Премини към съдържанието
BOEGRIUS

Flash Player Virus от Facebook [РЕШЕН]

    Препоръчан отговор


    Отворих линк,запаметих файла Flash plaer.exe ,след което лаптоп-а започна да се рестартира.Започнаха приятелите ми във Фейсбук да получават съобщения стандартни на английски език.Повече немога да влизам от този лаптоп във вейсбук.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

    Следвайте следната инструкция за работа с OTL:

    • Изтеглете OTL.exe и го запазете на десктопа.
    • Стартирайте файла Публикувано изображение с двукратен клик на мишката.
    • Сложете отметка пред Scan All Users Публикувано изображение
    • Под менюто File Age => изберете 90 days
    • Под менюто Standard Registry => променете на ALL
    • Сложете отметки пред LOP и Purity Check
    • Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Roaming\*.*
    %ProgramData%\*.*
    %CommonProgramFiles%\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    /md5start
    hlp.dat
    winlogon.exe
    wininit.exe
    userinit.exe
    explorer.exe
    volsnap.sys
    /md5stop
    
    • Натиснете маркираният в синьо бутон: Публикувано изображение.
    • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията "прикачени файлове", когато публикувате мнение).
    • Харесва ми 3

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Деинсталирайте остатъците от Avira от Control Panel => Programs => Uninstall a program.

    Само един лог файл ли се създаде...няма ли и Extras.txt ?

    След това:

    Стартирайте отново OTL, копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта.

    :Processes
    killallprocesses
    :OTL
    SRV - File not found [Auto | Stopped] --  -- (MyWebSearchService)
    SRV - File not found [On_Demand | Stopped] --  -- (McComponentHostService)
    SRV - File not found [Auto | Stopped] --  -- (ekrn)
    SRV - File not found [On_Demand | Stopped] --  -- (EhttpSrv)
    SRV - File not found [Auto | Stopped] --  -- (AntiVirService)
    SRV - File not found [Auto | Stopped] --  -- (AntiVirSchedulerService)
    SRV - [2011/07/24 00:14:23 | 000,495,616 | ---- | M] () [Auto | Running] -- C:\Windows\update.2\svchost.exe -- (srviecheck)
    SRV - [2011/07/23 23:53:19 | 000,247,296 | ---- | M] () [Auto | Running] -- C:\Windows\sysdriver32.exe -- (srvsysdriver32)
    SRV - [2011/07/23 22:43:54 | 000,340,992 | ---- | M] () [Auto | Running] -- C:\Windows\update.5.0\svchost.exe -- (srvbtcclient)
    SRV - [2011/07/23 22:22:35 | 001,185,792 | -H-- | M] () [Auto | Running] -- C:\Windows\update.1\svchost.exe -- (wxpdrivers)
    DRV - [2011/06/17 12:37:08 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/06/17 12:37:08 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/05/20 11:16:28 | 000,133,512 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
    DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} -  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2011/04/15 10:04:48 | 000,000,000 | ---D | M]
    [2011/07/24 16:35:00 | 000,000,000 | ---D | M] (Support.com Toolbar) -- C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions\toolbar@ask.com
    [2011/05/17 13:12:44 | 000,002,333 | ---- | M] () -- C:\Users\5520\AppData\Roaming\Mozilla\Firefox\Profiles\0txhkxa4.default\searchplugins\askcom.xml
    O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - Reg Error: Value error. File not found
    O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - Reg Error: Value error. File not found
    O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - Reg Error: Value error. File not found
    O3 - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\..\Toolbar\WebBrowser: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [361374.exe]  File not found
    O4 - HKLM..\Run: [5741364.exe]  File not found
    O4 - HKLM..\Run: [7486403.exe]  File not found
    O4 - HKLM..\Run: [7790286-loader2.exe]  File not found
    O4 - HKLM..\Run: [8081635.exe]  File not found
    O4 - HKLM..\Run: [9339505.exe]  File not found
    O4 - HKLM..\Run: [9441405.exe]  File not found
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [avgnt]  File not found
    O4 - HKLM..\Run: [l1rezerv.exe] C:\Windows\l1rezerv.exe ()
    O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor]  File not found
    O4 - HKLM..\Run: [MyWebSearch Email Plugin]  File not found
    O4 - HKLM..\Run: [sysdriver32.exe] C:\Windows\sysdriver32.exe ()
    O4 - HKLM..\Run: [sysdriver32_.exe]  File not found
    O4 - HKLM..\Run: [systemup] C:\Windows\systemup.exe ()
    O4 - HKLM..\Run: [tray_ico]  File not found
    O4 - HKLM..\Run: [tray_ico0] C:\Windows\update.tray-8-0\svchost.exe ()
    O4 - HKLM..\Run: [tray_ico1] C:\Windows\update.tray-2-0\svchost.exe ()
    O4 - HKLM..\Run: [tray_ico2] C:\Windows\update.tray-9-0\svchost.exe ()
    O4 - HKLM..\Run: [tray_ico3]  File not found
    O4 - HKLM..\Run: [tray_ico4]  File not found
    O4 - HKLM..\Run: [wxpdrv] C:\Windows\services32.exe ()
    O31 - SafeBoot: AlternateShell - services32.exe
    [2011/07/24 16:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
    [2011/07/24 16:25:53 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-2-0-lnk
    [2011/07/24 16:25:53 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-2-0
    [2011/07/23 22:50:48 | 000,000,000 | ---D | C] -- C:\Windows\ufa
    [2011/07/23 22:50:48 | 000,000,000 | ---D | C] -- C:\Windows\rpcminer
    [2011/07/23 22:50:48 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
    [2011/07/23 22:43:55 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0
    [2011/07/23 22:41:05 | 000,000,000 | -H-D | C] -- C:\Windows\update.2
    [2011/07/23 22:34:39 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
    [2011/07/23 22:33:11 | 000,000,000 | -H-D | C] -- C:\Windows\update.1
    [2011/07/23 22:33:07 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-9-0-lnk
    [2011/07/23 22:33:07 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-9-0
    [2011/07/23 22:33:07 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0-lnk
    [2011/07/23 22:33:07 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0
    [2011/07/24 00:14:24 | 000,000,180 | ---- | M] () -- C:\Windows\info1
    [2011/07/23 23:53:19 | 000,247,296 | ---- | M] () -- C:\Windows\sysdriver32.exe
    [2011/07/23 22:50:47 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar
    [2011/07/23 22:50:47 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar
    [2011/07/23 22:50:47 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
    [2011/07/23 22:50:47 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar
    [2011/07/23 22:45:45 | 000,114,176 | ---- | M] () -- C:\Windows\systemup.exe
    [2011/07/23 22:41:45 | 000,232,960 | ---- | M] () -- C:\Windows\l1rezerv.exe
    [2011/07/23 22:40:48 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
    [2011/07/23 22:35:38 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok
    [2011/07/23 22:22:35 | 001,185,792 | ---- | M] () -- C:\Windows\services32.exe
    [2011/07/17 03:24:20 | 004,636,907 | ---- | M] () -- C:\Windows\geoiplist
    [2011/06/17 12:37:08 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2011/06/17 12:37:08 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2011/05/27 07:51:10 | 000,000,875 | ---- | C] () -- C:\Users\5520\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Shield.lnk
    dir /s /a "C:\Users\5520\AppData\Local\{D17C9FF1-9237-47B6-B7B0-ABE4DD9D83EF}" /c
    :commands
    [resethosts]
    [reboot]
    
    След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

    Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

    След това:

    Отворете virustotal и с бутона Browse намерете файла:

    C:\Users\5520\AppData\Local\hwcsrfurmi.exe

    Натиснете бутона SEND.

