Премини към съдържанието

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

abvmrsd

Вирус от Facebook [РЕШЕН]

Препоръчан отговор


И аз имам същия проблем. Прихванах нещо от flashplayer.exe-то. Пробвах да деинсталирам антивирусната и пак да я инсталирам (става въпрос за Avira Antivir), но не става. Реших да пробвам с дуга антивирусна (Avast), но и с нея не става. Като пробвам да ги отворя ми излиза следното съoбщение: ENHANCED PROTECTION MODE. Attention! Avast operates under enhanced protection mode. This is a temporary measure necessary for immediate response to the threat from virus. No action is required from you. Същото излиза ако пробвам и с Avira. А отделно ми се инсталира автоматично и McAfee, когато наистина си ъпдейтнах флаш плеъра. А и не мога да отварям Facebook. С другите сайтове нямам проблем. Help!!!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте....с каква операционна система сте...?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
  • Изтеглете OTL.exe и го запазете на десктопа.
  • Стартирайте файла Публикувано изображение с двукратен клик на мишката.
  • Направете следните настройки:
Публикувано изображение
  • Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):
netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\Application Data\*.*
%USERPROFILE%\Local Settings\Application Data\*.*
%AllUsersProfile%\*.*
%AllUsersProfile%\Application Data\*.*
%USERPROFILE%\My Documents\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
/md5start
hlp.dat
winlogon.exe
wininit.exe
userinit.exe
explorer.exe
volsnap.sys
/md5stop
  • Натиснете маркираният в синьо бутон: Публикувано изображение.
  • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията "прикачени файлове", когато публикувате мнение).

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Само един въпрос преди да натисна Run Scan. Под отметката Scan All Users ми липсва полето където да дам отметка и на Include 64bit Scans. Ще има ли някакъв проблем.


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Благодаря..започвам да работя по тях...след малко съм готов..!

Стартирайте отново OTL, копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта.

:Processes
killallprocesses
:OTL
PRC - C:\WINDOWS\sysdriver32.exe ()
PRC - C:\WINDOWS\update.2\svchost.exe ()
PRC - C:\WINDOWS\update.2\svchost.exe ()
PRC - C:\WINDOWS\l1rezerv.exe ()
PRC - C:\WINDOWS\systemup.exe ()
PRC - C:\WINDOWS\update.5.0\svchost.exe ()
PRC - C:\WINDOWS\update.5.0\svchost.exe ()
PRC - C:\WINDOWS\update.tray-9-0\svchost.exe ()
PRC - C:\WINDOWS\update.tray-8-0\svchost.exe ()
PRC - C:\WINDOWS\update.tray-7-0\svchost.exe ()
PRC - C:\WINDOWS\ufa\ufa.exe (Ufasoft)
SRV - (McComponentHostService) --  File not found
SRV - (AntiVirService) --  File not found
SRV - (AntiVirSchedulerService) --  File not found
SRV - (ABP_InstallCheckerService) --  File not found
SRV - (srvsysdriver32) -- C:\WINDOWS\sysdriver32.exe ()
SRV - (srviecheck) -- C:\WINDOWS\update.2\svchost.exe ()
SRV - (srvbtcclient) -- C:\WINDOWS\update.5.0\svchost.exe ()
O2 - BHO: (Armada Custom Toolbar) - {29c0f5ff-3564-46bc-9f4a-50c73f426486} - C:\Program Files\armadacustomtoolbar\armadacustomtoolbarX.dll ()
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Armada Custom Toolbar) - {29c0f5ff-3564-46bc-9f4a-50c73f426486} - C:\Program Files\armadacustomtoolbar\armadacustomtoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1708537768-1972579041-1801674531-1004\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [1131272.exe] C:\WINDOWS\TEMP\1131272.exe ()
O4 - HKLM..\Run: [1936181.exe] C:\Documents and Settings\leny\Local Settings\Temp\1936181.exe ()
O4 - HKLM..\Run: [593150.exe] C:\Documents and Settings\leny\Local Settings\Temp\593150.exe ()
O4 - HKLM..\Run: [6651641.exe] C:\WINDOWS\TEMP\6651641.exe ()
O4 - HKLM..\Run: [7116918.exe] C:\Documents and Settings\leny\Local Settings\Temp\7116918.exe ()
O4 - HKLM..\Run: [75467020-loader2.exe] C:\WINDOWS\TEMP\75467020-loader2.exe ()
O4 - HKLM..\Run: [avast]  File not found
O4 - HKLM..\Run: [avgnt]  File not found
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [l1rezerv.exe] C:\WINDOWS\l1rezerv.exe ()
O4 - HKLM..\Run: [sysdriver32.exe] C:\WINDOWS\sysdriver32.exe ()
O4 - HKLM..\Run: [sysdriver32_.exe] C:\WINDOWS\sysdriver32_.exe ()
O4 - HKLM..\Run: [systemup] C:\WINDOWS\systemup.exe ()
O4 - HKLM..\Run: [tray_ico]  File not found
O4 - HKLM..\Run: [tray_ico0] C:\WINDOWS\update.tray-9-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico1] C:\WINDOWS\update.tray-8-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico2] C:\WINDOWS\update.tray-7-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico3]  File not found
O4 - HKLM..\Run: [tray_ico4]  File not found
O4 - HKLM..\Run: [wxpdrv] C:\WINDOWS\services32.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [_nltide_2]  File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall]  File not found
O4 - HKU\S-1-5-18..\RunOnce: [_nltide_2]  File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [_nltide_2]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [_nltide_2]  File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk =  File not found
O20 - HKLM Winlogon: TaskMan - (H:\MINUS\ona.exe) -  File not found
O31 - SafeBoot: AlternateShell - services32.exe
[2011.07.22 17:11:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-9-0-lnk
[2011.07.22 17:11:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-9-0
[2011.07.22 16:59:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\av_ico
[2011.07.22 16:57:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1
[2011.07.22 16:57:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-8-0-lnk
[2011.07.22 16:57:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-8-0
[2011.07.22 17:29:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
[2011.07.22 17:29:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer
[2011.07.22 17:29:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
[2011.07.22 17:27:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0
[2011.07.25 17:15:16 | 000,000,180 | ---- | M] () -- C:\WINDOWS\info1
[2011.07.25 17:15:15 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32_.exe
[2011.07.25 17:15:15 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
[2011.07.23 00:47:36 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
[2011.07.22 17:29:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
[2011.07.22 17:29:15 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
[2011.07.22 17:29:15 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
[2011.07.22 17:29:15 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
[2011.07.22 17:29:14 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
[2011.07.22 17:22:10 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
[2011.07.21 14:19:06 | 001,178,112 | ---- | M] () -- C:\WINDOWS\services32.exe
[2011.07.17 03:24:20 | 004,636,907 | ---- | M] () -- C:\WINDOWS\geoiplist
[2011.07.22 17:34:38 | 000,232,960 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe
[2011.07.22 17:34:09 | 000,114,176 | ---- | C] () -- C:\WINDOWS\systemup.exe
[2011.07.22 17:29:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
[2011.07.22 17:29:15 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011.07.22 17:29:14 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
[2011.07.22 17:29:14 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
[2011.07.22 17:22:12 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
[2011.07.22 17:22:10 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
[2011.07.22 17:22:10 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011.07.22 17:18:46 | 000,000,180 | ---- | C] () -- C:\WINDOWS\info1
[2011.07.22 17:12:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32_.exe
[2011.07.22 17:12:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32.exe
[2011.07.21 14:19:20 | 001,178,112 | ---- | C] () -- C:\WINDOWS\services32.exe
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\services32.exe" =-
"C:\WINDOWS\update.1\svchost.exe" =-
"C:\WINDOWS\update.tray-8-0\svchost.exe" =-
"C:\WINDOWS\update.tray-9-0\svchost.exe" =-
"C:\WINDOWS\update.tray-9-0-lnk\svchost.exe" =-
"C:\WINDOWS\update.2\svchost.exe" =-
:files
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.tray-9-0\svchost.exe
C:\WINDOWS\update.tray-8-0\svchost.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\WINDOWS\ufa\ufa.exe

