Премини към съдържанието

    Препоръчан отговор


    пиша нова публикация ,защото явно неправилно се прикачвам към предни коментари

    Sorry, we are experiencing temporary technical problem, please check back later.

    това ми съобщава фб от преди 5 дни

    прочетох и изпълних първите стъпки от др коментари- и ето прикачените файлове

    моля за помощ

    Extras.Txt

    OTL.Txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Стартирайте отново OTL, копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта.

    :Processes
    killallprocesses
    :OTL
    PRC - [2011/07/25 18:24:10 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
    PRC - [2011/07/24 00:27:46 | 000,495,616 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe
    PRC - [2011/07/24 00:27:46 | 000,495,616 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe
    PRC - [2011/07/23 00:22:06 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
    PRC - [2011/07/21 23:32:42 | 000,340,992 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe
    PRC - [2011/07/21 23:32:42 | 000,340,992 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe
    PRC - [2011/07/19 23:26:46 | 000,114,176 | ---- | M] () -- C:\WINDOWS\systemup.exe
    PRC - [2011/07/19 22:57:18 | 001,147,392 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe
    PRC - [2011/07/19 22:57:18 | 001,147,392 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe
    SRV - File not found [Auto | Stopped] --  -- (Spooler)
    SRV - File not found [Auto | Stopped] --  -- (Spool SubSystem App)
    SRV - File not found [Auto | Stopped] --  -- (MSDisk)
    SRV - File not found [Auto | Stopped] --  -- (Microsoft Visual Basic )
    SRV - File not found [Disabled | Stopped] --  -- (HidServ)
    SRV - [2011/07/25 18:24:10 | 000,256,000 | ---- | M] () [Auto | Running] -- C:\WINDOWS\sysdriver32.exe -- (srvsysdriver32)
    SRV - [2011/07/24 00:27:46 | 000,495,616 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.2\svchost.exe -- (srviecheck)
    SRV - [2011/07/21 23:32:42 | 000,340,992 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.5.0\svchost.exe -- (srvbtcclient)
    SRV - [2011/07/19 22:57:18 | 001,147,392 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\update.1\svchost.exe -- (wxpdrivers)
    DRV - [2011/01/30 02:34:50 | 000,052,992 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\hivfdzfmxifdg.sys -- (fakhu)
    DRV - [2010/11/01 20:45:06 | 000,000,000 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\hghmxd.sys -- (bdwhwvw)
    DRV - [2010/10/16 07:37:26 | 000,040,128 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\fdtyjuor.sys -- (fdtyjuor)
    O3 - HKLM\..\Toolbar: (My &Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  File not found
    O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} -  File not found
    O3 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} -  File not found
    O4 - HKLM..\Run: [1100683.exe] C:\WINDOWS\TEMP\1100683.exe ()
    O4 - HKLM..\Run: [3524987.exe] C:\Documents and Settings\ani\Local Settings\Temp\3524987.exe ()
    O4 - HKLM..\Run: [3779670.exe] C:\WINDOWS\TEMP\3779670.exe ()
    O4 - HKLM..\Run: [4955271-loader2.exe] C:\Documents and Settings\ani\Local Settings\Temp\4955271-loader2.exe ()
    O4 - HKLM..\Run: [59421119-loader2.exe] C:\Documents and Settings\ani\Local Settings\Temp\59421119-loader2.exe ()
    O4 - HKLM..\Run: [6361036.exe] C:\Documents and Settings\ani\Local Settings\Temp\6361036.exe ()
    O4 - HKLM..\Run: [69458479-loader2.exe] C:\Documents and Settings\ani\Local Settings\Temp\69458479-loader2.exe ()
    O4 - HKLM..\Run: [8961158.exe] C:\WINDOWS\TEMP\8961158.exe ()
    O4 - HKLM..\Run: [KernelFaultCheck]  File not found
    O4 - HKLM..\Run: [l1rezerv.exe] C:\WINDOWS\l1rezerv.exe ()
    O4 - HKLM..\Run: [pgtjgcmj] C:\Documents and Settings\ani\Local Settings\Application Data\nufaol.exe ()
    O4 - HKLM..\Run: [sysdriver32.exe] C:\WINDOWS\sysdriver32.exe ()
    O4 - HKLM..\Run: [sysdriver32_.exe] C:\WINDOWS\sysdriver32_.exe ()
    O4 - HKLM..\Run: [systemup] C:\WINDOWS\systemup.exe ()
    O4 - HKLM..\Run: [WinampAgent]  File not found
    O4 - HKLM..\Run: [wxpdrv] C:\WINDOWS\update.1\svchost.exe ()
    O4 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004..\Run: [pgtjgcmj] C:\Documents and Settings\ani\Local Settings\Application Data\nufaol.exe ()
    O4 - Startup: C:\Documents and Settings\ani\Start Menu\Programs\Startup\miurb.exe ()
    O31 - SafeBoot: AlternateShell - services32.exe
    [2011/07/19 23:02:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
    [2011/07/19 23:02:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer
    [2011/07/19 23:02:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
    [2011/07/19 23:02:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
    [2011/07/19 23:00:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0
    [2011/07/19 22:59:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1
    [2011/07/25 18:24:12 | 000,000,180 | ---- | M] () -- C:\WINDOWS\info1
    [2011/07/25 18:24:10 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32_.exe
    [2011/07/25 18:24:10 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
    [2011/07/23 00:22:06 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
    [2011/07/19 23:26:46 | 000,114,176 | ---- | M] () -- C:\WINDOWS\systemup.exe
    [2011/07/19 23:02:26 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
    [2011/07/19 23:02:26 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
    [2011/07/19 23:02:26 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
    [2011/07/19 23:02:24 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
    [2011/07/19 23:01:50 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
    [2011/07/19 23:00:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
    [2011/07/19 22:57:18 | 001,147,392 | ---- | M] () -- C:\WINDOWS\services32.exe
    [2011/07/19 23:26:52 | 000,114,176 | ---- | C] () -- C:\WINDOWS\systemup.exe
    [2011/07/19 23:15:15 | 000,232,960 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe
    [2011/07/19 23:02:24 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
    [2011/07/19 23:02:23 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
    [2011/07/19 23:02:23 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
    [2011/07/19 23:01:50 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
    [2011/07/19 23:01:49 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
    [2011/07/19 23:01:49 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
    [2011/07/19 23:00:59 | 000,000,180 | ---- | C] () -- C:\WINDOWS\info1
    [2011/07/19 23:00:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
    [2011/07/19 23:00:08 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32_.exe
    [2011/07/19 22:59:54 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32.exe
    [2011/07/19 22:59:25 | 001,147,392 | ---- | C] () -- C:\WINDOWS\services32.exe
    [2011/02/16 01:47:44 | 000,057,344 | RHS- | C] () -- C:\Documents and Settings\ani\Local Settings\Application Data\nufaol.exe
    [2011/01/28 12:12:28 | 000,052,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\hivfdzfmxifdg.sys
    [2010/10/29 16:55:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\hghmxd.sys
    [2010/10/26 22:05:54 | 000,055,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndisvvan.sys
    [2010/10/16 07:37:24 | 000,040,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\fdtyjuor.sys
    :Reg
    