    Ако файла вече е анализирам, моля натиснете re-analyse.

    Публикувайте резултатите от проверката за този файл в следващяи си коментар.

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ========== PROCESSES ==========

    All processes killed

    ========== OTL ==========

    Error: No service named MyWebSearchService was found to stop!

    Service\Driver key MyWebSearchService not found.

    Error: No service named McComponentHostService was found to stop!

    Service\Driver key McComponentHostService not found.

    Error: No service named ekrn was found to stop!

    Service\Driver key ekrn not found.

    Error: No service named EhttpSrv was found to stop!

    Service\Driver key EhttpSrv not found.

    Service AntiVirService stopped successfully!

    Service AntiVirService deleted successfully!

    Service AntiVirSchedulerService stopped successfully!

    Service AntiVirSchedulerService deleted successfully!

    Error: No service named srviecheck was found to stop!

    Service\Driver key srviecheck not found.

    File C:\Windows\update.2\svchost.exe not found.

    Error: No service named srvsysdriver32 was found to stop!

    Service\Driver key srvsysdriver32 not found.

    File C:\Windows\sysdriver32.exe not found.

    Error: No service named srvbtcclient was found to stop!

    Service\Driver key srvbtcclient not found.

    File C:\Windows\update.5.0\svchost.exe not found.

    Error: No service named wxpdrivers was found to stop!

    Service\Driver key wxpdrivers not found.

    File C:\Windows\update.1\svchost.exe not found.

    Error: No service named avipbb was found to stop!

    Service\Driver key avipbb not found.

    File C:\Windows\System32\drivers\avipbb.sys not found.

    Error: No service named avgntflt was found to stop!

    Service\Driver key avgntflt not found.

    File C:\Windows\System32\drivers\avgntflt.sys not found.

    Error: Unable to stop service eamonm!

    Service eamonm deleted successfully!

    C:\Windows\System32\drivers\eamonm.sys moved successfully.

    Service ssmdrv stopped successfully!

    Service ssmdrv deleted successfully!

    C:\Windows\System32\drivers\ssmdrv.sys moved successfully.

    Registry value HKEY_USERS\S-1-5-21-2047312765-6520441-1298651789-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.

    C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.

    Registry value HKEY_USERS\S-1-5-21-2047312765-6520441-1298651789-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ deleted successfully.

    File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin not found.

    C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.

    C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.

    C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions\toolbar@ask.com\defaults folder moved successfully.

    C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.

    C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.

    C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions\toolbar@ask.com\chrome folder moved successfully.

    C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions\toolbar@ask.com folder moved successfully.

    C:\Users\5520\AppData\Roaming\Mozilla\Firefox\Profiles\0txhkxa4.default\searchplugins\askcom.xml moved successfully.

    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

    Registry value HKEY_USERS\S-1-5-21-2047312765-6520441-1298651789-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.

    Registry value HKEY_USERS\S-1-5-21-2047312765-6520441-1298651789-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\361374.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\5741364.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\7486403.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\7790286-loader2.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\8081635.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\9339505.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\9441405.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.

    C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avgnt deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\l1rezerv.exe deleted successfully.

    C:\Windows\l1rezerv.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32.exe deleted successfully.

    File C:\Windows\sysdriver32.exe not found.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32_.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\systemup deleted successfully.

    C:\Windows\systemup.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico0 deleted successfully.

    C:\Windows\update.tray-8-0\svchost.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.

    C:\Windows\update.tray-2-0\svchost.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.

    C:\Windows\update.tray-9-0\svchost.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wxpdrv deleted successfully.

    C:\Windows\services32.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.

    C:\Program Files\Ask.com\Updater folder moved successfully.

    C:\Program Files\Ask.com\assets\oobe folder moved successfully.

    C:\Program Files\Ask.com\assets folder moved successfully.

    C:\Program Files\Ask.com folder moved successfully.

    C:\Windows\update.tray-2-0-lnk folder moved successfully.

    C:\Windows\update.tray-2-0 folder moved successfully.

    C:\Windows\ufa folder moved successfully.

    C:\Windows\rpcminer folder moved successfully.

    C:\Windows\phoenix\kernels\poclbm folder moved successfully.

    C:\Windows\phoenix\kernels\phatk folder moved successfully.

    C:\Windows\phoenix\kernels folder moved successfully.

    C:\Windows\phoenix folder moved successfully.

    C:\Windows\update.5.0 folder moved successfully.

    C:\Windows\update.2 folder moved successfully.

    C:\Windows\av_ico folder moved successfully.

    C:\Windows\update.1 folder moved successfully.

    C:\Windows\update.tray-9-0-lnk folder moved successfully.

    C:\Windows\update.tray-9-0 folder moved successfully.

    C:\Windows\update.tray-8-0-lnk folder moved successfully.

    C:\Windows\update.tray-8-0 folder moved successfully.

    C:\Windows\info1 moved successfully.

    File C:\Windows\sysdriver32.exe not found.

    C:\Windows\phoenix.rar moved successfully.

    C:\Windows\rpcminer.rar moved successfully.

    C:\Windows\unrar.exe moved successfully.

    C:\Windows\ufa.rar moved successfully.

    File C:\Windows\systemup.exe not found.

    File C:\Windows\l1rezerv.exe not found.

    C:\Windows\geoiplist.rar moved successfully.

    C:\Windows\loader2.exe_ok moved successfully.

    File C:\Windows\services32.exe not found.

    C:\Windows\geoiplist moved successfully.

    File C:\Windows\System32\drivers\avipbb.sys not found.

    File C:\Windows\System32\drivers\avgntflt.sys not found.

    C:\Users\5520\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Shield.lnk moved successfully.

    ========== COMMANDS ==========

    C:\Windows\System32\drivers\etc\Hosts moved successfully.

    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.26.1 log created on 07242011_235018

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

    File name: hwcsrfurmi.exe

    Submission date: 2011-07-24 20:54:41 (UTC)

    Current status: queued queued analysing finished

    Публикувано изображение

    Result: 35/ 43 (81.4%)

