Премини към съдържанието

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

BOEGRIUS

Flash Player Virus от Facebook [РЕШЕН]

Препоръчан отговор


Отворих линк,запаметих файла Flash plaer.exe ,след което лаптоп-а започна да се рестартира.Започнаха приятелите ми във Фейсбук да получават съобщения стандартни на английски език.Повече немога да влизам от този лаптоп във вейсбук.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Следвайте следната инструкция за работа с OTL:

  • Изтеглете OTL.exe и го запазете на десктопа.
  • Стартирайте файла Публикувано изображение с двукратен клик на мишката.
  • Сложете отметка пред Scan All Users Публикувано изображение
  • Под менюто File Age => изберете 90 days
  • Под менюто Standard Registry => променете на ALL
  • Сложете отметки пред LOP и Purity Check
  • Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):
netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Roaming\*.*
%ProgramData%\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
/md5start
hlp.dat
winlogon.exe
wininit.exe
userinit.exe
explorer.exe
volsnap.sys
/md5stop
  • Натиснете маркираният в синьо бутон: Публикувано изображение.
  • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията "прикачени файлове", когато публикувате мнение).

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Деинсталирайте остатъците от Avira от Control Panel => Programs => Uninstall a program.

Само един лог файл ли се създаде...няма ли и Extras.txt ?

След това:

Стартирайте отново OTL, копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта.

:Processes
killallprocesses
:OTL
SRV - File not found [Auto | Stopped] --  -- (MyWebSearchService)
SRV - File not found [On_Demand | Stopped] --  -- (McComponentHostService)
SRV - File not found [Auto | Stopped] --  -- (ekrn)
SRV - File not found [On_Demand | Stopped] --  -- (EhttpSrv)
SRV - File not found [Auto | Stopped] --  -- (AntiVirService)
SRV - File not found [Auto | Stopped] --  -- (AntiVirSchedulerService)
SRV - [2011/07/24 00:14:23 | 000,495,616 | ---- | M] () [Auto | Running] -- C:\Windows\update.2\svchost.exe -- (srviecheck)
SRV - [2011/07/23 23:53:19 | 000,247,296 | ---- | M] () [Auto | Running] -- C:\Windows\sysdriver32.exe -- (srvsysdriver32)
SRV - [2011/07/23 22:43:54 | 000,340,992 | ---- | M] () [Auto | Running] -- C:\Windows\update.5.0\svchost.exe -- (srvbtcclient)
SRV - [2011/07/23 22:22:35 | 001,185,792 | -H-- | M] () [Auto | Running] -- C:\Windows\update.1\svchost.exe -- (wxpdrivers)
DRV - [2011/06/17 12:37:08 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/17 12:37:08 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/05/20 11:16:28 | 000,133,512 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} -  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2011/04/15 10:04:48 | 000,000,000 | ---D | M]
[2011/07/24 16:35:00 | 000,000,000 | ---D | M] (Support.com Toolbar) -- C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions\toolbar@ask.com
[2011/05/17 13:12:44 | 000,002,333 | ---- | M] () -- C:\Users\5520\AppData\Roaming\Mozilla\Firefox\Profiles\0txhkxa4.default\searchplugins\askcom.xml
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - Reg Error: Value error. File not found
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - Reg Error: Value error. File not found
O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\..\Toolbar\WebBrowser: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [361374.exe]  File not found
O4 - HKLM..\Run: [5741364.exe]  File not found
O4 - HKLM..\Run: [7486403.exe]  File not found
O4 - HKLM..\Run: [7790286-loader2.exe]  File not found
O4 - HKLM..\Run: [8081635.exe]  File not found
O4 - HKLM..\Run: [9339505.exe]  File not found
O4 - HKLM..\Run: [9441405.exe]  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt]  File not found
O4 - HKLM..\Run: [l1rezerv.exe] C:\Windows\l1rezerv.exe ()
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor]  File not found
O4 - HKLM..\Run: [MyWebSearch Email Plugin]  File not found
O4 - HKLM..\Run: [sysdriver32.exe] C:\Windows\sysdriver32.exe ()
O4 - HKLM..\Run: [sysdriver32_.exe]  File not found
O4 - HKLM..\Run: [systemup] C:\Windows\systemup.exe ()
O4 - HKLM..\Run: [tray_ico]  File not found
O4 - HKLM..\Run: [tray_ico0] C:\Windows\update.tray-8-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico1] C:\Windows\update.tray-2-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico2] C:\Windows\update.tray-9-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico3]  File not found
O4 - HKLM..\Run: [tray_ico4]  File not found
O4 - HKLM..\Run: [wxpdrv] C:\Windows\services32.exe ()
O31 - SafeBoot: AlternateShell - services32.exe
[2011/07/24 16:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/07/24 16:25:53 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-2-0-lnk
[2011/07/24 16:25:53 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-2-0
[2011/07/23 22:50:48 | 000,000,000 | ---D | C] -- C:\Windows\ufa
[2011/07/23 22:50:48 | 000,000,000 | ---D | C] -- C:\Windows\rpcminer
[2011/07/23 22:50:48 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
[2011/07/23 22:43:55 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0
[2011/07/23 22:41:05 | 000,000,000 | -H-D | C] -- C:\Windows\update.2
[2011/07/23 22:34:39 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
[2011/07/23 22:33:11 | 000,000,000 | -H-D | C] -- C:\Windows\update.1
[2011/07/23 22:33:07 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-9-0-lnk
[2011/07/23 22:33:07 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-9-0
[2011/07/23 22:33:07 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0-lnk
[2011/07/23 22:33:07 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0
[2011/07/24 00:14:24 | 000,000,180 | ---- | M] () -- C:\Windows\info1
[2011/07/23 23:53:19 | 000,247,296 | ---- | M] () -- C:\Windows\sysdriver32.exe
[2011/07/23 22:50:47 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar
[2011/07/23 22:50:47 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar
[2011/07/23 22:50:47 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
[2011/07/23 22:50:47 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar
[2011/07/23 22:45:45 | 000,114,176 | ---- | M] () -- C:\Windows\systemup.exe
[2011/07/23 22:41:45 | 000,232,960 | ---- | M] () -- C:\Windows\l1rezerv.exe
[2011/07/23 22:40:48 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
[2011/07/23 22:35:38 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok
[2011/07/23 22:22:35 | 001,185,792 | ---- | M] () -- C:\Windows\services32.exe
[2011/07/17 03:24:20 | 004,636,907 | ---- | M] () -- C:\Windows\geoiplist
[2011/06/17 12:37:08 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/06/17 12:37:08 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/05/27 07:51:10 | 000,000,875 | ---- | C] () -- C:\Users\5520\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Shield.lnk
dir /s /a "C:\Users\5520\AppData\Local\{D17C9FF1-9237-47B6-B7B0-ABE4DD9D83EF}" /c
:commands
[resethosts]
[reboot]
След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

След това:

Отворете virustotal и с бутона Browse намерете файла:

C:\Users\5520\AppData\Local\hwcsrfurmi.exe

Натиснете бутона SEND.