autorun.inf /alldrives
autorun.exe /alldrives
recycler /alldrives
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[resethosts]
[clearallrestorepoints]
[emptyflash]
[Reboot]

След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Направих това, което ми каза, обаче мисля, че не направих същите настройки както в по-горния ти пост. А и къде да го намеря този лог файл. Ако не да го пусна наново или .... Сори ама толкова разбирам.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не, не го правете ....! Проверете в c:\_OTL\ OTL.txt.....копирате го в следващия си пост...! Освен това след изпълнението как е положението със системата ви...!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Проверих в c:\_OTL\ OTL.txt, но нямам такъв файл. А и не мога да отворя Search да го потърся. Да не би да не съм направил нещо както трябва с Fix-a (двете точки преди първия ред на скрипта.???), може и от това да е, не знам. Имам файл OTL.txt, но той е на десктопа и мисля, че е онзи дето ти го пратих заедно с Extras.txt. А и след рестарт или shut down като зареди компютъра ми излиза следното:

C:\PROGRA~1\XPERTV~1\UI\BIOSCTL.EXE

C:\Program Files\AVAST Software\Avast\aswMonvd.dll. An installable Virtual Device Driver failed Dll initiallization. Choose 'Close' to terminate the application.

Освен това и проблема със Search-а, не мисля, че има някакви други проблеми.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Просто не съм убеден въобще какво сте правили....!

Вируса трие антивирусните програми и се налага преинсталиране..Може и при вас да се наложи преинсталиране на антивирусната програма...но преди това:

Стартирайте отново OTL и направете сканиране със същите настройки ...Този път обаче вместо Run Fix натиснете бутона Публикувано изображение...Ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

Трябва да проверя какво се е случило и има ли остатъци...!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

OTL logfile created on: 7.26.2011 16:48:11 - Run 2

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\leny\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: M/d/yyyy

1023,23 Mb Total Physical Memory | 688,32 Mb Available Physical Memory | 67,27% Memory free

2,41 Gb Paging File | 2,20 Gb Available in Paging File | 91,33% Paging File free

Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 50,31 Gb Total Space | 24,15 Gb Free Space | 48,00% Space Free | Partition Type: NTFS

Drive D: | 182,57 Gb Total Space | 28,32 Gb Free Space | 15,51% Space Free | Partition Type: NTFS

Computer Name: MITAKA-F426815D | User Name: leny | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\leny\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY (BIT Software))

PRC - C:\Program Files\XpertVision\TBPANEL.exe (Xpertvision, Inc.)