    VT Community Публикувано изображение

    not reviewed

    Safety score: -

    Compact

    Print results

    Antivirus Version Last Update Result AhnLab-V3 2011.07.25.00 2011.07.24 Win-Trojan/Fakeav.217088.CG AntiVir 7.11.12.80 2011.07.24 TR/Fakealert.dgfr Antiy-AVL 2.0.3.7 2011.07.24 Trojan/Win32.FakeAV.gen Avast 4.8.1351.0 2011.07.24 Win32:MalOb-GF [Cryp] Avast5 5.0.677.0 2011.07.24 Win32:MalOb-GF [Cryp] AVG 10.0.0.1190 2011.07.24 Generic22.BXIT BitDefender 7.2 2011.07.24 Gen:Variant.Kazy.24524 CAT-QuickHeal 11.00 2011.07.24 - ClamAV 0.97.0.0 2011.07.24 Trojan.Fakealert.Sesh Commtouch 5.3.2.6 2011.07.24 W32/FakeAlert.OF.gen!Eldorado Comodo 9499 2011.07.24 - DrWeb 5.0.2.03300 2011.07.24 Trojan.Fakealert.21231 Emsisoft 5.1.0.8 2011.07.24 Trojan.Win32.FakeAV!IK eSafe 7.0.17.0 2011.07.24 - eTrust-Vet 36.1.8459 2011.07.22 Win32/FraudSecurityTool.O!generi F-Prot 4.6.2.117 2011.07.24 W32/FakeAlert.OF.gen!Eldorado F-Secure 9.0.16440.0 2011.07.24 Gen:Variant.Kazy.24524 Fortinet 4.2.257.0 2011.07.24 - GData 22 2011.07.24 Gen:Variant.Kazy.24524 Ikarus T3.1.1.104.0 2011.07.24 Trojan.Win32.FakeAV Jiangmin 13.0.900 2011.07.24 Trojan/Fakeav.tty K7AntiVirus 9.108.4937 2011.07.22 Trojan Kaspersky 9.0.0.837 2011.07.24 Trojan.Win32.FakeAV.dgfp McAfee 5.400.0.1158 2011.07.24 FakeAlert-Rena.a McAfee-GW-Edition 2010.1D 2011.07.24 Heuristic.BehavesLike.Win32.Spyware.B Microsoft 1.7104 2011.07.24 Rogue:Win32/Winwebsec NOD32 6321 2011.07.24 Win32/Olmasco.Gen Norman 6.07.10 2011.07.23 W32/Kryptik.XW nProtect 2011-07-24.01 2011.07.24 Gen:Variant.Kazy.24524 Panda 10.0.3.5 2011.07.24 Adware/WindowsRecovery PCTools 8.0.0.5 2011.07.24 Trojan.FakeAV Prevx 3.0 2011.07.24 - Rising 23.67.04.03 2011.07.22 - Sophos 4.67.0 2011.07.24 Mal/FakeAV-CS SUPERAntiSpyware 4.40.0.1006 2011.07.24 Trojan.Agent/Gen-FakeAlert[JJR] Symantec 20111.1.0.186 2011.07.24 Trojan.FakeAV!gen42 TheHacker 6.7.0.1.262 2011.07.24 Trojan/FakeAV.dfra TrendMicro 9.200.0.1012 2011.07.24 TROJ_FAKEAV.SML3 TrendMicro-HouseCall 9.200.0.1012 2011.07.24 TROJ_FAKEAV.SML3 VBA32 3.12.16.4 2011.07.22 Trojan.FakeAV.dfra VIPRE 9954 2011.07.24 FraudTool.Win32.InternetProtection.ek!a (v) ViRobot 2011.7.23.4585 2011.07.24 - VirusBuster 14.0.136.0 2011.07.24 -

    Additional information

    Show all MD5 : 9b9d28cafbe5dca70772627a9f97c7f6 SHA1 : 0970307598eed08499160c25cc5d2b5debce48dd SHA256: 3577e1c5991826a308542962640b39ef0eb68db84f52c70225d49e7622b92cc5 ssdeep: 6144:+SguQLZbK7B6PnM2PGipPtozOEO3icCFoGda0VqiV1l:+3m6PQi+r5qX0VqiHl File size : 217088 bytes First seen: 2011-07-24 20:54:41 Last seen : 2011-07-24 20:54:41 TrID:

    Win32 Executable Generic (42.3%)

    Win32 Dynamic Link Library (generic) (37.6%)

    Generic Win/DOS Executable (9.9%)

    DOS Executable Generic (9.9%)

    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck:

    publisher....: iT Systems

    copyright....: n/a

    product......: n/a

    description..: Protection Ware

    original name: n/a

    internal name: jjr34532

    file version.: 1a1

    comments.....: n/a

    signers......: -

    signing date.: -

    verified.....: Unsigned PEInfo: PE structure information

    [[ basic data ]]

    entrypointaddress: 0x2ADA

    timedatestamp....: 0x4DDF2B2E (Fri May 27 04:40:14 2011)

    machinetype......: 0x14c (I386)

    [[ 4 section(s) ]]

    name, viradd, virsiz, rawdsiz, ntropy, md5

    .itext, 0x1000, 0xFC, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e

    .text, 0x2000, 0xD0F04, 0x2A000, 7.98, ee7165106e57642d1c395c8cc2752b9f

    .idata, 0xD3000, 0x554, 0x1000, 2.15, 7aeb80e665b06718e9457ae2f718697d

    .rsrc, 0xD4000, 0x8F18, 0x9000, 6.55, bb31ef38108c6317b01ad37850bcf759

    [[ 2 import(s) ]]

    kernel32.dll: GetCommandLineA, FindFirstChangeNotificationA, CreateDirectoryExA, SetConsoleMaximumWindowSize, GetThreadIOPendingFlag, ProcessIdToSessionId, GetModuleHandleA, InterlockedExchange, GetProfileIntA, VirtualAlloc, WriteConsoleInputA, GetConsoleFontInfo, EndUpdateResourceA, GetCurrentDirectoryA, DeviceIoControl, GetCommandLineA, FindAtomA, CreateFileMappingA, GetConsoleMode, SetCurrentDirectoryA, ExitProcess, WritePrivateProfileStructA, DeviceIoControl, GetPrivateProfileSectionNamesW, GetFileAttributesExA, MultiByteToWideChar, ReadConsoleOutputA, SetCommBreak, GetLogicalDriveStringsA, IsBadStringPtrA

    ws2_32.dll: recv

    [[ 6 export(s) ]]

    Lysirsit, EndCtdioctcgoj, Oyjqnqxytkx, Saqnqngp, Ldfvdjusaob, IsNiekmcaqtre ExifTool:

    file metadata

    CharacterSet: Unicode

    CodeSize: 172032

    CompanyName: iT Systems

    EntryPoint: 0x2ada

    FileDescription: Protection Ware

    FileFlagsMask: 0x003f

    FileOS: Windows NT 32-bit

    FileSize: 212 kB

    FileSubtype: 0

    FileType: Win32 EXE

    FileVersion:

    FileVersionNumber: 1.7.8800.0

    ImageVersion: 0.0

    InitializedDataSize: 40960

    InternalName: jjr34532

    LanguageCode: Russian

    LinkerVersion: 7.1

    MIMEType: application/octet-stream

    MachineType: Intel 386 or later, and compatibles

    OSVersion: 4.0

    ObjectFileType: Executable application

    OriginalFilename: je53vs2.exe

    PEType: PE32

    ProductName: IT SoftWare

    ProductVersion: hw4

    ProductVersionNumber: 1.7.8800.0

    Subsystem: Windows GUI

    SubsystemVersion: 4.0

    TimeStamp: 2011:05:27 06:40:14+02:00

    UninitializedDataSize: 0

    galCopyright: It Systems Corp. All rights reserved.

    VT Community

    0

    This file has never been reviewed by any VT Community member. Be the first one to comment on it!


    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Моля, архивирайте файла:

    C:\Users\5520\AppData\Local\hwcsrfurmi.exe

    и след това го качете на този адрес.

    Публикувайте линк в следващия си пост, след това го изтрийте.

    След това:

    • Изтеглете Malwarebytes' Anti-Malware оттук и я инсталирайте.
    • Стартирайте Malwarebytes' Anti-Malware и отидете на UPDATE и натиснете Check for updates.
    • След това се върнете на Scanner изберете Perform QUICK Scan, след това кликнете на Scan.
    • Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
    • Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
    • Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
    • Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.

    Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    C:\Users\5520\AppData\Local\hwcsrfurmi.exe

    Мисля, че не ме разбрахте...затова ще опитаме по-друг начин:

    Отворете Notepad и копирайте следната информация вътре:

    @echo off

    for %%g in (

    C:\Users\5520\AppData\Local\hwcsrfurmi.exe

    ) do zip Files_for_submission %%g

    del %0

    Запазете файла на десктопа с име grab.bat и го стартирайте.

    Ще се появи файл на десктопа с името Files_for_submission.zip

    Прикачете го към следващия си коментар.

    Колкото до Malwarebytes, направете следното:

    Отворете програмата и отидете до 3-тата колонка от дясно - наляво...след това както е показано на снимката изберете English

    Публикувано изображение

    Продължете с останалите инструкции...

