21:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\name\Application Data\FastStone

[2011.06.09 18:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\name\Desktop\Law.Abiding.Citizen.2009.UNRATED.DC.BRRip.XviD-KiNGS

[2011.06.09 17:45:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011.06.07 14:20:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall

[2011.06.07 14:20:45 | 000,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe

[2011.06.07 14:20:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$

[2011.06.07 08:45:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2011.06.07 08:35:31 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll

[2011.06.07 08:35:31 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll

[2011.06.07 08:35:31 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll

[2011.06.07 08:35:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution

[2011.06.07 08:35:28 | 000,430,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll

[2011.06.07 08:35:28 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll

[2011.06.07 08:25:52 | 000,000,000 | ---D | C] -- C:\SP3

[2011.06.06 20:24:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011.06.06 20:23:07 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011.06.06 20:20:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011.06.06 20:20:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011.06.06 20:20:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011.06.06 20:20:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011.06.06 20:20:00 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011.06.06 11:54:47 | 000,000,000 | ---D | C] -- C:\_OTL

[2011.06.06 11:11:08 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\name\Desktop\OTL.exe

[2011.06.06 10:51:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\name\My Documents\My Videos

[2011.06.06 09:55:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\PSQKGJOG

[2011.06.04 13:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\name\Desktop\Arthur.3.The.War.of.the.Two.Worlds.2010.DVDRip.XviD-CM8

[2011.05.28 17:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\name\Application Data\go

[2011.05.28 17:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Easybits GO

[2011.05.20 11:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Xvid

[2011.05.20 11:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid

[2011.05.18 10:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras

[2011.05.18 10:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2011.05.18 10:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.06.12 10:55:45 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2011.06.12 10:54:53 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2011.06.12 10:54:43 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011.06.12 10:54:43 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011.06.12 10:53:24 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\name\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011.06.12 10:52:39 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\name\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2011.06.12 10:52:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.06.12 10:51:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.06.12 10:51:51 | 000,199,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011.06.12 10:51:50 | 804,573,184 | -HS- | M] () -- C:\hiberfil.sys

[2011.06.12 10:37:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011.06.12 10:26:25 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2011.06.11 12:59:20 | 005,292,054 | ---- | M] () -- C:\Documents and Settings\name\Desktop\KR.bmp

[2011.06.11 10:02:17 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2011.06.11 10:02:05 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\name\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.06.10 22:48:18 | 000,184,832 | ---- | M] () -- C:\Documents and Settings\name\Desktop\ScreenShot001.jpg

[2011.06.10 14:54:42 | 003,248,416 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\name\Desktop\TeamViewer_Setup_bg.exe

[2011.06.10 08:23:47 | 000,008,975 | ---- | M] () -- C:\WINDOWS\look.bat

[2011.06.10 08:20:58 | 001,139,112 | ---- | M] () -- C:\Documents and Settings\name\Desktop\maxlook.exe

[2011.06.09 21:45:28 | 001,111,552 | ---- | M] () -- C:\Documents and Settings\name\Desktop\FSCapture.exe

[2011.06.09 17:52:32 | 281,860,613 | ---- | M] () -- C:\Documents and Settings\name\Desktop\[Narutoverse]_NARUTO_Shippuden_215_[720p].mkv

[2011.06.08 21:15:07 | 005,292,054 | ---- | M] () -- C:\Documents and Settings\name\My Documents\1G.bmp

[2011.06.08 21:08:11 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\name\Desktop\untitled.bmp

[2011.06.07 14:20:53 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011.06.06 20:30:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011.06.06 19:03:59 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\name\Desktop\MBR.dat

[2011.06.06 11:11:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\name\Desktop\OTL.exe

[2011.06.03 23:22:36 | 000,489,655 | ---- | M] () -- C:\Documents and Settings\name\My Documents\IMG_03062011_232224.png

[2011.06.03 19:16:20 | 000,068,966 | ---- | M] () -- C:\Documents and Settings\name\My Documents\71734_163586767000698_100000481273510_520013_2718188_n.jpg

[2011.06.01 10:44:50 | 000,491,479 | ---- | M] () -- C:\Documents and Settings\name\My Documents\2011-06-01_104400.png