PRC - C:\Program Files\RocketDock\RocketDock.exe ()

PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)

PRC - C:\WINDOWS\system32\PAStiSvc.exe ()

PRC - C:\WINDOWS\Datecs\FType2K.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\leny\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\RocketDock\RocketDock.dll ()

MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\newdll.dll ()

========== Win32 Services (SafeList) ==========

SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)

SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)

SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

SRV - (TwonkyMedia) -- C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe (PacketVideo)

SRV - (ABBYY.Licensing.FineReader.Professional.9.0) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY (BIT Software))

SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe ()

========== Driver Services (SafeList) ==========

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)

DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()

DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)

DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)

DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (TBPanel) -- C:\WINDOWS\System32\drivers\TBPanel.sys (Windows ® 2000 DDK provider)

DRV - (Cardex) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows ® 2000 DDK provider)

DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()

DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.sys ()

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=piano&s={searchTerms}&f=4

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1708537768-1972579041-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=piano

IE - HKU\S-1-5-21-1708537768-1972579041-1801674531-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - File not found

IE - HKU\S-1-5-21-1708537768-1972579041-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.bg/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.2

FF - prefs.js..extensions.enabledItems: {29c0f5ff-3564-46bc-9f4a-50c73f426486}:1.0.0.0

FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=en_EU&apn_uid=904369A5-3C52-42E7-93E6-00C7AB5C4C6A&apn_ptnrs=PV&apn_sauid=9CDF1FA9-1512-410C-AB74-4C10AB96AF6C&apn_dtid=YYYYYYYYBG&q="

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\leny\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\leny\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.23 01:31:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.24 00:09:17 | 000,000,000 | ---D | M]

[2010.12.20 13:12:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\leny\Application Data\Mozilla\Extensions

[2011.07.15 20:56:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\leny\Application Data\Mozilla\Firefox\Profiles\vu16kubd.default\extensions

[2011.04.12 08:17:09 | 000,000,000 | ---D | M] (Armada Custom Toolbar) -- C:\Documents and Settings\leny\Application Data\Mozilla\Firefox\Profiles\vu16kubd.default\extensions\{29c0f5ff-3564-46bc-9f4a-50c73f426486}

[2011.04.08 15:01:17 | 000,000,000 | ---D | M] (Sopcast Ask Toolbar) -- C:\Documents and Settings\leny\Application Data\Mozilla\Firefox\Profiles\vu16kubd.default\extensions\toolbar@ask.com

[2011.02.12 00:26:41 | 000,002,396 | ---- | M] () -- C:\Documents and Settings\leny\Application Data\Mozilla\Firefox\Profiles\vu16kubd.default\searchplugins\askcom.xml

[2011.04.15 13:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) --

() (No name found) -- C:\DOCUMENTS AND SETTINGS\LENY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VU16KUBD.DEFAULT\EXTENSIONS\INFO@YOUTUBE-MP3.ORG.XPI

[2009.02.19 21:14:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011.06.23 01:31:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2008.11.11 10:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

[2010.01.14 01:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2010.04.27 20:41:33 | 000,002,194 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2011.04.16 11:22:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010.11.29 13:26:24 | 000,002,037 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchpiano.xml

O1 HOSTS File: ([2011.07.25 16:17:29 | 000,203,160 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 vkontakte.ru

O1 - Hosts: 127.0.0.1 www.vkontakte.ru

O1 - Hosts: 127.0.0.1 login.vk.com

O1 - Hosts: 127.0.0.1 vk.com

O1 - Hosts: 127.0.0.1 www.vk.com

O1 - Hosts: 127.0.0.1 odnoklassniki.ru

O1 - Hosts: 127.0.0.1 www.odnoklassniki.ru

O1 - Hosts: 127.0.0.1 facebook.com

O1 - Hosts: 127.0.0.1 www.facebook.com

O1 - Hosts: 127.0.0.1 af-za.facebook.com

O1 - Hosts: 127.0.0.1 az-az.facebook.com

O1 - Hosts: 127.0.0.1 id-id.facebook.com

O1 - Hosts: 127.0.0.1 ms-my.facebook.com

O1 - Hosts: 127.0.0.1 bs-ba.facebook.com

O1 - Hosts: 127.0.0.1 ca-es.facebook.com

O1 - Hosts: 127.0.0.1 cs-cz.facebook.com

O1 - Hosts: 127.0.0.1 cy-gb.facebook.com

O1 - Hosts: 127.0.0.1 da-dk.facebook.com

O1 - Hosts: 127.0.0.1 de-de.facebook.com

O1 - Hosts: 127.0.0.1 et-ee.facebook.com

O1 - Hosts: 127.0.0.1 en-gb.facebook.com

O1 - Hosts: 127.0.0.1 es-la.facebook.com

O1 - Hosts: 127.0.0.1 eo-eo.facebook.com

O1 - Hosts: 127.0.0.1 eu-es.facebook.com

O1 - Hosts: 50060 more lines...