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Malwarebytes' Anti-Malware 1.51.1.1800

    www.malwarebytes.org

    Database version: 7266

    Windows 6.1.7600

    Internet Explorer 8.0.7600.16385

    7/25/2011 1:02:23 AM

    mbam-log-2011-07-25 (01-02-23).txt

    Scan type: Quick scan

    Objects scanned: 154804

    Time elapsed: 3 minute(s), 13 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 123

    Registry Values Infected: 2

    Registry Data Items Infected: 4

    Folders Infected: 15

    Files Infected: 41

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{67FA02C4-AB30-4e77-A640-78EE8EC8673B} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

    Registry Data Items Infected:

    HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2121&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:

    c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Files Infected:

    c:\program files\mywebsearch\bar\1.bin\M3FFTBPR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\Users\5520\AppData\Roaming\microsoft\internet explorer\quick launch\best malware protection.lnk (Rogue.BestMalwareProtection) -> Quarantined and deleted successfully.

    c:\Users\5520\AppData\Roaming\microsoft\Windows\start menu\Programs\best malware protection.lnk (Rogue.BestMalwareProtection) -> Quarantined and deleted successfully.

    c:\Users\5520\AppData\Roaming\microsoft\Windows\start menu\best malware protection.lnk (Rogue.BestMalwareProtection) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\1.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\1.bin\M3PATCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Моля, изтеглете aswMBR и го запазете на вашия десктоп.

    • Кликнете с двоен клин на мишката върху файла aswMBR.exe за да го стартирате.
    • Изчакайте да изтегли дефинициите на avast!
    • От падащото меню посочете дял C:\ както е на снимката:
    Публикувано изображение
    • Изберете Scan бутона, за да започне проверката.
    • Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му в следващия си коментар.

    Какво стана с първа стъпка...получи ли се файла Files_for_submission.zip.

    Всъщност оставете...ако не можете да се справите.

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    относно Files_for_submission.zip. не се създава

    aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software

    Run date: 2011-07-25 07:14:57

    -----------------------------

    07:14:57.791 OS Version: Windows 6.1.7600

    07:14:57.791 Number of processors: 2 586 0x4802

    07:14:57.791 ComputerName: 5520-PC UserName: 5520

    07:15:11.911 Initialize success

    07:16:13.399 AVAST engine defs: 11072401

    07:16:29.717 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4

    07:16:29.717 Disk 0 Vendor: WDC_WD2500BEVS-22UST0 01.01A01 Size: 238475MB BusType: 3

    07:16:29.732 Disk 0 MBR read successfully

    07:16:29.748 Disk 0 MBR scan

    07:16:29.764 Disk 0 Windows 7 default MBR code

    07:16:29.779 Disk 0 scanning sectors +488394752

    07:16:29.904 Disk 0 scanning C:\Windows\system32\drivers

    07:16:41.074 Service scanning

    07:16:44.584 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

    07:16:45.192 Modules scanning

    07:16:54.864 Disk 0 trace - called modules:

    07:16:54.880 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x850711f8]<<

    07:16:54.895 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ee2700]

    07:16:55.410 3 CLASSPNP.SYS[8960c59e] -> nt!IofCallDriver -> [0x85dae918]

    07:16:55.426 5 ACPI.sys[88f5e3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x85e0d908]

    07:16:55.426 \Driver\atapi[0x85dac7a0] -> IRP_MJ_CREATE -> 0x850711f8

    07:16:56.642 AVAST engine scan C:\

    07:23:27.737 Disk 0 MBR has been saved successfully to "C:\Users\5520\Desktop\MBR.dat"

    07:23:27.753 The log file has been saved successfully to "C:\Users\5520\Desktop\aswMBR.txt"

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Мисля, че го поизчистихме.

    Моля направете една нова проверка с OTL, както е описано тук и публикувайте свежи логове от проверката.

    Ок...тогава изтрийте файла C:\Users\5520\AppData\Local\hwcsrfurmi.exe

    Изтрийте го и от Recycle Bin-a.

    Щеше да е добре да му хвърля един поглед, но явно не можете да го архивирате и прикачите в следващия си коментар.

    Няма значение.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    OTL logfile created on: 7/25/2011 10:08:11 PM - Run 3

    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\5520\Desktop

    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

    Internet Explorer (Version = 8.0.7600.16385)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.24% Memory free

    4.00 Gb Paging File | 2.63 Gb Available in Paging File | 65.66% Paging File free

    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

    Drive C: | 121.35 Gb Total Space | 84.01 Gb Free Space | 69.23% Space Free | Partition Type: NTFS

    Drive D: | 111.43 Gb Total Space | 30.38 Gb Free Space | 27.27% Space Free | Partition Type: NTFS

    Drive E: | 534.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: 5520-PC | User Name: 5520 | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: All users

    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/07/24 15:34:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\5520\Desktop\OTL.exe

    PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    PRC - [2011/07/03 00:02:47 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

    PRC - [2010/09/03 14:44:00 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe

    PRC - [2010/08/20 20:49:56 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

    PRC - [2010/02/03 10:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

    PRC - [2009/07/14 04:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

    ========== Modules (SafeList) ==========

    MOD - [2011/07/24 15:34:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\5520\Desktop\OTL.exe

    MOD - [2010/08/21 08:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

    ========== Win32 Services (SafeList) ==========

    SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

    SRV - [2010/09/05 03:00:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

    SRV - [2010/01/26 13:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

    SRV - [2009/07/14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

    SRV - [2009/07/14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

    SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

    SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

    SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

    ========== Driver Services (SafeList) ==========

    DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

    DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

    DRV - [2010/12/25 15:25:03 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)

    DRV - [2010/09/03 15:16:16 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

    DRV - [2010/07/10 01:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

    DRV - [2010/04/19 15:42:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

    DRV - [2010/04/19 15:42:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

    DRV - [2010/04/19 15:42:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

    DRV - [2010/04/19 15:42:24 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)

    DRV - [2010/04/19 15:42:24 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)

    DRV - [2010/03/25 18:09:44 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)

    DRV - [2010/03/01 18:35:24 | 000,061,952 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)

    DRV - [2010/01/21 15:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

    DRV - [2009/12/30 12:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

    DRV - [2009/12/30 12:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

    DRV - [2009/12/30 12:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

    DRV - [2009/08/13 09:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)

    DRV - [2009/07/14 04:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

    DRV - [2009/07/14 04:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

    DRV - [2009/07/14 04:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

    DRV - [2009/07/14 02:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

    DRV - [2009/07/14 02:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

    DRV - [2009/07/14 02:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

    DRV - [2009/07/14 01:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

    DRV - [2008/09/04 01:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)

    DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

    DRV - [2008/03/17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

    DRV - [2007/12/03 10:48:10 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

    DRV - [2007/02/16 08:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)

    DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

    ========== Standard Registry (All) ==========

    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

    IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

    IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

    IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg//

    IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

    IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

    IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 44 EB 31 53 4B CB 01 [binary data]

    IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

    IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

    IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

    FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:2.5.6.0

    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 19:41:13 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/29 19:41:13 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

    [2010/09/03 14:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\5520\AppData\Roaming\mozilla\Extensions

    [2010/09/03 14:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\5520\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

    [2011/07/24 23:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions

    [2010/10/22 09:10:52 | 000,000,000 | ---D | M] (BS Player Toolbar) -- C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

    [2011/02/13 17:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    [2010/09/03 14:41:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    [2011/02/13 17:36:45 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