Ако файла вече е анализирам, моля натиснете re-analyse.

Публикувайте резултатите от проверката за този файл в следващяи си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

========== PROCESSES ==========

All processes killed

========== OTL ==========

Error: No service named MyWebSearchService was found to stop!

Service\Driver key MyWebSearchService not found.

Error: No service named McComponentHostService was found to stop!

Service\Driver key McComponentHostService not found.

Error: No service named ekrn was found to stop!

Service\Driver key ekrn not found.

Error: No service named EhttpSrv was found to stop!

Service\Driver key EhttpSrv not found.

Service AntiVirService stopped successfully!

Service AntiVirService deleted successfully!

Service AntiVirSchedulerService stopped successfully!

Service AntiVirSchedulerService deleted successfully!

Error: No service named srviecheck was found to stop!

Service\Driver key srviecheck not found.

File C:\Windows\update.2\svchost.exe not found.

Error: No service named srvsysdriver32 was found to stop!

Service\Driver key srvsysdriver32 not found.

File C:\Windows\sysdriver32.exe not found.

Error: No service named srvbtcclient was found to stop!

Service\Driver key srvbtcclient not found.

File C:\Windows\update.5.0\svchost.exe not found.

Error: No service named wxpdrivers was found to stop!

Service\Driver key wxpdrivers not found.

File C:\Windows\update.1\svchost.exe not found.

Error: No service named avipbb was found to stop!

Service\Driver key avipbb not found.

File C:\Windows\System32\drivers\avipbb.sys not found.

Error: No service named avgntflt was found to stop!

Service\Driver key avgntflt not found.

File C:\Windows\System32\drivers\avgntflt.sys not found.

Error: Unable to stop service eamonm!

Service eamonm deleted successfully!

C:\Windows\System32\drivers\eamonm.sys moved successfully.

Service ssmdrv stopped successfully!

Service ssmdrv deleted successfully!

C:\Windows\System32\drivers\ssmdrv.sys moved successfully.

Registry value HKEY_USERS\S-1-5-21-2047312765-6520441-1298651789-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.

C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.

Registry value HKEY_USERS\S-1-5-21-2047312765-6520441-1298651789-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ deleted successfully.

File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin not found.

C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.

C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.

C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions\toolbar@ask.com\defaults folder moved successfully.

C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.

C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.

C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions\toolbar@ask.com\chrome folder moved successfully.

C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions\toolbar@ask.com folder moved successfully.

C:\Users\5520\AppData\Roaming\Mozilla\Firefox\Profiles\0txhkxa4.default\searchplugins\askcom.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_USERS\S-1-5-21-2047312765-6520441-1298651789-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2047312765-6520441-1298651789-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\361374.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\5741364.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\7486403.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\7790286-loader2.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\8081635.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\9339505.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\9441405.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.

C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avgnt deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\l1rezerv.exe deleted successfully.

C:\Windows\l1rezerv.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32.exe deleted successfully.

File C:\Windows\sysdriver32.exe not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32_.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\systemup deleted successfully.

C:\Windows\systemup.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico0 deleted successfully.

C:\Windows\update.tray-8-0\svchost.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.

C:\Windows\update.tray-2-0\svchost.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.

C:\Windows\update.tray-9-0\svchost.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wxpdrv deleted successfully.

C:\Windows\services32.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.

C:\Program Files\Ask.com\Updater folder moved successfully.

C:\Program Files\Ask.com\assets\oobe folder moved successfully.

C:\Program Files\Ask.com\assets folder moved successfully.

C:\Program Files\Ask.com folder moved successfully.

C:\Windows\update.tray-2-0-lnk folder moved successfully.

C:\Windows\update.tray-2-0 folder moved successfully.

C:\Windows\ufa folder moved successfully.

C:\Windows\rpcminer folder moved successfully.

C:\Windows\phoenix\kernels\poclbm folder moved successfully.

C:\Windows\phoenix\kernels\phatk folder moved successfully.

C:\Windows\phoenix\kernels folder moved successfully.

C:\Windows\phoenix folder moved successfully.

C:\Windows\update.5.0 folder moved successfully.

C:\Windows\update.2 folder moved successfully.

C:\Windows\av_ico folder moved successfully.

C:\Windows\update.1 folder moved successfully.

C:\Windows\update.tray-9-0-lnk folder moved successfully.

C:\Windows\update.tray-9-0 folder moved successfully.

C:\Windows\update.tray-8-0-lnk folder moved successfully.

C:\Windows\update.tray-8-0 folder moved successfully.

C:\Windows\info1 moved successfully.

File C:\Windows\sysdriver32.exe not found.

C:\Windows\phoenix.rar moved successfully.

C:\Windows\rpcminer.rar moved successfully.

C:\Windows\unrar.exe moved successfully.

C:\Windows\ufa.rar moved successfully.

File C:\Windows\systemup.exe not found.

File C:\Windows\l1rezerv.exe not found.

C:\Windows\geoiplist.rar moved successfully.

C:\Windows\loader2.exe_ok moved successfully.

File C:\Windows\services32.exe not found.

C:\Windows\geoiplist moved successfully.

File C:\Windows\System32\drivers\avipbb.sys not found.

File C:\Windows\System32\drivers\avgntflt.sys not found.