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)

O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-1708537768-1972579041-1801674531-1004\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe (Xpertvision, Inc.)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKU\S-1-5-21-1708537768-1972579041-1801674531-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-1708537768-1972579041-1801674531-1004..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk = C:\WINDOWS\Datecs\FType2K.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-1708537768-1972579041-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &С&валяне &с BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &С&валяне на всички с BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &С&валяне на всичкото видео с BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\leny\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\leny\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.02.17 12:27:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[CLEARALLRESTOREPOINTS]

Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011.07.26 16:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leny\Desktop\New Folder

[2011.07.25 19:36:11 | 000,000,000 | ---D | C] -- C:\_OTL

[2011.07.25 16:35:17 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\leny\Desktop\OTL.exe

[2011.07.24 11:09:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0-lnk

[2011.07.24 11:09:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0

[2011.07.24 11:07:11 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2011.07.24 11:07:11 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2011.07.24 11:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus

[2011.07.24 11:07:09 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2011.07.24 11:07:09 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2011.07.24 11:07:09 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2011.07.24 11:07:08 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2011.07.24 11:07:08 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2011.07.24 11:07:07 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2011.07.24 11:06:47 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2011.07.24 11:06:46 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2011.07.24 00:08:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.07.22 17:32:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2

[2011.07.22 17:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR

[2011.07.22 17:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leny\Application Data\WinRAR

[2011.07.21 14:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus

[2011.07.21 14:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan

[2011.07.16 22:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leny\Desktop\lllll

[2011.07.12 16:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2011.07.08 13:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leny\My Documents\BlackMirrorIII

[2011.07.08 12:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Viva Media

[2011.07.08 12:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leny\Start Menu\Programs\Viva Media

[2011.07.08 11:34:40 | 031,669,806 | ---- | C] (AdventurersBG.info ) -- C:\Documents and Settings\leny\Desktop\Black Mirror III [bG].exe

[2011.07.05 17:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leny\Local Settings\Application Data\SKIDROW

[2011.07.05 17:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leny\My Documents\Duke Nukem Forever

[2011.07.05 17:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\2K Games

[2011.07.05 16:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Happy Tree Friends - False Alarm

[2011.07.05 15:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leny\Application Data\SystemRequirementsLab

[2011.07.02 11:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.07.26 16:48:08 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI

[2011.07.26 16:30:11 | 000,001,074 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1972579041-1801674531-1004UA.job

[2011.07.26 16:25:12 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011.07.26 16:21:52 | 016,214,397 | ---- | M] () -- C:\Documents and Settings\leny\Desktop\106-sharam-patt(party_all_the_time-original_mix)-mip.mp3

[2011.07.26 16:18:39 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\leny\Desktop\nova.pls

[2011.07.26 16:14:53 | 003,868,401 | ---- | M] () -- C:\Documents and Settings\leny\Desktop\212-praise_cats_ft_andrea_love-shined_on_me-dlive.mp3

[2011.07.26 16:08:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011.07.26 16:07:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.07.26 05:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2011.07.25 16:35:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\leny\Desktop\OTL.exe

[2011.07.25 16:17:30 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hоsts

[2011.07.25 16:17:29 | 000,203,160 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011.07.25 16:17:11 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2011.07.25 16:17:09 | 000,001,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk

[2011.07.25 16:17:09 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2011.07.25 16:16:43 | 000,002,250 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.07.24 15:30:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1972579041-1801674531-1004Core.job

[2011.07.24 11:09:26 | 000,000,215 | ---- | M] () -- C:\boot.ini

[2011.07.24 11:07:08 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2011.07.24 11:04:46 | 056,727,728 | ---- | M] () -- C:\Documents and Settings\leny\Desktop\setup_av_free.exe

[2011.07.24 00:59:51 | 000,075,776 | ---- | M] () -- C:\Documents and Settings\leny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.07.24 00:09:17 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk

[2011.07.22 20:13:56 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\leny\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2011.07.15 05:31:39 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\leny\Desktop\Google Chrome.lnk

[2011.07.08 12:20:48 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\leny\Desktop\Black Mirror 3.lnk

[2011.07.08 11:35:37 | 031,669,806 | ---- | M] (AdventurersBG.info ) -- C:\Documents and Settings\leny\Desktop\Black Mirror III [bG].exe

[2011.07.04 14:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2011.07.04 14:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2011.07.04 14:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2011.07.04 14:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2011.07.04 14:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2011.07.04 14:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2011.07.04 14:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2011.07.04 14:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2011.07.04 14:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2011.07.04 14:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2011.07.03 16:59:27 | 000,443,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011.07.03 16:59:27 | 000,071,698 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011.07.02 00:37:39 | 000,921,632 | ---- | M] () -- C:\StiImg.dat

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.07.26 16:21:41 | 016,214,397 | ---- | C] () -- C:\Documents and Settings\leny\Desktop\106-sharam-patt(party_all_the_time-original_mix)-mip.mp3

[2011.07.26 16:18:39 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\leny\Desktop\nova.pls

[2011.07.26 16:14:50 | 003,868,401 | ---- | C] () -- C:\Documents and Settings\leny\Desktop\212-praise_cats_ft_andrea_love-shined_on_me-dlive.mp3

[2011.07.24 11:07:11 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2011.07.24 11:02:00 | 056,727,728 | ---- | C] () -- C:\Documents and Settings\leny\Desktop\setup_av_free.exe