    [2010/09/03 15:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

    [2010/07/23 05:08:21 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

    [2010/07/23 05:08:21 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

    [2010/07/23 05:08:21 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

    [2008/06/12 05:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

    [2011/03/29 19:41:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

    [2011/03/29 19:41:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

    [2011/03/29 19:41:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

    [2011/03/29 19:41:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

    [2011/03/29 19:41:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

    [2011/03/29 19:41:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

    [2011/03/29 19:41:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

    [2010/07/23 03:47:39 | 000,001,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\911bg.xml

    [2010/07/23 03:47:39 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

    [2010/07/23 03:47:39 | 000,002,442 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\diribg.xml

    [2010/07/23 03:47:39 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

    [2010/07/23 03:47:39 | 000,001,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pe-bg.xml

    [2010/07/23 03:47:39 | 000,001,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml

    [2010/07/23 03:47:39 | 000,001,220 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bg.xml

    O1 HOSTS File: ([2011/07/24 23:51:28 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

    O1 - Hosts: 127.0.0.1 localhost

    O1 - Hosts: ::1 localhost

    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

    O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

    O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

    O3 - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

    O3 - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

    O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

    O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)

    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

    O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

    O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

    O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

    O4 - HKU\S-1-5-21-2047312765-6520441-1298651789-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

    O4 - HKU\S-1-5-21-2047312765-6520441-1298651789-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

    O4 - HKU\S-1-5-21-2047312765-6520441-1298651789-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)

    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

    O13 - gopher Prefix: missing

    O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/68.08/uploader2.cab (UploadListView Class)

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 168.126.63.1 192.168.2.1

    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

    O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

    O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

    O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

    O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

    O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

    O32 - AutoRun File - [2005/02/24 18:44:12 | 000,000,049 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

    O33 - MountPoints2\{07213ada-cc28-11df-b4a5-001b38290cfc}\Shell - "" = AutoRun

    O33 - MountPoints2\{07213ada-cc28-11df-b4a5-001b38290cfc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence

    O33 - MountPoints2\{07213e30-cc28-11df-b4a5-001b38290cfc}\Shell - "" = AutoRun

    O33 - MountPoints2\{07213e30-cc28-11df-b4a5-001b38290cfc}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence

    O33 - MountPoints2\{35616a46-b755-11df-bbbd-001b38290cfc}\Shell - "" = AutoRun

    O33 - MountPoints2\{35616a46-b755-11df-bbbd-001b38290cfc}\Shell\AutoRun\command - "" = F:\SETUP.EXE

    O33 - MountPoints2\{35616a46-b755-11df-bbbd-001b38290cfc}\Shell\configure\command - "" = F:\SETUP.EXE

    O33 - MountPoints2\{35616a46-b755-11df-bbbd-001b38290cfc}\Shell\install\command - "" = F:\SETUP.EXE

    O33 - MountPoints2\{86143729-b798-11df-8a53-806e6f6e6963}\Shell - "" = AutoRun

    O33 - MountPoints2\{86143729-b798-11df-8a53-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install_Win.exe -- [2005/02/28 14:51:24 | 002,211,840 | R--- | M] ()

    O33 - MountPoints2\G\Shell - "" = AutoRun

    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence

    O34 - HKLM BootExecute: (autocheck autochk *) - File not found

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37 - HKLM\...com [@ = comfile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found

    NetSvcs: Ias - File not found

    NetSvcs: Nla - File not found

    NetSvcs: Ntmssvc - File not found

    NetSvcs: NWCWorkstation - File not found

    NetSvcs: Nwsapagent - File not found

    NetSvcs: SRService - File not found

    NetSvcs: WmdmPmSp - File not found

    NetSvcs: LogonHours - File not found

    NetSvcs: PCAudit - File not found

    NetSvcs: helpsvc - File not found

    NetSvcs: uploadmgr - File not found

    ========== Files/Folders - Created Within 90 Days ==========

    [2011/07/25 07:14:13 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\5520\Desktop\aswMBR.exe

    [2011/07/25 00:31:17 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

    [2011/07/25 00:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

    [2011/07/25 00:31:13 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

    [2011/07/25 00:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

    [2011/07/25 00:30:36 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\5520\Desktop\mbam-setup-1.51.1.1800.exe

    [2011/07/24 16:51:12 | 000,000,000 | ---D | C] -- C:\Users\5520\AppData\Roaming\Malwarebytes

    [2011/07/24 16:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

    [2011/07/24 16:33:52 | 000,000,000 | ---D | C] -- C:\Users\5520\AppData\Roaming\Sammsoft

    [2011/07/24 16:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011

    [2011/07/24 16:00:27 | 000,000,000 | ---D | C] -- C:\_OTL

    [2011/07/24 15:33:53 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\5520\Desktop\OTL.exe

    [2011/07/24 14:45:39 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache

    [2011/07/24 14:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\Total English Upper Intermediate

    [2011/07/13 10:14:25 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

    [2011/07/13 10:14:24 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

    [2011/07/13 10:14:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

    [2011/07/13 10:14:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

    [2011/07/13 10:14:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

    [2011/07/13 10:14:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

    [2011/07/13 10:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

    [2011/07/13 10:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

    [2011/07/13 10:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

    [2011/07/13 10:14:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

    [2011/07/13 10:14:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

    [2011/07/13 10:14:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

    [2011/07/13 10:14:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

    [2011/07/13 10:14:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

    [2011/07/13 10:14:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

    [2011/07/13 10:14:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

    [2011/07/13 10:14:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

    [2011/07/13 10:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

    [2011/07/13 10:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

    [2011/07/13 10:14:10 | 002,332,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

    [2011/06/26 11:37:04 | 000,000,000 | ---D | C] -- C:\Users\5520\Desktop\New folder

    [2011/06/17 00:30:07 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

    [2011/06/17 00:30:06 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

    [2011/06/17 00:30:05 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

    [2011/06/17 00:30:05 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

    [2011/06/17 00:30:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

    [2011/06/17 00:30:04 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

    [2011/06/17 00:30:04 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

    [2011/06/17 00:30:04 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

    [2011/06/17 00:30:03 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

    [2011/06/17 00:30:03 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

    [2011/06/17 00:30:02 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

    [2011/05/29 08:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

    [2011/05/16 18:29:21 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe

    [2011/05/11 20:45:49 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

    [2011/05/11 20:45:47 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

    ========== Files - Modified Within 90 Days ==========

    [2011/07/25 22:03:17 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

    [2011/07/25 21:13:32 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    [2011/07/25 21:13:32 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    [2011/07/25 21:00:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

    [2011/07/25 08:05:44 | 000,060,620 | ---- | M] () -- C:\Users\5520\Desktop\43193331_j3rlZw1O_c_large.jpg

    [2011/07/25 07:23:27 | 000,000,512 | ---- | M] () -- C:\Users\5520\Desktop\MBR.dat

    [2011/07/25 07:16:56 | 000,623,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat

    [2011/07/25 07:16:56 | 000,107,092 | ---- | M] () -- C:\Windows\System32\perfc009.dat

    [2011/07/25 07:14:14 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\5520\Desktop\aswMBR.exe

    [2011/07/25 07:11:29 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

    [2011/07/25 07:11:16 | 1609,764,864 | -HS- | M] () -- C:\hiberfil.sys

    [2011/07/25 00:31:17 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

    [2011/07/25 00:30:57 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\5520\Desktop\mbam-setup-1.51.1.1800.exe

    [2011/07/25 00:19:29 | 000,195,246 | ---- | M] () -- C:\Users\5520\AppData\Local\hwcsrfurmi.rar