C:\Users\5520\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Shield.lnk moved successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07242011_235018

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name: hwcsrfurmi.exe

Submission date: 2011-07-24 20:54:41 (UTC)

Current status: queued queued analysing finished

Публикувано изображение

Result: 35/ 43 (81.4%)

VT Community Публикувано изображение

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result AhnLab-V3 2011.07.25.00 2011.07.24 Win-Trojan/Fakeav.217088.CG AntiVir 7.11.12.80 2011.07.24 TR/Fakealert.dgfr Antiy-AVL 2.0.3.7 2011.07.24 Trojan/Win32.FakeAV.gen Avast 4.8.1351.0 2011.07.24 Win32:MalOb-GF [Cryp] Avast5 5.0.677.0 2011.07.24 Win32:MalOb-GF [Cryp] AVG 10.0.0.1190 2011.07.24 Generic22.BXIT BitDefender 7.2 2011.07.24 Gen:Variant.Kazy.24524 CAT-QuickHeal 11.00 2011.07.24 - ClamAV 0.97.0.0 2011.07.24 Trojan.Fakealert.Sesh Commtouch 5.3.2.6 2011.07.24 W32/FakeAlert.OF.gen!Eldorado Comodo 9499 2011.07.24 - DrWeb 5.0.2.03300 2011.07.24 Trojan.Fakealert.21231 Emsisoft 5.1.0.8 2011.07.24 Trojan.Win32.FakeAV!IK eSafe 7.0.17.0 2011.07.24 - eTrust-Vet 36.1.8459 2011.07.22 Win32/FraudSecurityTool.O!generi F-Prot 4.6.2.117 2011.07.24 W32/FakeAlert.OF.gen!Eldorado F-Secure 9.0.16440.0 2011.07.24 Gen:Variant.Kazy.24524 Fortinet 4.2.257.0 2011.07.24 - GData 22 2011.07.24 Gen:Variant.Kazy.24524 Ikarus T3.1.1.104.0 2011.07.24 Trojan.Win32.FakeAV Jiangmin 13.0.900 2011.07.24 Trojan/Fakeav.tty K7AntiVirus 9.108.4937 2011.07.22 Trojan Kaspersky 9.0.0.837 2011.07.24 Trojan.Win32.FakeAV.dgfp McAfee 5.400.0.1158 2011.07.24 FakeAlert-Rena.a McAfee-GW-Edition 2010.1D 2011.07.24 Heuristic.BehavesLike.Win32.Spyware.B Microsoft 1.7104 2011.07.24 Rogue:Win32/Winwebsec NOD32 6321 2011.07.24 Win32/Olmasco.Gen Norman 6.07.10 2011.07.23 W32/Kryptik.XW nProtect 2011-07-24.01 2011.07.24 Gen:Variant.Kazy.24524 Panda 10.0.3.5 2011.07.24 Adware/WindowsRecovery PCTools 8.0.0.5 2011.07.24 Trojan.FakeAV Prevx 3.0 2011.07.24 - Rising 23.67.04.03 2011.07.22 - Sophos 4.67.0 2011.07.24 Mal/FakeAV-CS SUPERAntiSpyware 4.40.0.1006 2011.07.24 Trojan.Agent/Gen-FakeAlert[JJR] Symantec 20111.1.0.186 2011.07.24 Trojan.FakeAV!gen42 TheHacker 6.7.0.1.262 2011.07.24 Trojan/FakeAV.dfra TrendMicro 9.200.0.1012 2011.07.24 TROJ_FAKEAV.SML3 TrendMicro-HouseCall 9.200.0.1012 2011.07.24 TROJ_FAKEAV.SML3 VBA32 3.12.16.4 2011.07.22 Trojan.FakeAV.dfra VIPRE 9954 2011.07.24 FraudTool.Win32.InternetProtection.ek!a (v) ViRobot 2011.7.23.4585 2011.07.24 - VirusBuster 14.0.136.0 2011.07.24 -

Additional information

Show all MD5 : 9b9d28cafbe5dca70772627a9f97c7f6 SHA1 : 0970307598eed08499160c25cc5d2b5debce48dd SHA256: 3577e1c5991826a308542962640b39ef0eb68db84f52c70225d49e7622b92cc5 ssdeep: 6144:+SguQLZbK7B6PnM2PGipPtozOEO3icCFoGda0VqiV1l:+3m6PQi+r5qX0VqiHl File size : 217088 bytes First seen: 2011-07-24 20:54:41 Last seen : 2011-07-24 20:54:41 TrID:

Win32 Executable Generic (42.3%)

Win32 Dynamic Link Library (generic) (37.6%)

Generic Win/DOS Executable (9.9%)

DOS Executable Generic (9.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck:

publisher....: iT Systems

copyright....: n/a

product......: n/a

description..: Protection Ware

original name: n/a

internal name: jjr34532

file version.: 1a1

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x2ADA

timedatestamp....: 0x4DDF2B2E (Fri May 27 04:40:14 2011)

machinetype......: 0x14c (I386)

[[ 4 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.itext, 0x1000, 0xFC, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e

.text, 0x2000, 0xD0F04, 0x2A000, 7.98, ee7165106e57642d1c395c8cc2752b9f

.idata, 0xD3000, 0x554, 0x1000, 2.15, 7aeb80e665b06718e9457ae2f718697d

.rsrc, 0xD4000, 0x8F18, 0x9000, 6.55, bb31ef38108c6317b01ad37850bcf759

[[ 2 import(s) ]]

kernel32.dll: GetCommandLineA, FindFirstChangeNotificationA, CreateDirectoryExA, SetConsoleMaximumWindowSize, GetThreadIOPendingFlag, ProcessIdToSessionId, GetModuleHandleA, InterlockedExchange, GetProfileIntA, VirtualAlloc, WriteConsoleInputA, GetConsoleFontInfo, EndUpdateResourceA, GetCurrentDirectoryA, DeviceIoControl, GetCommandLineA, FindAtomA, CreateFileMappingA, GetConsoleMode, SetCurrentDirectoryA, ExitProcess, WritePrivateProfileStructA, DeviceIoControl, GetPrivateProfileSectionNamesW, GetFileAttributesExA, MultiByteToWideChar, ReadConsoleOutputA, SetCommBreak, GetLogicalDriveStringsA, IsBadStringPtrA

ws2_32.dll: recv

[[ 6 export(s) ]]

Lysirsit, EndCtdioctcgoj, Oyjqnqxytkx, Saqnqngp, Ldfvdjusaob, IsNiekmcaqtre ExifTool:

file metadata

CharacterSet: Unicode

CodeSize: 172032

CompanyName: iT Systems

EntryPoint: 0x2ada

FileDescription: Protection Ware

FileFlagsMask: 0x003f

FileOS: Windows NT 32-bit

FileSize: 212 kB

FileSubtype: 0

FileType: Win32 EXE

FileVersion:

FileVersionNumber: 1.7.8800.0

ImageVersion: 0.0

InitializedDataSize: 40960

InternalName: jjr34532

LanguageCode: Russian

LinkerVersion: 7.1

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 4.0

ObjectFileType: Executable application

OriginalFilename: je53vs2.exe

PEType: PE32

ProductName: IT SoftWare

ProductVersion: hw4

ProductVersionNumber: 1.7.8800.0

Subsystem: Windows GUI

SubsystemVersion: 4.0

TimeStamp: 2011:05:27 06:40:14+02:00

UninitializedDataSize: 0

galCopyright: It Systems Corp. All rights reserved.