[2011.05.29 12:32:00 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\name\Desktop\tool.exe

[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011.05.25 10:21:51 | 000,185,949 | ---- | M] () -- C:\Documents and Settings\name\My Documents\MotorqgA(1078).jpg

[2011.05.17 18:43:22 | 000,066,422 | ---- | M] () -- C:\Documents and Settings\name\My Documents\45007_1177125484374_1715247879_319626_780481_n.jpg

[2011.05.17 18:22:48 | 000,021,781 | ---- | M] () -- C:\Documents and Settings\name\My Documents\hot-emo-girls-with-blonde-cute-hair.jpg

[2011.05.15 21:36:43 | 000,014,958 | ---- | M] () -- C:\Documents and Settings\name\My Documents\Ico10.jpg

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.06.12 10:53:23 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\name\Start Menu\Programs\Internet Explorer.lnk

[2011.06.12 10:53:21 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\name\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011.06.12 10:34:03 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta

[2011.06.12 10:34:03 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css

[2011.06.12 10:34:03 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf

[2011.06.12 10:34:03 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js

[2011.06.12 10:34:02 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm

[2011.06.12 10:34:02 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav

[2011.06.12 10:34:02 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav

[2011.06.12 10:34:02 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav

[2011.06.12 10:34:02 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav

[2011.06.12 10:34:02 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav

[2011.06.12 10:34:02 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav

[2011.06.12 10:34:02 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav

[2011.06.12 10:34:02 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav

[2011.06.12 10:34:02 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav

[2011.06.12 10:34:02 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm

[2011.06.12 10:34:02 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf

[2011.06.12 10:34:02 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm

[2011.06.12 10:34:01 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv

[2011.06.12 10:34:01 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif

[2011.06.12 10:34:01 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif

[2011.06.12 10:34:01 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf

[2011.06.12 10:34:01 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif

[2011.06.12 10:34:01 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif

[2011.06.12 10:34:01 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif

[2011.06.12 10:34:01 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif

[2011.06.12 10:34:01 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf

[2011.06.12 10:34:01 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif

[2011.06.12 10:34:01 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif

[2011.06.12 10:34:01 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif

[2011.06.12 10:34:01 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif

[2011.06.12 10:34:01 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif

[2011.06.12 10:34:01 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js

[2011.06.12 10:34:01 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif

[2011.06.12 10:34:01 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif

[2011.06.12 10:34:01 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif

[2011.06.12 10:34:01 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif

[2011.06.12 10:34:01 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif

[2011.06.12 10:34:01 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif

[2011.06.12 10:34:01 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif

[2011.06.12 10:34:01 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif

[2011.06.12 10:34:01 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif

[2011.06.12 10:34:01 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm

[2011.06.12 10:34:00 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv

[2011.06.12 10:34:00 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv

[2011.06.12 10:34:00 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm

[2011.06.12 10:34:00 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz

[2011.06.12 10:34:00 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip

[2011.06.12 10:34:00 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl

[2011.06.12 10:34:00 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl

[2011.06.12 10:34:00 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl

[2011.06.12 10:34:00 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl

[2011.06.12 10:34:00 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl

[2011.06.12 10:34:00 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl

[2011.06.12 10:34:00 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl

[2011.06.12 10:34:00 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl

[2011.06.12 10:34:00 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl

[2011.06.12 10:34:00 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf

[2011.06.12 10:34:00 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl

[2011.06.12 10:34:00 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl

[2011.06.12 10:34:00 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl

[2011.06.12 10:34:00 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl

[2011.06.12 10:34:00 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl

[2011.06.12 10:34:00 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl

[2011.06.12 10:34:00 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip

[2011.06.12 10:33:59 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv

[2011.06.12 10:33:59 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv

[2011.06.12 10:33:59 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf

[2011.06.12 10:33:59 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css

[2011.06.12 10:33:59 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm

[2011.06.12 10:33:59 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js

[2011.06.12 10:33:59 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js

[2011.06.12 10:33:59 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif

[2011.06.12 10:33:59 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif

[2011.06.12 10:33:58 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz

[2011.06.12 10:33:58 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif

[2011.06.12 10:33:58 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif

[2011.06.12 10:33:58 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif

[2011.06.12 10:33:58 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif

[2011.06.12 10:33:58 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif

[2011.06.12 10:33:58 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif

[2011.06.12 10:26:49 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod

[2011.06.12 10:26:47 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty

[2011.06.12 10:26:45 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img

[2011.06.11 12:57:43 | 005,292,054 | ---- | C] () -- C:\Documents and Settings\name\Desktop\KR.bmp