    [2011/07/24 23:51:28 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

    [2011/07/24 21:36:28 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hîsts

    [2011/07/24 15:34:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\5520\Desktop\OTL.exe

    [2011/07/24 00:43:17 | 217,045,836 | ---- | M] () -- C:\Windows\MEMORY.DMP

    [2011/07/14 03:19:07 | 000,414,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

    [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

    [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

    [2011/07/03 21:07:29 | 000,661,733 | ---- | M] () -- C:\Users\5520\Desktop\DSC00122.jpg

    [2011/07/03 21:06:12 | 000,521,571 | ---- | M] () -- C:\Users\5520\Desktop\DSC00123.jpg

    [2011/06/11 05:37:19 | 002,332,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

    [2011/06/02 08:45:51 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

    [2011/06/02 08:45:51 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

    [2011/06/02 08:45:51 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

    [2011/06/02 08:45:51 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

    [2011/06/02 08:45:51 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

    [2011/06/02 08:45:51 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

    [2011/06/02 08:45:51 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

    [2011/06/02 08:45:51 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

    [2011/06/02 08:45:51 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

    [2011/06/02 08:45:51 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

    [2011/06/02 08:45:51 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

    [2011/06/02 08:45:51 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

    [2011/06/02 08:45:50 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

    [2011/06/02 08:45:50 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

    [2011/06/02 08:45:50 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

    [2011/06/02 08:45:50 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

    [2011/06/02 08:45:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

    [2011/06/02 08:45:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

    [2011/06/02 08:45:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

    [2011/06/02 08:45:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

    [2011/06/02 08:45:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

    [2011/06/02 08:45:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

    [2011/06/02 08:45:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

    [2011/06/02 08:45:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

    [2011/06/02 06:45:49 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

    [2011/06/02 06:45:49 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

    [2011/06/02 06:45:49 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

    [2011/06/02 06:45:49 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

    [2011/06/01 21:08:36 | 000,000,000 | ---- | M] () -- C:\Users\5520\AppData\Local\{D17C9FF1-9237-47B6-B7B0-ABE4DD9D83EF}

    [2011/05/28 06:00:02 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

    [2011/05/14 09:35:55 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

    [2011/05/14 09:33:14 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

    ========== Files Created - No Company Name ==========

    [2011/07/25 08:07:52 | 000,060,620 | ---- | C] () -- C:\Users\5520\Desktop\43193331_j3rlZw1O_c_large.jpg

    [2011/07/25 07:23:27 | 000,000,512 | ---- | C] () -- C:\Users\5520\Desktop\MBR.dat

    [2011/07/25 00:31:17 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

    [2011/07/25 00:19:29 | 000,195,246 | ---- | C] () -- C:\Users\5520\AppData\Local\hwcsrfurmi.rar

    [2011/07/03 21:07:00 | 000,661,733 | ---- | C] () -- C:\Users\5520\Desktop\DSC00122.jpg

    [2011/07/03 21:06:01 | 000,521,571 | ---- | C] () -- C:\Users\5520\Desktop\DSC00123.jpg

    [2011/06/26 11:36:54 | 000,576,505 | ---- | C] () -- C:\Users\5520\Desktop\100_3227.jpg

    [2011/06/01 21:08:36 | 000,000,000 | ---- | C] () -- C:\Users\5520\AppData\Local\{D17C9FF1-9237-47B6-B7B0-ABE4DD9D83EF}

    [2010/12/25 15:28:22 | 000,005,120 | ---- | C] () -- C:\Users\5520\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2010/09/03 17:44:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

    [2010/09/03 14:53:40 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin

    [2009/07/14 07:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

    [2009/07/14 07:33:53 | 000,414,072 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

    [2009/07/14 05:05:48 | 000,623,686 | ---- | C] () -- C:\Windows\System32\perfh009.dat

    [2009/07/14 05:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

    [2009/07/14 05:05:48 | 000,107,092 | ---- | C] () -- C:\Windows\System32\perfc009.dat

    [2009/07/14 05:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

    [2009/07/14 05:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

    [2009/07/14 05:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

    [2009/07/14 03:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

    [2009/07/14 02:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

    [2009/07/14 02:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

    [2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

    [2009/07/14 02:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll

    [2009/06/11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    [2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

    [2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL

    ========== LOP Check ==========

    [2010/12/25 15:28:02 | 000,000,000 | ---D | M] -- C:\Users\5520\AppData\Roaming\ACD Systems

    [2011/04/15 09:21:07 | 000,000,000 | -HSD | M] -- C:\Users\5520\AppData\Roaming\Best Malware Protection

    [2011/01/11 21:05:35 | 000,000,000 | ---D | M] -- C:\Users\5520\AppData\Roaming\Big Fish Games

    [2011/01/19 08:09:40 | 000,000,000 | ---D | M] -- C:\Users\5520\AppData\Roaming\BSplayer

    [2010/10/22 09:10:51 | 000,000,000 | ---D | M] -- C:\Users\5520\AppData\Roaming\BSplayer Pro

    [2010/09/03 16:42:31 | 000,000,000 | ---D | M] -- C:\Users\5520\AppData\Roaming\DAEMON Tools Lite

    [2010/12/16 14:20:40 | 000,000,000 | ---D | M] -- C:\Users\5520\AppData\Roaming\Nokia

    [2011/07/24 20:49:15 | 000,000,000 | ---D | M] -- C:\Users\5520\AppData\Roaming\Sammsoft

    [2011/07/25 22:09:26 | 000,000,000 | ---D | M] -- C:\Users\5520\AppData\Roaming\uTorrent

    [2010/10/09 09:49:54 | 000,000,000 | ---D | M] -- C:\Users\5520\AppData\Roaming\Vodafone

    [2011/07/24 23:50:19 | 000,022,120 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========

    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >

    [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

    [2009/06/11 00:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

    [2011/07/25 07:11:16 | 1609,764,864 | -HS- | M] () -- C:\hiberfil.sys

    [2011/07/25 07:11:20 | 2146,357,248 | -HS- | M] () -- C:\pagefile.sys

    < %USERPROFILE%\*.* >

    [2011/07/25 22:10:13 | 003,145,728 | -HS- | M] () -- C:\Users\5520\NTUSER.DAT

    [2011/07/25 22:10:13 | 000,262,144 | -HS- | M] () -- C:\Users\5520\ntuser.dat.LOG1

    [2010/09/03 13:26:55 | 000,000,000 | -HS- | M] () -- C:\Users\5520\ntuser.dat.LOG2

    [2010/09/03 14:15:52 | 000,065,536 | -HS- | M] () -- C:\Users\5520\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf

    [2010/09/03 14:15:52 | 000,524,288 | -HS- | M] () -- C:\Users\5520\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms

    [2010/09/03 14:15:52 | 000,524,288 | -HS- | M] () -- C:\Users\5520\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms

    [2010/09/03 13:26:55 | 000,000,020 | -HS- | M] () -- C:\Users\5520\ntuser.ini

    < %USERPROFILE%\AppData\Local\*.* >

    [2010/12/25 16:33:41 | 000,005,120 | ---- | M] () -- C:\Users\5520\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2010/12/26 12:41:47 | 000,110,184 | ---- | M] () -- C:\Users\5520\AppData\Local\GDIPFONTCACHEV1.DAT

    [2011/07/25 00:19:29 | 000,195,246 | ---- | M] () -- C:\Users\5520\AppData\Local\hwcsrfurmi.rar

    [2011/07/25 07:10:21 | 001,150,557 | -H-- | M] () -- C:\Users\5520\AppData\Local\IconCache.db