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Моля, архивирайте файла:

C:\Users\5520\AppData\Local\hwcsrfurmi.exe

и след това го качете на този адрес.

Публикувайте линк в следващия си пост, след това го изтрийте.

След това:

  • Изтеглете Malwarebytes' Anti-Malware оттук и я инсталирайте.
  • Стартирайте Malwarebytes' Anti-Malware и отидете на UPDATE и натиснете Check for updates.
  • След това се върнете на Scanner изберете Perform QUICK Scan, след това кликнете на Scan.
  • Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
  • Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
  • Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
  • Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.

Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

C:\Users\5520\AppData\Local\hwcsrfurmi.exe

Malware ми тръгва на Гаден Арабски,нищо не разбирам

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

C:\Users\5520\AppData\Local\hwcsrfurmi.exe

Мисля, че не ме разбрахте...затова ще опитаме по-друг начин:

Отворете Notepad и копирайте следната информация вътре:

@echo off

for %%g in (

C:\Users\5520\AppData\Local\hwcsrfurmi.exe

) do zip Files_for_submission %%g

del %0

Запазете файла на десктопа с име grab.bat и го стартирайте.

Ще се появи файл на десктопа с името Files_for_submission.zip

Прикачете го към следващия си коментар.

Колкото до Malwarebytes, направете следното:

Отворете програмата и отидете до 3-тата колонка от дясно - наляво...след това както е показано на снимката изберете English

Публикувано изображение

Продължете с останалите инструкции...

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7266

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

7/25/2011 1:02:23 AM

mbam-log-2011-07-25 (01-02-23).txt

Scan type: Quick scan

Objects scanned: 154804

Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 123

Registry Values Infected: 2

Registry Data Items Infected: 4

Folders Infected: 15

Files Infected: 41

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{67FA02C4-AB30-4e77-A640-78EE8EC8673B} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2121&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:

c:\program files\mywebsearch\bar\1.bin\M3FFTBPR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\Users\5520\AppData\Roaming\microsoft\internet explorer\quick launch\best malware protection.lnk (Rogue.BestMalwareProtection) -> Quarantined and deleted successfully.

c:\Users\5520\AppData\Roaming\microsoft\Windows\start menu\Programs\best malware protection.lnk (Rogue.BestMalwareProtection) -> Quarantined and deleted successfully.

c:\Users\5520\AppData\Roaming\microsoft\Windows\start menu\best malware protection.lnk (Rogue.BestMalwareProtection) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\M3PATCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Моля, изтеглете aswMBR и го запазете на вашия десктоп.

  • Кликнете с двоен клин на мишката върху файла aswMBR.exe за да го стартирате.
  • Изчакайте да изтегли дефинициите на avast!
  • От падащото меню посочете дял C:\ както е на снимката:
Публикувано изображение
  • Изберете Scan бутона, за да започне проверката.
  • Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му в следващия си коментар.

Какво стана с първа стъпка...получи ли се файла Files_for_submission.zip.

Всъщност оставете...ако не можете да се справите.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

относно Files_for_submission.zip. не се създава

aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software

Run date: 2011-07-25 07:14:57

-----------------------------

07:14:57.791 OS Version: Windows 6.1.7600

07:14:57.791 Number of processors: 2 586 0x4802

07:14:57.791 ComputerName: 5520-PC UserName: 5520

07:15:11.911 Initialize success

07:16:13.399 AVAST engine defs: 11072401

07:16:29.717 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4

07:16:29.717 Disk 0 Vendor: WDC_WD2500BEVS-22UST0 01.01A01 Size: 238475MB BusType: 3

07:16:29.732 Disk 0 MBR read successfully

07:16:29.748 Disk 0 MBR scan

07:16:29.764 Disk 0 Windows 7 default MBR code

07:16:29.779 Disk 0 scanning sectors +488394752

07:16:29.904 Disk 0 scanning C:\Windows\system32\drivers

07:16:41.074 Service scanning

07:16:44.584 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

07:16:45.192 Modules scanning

07:16:54.864 Disk 0 trace - called modules:

07:16:54.880 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x850711f8]<<

07:16:54.895 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ee2700]

07:16:55.410 3 CLASSPNP.SYS[8960c59e] -> nt!IofCallDriver -> [0x85dae918]

07:16:55.426 5 ACPI.sys[88f5e3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x85e0d908]

07:16:55.426 \Driver\atapi[0x85dac7a0] -> IRP_MJ_CREATE -> 0x850711f8

07:16:56.642 AVAST engine scan C:\

07:23:27.737 Disk 0 MBR has been saved successfully to "C:\Users\5520\Desktop\MBR.dat"

07:23:27.753 The log file has been saved successfully to "C:\Users\5520\Desktop\aswMBR.txt"

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Мисля, че го поизчистихме.

Моля направете една нова проверка с OTL, както е описано тук и публикувайте свежи логове от проверката.

Ок...тогава изтрийте файла C:\Users\5520\AppData\Local\hwcsrfurmi.exe

Изтрийте го и от Recycle Bin-a.

Щеше да е добре да му хвърля един поглед, но явно не можете да го архивирате и прикачите в следващия си коментар.

Няма значение.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

OTL logfile created on: 7/25/2011 10:08:11 PM - Run 3

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\5520\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.24% Memory free

4.00 Gb Paging File | 2.63 Gb Available in Paging File | 65.66% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 121.35 Gb Total Space | 84.01 Gb Free Space | 69.23% Space Free | Partition Type: NTFS

Drive D: | 111.43 Gb Total Space | 30.38 Gb Free Space | 27.27% Space Free | Partition Type: NTFS

Drive E: | 534.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: 5520-PC | User Name: 5520 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/07/24 15:34:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\5520\Desktop\OTL.exe

PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/07/03 00:02:47 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2010/09/03 14:44:00 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe

PRC - [2010/08/20 20:49:56 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/02/03 10:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

PRC - [2009/07/14 04:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (SafeList) ==========

MOD - [2011/07/24 15:34:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\5520\Desktop\OTL.exe

MOD - [2010/08/21 08:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/09/05 03:00:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/01/26 13:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2009/07/14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/12/25 15:25:03 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)

DRV - [2010/09/03 15:16:16 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010/07/10 01:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2010/04/19 15:42:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - [2010/04/19 15:42:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - [2010/04/19 15:42:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - [2010/04/19 15:42:24 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)

DRV - [2010/04/19 15:42:24 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)