[2011.07.24 00:09:17 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk

[2011.07.24 00:09:17 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk

[2011.07.22 20:13:55 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\leny\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2011.07.21 14:23:59 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk

[2011.07.08 12:20:48 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\leny\Desktop\Black Mirror 3.lnk

[2011.02.10 16:16:48 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\OggEnc.exe

[2011.02.10 16:16:47 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\Lame.exe

[2011.02.10 16:16:47 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\Faac.exe

[2011.02.10 15:45:49 | 000,336,896 | ---- | C] () -- C:\WINDOWS\System32\ammppg.dll

[2011.02.10 15:45:49 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\qscl.dll

[2011.02.10 15:45:49 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2011.02.10 15:45:49 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\amrdec.dll

[2011.02.10 15:45:49 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\qcpsdk.dll

[2011.02.10 15:45:49 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\a1.dll

[2010.12.20 14:13:06 | 000,075,776 | ---- | C] () -- C:\Documents and Settings\leny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.11.22 15:48:06 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010.10.06 14:02:45 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll

[2010.10.06 14:02:45 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll

[2010.10.06 14:02:45 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll

[2010.10.06 13:59:26 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll

[2010.10.06 13:59:26 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll

[2010.09.29 17:56:33 | 000,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI

[2010.09.29 17:55:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcvcdvw.INI

[2010.08.31 20:51:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Viewer.INI

[2010.08.16 12:08:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PAStiSvc.exe

[2010.01.24 05:24:45 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat

[2009.10.25 02:17:04 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009.10.25 02:16:45 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2009.10.25 02:16:43 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe

[2009.10.25 02:16:42 | 002,250,024 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe

[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2009.06.27 15:06:38 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009.06.27 15:06:37 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009.06.27 15:06:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009.06.27 15:06:29 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009.06.27 15:06:29 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009.06.27 15:06:21 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009.05.26 19:18:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009.03.29 21:21:58 | 000,545,808 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2009.03.27 14:52:20 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2009.03.27 14:52:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2009.03.27 14:52:20 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\vp6install.exe

[2009.02.27 16:26:47 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2009.02.27 16:26:47 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009.02.23 21:59:17 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini

[2009.02.17 14:23:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\newdll.dll

[2009.02.17 14:17:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009.02.17 14:16:46 | 000,284,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009.02.17 14:02:28 | 000,000,544 | ---- | C] () -- C:\WINDOWS\MP3trtg.ini

[2009.02.17 13:55:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt

[2009.02.17 13:54:32 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2009.02.17 13:28:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2009.02.17 13:16:01 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009.02.17 13:07:57 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2009.02.17 12:57:44 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2009.02.17 12:55:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2009.02.17 12:52:33 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009.02.17 12:52:31 | 000,015,133 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009.02.17 12:52:22 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009.02.17 12:44:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009.02.17 12:44:06 | 000,002,945 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2009.02.17 12:43:17 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI

[2009.02.17 12:28:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009.02.17 12:24:24 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009.01.08 22:15:35 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\FontReg.exe

[2008.04.14 15:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008.04.14 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008.04.14 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008.04.14 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008.04.14 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008.04.14 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008.04.14 15:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008.04.14 15:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008.04.14 15:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2007.11.28 10:14:12 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007.11.28 10:14:12 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2007.11.28 10:14:12 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007.11.28 10:14:12 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2007.11.28 10:14:12 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007.11.28 10:14:12 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007.11.28 10:14:12 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2007.11.28 10:14:12 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2007.11.28 10:14:12 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2005.12.07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

[2005.02.24 12:29:14 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys

[2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL

[2004.11.22 13:48:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\98Setup.exe

[2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe

[2001.08.23 14:00:00 | 000,443,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001.08.23 14:00:00 | 000,071,698 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001.08.23 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010.03.19 10:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2010.05.20 02:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro

[2009.02.26 23:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\E1A5

[2011.03.18 12:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games

[2009.03.29 21:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2011.02.12 19:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear

[2009.03.29 23:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia

[2009.03.31 13:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic

[2009.03.29 22:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2011.02.10 16:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pianosoft

[2010.10.06 14:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel

[2011.02.02 13:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime

[2009.10.21 17:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2011.04.08 10:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\leny\Application Data\armadacustomtoolbar

[2011.02.09 14:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\leny\Application Data\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1

[2011.03.02 01:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\leny\Application Data\Big Fish Games

[2011.07.22 23:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\leny\Application Data\BSplayer

[2011.06.06 08:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\leny\Application Data\BSplayer Pro

[2011.01.10 19:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\leny\Application Data\DAEMON Tools Lite

[2011.04.08 10:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\leny\Application Data\dtband

[2011.02.10 18:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\leny\Application Data\facemoods.com

[2011.03.18 12:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\leny\Application Data\Green Clover Games

[2011.03.06 14:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\leny\Application Data\gtk-2.0

[2011.01.18 17:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\leny\Application Data\K-Pacs-Lite

[2011.01.03 22:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\leny\Application Data\Leadertech

[2011.04.08 12:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\leny\Application Data\MP3Rocket

[2011.05.10 14:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\leny\Application Data\MusicBrainz