[2011.06.10 22:47:53 | 000,184,832 | ---- | C] () -- C:\Documents and Settings\name\Desktop\ScreenShot001.jpg

[2011.06.10 08:32:32 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\name\Desktop\tool.exe

[2011.06.10 08:23:46 | 000,008,975 | ---- | C] () -- C:\WINDOWS\look.bat

[2011.06.10 08:20:55 | 001,139,112 | ---- | C] () -- C:\Documents and Settings\name\Desktop\maxlook.exe

[2011.06.09 21:45:18 | 001,111,552 | ---- | C] () -- C:\Documents and Settings\name\Desktop\FSCapture.exe

[2011.06.09 21:43:43 | 000,020,006 | ---- | C] () -- C:\Documents and Settings\name\Desktop\Помощник за ЧатМод.rtf

[2011.06.09 17:46:01 | 281,860,613 | ---- | C] () -- C:\Documents and Settings\name\Desktop\[Narutoverse]_NARUTO_Shippuden_215_[720p].mkv

[2011.06.08 21:12:38 | 005,292,054 | ---- | C] () -- C:\Documents and Settings\name\My Documents\1G.bmp

[2011.06.08 21:08:11 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\name\Desktop\untitled.bmp

[2011.06.06 20:23:10 | 000,000,194 | ---- | C] () -- C:\Boot.bak

[2011.06.06 20:23:08 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011.06.06 20:20:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011.06.06 20:20:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011.06.06 20:20:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011.06.06 20:20:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011.06.06 20:20:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011.06.06 19:03:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\name\Desktop\MBR.dat

[2011.06.03 23:22:34 | 000,489,655 | ---- | C] () -- C:\Documents and Settings\name\My Documents\IMG_03062011_232224.png

[2011.06.03 19:16:17 | 000,068,966 | ---- | C] () -- C:\Documents and Settings\name\My Documents\71734_163586767000698_100000481273510_520013_2718188_n.jpg

[2011.06.01 10:44:42 | 000,491,479 | ---- | C] () -- C:\Documents and Settings\name\My Documents\2011-06-01_104400.png

[2011.05.28 17:09:32 | 000,001,829 | ---- | C] () -- C:\Documents and Settings\name\Start Menu\Programs\Играене на игри (EasyBits GO).lnk

[2011.05.25 10:21:48 | 000,185,949 | ---- | C] () -- C:\Documents and Settings\name\My Documents\MotorqgA(1078).jpg

[2011.05.20 11:21:29 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2011.05.20 11:21:28 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax

[2011.05.18 10:13:09 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2011.05.17 18:43:21 | 000,066,422 | ---- | C] () -- C:\Documents and Settings\name\My Documents\45007_1177125484374_1715247879_319626_780481_n.jpg

[2011.05.17 18:22:47 | 000,021,781 | ---- | C] () -- C:\Documents and Settings\name\My Documents\hot-emo-girls-with-blonde-cute-hair.jpg

[2011.05.15 21:36:42 | 000,014,958 | ---- | C] () -- C:\Documents and Settings\name\My Documents\Ico10.jpg

[2011.01.01 20:37:45 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\newdll.dll

[2010.10.09 10:35:46 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2010.10.09 10:35:36 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\name\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.09.01 17:38:13 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010.09.01 17:17:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010.09.01 17:14:44 | 000,199,344 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010.09.01 15:29:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010.09.01 15:23:07 | 000,000,761 | ---- | C] () -- C:\WINDOWS\m3jp2k.ini