DRV - [2010/03/25 18:09:44 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)

DRV - [2010/03/01 18:35:24 | 000,061,952 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)

DRV - [2010/01/21 15:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2009/12/30 12:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2009/12/30 12:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2009/12/30 12:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2009/08/13 09:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)

DRV - [2009/07/14 04:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009/07/14 04:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009/07/14 04:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009/07/14 02:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/14 02:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009/07/14 02:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/14 01:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008/09/04 01:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)

DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/03/17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2007/12/03 10:48:10 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2007/02/16 08:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg//

IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 44 EB 31 53 4B CB 01 [binary data]

IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:2.5.6.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 19:41:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/29 19:41:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/09/03 14:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\5520\AppData\Roaming\mozilla\Extensions

[2010/09/03 14:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\5520\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011/07/24 23:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions

[2010/10/22 09:10:52 | 000,000,000 | ---D | M] (BS Player Toolbar) -- C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

[2011/02/13 17:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/09/03 14:41:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011/02/13 17:36:45 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/09/03 15:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

[2010/07/23 05:08:21 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2010/07/23 05:08:21 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2010/07/23 05:08:21 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2008/06/12 05:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2011/03/29 19:41:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2011/03/29 19:41:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2011/03/29 19:41:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2011/03/29 19:41:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2011/03/29 19:41:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2011/03/29 19:41:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2011/03/29 19:41:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2010/07/23 03:47:39 | 000,001,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\911bg.xml

[2010/07/23 03:47:39 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2010/07/23 03:47:39 | 000,002,442 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\diribg.xml

[2010/07/23 03:47:39 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2010/07/23 03:47:39 | 000,001,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pe-bg.xml

[2010/07/23 03:47:39 | 000,001,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml

[2010/07/23 03:47:39 | 000,001,220 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bg.xml

O1 HOSTS File: ([2011/07/24 23:51:28 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-2047312765-6520441-1298651789-1001\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2047312765-6520441-1298651789-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-2047312765-6520441-1298651789-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\S-1-5-21-2047312765-6520441-1298651789-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/68.08/uploader2.cab (UploadListView Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 168.126.63.1 192.168.2.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005/02/24 18:44:12 | 000,000,049 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{07213ada-cc28-11df-b4a5-001b38290cfc}\Shell - "" = AutoRun

O33 - MountPoints2\{07213ada-cc28-11df-b4a5-001b38290cfc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{07213e30-cc28-11df-b4a5-001b38290cfc}\Shell - "" = AutoRun

O33 - MountPoints2\{07213e30-cc28-11df-b4a5-001b38290cfc}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence

O33 - MountPoints2\{35616a46-b755-11df-bbbd-001b38290cfc}\Shell - "" = AutoRun

O33 - MountPoints2\{35616a46-b755-11df-bbbd-001b38290cfc}\Shell\AutoRun\command - "" = F:\SETUP.EXE

O33 - MountPoints2\{35616a46-b755-11df-bbbd-001b38290cfc}\Shell\configure\command - "" = F:\SETUP.EXE

O33 - MountPoints2\{35616a46-b755-11df-bbbd-001b38290cfc}\Shell\install\command - "" = F:\SETUP.EXE

O33 - MountPoints2\{86143729-b798-11df-8a53-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{86143729-b798-11df-8a53-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install_Win.exe -- [2005/02/28 14:51:24 | 002,211,840 | R--- | M] ()

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 90 Days ==========

[2011/07/25 07:14:13 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\5520\Desktop\aswMBR.exe

[2011/07/25 00:31:17 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/07/25 00:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/25 00:31:13 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/07/25 00:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/25 00:30:36 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\5520\Desktop\mbam-setup-1.51.1.1800.exe

[2011/07/24 16:51:12 | 000,000,000 | ---D | C] -- C:\Users\5520\AppData\Roaming\Malwarebytes

[2011/07/24 16:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/07/24 16:33:52 | 000,000,000 | ---D | C] -- C:\Users\5520\AppData\Roaming\Sammsoft

[2011/07/24 16:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011

[2011/07/24 16:00:27 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/24 15:33:53 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\5520\Desktop\OTL.exe

[2011/07/24 14:45:39 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache

[2011/07/24 14:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\Total English Upper Intermediate

[2011/07/13 10:14:25 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2011/07/13 10:14:24 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

[2011/07/13 10:14:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/07/13 10:14:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

[2011/07/13 10:14:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

[2011/07/13 10:14:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

[2011/07/13 10:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

[2011/07/13 10:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

[2011/07/13 10:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

[2011/07/13 10:14:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

[2011/07/13 10:14:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

[2011/07/13 10:14:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

[2011/07/13 10:14:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

[2011/07/13 10:14:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

[2011/07/13 10:14:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

[2011/07/13 10:14:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

[2011/07/13 10:14:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

[2011/07/13 10:14:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

[2011/07/13 10:14:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

[2011/07/13 10:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

[2011/07/13 10:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

[2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

[2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

[2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

[2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

[2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

[2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

[2011/07/13 10:14:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

[2011/07/13 10:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

[2011/07/13 10:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

[2011/07/13 10:14:10 | 002,332,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011/06/26 11:37:04 | 000,000,000 | ---D | C] -- C:\Users\5520\Desktop\New folder

[2011/06/17 00:30:07 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011/06/17 00:30:06 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011/06/17 00:30:05 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2011/06/17 00:30:05 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011/06/17 00:30:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011/06/17 00:30:04 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011/06/17 00:30:04 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011/06/17 00:30:04 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011/06/17 00:30:03 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011/06/17 00:30:03 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011/06/17 00:30:02 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011/05/29 08:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2011/05/16 18:29:21 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe

[2011/05/11 20:45:49 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2011/05/11 20:45:47 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

========== Files - Modified Within 90 Days ==========

[2011/07/25 22:03:17 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/25 21:13:32 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/25 21:13:32 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/25 21:00:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/25 08:05:44 | 000,060,620 | ---- | M] () -- C:\Users\5520\Desktop\43193331_j3rlZw1O_c_large.jpg

[2011/07/25 07:23:27 | 000,000,512 | ---- | M] () -- C:\Users\5520\Desktop\MBR.dat

[2011/07/25 07:16:56 | 000,623,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/07/25 07:16:56 | 000,107,092 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/07/25 07:14:14 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\5520\Desktop\aswMBR.exe

[2011/07/25 07:11:29 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/25 07:11:16 | 1609,764,864 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/25 00:31:17 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/25 00:30:57 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\5520\Desktop\mbam-setup-1.51.1.1800.exe