[2011.01.04 01:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\leny\Application Data\PC Suite

[2011.02.10 18:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\leny\Application Data\Softland

[2011.07.05 15:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\leny\Application Data\SystemRequirementsLab

[2011.02.02 19:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\leny\Application Data\Uniblue

[2011.05.15 12:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\leny\Application Data\vloader-bg

[2010.11.23 13:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland

[2011.07.26 05:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

========== Custom Scans ==========

< :Processes >

< killallprocesses >

< :OTL >

< PRC - C:\WINDOWS\sysdriver32.exe () >

< PRC - C:\WINDOWS\update.2\svchost.exe () >

< PRC - C:\WINDOWS\update.2\svchost.exe () >

< PRC - C:\WINDOWS\l1rezerv.exe () >

< PRC - C:\WINDOWS\systemup.exe () >

< PRC - C:\WINDOWS\update.5.0\svchost.exe () >

< PRC - C:\WINDOWS\update.5.0\svchost.exe () >

< PRC - C:\WINDOWS\update.tray-9-0\svchost.exe () >

< PRC - C:\WINDOWS\update.tray-8-0\svchost.exe () >

< PRC - C:\WINDOWS\update.tray-7-0\svchost.exe () >

< PRC - C:\WINDOWS\ufa\ufa.exe (Ufasoft) >

< SRV - (McComponentHostService) -- File not found >

< SRV - (AntiVirService) -- File not found >

< SRV - (AntiVirSchedulerService) -- File not found >

< SRV - (ABP_InstallCheckerService) -- File not found >

< SRV - (srvsysdriver32) -- C:\WINDOWS\sysdriver32.exe () >

< SRV - (srviecheck) -- C:\WINDOWS\update.2\svchost.exe () >

< SRV - (srvbtcclient) -- C:\WINDOWS\update.5.0\svchost.exe () >

< O2 - BHO: (Armada Custom Toolbar) - {29c0f5ff-3564-46bc-9f4a-50c73f426486} - C:\Program Files\armadacustomtoolbar\armadacustomtoolbarX.dll () >

< O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) >

< O3 - HKLM\..\Toolbar: (Armada Custom Toolbar) - {29c0f5ff-3564-46bc-9f4a-50c73f426486} - C:\Program Files\armadacustomtoolbar\armadacustomtoolbarX.dll () >

< O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) >

< O3 - HKU\S-1-5-21-1708537768-1972579041-1801674531-1004\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) >

< O4 - HKLM..\Run: [1131272.exe] C:\WINDOWS\TEMP\1131272.exe () >

< O4 - HKLM..\Run: [1936181.exe] C:\Documents and Settings\leny\Local Settings\Temp\1936181.exe () >

< O4 - HKLM..\Run: [593150.exe] C:\Documents and Settings\leny\Local Settings\Temp\593150.exe () >

< O4 - HKLM..\Run: [6651641.exe] C:\WINDOWS\TEMP\6651641.exe () >

< O4 - HKLM..\Run: [7116918.exe] C:\Documents and Settings\leny\Local Settings\Temp\7116918.exe () >

< O4 - HKLM..\Run: [75467020-loader2.exe] C:\WINDOWS\TEMP\75467020-loader2.exe () >

< O4 - HKLM..\Run: [avast] File not found >

< O4 - HKLM..\Run: [avgnt] File not found >

< O4 - HKLM..\Run: [KernelFaultCheck] File not found >

< O4 - HKLM..\Run: [l1rezerv.exe] C:\WINDOWS\l1rezerv.exe () >

< O4 - HKLM..\Run: [sysdriver32.exe] C:\WINDOWS\sysdriver32.exe () >

< O4 - HKLM..\Run: [sysdriver32_.exe] C:\WINDOWS\sysdriver32_.exe () >

< O4 - HKLM..\Run: [systemup] C:\WINDOWS\systemup.exe () >

< O4 - HKLM..\Run: [tray_ico] File not found >

< O4 - HKLM..\Run: [tray_ico0] C:\WINDOWS\update.tray-9-0\svchost.exe () >

< O4 - HKLM..\Run: [tray_ico1] C:\WINDOWS\update.tray-8-0\svchost.exe () >

< O4 - HKLM..\Run: [tray_ico2] C:\WINDOWS\update.tray-7-0\svchost.exe () >

< O4 - HKLM..\Run: [tray_ico3] File not found >

< O4 - HKLM..\Run: [tray_ico4] File not found >

< O4 - HKLM..\Run: [wxpdrv] C:\WINDOWS\services32.exe () >

< O4 - HKU\.DEFAULT..\RunOnce: [_nltide_2] File not found >

< O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] File not found >

< O4 - HKU\S-1-5-18..\RunOnce: [_nltide_2] File not found >

< O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] File not found >

< O4 - HKU\S-1-5-19..\RunOnce: [_nltide_2] File not found >

< O4 - HKU\S-1-5-20..\RunOnce: [_nltide_2] File not found >

< O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = File not found >

< O20 - HKLM Winlogon: TaskMan - (H:\MINUS\ona.exe) - File not found >

< O31 - SafeBoot: AlternateShell - services32.exe >

< [2011.07.22 17:11:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-9-0-lnk >

< [2011.07.22 17:11:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-9-0 >

< [2011.07.22 16:59:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\av_ico >