    [2011/06/01 21:08:36 | 000,000,000 | ---- | M] () -- C:\Users\5520\AppData\Local\{D17C9FF1-9237-47B6-B7B0-ABE4DD9D83EF}

    < %USERPROFILE%\AppData\Roaming\*.* >

    < %ProgramData%\*.* >

    [2010/09/03 17:44:32 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat

    < %CommonProgramFiles%\*.* >

    < %PROGRAMFILES%\*.* >

    [2009/07/14 07:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %systemroot%\system32\*.dll /lockedfiles >

    [2009/07/14 04:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll

    [2009/07/14 04:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll

    [2009/07/14 04:16:15 | 000,193,024 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\sppcomapi.dll

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /90 >

    [2011/04/28 06:29:32 | 000,393,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\bthport.sys

    [2011/04/28 06:29:32 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\BTHUSB.SYS

    [2011/04/27 05:33:46 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dfsc.sys

    [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

    [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamswissarmy.sys

    [2011/05/04 05:43:41 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb.sys

    [2011/05/04 05:43:59 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb10.sys

    [2011/05/04 05:43:48 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb20.sys

    [2011/04/29 05:57:34 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srv.sys

    [2011/04/29 05:57:21 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srv2.sys

    [2011/04/29 05:57:13 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srvnet.sys

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    [2010/09/03 15:16:16 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

    [2009/07/14 04:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll

    [2009/07/14 04:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\winprint.dll

    < MD5 for: EXPLORER.EXE >

    [2009/07/14 04:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

    [2010/08/20 20:49:56 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe

    [2010/08/20 20:49:56 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

    [2010/11/20 15:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

    [2010/08/20 20:49:13 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

    [2010/08/20 20:49:13 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

    [2010/08/20 20:49:56 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

    < MD5 for: USERINIT.EXE >

    [2010/11/20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

    [2009/07/14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

    [2009/07/14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

    < MD5 for: VOLSNAP.SYS >

    [2009/07/14 04:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\drivers\volsnap.sys

    [2009/07/14 04:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys

    [2009/07/14 04:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys

    [2010/11/20 15:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

    < MD5 for: WININIT.EXE >

    [2009/07/14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

    [2009/07/14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

    < MD5 for: WINLOGON.EXE >

    [2010/08/20 20:49:56 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe

    [2010/08/20 20:49:56 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

    [2010/08/20 20:49:56 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

    [2010/11/20 15:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

    [2009/07/14 04:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

    < End of report >

    C:\Users\5520\AppData\Local\hwcsrfurmi.exe

    Не го намирам този файл вече

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Добре!

    Трябва да изтрием още два зловредни файла.

    Направете следното:

    Изтеглете и разархивирайте файла от прикачения ми коментар.

    Стартирайте файла с името delete.bat.

    След като приключи, ще се изпише съобщението Deleted Successfully.

    Натиснете OK за да се затвори документа.

    Той автоматично ще се изтрие след това.

    Направете последна проверка с OTL и публикувайте лог файла за да видя свежите логове.

    Има ли някакви проверки с компютъра сега ?

    delete.zip

    • Харесва ми 3

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    OTL logfile created on: 7/26/2011 8:04:12 PM - Run 4

    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\5520\Desktop

    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

    Internet Explorer (Version = 8.0.7600.16385)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.52% Memory free

    4.00 Gb Paging File | 2.58 Gb Available in Paging File | 64.45% Paging File free

    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

    Drive C: | 121.35 Gb Total Space | 83.38 Gb Free Space | 68.71% Space Free | Partition Type: NTFS

    Drive D: | 111.43 Gb Total Space | 30.38 Gb Free Space | 27.27% Space Free | Partition Type: NTFS

    Drive E: | 534.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: 5520-PC | User Name: 5520 | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: Current user

    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/07/24 15:34:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\5520\Desktop\OTL.exe

    PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    PRC - [2011/07/03 00:02:47 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

    PRC - [2010/09/03 14:44:00 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe

    PRC - [2010/08/20 20:49:56 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

    PRC - [2010/02/03 10:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

    PRC - [2009/07/14 04:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

    ========== Modules (SafeList) ==========

    MOD - [2011/07/24 15:34:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\5520\Desktop\OTL.exe

    MOD - [2010/08/21 08:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

    ========== Win32 Services (SafeList) ==========

    SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

    SRV - [2010/09/05 03:00:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

    SRV - [2010/01/26 13:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

    SRV - [2009/07/14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

    SRV - [2009/07/14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

    SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

    SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

    SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

    ========== Driver Services (SafeList) ==========

    DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

    DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

    DRV - [2010/12/25 15:25:03 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)

    DRV - [2010/09/03 15:16:16 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

    DRV - [2010/07/10 01:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

    DRV - [2010/04/19 15:42:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

    DRV - [2010/04/19 15:42:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

    DRV - [2010/04/19 15:42:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

    DRV - [2010/04/19 15:42:24 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)

    DRV - [2010/04/19 15:42:24 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)

    DRV - [2010/03/25 18:09:44 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)

    DRV - [2010/03/01 18:35:24 | 000,061,952 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)

    DRV - [2010/01/21 15:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

    DRV - [2009/12/30 12:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

    DRV - [2009/12/30 12:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

    DRV - [2009/12/30 12:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

    DRV - [2009/08/13 09:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)

    DRV - [2009/07/14 04:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

    DRV - [2009/07/14 04:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

    DRV - [2009/07/14 04:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

    DRV - [2009/07/14 02:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

    DRV - [2009/07/14 02:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

    DRV - [2009/07/14 02:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

    DRV - [2009/07/14 01:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

    DRV - [2008/09/04 01:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)

    DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

    DRV - [2008/03/17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

    DRV - [2007/12/03 10:48:10 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

    DRV - [2007/02/16 08:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)

    DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg//

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 44 EB 31 53 4B CB 01 [binary data]

    IE - HKCU\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

    FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:2.5.6.0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 19:41:13 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/29 19:41:13 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

    [2010/09/03 14:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\5520\AppData\Roaming\mozilla\Extensions

    [2011/07/24 23:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions

    [2010/10/22 09:10:52 | 000,000,000 | ---D | M] (BS Player Toolbar) -- C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

    [2011/02/13 17:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    [2011/02/13 17:36:45 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

    [2010/07/23 03:47:39 | 000,001,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\911bg.xml

    [2010/07/23 03:47:39 | 000,002,442 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\diribg.xml

    [2010/07/23 03:47:39 | 000,001,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pe-bg.xml

    [2010/07/23 03:47:39 | 000,001,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml

    [2010/07/23 03:47:39 | 000,001,220 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bg.xml

    O1 HOSTS File: ([2011/07/24 23:51:28 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

    O1 - Hosts: 127.0.0.1 localhost

    O1 - Hosts: ::1 localhost

    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

    O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

    O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

    O3 - HKCU\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

    O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

    O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)

    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

    O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0

    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)

    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

    O13 - gopher Prefix: missing

    O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/68.08/uploader2.cab (UploadListView Class)

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 168.126.63.1 192.168.2.1

    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

    O32 - AutoRun File - [2005/02/24 18:44:12 | 000,000,049 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

    O33 - MountPoints2\{07213ada-cc28-11df-b4a5-001b38290cfc}\Shell - "" = AutoRun

    O33 - MountPoints2\{07213ada-cc28-11df-b4a5-001b38290cfc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence

    O33 - MountPoints2\{07213e30-cc28-11df-b4a5-001b38290cfc}\Shell - "" = AutoRun

    O33 - MountPoints2\{07213e30-cc28-11df-b4a5-001b38290cfc}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence

    O33 - MountPoints2\{35616a46-b755-11df-bbbd-001b38290cfc}\Shell - "" = AutoRun

    O33 - MountPoints2\{35616a46-b755-11df-bbbd-001b38290cfc}\Shell\AutoRun\command - "" = F:\SETUP.EXE

    O33 - MountPoints2\{35616a46-b755-11df-bbbd-001b38290cfc}\Shell\configure\command - "" = F:\SETUP.EXE

    O33 - MountPoints2\{35616a46-b755-11df-bbbd-001b38290cfc}\Shell\install\command - "" = F:\SETUP.EXE

    O33 - MountPoints2\{86143729-b798-11df-8a53-806e6f6e6963}\Shell - "" = AutoRun

    O33 - MountPoints2\{86143729-b798-11df-8a53-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install_Win.exe -- [2005/02/28 14:51:24 | 002,211,840 | R--- | M] ()

    O33 - MountPoints2\G\Shell - "" = AutoRun

    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence

    O34 - HKLM BootExecute: (autocheck autochk *) - File not found

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37 - HKLM\...com [@ = comfile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/07/25 07:14:13 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\5520\Desktop\aswMBR.exe

    [2011/07/25 00:31:17 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

    [2011/07/25 00:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

    [2011/07/25 00:31:13 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

    [2011/07/25 00:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

    [2011/07/25 00:30:36 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\5520\Desktop\mbam-setup-1.51.1.1800.exe

    [2011/07/24 16:51:12 | 000,000,000 | ---D | C] -- C:\Users\5520\AppData\Roaming\Malwarebytes

    [2011/07/24 16:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

    [2011/07/24 16:33:52 | 000,000,000 | ---D | C] -- C:\Users\5520\AppData\Roaming\Sammsoft

    [2011/07/24 16:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011

    [2011/07/24 16:00:27 | 000,000,000 | ---D | C] -- C:\_OTL

    [2011/07/24 15:33:53 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\5520\Desktop\OTL.exe

    [2011/07/24 14:45:39 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache

    [2011/07/24 14:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\Total English Upper Intermediate

    [2011/07/13 10:14:25 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

    [2011/07/13 10:14:24 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

    [2011/07/13 10:14:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

    [2011/07/13 10:14:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

    [2011/07/13 10:14:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

    [2011/07/13 10:14:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

    [2011/07/13 10:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

    [2011/07/13 10:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

    [2011/07/13 10:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

    [2011/07/13 10:14:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

    [2011/07/13 10:14:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

    [2011/07/13 10:14:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

    [2011/07/13 10:14:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

    [2011/07/13 10:14:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

    [2011/07/13 10:14:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

    [2011/07/13 10:14:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

    [2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

    [2011/07/13 10:14:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

    [2011/07/13 10:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

    [2011/07/13 10:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

    [2011/07/13 10:14:10 | 002,332,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

    ========== Files - Modified Within 30 Days ==========

    [2011/07/26 20:03:15 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

    [2011/07/26 20:02:42 | 000,000,381 | ---- | M] () -- C:\Users\5520\Desktop\delete.zip

    [2011/07/26 19:13:33 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    [2011/07/26 19:13:33 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    [2011/07/26 05:03:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

    [2011/07/25 21:00:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

    [2011/07/25 08:05:44 | 000,060,620 | ---- | M] () -- C:\Users\5520\Desktop\43193331_j3rlZw1O_c_large.jpg

    [2011/07/25 07:23:27 | 000,000,512 | ---- | M] () -- C:\Users\5520\Desktop\MBR.dat

    [2011/07/25 07:16:56 | 000,623,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat

    [2011/07/25 07:16:56 | 000,107,092 | ---- | M] () -- C:\Windows\System32\perfc009.dat

    [2011/07/25 07:14:14 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\5520\Desktop\aswMBR.exe

    [2011/07/25 07:11:16 | 1609,764,864 | -HS- | M] () -- C:\hiberfil.sys

    [2011/07/25 00:31:17 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

    [2011/07/25 00:30:57 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\5520\Desktop\mbam-setup-1.51.1.1800.exe

    [2011/07/24 23:51:28 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

    [2011/07/24 21:36:28 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hîsts

    [2011/07/24 15:34:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\5520\Desktop\OTL.exe

    [2011/07/24 00:43:17 | 217,045,836 | ---- | M] () -- C:\Windows\MEMORY.DMP

    [2011/07/14 03:19:07 | 000,414,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

    [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

    [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

    [2011/07/03 21:07:29 | 000,661,733 | ---- | M] () -- C:\Users\5520\Desktop\DSC00122.jpg

    [2011/07/03 21:06:12 | 000,521,571 | ---- | M] () -- C:\Users\5520\Desktop\DSC00123.jpg

    ========== Files Created - No Company Name ==========

    [2011/07/26 20:02:36 | 000,000,381 | ---- | C] () -- C:\Users\5520\Desktop\delete.zip

    [2011/07/25 08:07:52 | 000,060,620 | ---- | C] () -- C:\Users\5520\Desktop\43193331_j3rlZw1O_c_large.jpg

    [2011/07/25 07:23:27 | 000,000,512 | ---- | C] () -- C:\Users\5520\Desktop\MBR.dat

    [2011/07/25 00:31:17 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

    [2011/07/03 21:07:00 | 000,661,733 | ---- | C] () -- C:\Users\5520\Desktop\DSC00122.jpg

    [2011/07/03 21:06:01 | 000,521,571 | ---- | C] () -- C:\Users\5520\Desktop\DSC00123.jpg

    [2011/06/01 21:08:36 | 000,000,000 | ---- | C] () -- C:\Users\5520\AppData\Local\{D17C9FF1-9237-47B6-B7B0-ABE4DD9D83EF}

    [2010/12/25 15:28:22 | 000,005,120 | ---- | C] () -- C:\Users\5520\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2010/09/03 17:44:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

    [2010/09/03 14:53:40 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin

    [2009/07/14 07:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

    [2009/07/14 07:33:53 | 000,414,072 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

    [2009/07/14 05:05:48 | 000,623,686 | ---- | C] () -- C:\Windows\System32\perfh009.dat

    [2009/07/14 05:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

    [2009/07/14 05:05:48 | 000,107,092 | ---- | C] () -- C:\Windows\System32\perfc009.dat

    [2009/07/14 05:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

    [2009/07/14 05:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

    [2009/07/14 05:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

    [2009/07/14 03:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

    [2009/07/14 02:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

    [2009/07/14 02:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

    [2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

    [2009/07/14 02:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll

    [2009/06/11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    [2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

    [2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL

    < End of report >

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Супер...лог файла е чист, но ще се наложи да изтриете един файл ръчно:

    C:\Windows\System32\drivers\etc\hîsts

    След това инсталирайте безплатна антивирусна по-избор и направете пълна проверка на системата си.

    Как е сега състоянието на машината ?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Супер:

    Стартирайте OTL още веднъж и натиснете бутона CleanUp.

    Публикувано изображение

    Ако бъдете подканени да рестартирате, се съгласете.

    Изтрийте всички инструменти и логове на инструментите които сме използвали (и не са се изтрили след изпълнените досега процедури).

    Вече можете да изтеглите и преинсталирате Avira AntiVir Personal 10.0.0.650 наново.

    Безопасно сърфиране ! :)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Отворих линка , след което ми искаше да запаметя файла Flash plaer.exe , след което компютара ми започна да се рестартира. Започнаха приятелите ми във Фейсбук да получават съобщения стандартни на английски език.Сега не мога да влизам в facebook от този компютър.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте...!Прочетете правилата на подраздела и си създайте нова тема....!

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Гост
    Тази тема е заключена за нови отговори.

    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.