[2010.09.01 15:23:07 | 000,000,714 | ---- | C] () -- C:\WINDOWS\m3jpeg.ini

[2010.09.01 15:23:07 | 000,000,702 | ---- | C] () -- C:\WINDOWS\mmtvmj.ini

[2010.09.01 15:23:02 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2010.09.01 15:23:00 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010.09.01 15:22:58 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010.09.01 15:10:44 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll

[2010.09.01 15:05:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010.09.01 14:29:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010.09.01 14:22:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2006.12.31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004.06.10 17:25:44 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2003.01.07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002.10.16 09:29:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\amcap.exe

[2001.08.23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001.08.23 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001.08.23 14:00:00 | 000,392,296 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001.08.23 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001.08.23 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001.08.23 14:00:00 | 000,058,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001.08.23 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2001.08.23 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001.08.23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001.08.23 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========

< MD5 for: TCPIP.SYS >

[2010.04.13 11:19:46 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=7CF2D4019E17A97C466FA5F68CE0F635 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys

[2010.04.13 11:19:46 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=7CF2D4019E17A97C466FA5F68CE0F635 -- C:\WINDOWS\maxdrive\tcpip.sys

[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys

[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: UPDATE.SYS >

[2008.04.14 00:09:48 | 000,384,768 | ---- | M] (Microsoft Corporation) MD5=402DDC88356B1BAC0EE3DD1580C76A31 -- C:\SP3\update.sys

[2008.04.14 00:09:48 | 000,384,768 | ---- | M] (Microsoft Corporation) MD5=402DDC88356B1BAC0EE3DD1580C76A31 -- C:\WINDOWS\ServicePackFiles\i386\update.sys

[2008.04.14 00:09:48 | 000,384,768 | ---- | M] (Microsoft Corporation) MD5=402DDC88356B1BAC0EE3DD1580C76A31 -- C:\WINDOWS\system32\drivers\update.sys

[2004.06.10 15:17:20 | 000,199,040 | ---- | M] (Microsoft Corporation) MD5=F5943A5EDB2D5D99A0B175E7B64DF8BC -- C:\WINDOWS\$NtServicePackUninstall$\update.sys

< MD5 for: USBVM31B.SYS >

[2004.08.05 18:05:02 | 000,090,532 | ---- | M] (VM) MD5=617C6711EA9049F39043CAB2886418BF -- C:\Program Files\CANYON CN-WCAM23 PC-Camera\usbVM31b.sys

[2004.08.05 18:05:02 | 000,090,532 | ---- | M] (VM) MD5=617C6711EA9049F39043CAB2886418BF -- C:\WINDOWS\maxdrive\usbVM31b.sys

[2004.08.05 18:05:02 | 000,090,532 | ---- | M] (VM) MD5=617C6711EA9049F39043CAB2886418BF -- C:\WINDOWS\system32\drivers\usbVM31b.sys

< End of report >

Цитирай

12 юни 201114 г.

Здравей,

Отворете Публикувано изображение > Run...и напишете командата "%userprofile%\desktop\maxlook.exe" -cleanup => Натиснете Enter

След това:

*. Изтрийте вашето копие на Combofix и изтеглете нова версия на Combofix и я запазете на десктопа.

*. Отворете notepad.exe и с copy/paste въведете следната информация:

KILLALL::
FCOPY::
C:\WINDOWS\system32\drivers\update.sys | C:\WINDOWS\$NtServicePackUninstall$\update.sys
C:\WINDOWS\system32\drivers\update.sys | C:\WINDOWS\system32\dllcache\update.sys
C:\WINDOWS\system32\drivers\tcpip.sys | C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys

Запазете файла с име CFScript и го провлачете и пуснете в Combofix (както е показано на картинката отдолу).

Публикувано изображение

*. По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !

*. Когато Combofix приключи ще създаде лог файла. Моля, публикувайте този файл в следващия си пост.

Цитирай

Добре дошли!

PC Security Guardian

Featured Replies

Архивирана тема

Разглеждащи това в момента 0

Дарение

Бюлетин

Профил

Навигация

Търсене

Конфигуриране на push известия в браузъра

Chrome (Android)

Chrome (Desktop)

Safari (iOS 16.4+)

Safari (macOS)

Edge (Android)

Edge (Desktop)

Firefox (Android)

Firefox (Desktop)