< [2011.07.22 16:57:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1 >

< [2011.07.22 16:57:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-8-0-lnk >

< [2011.07.22 16:57:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-8-0 >

< [2011.07.22 17:29:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa >

< [2011.07.22 17:29:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer >

< [2011.07.22 17:29:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix >

< [2011.07.22 17:27:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0 >

< [2011.07.25 17:15:16 | 000,000,180 | ---- | M] () -- C:\WINDOWS\info1 >

< [2011.07.25 17:15:15 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32_.exe >

< [2011.07.25 17:15:15 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe >

< [2011.07.23 00:47:36 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe >

< [2011.07.22 17:29:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok >

< [2011.07.22 17:29:15 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar >

< [2011.07.22 17:29:15 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe >

< [2011.07.22 17:29:15 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar >

< [2011.07.22 17:29:14 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar >

< [2011.07.22 17:22:10 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar >

< [2011.07.21 14:19:06 | 001,178,112 | ---- | M] () -- C:\WINDOWS\services32.exe >

< [2011.07.17 03:24:20 | 004,636,907 | ---- | M] () -- C:\WINDOWS\geoiplist >

< [2011.07.22 17:34:38 | 000,232,960 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe >

< [2011.07.22 17:34:09 | 000,114,176 | ---- | C] () -- C:\WINDOWS\systemup.exe >

< [2011.07.22 17:29:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok >

< [2011.07.22 17:29:15 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar >

< [2011.07.22 17:29:14 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar >

< [2011.07.22 17:29:14 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar >

< [2011.07.22 17:22:12 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist >

< [2011.07.22 17:22:10 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar >

< [2011.07.22 17:22:10 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe >

< [2011.07.22 17:18:46 | 000,000,180 | ---- | C] () -- C:\WINDOWS\info1 >

< [2011.07.22 17:12:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32_.exe >

< [2011.07.22 17:12:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32.exe >

< [2011.07.21 14:19:20 | 001,178,112 | ---- | C] () -- C:\WINDOWS\services32.exe >

< @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 >

< >

< :Reg >

< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] >

< "C:\WINDOWS\services32.exe" =- >

< "C:\WINDOWS\update.1\svchost.exe" =- >

< "C:\WINDOWS\update.tray-8-0\svchost.exe" =- >

< "C:\WINDOWS\update.tray-9-0\svchost.exe" =- >

< "C:\WINDOWS\update.tray-9-0-lnk\svchost.exe" =- >

< "C:\WINDOWS\update.2\svchost.exe" =- >

< :files >

< C:\WINDOWS\sysdriver32.exe >

< C:\WINDOWS\update.2\svchost.exe >

< C:\WINDOWS\update.2\svchost.exe >

< C:\WINDOWS\l1rezerv.exe >

< C:\WINDOWS\systemup.exe >

< C:\WINDOWS\update.5.0\svchost.exe >

< C:\WINDOWS\update.5.0\svchost.exe >

< C:\WINDOWS\update.tray-9-0\svchost.exe >

< C:\WINDOWS\update.tray-8-0\svchost.exe >

< C:\WINDOWS\update.tray-7-0\svchost.exe >

< C:\WINDOWS\ufa\ufa.exe >

< >

< autorun.inf /alldrives >

Invalid Switch: alldrives

< autorun.exe /alldrives >

Invalid Switch: alldrives

< recycler /alldrives >

Invalid Switch: alldrives

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

< >

< :Commands >

< [purity] >

< [emptytemp] >

< [resethosts] >

< [emptyflash] >

< [Reboot] >

< End of report >

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Основната ви антивирусна е AVAST ...защо виждам остатъци от Avira и McAfee ..? Ще пишем нов скрипт...!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Защото по принцип бях с Авира. McAfee се инстална автоматичо след update на flash player-a. А след като и на тези двете ми излизаше ENHANCED PROTECTION MODE реших да си сложа Avast-а и да пробвам с нея, но и с нея същата работа - ENHANCED PROTECTION MODE. Дано да съм го обяснил що годе разбираемо. Чакам да ми кажете какво да правя.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стартирайте отново OTL, копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта.

:Processes
killallprocesses
 
:OTL
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1708537768-1972579041-1801674531-1004\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
[2011.07.24 11:09:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0-lnk
[2011.07.24 11:09:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0
[2011.07.22 17:32:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
[2011.07.21 14:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011.07.21 14:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011.07.26 05:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.07.25 16:17:11 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.07.25 16:17:09 | 000,001,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011.07.21 14:23:59 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011.07.26 05:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
:Reg
 
:files
 
autorun.inf /alldrives
autorun.exe /alldrives
recycler /alldrives
ipconfig /flushdns /c
 
:Commands
[purity]
[emptytemp]
[resethosts]
[clearallrestorepoints]
[emptyflash]
[Reboot]

След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

All processes killed

========== PROCESSES ==========

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ deleted successfully.

C:\Program Files\myBabylon_English\tbmyBa.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ not found.

File C:\Program Files\myBabylon_English\tbmyBa.dll not found.

Registry value HKEY_USERS\S-1-5-21-1708537768-1972579041-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}\ not found.

File C:\Program Files\myBabylon_English\tbmyBa.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.