[2011/07/25 00:19:29 | 000,195,246 | ---- | M] () -- C:\Users\5520\AppData\Local\hwcsrfurmi.rar

[2011/07/24 23:51:28 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2011/07/24 21:36:28 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hîsts

[2011/07/24 15:34:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\5520\Desktop\OTL.exe

[2011/07/24 00:43:17 | 217,045,836 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/07/14 03:19:07 | 000,414,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/07/03 21:07:29 | 000,661,733 | ---- | M] () -- C:\Users\5520\Desktop\DSC00122.jpg

[2011/07/03 21:06:12 | 000,521,571 | ---- | M] () -- C:\Users\5520\Desktop\DSC00123.jpg

[2011/06/11 05:37:19 | 002,332,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011/06/02 08:45:51 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

[2011/06/02 08:45:51 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

[2011/06/02 08:45:51 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

[2011/06/02 08:45:51 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

[2011/06/02 08:45:51 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

[2011/06/02 08:45:51 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

[2011/06/02 08:45:51 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

[2011/06/02 08:45:51 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

[2011/06/02 08:45:51 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

[2011/06/02 08:45:51 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

[2011/06/02 08:45:51 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

[2011/06/02 08:45:51 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

[2011/06/02 08:45:50 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

[2011/06/02 08:45:50 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/06/02 08:45:50 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

[2011/06/02 08:45:50 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

[2011/06/02 08:45:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

[2011/06/02 08:45:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

[2011/06/02 08:45:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

[2011/06/02 08:45:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

[2011/06/02 08:45:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

[2011/06/02 08:45:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

[2011/06/02 08:45:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

[2011/06/02 08:45:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

[2011/06/02 06:45:49 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

[2011/06/02 06:45:49 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

[2011/06/02 06:45:49 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

[2011/06/02 06:45:49 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

[2011/06/01 21:08:36 | 000,000,000 | ---- | M] () -- C:\Users\5520\AppData\Local\{D17C9FF1-9237-47B6-B7B0-ABE4DD9D83EF}

[2011/05/28 06:00:02 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011/05/14 09:35:55 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2011/05/14 09:33:14 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

========== Files Created - No Company Name ==========

[2011/07/25 08:07:52 | 000,060,620 | ---- | C] () -- C:\Users\5520\Desktop\43193331_j3rlZw1O_c_large.jpg

[2011/07/25 07:23:27 | 000,000,512 | ---- | C] () -- C:\Users\5520\Desktop\MBR.dat

[2011/07/25 00:31:17 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/25 00:19:29 | 000,195,246 | ---- | C] () -- C:\Users\5520\AppData\Local\hwcsrfurmi.rar

[2011/07/03 21:07:00 | 000,661,733 | ---- | C] () -- C:\Users\5520\Desktop\DSC00122.jpg

[2011/07/03 21:06:01 | 000,521,571 | ---- | C] () -- C:\Users\5520\Desktop\DSC00123.jpg

[2011/06/26 11:36:54 | 000,576,505 | ---- | C] () -- C:\Users\5520\Desktop\100_3227.jpg

[2011/06/01 21:08:36 | 000,000,000 | ---- | C] () -- C:\Users\5520\AppData\Local\{D17C9FF1-9237-47B6-B7B0-ABE4DD9D83EF}

[2010/12/25 15:28:22 | 000,005,120 | ---- | C] () -- C:\Users\5520\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/03 17:44:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/09/03 14:53:40 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin

[2009/07/14 07:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 07:33:53 | 000,414,072 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/07/14 05:05:48 | 000,623,686 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009/07/14 05:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009/07/14 05:05:48 | 000,107,092 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009/07/14 05:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009/07/14 05:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009/07/14 05:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009/07/14 03:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009/07/14 02:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/14 02:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/07/14 02:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll

[2009/06/11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL

========== LOP Check ==========

[2010/12/25 15:28:02 | 000,000,000 | ---D | M] -- C:\Users\5520\AppData\Roaming\ACD Systems

[2011/04/15 09:21:07 | 000,000,000 | -HSD | M] -- C:\Users\5520\AppData\Roaming\Best Malware Protection

[2011/01/11 21:05:35 | 000,000,000 | ---D | M] -- C:\Users\5520\AppData\Roaming\Big Fish Games

[2011/01/19 08:09:40 | 000,000,000 | ---D | M] -- C:\Users\5520\AppData\Roaming\BSplayer

[2010/10/22 09:10:51 | 000,000,000 | ---D | M] -- C:\Users\5520\AppData\Roaming\BSplayer Pro

[2010/09/03 16:42:31 | 000,000,000 | ---D | M] -- C:\Users\5520\AppData\Roaming\DAEMON Tools Lite

[2010/12/16 14:20:40 | 000,000,000 | ---D | M] -- C:\Users\5520\AppData\Roaming\Nokia

[2011/07/24 20:49:15 | 000,000,000 | ---D | M] -- C:\Users\5520\AppData\Roaming\Sammsoft

[2011/07/25 22:09:26 | 000,000,000 | ---D | M] -- C:\Users\5520\AppData\Roaming\uTorrent

[2010/10/09 09:49:54 | 000,000,000 | ---D | M] -- C:\Users\5520\AppData\Roaming\Vodafone

[2011/07/24 23:50:19 | 000,022,120 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2009/06/11 00:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/06/11 00:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2011/07/25 07:11:16 | 1609,764,864 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/25 07:11:20 | 2146,357,248 | -HS- | M] () -- C:\pagefile.sys

< %USERPROFILE%\*.* >

[2011/07/25 22:10:13 | 003,145,728 | -HS- | M] () -- C:\Users\5520\NTUSER.DAT

[2011/07/25 22:10:13 | 000,262,144 | -HS- | M] () -- C:\Users\5520\ntuser.dat.LOG1

[2010/09/03 13:26:55 | 000,000,000 | -HS- | M] () -- C:\Users\5520\ntuser.dat.LOG2

[2010/09/03 14:15:52 | 000,065,536 | -HS- | M] () -- C:\Users\5520\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf

[2010/09/03 14:15:52 | 000,524,288 | -HS- | M] () -- C:\Users\5520\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms

[2010/09/03 14:15:52 | 000,524,288 | -HS- | M] () -- C:\Users\5520\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms

[2010/09/03 13:26:55 | 000,000,020 | -HS- | M] () -- C:\Users\5520\ntuser.ini

< %USERPROFILE%\AppData\Local\*.* >

[2010/12/25 16:33:41 | 000,005,120 | ---- | M] () -- C:\Users\5520\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/12/26 12:41:47 | 000,110,184 | ---- | M] () -- C:\Users\5520\AppData\Local\GDIPFONTCACHEV1.DAT