C:\WINDOWS\update.tray-7-0-lnk folder moved successfully.

C:\WINDOWS\update.tray-7-0 folder moved successfully.

C:\WINDOWS\update.2 folder moved successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus folder moved successfully.

C:\Program Files\McAfee Security Scan folder moved successfully.

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.

C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk moved successfully.

C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk moved successfully.

File C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk not found.

File C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job not found.

========== REGISTRY ==========

========== FILES ==========

autorun.inf not found in C:\

autorun.inf not found in D:\

autorun.exe not found in C:\

autorun.exe not found in D:\

recycler not found in C:\

recycler not found in D:\

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\leny\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\leny\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: leny

->Temp folder emptied: 74126 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 93038116 bytes

->Google Chrome cache emptied: 557424 bytes

->Flash cache emptied: 63189 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 2052392 bytes

->Flash cache emptied: 405 bytes

User: Mitko

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 5058040 bytes

%systemroot%\System32 .tmp files removed: 1567249 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 86771624 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 94777097 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 271,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore points cleared and new OTL Restore Point set!

[EMPTYFLASH]

User: Administrator

->Flash cache emptied: 0 bytes

User: All Users

User: Default User

->Flash cache emptied: 0 bytes

User: leny

->Flash cache emptied: 0 bytes

User: LocalService

->Flash cache emptied: 0 bytes

User: Mitko

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 07262011_173043

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сега предстоят контролни сканирания и ако всичко е наред приключваме...!Хубаво е да преинсталирате Аваст ако е необходимо...!

Моля, изтеглете aswMBR и го запазете на вашия десктоп.

  • Кликнете с двоен клин на мишката върху файла aswMBR.exe за да го стартирате.
  • Изчакайте да изтегли дефинициите на avast!
  • От падащото меню посочете дял C:\ както е на снимката:

Публикувано изображение

  • Изберете Scan бутона, за да започне проверката.
  • Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му в следващия си коментар.

=======================================================================================

* Изтеглете Malwarebytes' Anti-Malware или от тук

* Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.

* Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.

* Ако има намерени обновявания, тя ще ги изтегли и инсталира.

* Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.

* Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.

* Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.

* Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.

* Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. Копирайте този лог и го публикувайте в следващия си коментар по темата.

Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

===================================================================================

  • Изтеглете програмата: ESET Online Scanner
  • Стартирайте esetsmartinstaller_enu.exe Публикувано изображение
  • Сложете отметка на YES, I accept the Terms of Use и изберете Start:

    Публикувано изображение

  • Скенерът ще започне да изтегля компонентите, които са му необходими:

    Публикувано изображение

  • Уверете се, че има отметки на следните редове:

    Публикувано изображение

    Накрая изберете Start

  • Скенерът ще започне да изтегля последните дефиниции.
  • След, като сканирането завърши изберете Finish.
  • Отидете в: C:\Program Files\ESET\ESET Online Scanner
  • Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Перфектно...!

Деинсталирайте OTL така:

Стартирайте OTL още веднъж и натиснете бутона CleanUp.

Публикувано изображение

Ще последва рестарт на Windows..!При дeинсталацията на OTL ще бъдат почистени инструменти и файлове, които използвахме в темата. Може да изтриете останалите програми и логове, които използвахме в темата.

Ако нямате други проблеми остава освен да ви пожелая лек ден и безопасен Интернет..!:clap:

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Благодаря за помощта. Инсталирах си Avast! наново и сега ще съм си с нея. Има ли нужда веднага да направя сканиране или това, което е било заразено е изчистено с предните 3 програми. А имам и друг въпрос, но не знам дали тук е правилното място за тази тема. По-отгоре ви бях писал за проблем със Search. Когато натисна Search бутона или пък F3 отляво ми излиза синьото поле на Search с кучето отдолу, но липсват полетата, където да напиша името на файла, директорията където искам да търся и всичко друго. Ако можете и по този въпрос да ми помогнете. Благодаря предварително.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Благодаря за помощта. Инсталирах си Avast! наново и сега ще съм си с нея. Има ли нужда веднага да направя сканиране или това, което е било заразено е изчистено с предните 3 програми.

Не...когато решите ...!:speak:

А имам и друг въпрос, но не знам дали тук е правилното място за тази тема. По-отгоре ви бях писал за проблем със Search. Когато натисна Search бутона или пък F3 отляво ми излиза синьото поле на Search с кучето отдолу, но липсват полетата, където да напиша името на файла, директорията където искам да търся и всичко друго. Ако можете и по този въпрос да ми помогнете. Благодаря предварително.

Ще помисля по въпроса и ще пиша..!Следете от време на време темата си..!:baby:

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добре. Благодаря още веднъж. Спестихте ми много главоболия. Пожелавам ви всичко най-хубаво и да пишете ако измислите евентуално нещо по въпроса http://www.kaldata.com/forums/public/style_emoticons/<#EMO_DIR#>/wink.gif Чао за сега и поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Да опитаме така: start ==> run ==>cmd ==> sfc.exe /scannow

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Еми, приятел е ся видях и то се оправило най-вероятно от само себе си. Няма вече проблем. Sorry, че те ангажирах и благодаря още веднъж за помощта. Проблема май наистина е окончателно решен. :ph34r:

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.