[2011/07/25 00:19:29 | 000,195,246 | ---- | M] () -- C:\Users\5520\AppData\Local\hwcsrfurmi.rar

[2011/07/25 07:10:21 | 001,150,557 | -H-- | M] () -- C:\Users\5520\AppData\Local\IconCache.db

[2011/06/01 21:08:36 | 000,000,000 | ---- | M] () -- C:\Users\5520\AppData\Local\{D17C9FF1-9237-47B6-B7B0-ABE4DD9D83EF}

< %USERPROFILE%\AppData\Roaming\*.* >

< %ProgramData%\*.* >

[2010/09/03 17:44:32 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat

< %CommonProgramFiles%\*.* >

< %PROGRAMFILES%\*.* >

[2009/07/14 07:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %systemroot%\system32\*.dll /lockedfiles >

[2009/07/14 04:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll

[2009/07/14 04:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll

[2009/07/14 04:16:15 | 000,193,024 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\sppcomapi.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

[2011/04/28 06:29:32 | 000,393,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\bthport.sys

[2011/04/28 06:29:32 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\BTHUSB.SYS

[2011/04/27 05:33:46 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dfsc.sys

[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamswissarmy.sys

[2011/05/04 05:43:41 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb.sys

[2011/05/04 05:43:59 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb10.sys

[2011/05/04 05:43:48 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb20.sys

[2011/04/29 05:57:34 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srv.sys

[2011/04/29 05:57:21 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srv2.sys

[2011/04/29 05:57:13 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srvnet.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

[2010/09/03 15:16:16 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2009/07/14 04:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll

[2009/07/14 04:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\winprint.dll

< MD5 for: EXPLORER.EXE >

[2009/07/14 04:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2010/08/20 20:49:56 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe

[2010/08/20 20:49:56 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2010/11/20 15:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[2010/08/20 20:49:13 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2010/08/20 20:49:13 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2010/08/20 20:49:56 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: USERINIT.EXE >

[2010/11/20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

[2009/07/14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: VOLSNAP.SYS >

[2009/07/14 04:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\drivers\volsnap.sys

[2009/07/14 04:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys

[2009/07/14 04:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys

[2010/11/20 15:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

< MD5 for: WININIT.EXE >

[2009/07/14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009/07/14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >

[2010/08/20 20:49:56 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe

[2010/08/20 20:49:56 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2010/08/20 20:49:56 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010/11/20 15:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009/07/14 04:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< End of report >

C:\Users\5520\AppData\Local\hwcsrfurmi.exe

Не го намирам този файл вече

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добре!

Трябва да изтрием още два зловредни файла.

Направете следното:

Изтеглете и разархивирайте файла от прикачения ми коментар.

Стартирайте файла с името delete.bat.

След като приключи, ще се изпише съобщението Deleted Successfully.

Натиснете OK за да се затвори документа.

Той автоматично ще се изтрие след това.

Направете последна проверка с OTL и публикувайте лог файла за да видя свежите логове.

Има ли някакви проверки с компютъра сега ?

delete.zip

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

OTL logfile created on: 7/26/2011 8:04:12 PM - Run 4

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\5520\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.52% Memory free

4.00 Gb Paging File | 2.58 Gb Available in Paging File | 64.45% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 121.35 Gb Total Space | 83.38 Gb Free Space | 68.71% Space Free | Partition Type: NTFS

Drive D: | 111.43 Gb Total Space | 30.38 Gb Free Space | 27.27% Space Free | Partition Type: NTFS

Drive E: | 534.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: 5520-PC | User Name: 5520 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/24 15:34:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\5520\Desktop\OTL.exe

PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/07/03 00:02:47 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2010/09/03 14:44:00 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe

PRC - [2010/08/20 20:49:56 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/02/03 10:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

PRC - [2009/07/14 04:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (SafeList) ==========

MOD - [2011/07/24 15:34:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\5520\Desktop\OTL.exe

MOD - [2010/08/21 08:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/09/05 03:00:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/01/26 13:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2009/07/14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/12/25 15:25:03 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)

DRV - [2010/09/03 15:16:16 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010/07/10 01:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2010/04/19 15:42:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - [2010/04/19 15:42:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - [2010/04/19 15:42:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - [2010/04/19 15:42:24 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)

DRV - [2010/04/19 15:42:24 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)

DRV - [2010/03/25 18:09:44 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)

DRV - [2010/03/01 18:35:24 | 000,061,952 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)

DRV - [2010/01/21 15:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2009/12/30 12:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2009/12/30 12:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2009/12/30 12:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2009/08/13 09:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)

DRV - [2009/07/14 04:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009/07/14 04:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009/07/14 04:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009/07/14 02:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/14 02:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009/07/14 02:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/14 01:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008/09/04 01:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)

DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/03/17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2007/12/03 10:48:10 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2007/02/16 08:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg//

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 44 EB 31 53 4B CB 01 [binary data]

IE - HKCU\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:2.5.6.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 19:41:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/29 19:41:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/09/03 14:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\5520\AppData\Roaming\mozilla\Extensions

[2011/07/24 23:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions

[2010/10/22 09:10:52 | 000,000,000 | ---D | M] (BS Player Toolbar) -- C:\Users\5520\AppData\Roaming\mozilla\Firefox\Profiles\0txhkxa4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

[2011/02/13 17:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/02/13 17:36:45 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/07/23 03:47:39 | 000,001,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\911bg.xml

[2010/07/23 03:47:39 | 000,002,442 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\diribg.xml

[2010/07/23 03:47:39 | 000,001,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pe-bg.xml

[2010/07/23 03:47:39 | 000,001,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml

[2010/07/23 03:47:39 | 000,001,220 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bg.xml

O1 HOSTS File: ([2011/07/24 23:51:28 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/68.08/uploader2.cab (UploadListView Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 168.126.63.1 192.168.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005/02/24 18:44:12 | 000,000,049 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{07213ada-cc28-11df-b4a5-001b38290cfc}\Shell - "" = AutoRun

O33 - MountPoints2\{07213ada-cc28-11df-b4a5-001b38290cfc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{07213e30-cc28-11df-b4a5-001b38290cfc}\Shell - "" = AutoRun

O33 - MountPoints2\{07213e30-cc28-11df-b4a5-001b38290cfc}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence

O33 - MountPoints2\{35616a46-b755-11df-bbbd-001b38290cfc}\Shell - "" = AutoRun

O33 - MountPoints2\{35616a46-b755-11df-bbbd-001b38290cfc}\Shell\AutoRun\command - "" = F:\SETUP.EXE

O33 - MountPoints2\{35616a46-b755-11df-bbbd-001b38290cfc}\Shell\configure\command - "" = F:\SETUP.EXE

O33 - MountPoints2\{35616a46-b755-11df-bbbd-001b38290cfc}\Shell\install\command - "" = F:\SETUP.EXE

O33 - MountPoints2\{86143729-b798-11df-8a53-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{86143729-b798-11df-8a53-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install_Win.exe -- [2005/02/28 14:51:24 | 002,211,840 | R--- | M] ()

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/25 07:14:13 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\5520\Desktop\aswMBR.exe

[2011/07/25 00:31:17 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/07/25 00:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/25 00:31:13 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/07/25 00:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/25 00:30:36 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\5520\Desktop\mbam-setup-1.51.1.1800.exe

[2011/07/24 16:51:12 | 000,000,000 | ---D | C] -- C:\Users\5520\AppData\Roaming\Malwarebytes

[2011/07/24 16:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/07/24 16:33:52 | 000,000,000 | ---D | C] -- C:\Users\5520\AppData\Roaming\Sammsoft

[2011/07/24 16:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011

[2011/07/24 16:00:27 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/24 15:33:53 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\5520\Desktop\OTL.exe

[2011/07/24 14:45:39 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache

[2011/07/24 14:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\Total English Upper Intermediate

[2011/07/13 10:14:25 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2011/07/13 10:14:24 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

[2011/07/13 10:14:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/07/13 10:14:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

[2011/07/13 10:14:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

[2011/07/13 10:14:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

[2011/07/13 10:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

[2011/07/13 10:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

[2011/07/13 10:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

[2011/07/13 10:14:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

[2011/07/13 10:14:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

[2011/07/13 10:14:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

[2011/07/13 10:14:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

[2011/07/13 10:14:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

[2011/07/13 10:14:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

[2011/07/13 10:14:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

[2011/07/13 10:14:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

[2011/07/13 10:14:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

[2011/07/13 10:14:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

[2011/07/13 10:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

[2011/07/13 10:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

[2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

[2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

[2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

[2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

[2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

[2011/07/13 10:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

[2011/07/13 10:14:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

[2011/07/13 10:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

[2011/07/13 10:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

[2011/07/13 10:14:10 | 002,332,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2011/07/26 20:03:15 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/26 20:02:42 | 000,000,381 | ---- | M] () -- C:\Users\5520\Desktop\delete.zip

[2011/07/26 19:13:33 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/26 19:13:33 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/26 05:03:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/25 21:00:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/25 08:05:44 | 000,060,620 | ---- | M] () -- C:\Users\5520\Desktop\43193331_j3rlZw1O_c_large.jpg

[2011/07/25 07:23:27 | 000,000,512 | ---- | M] () -- C:\Users\5520\Desktop\MBR.dat

[2011/07/25 07:16:56 | 000,623,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/07/25 07:16:56 | 000,107,092 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/07/25 07:14:14 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\5520\Desktop\aswMBR.exe

[2011/07/25 07:11:16 | 1609,764,864 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/25 00:31:17 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/25 00:30:57 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\5520\Desktop\mbam-setup-1.51.1.1800.exe

[2011/07/24 23:51:28 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2011/07/24 21:36:28 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hîsts

[2011/07/24 15:34:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\5520\Desktop\OTL.exe

[2011/07/24 00:43:17 | 217,045,836 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/07/14 03:19:07 | 000,414,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/07/03 21:07:29 | 000,661,733 | ---- | M] () -- C:\Users\5520\Desktop\DSC00122.jpg

[2011/07/03 21:06:12 | 000,521,571 | ---- | M] () -- C:\Users\5520\Desktop\DSC00123.jpg

========== Files Created - No Company Name ==========

[2011/07/26 20:02:36 | 000,000,381 | ---- | C] () -- C:\Users\5520\Desktop\delete.zip

[2011/07/25 08:07:52 | 000,060,620 | ---- | C] () -- C:\Users\5520\Desktop\43193331_j3rlZw1O_c_large.jpg

[2011/07/25 07:23:27 | 000,000,512 | ---- | C] () -- C:\Users\5520\Desktop\MBR.dat

[2011/07/25 00:31:17 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/03 21:07:00 | 000,661,733 | ---- | C] () -- C:\Users\5520\Desktop\DSC00122.jpg

[2011/07/03 21:06:01 | 000,521,571 | ---- | C] () -- C:\Users\5520\Desktop\DSC00123.jpg

[2011/06/01 21:08:36 | 000,000,000 | ---- | C] () -- C:\Users\5520\AppData\Local\{D17C9FF1-9237-47B6-B7B0-ABE4DD9D83EF}

[2010/12/25 15:28:22 | 000,005,120 | ---- | C] () -- C:\Users\5520\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/03 17:44:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/09/03 14:53:40 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin

[2009/07/14 07:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 07:33:53 | 000,414,072 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/07/14 05:05:48 | 000,623,686 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009/07/14 05:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009/07/14 05:05:48 | 000,107,092 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009/07/14 05:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009/07/14 05:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009/07/14 05:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009/07/14 03:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009/07/14 02:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/14 02:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/07/14 02:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll

[2009/06/11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL

< End of report >

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Супер...лог файла е чист, но ще се наложи да изтриете един файл ръчно:

C:\Windows\System32\drivers\etc\hîsts

След това инсталирайте безплатна антивирусна по-избор и направете пълна проверка на системата си.

Как е сега състоянието на машината ?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

В момента е перфектна,благодаря много за съдействието

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Супер:

Стартирайте OTL още веднъж и натиснете бутона CleanUp.

Публикувано изображение

Ако бъдете подканени да рестартирате, се съгласете.

Изтрийте всички инструменти и логове на инструментите които сме използвали (и не са се изтрили след изпълнените досега процедури).

Вече можете да изтеглите и преинсталирате Avira AntiVir Personal 10.0.0.650 наново.

Безопасно сърфиране ! :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Отворих линка , след което ми искаше да запаметя файла Flash plaer.exe , след което компютара ми започна да се рестартира. Започнаха приятелите ми във Фейсбук да получават съобщения стандартни на английски език.Сега не мога да влизам в facebook от този компютър.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте...!Прочетете правилата на подраздела и си създайте нова тема....!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
Гост
Тази тема е заключена за нови отговори.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.