    :files
    C:\WINDOWS\sysdriver32.exe
    C:\WINDOWS\update.2\svchost.exe
    C:\WINDOWS\update.2\svchost.exe
    C:\WINDOWS\l1rezerv.exe
    C:\WINDOWS\update.5.0\svchost.exe
    C:\WINDOWS\update.5.0\svchost.exe
    C:\WINDOWS\systemup.exe
    C:\WINDOWS\update.1\svchost.exe
    C:\WINDOWS\update.1\svchost.exe
    
    autorun.inf /alldrives
    autorun.exe /alldrives
    recycler /alldrives
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [emptyflash]
    [Reboot]
    

    След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

    Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Това го свърших, обаче-

    Windows ще се рестартира и ще се създаде лог файл-

    както е това и къде да го търся ?

    извинявам си за невежествотоПубликувано изображение

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ами той веднага се генерира след рестарта...ако го няма на десктопа ,го потърсете в c:\_OTL\ OTL.txt. Кажете ми след изпълнението на скрипта какво е положението с проблема ви..и системата ви..?

    • Харесва ми 3

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    в c:\_OTL няма txt файл - а на десктопа мисля ,че е първия,но го прилагам

    OTL logfile created on: 7/25/2011 6:35:32 PM - Run 1

    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\ani\My Documents\Downloads

    Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 6.0.2800.1106)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    382.47 Mb Total Physical Memory | 44.03 Mb Available Physical Memory | 11.51% Memory free

    729.40 Mb Paging File | 426.21 Mb Available in Paging File | 58.43% Paging File free

    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

    Drive C: | 19.00 Gb Total Space | 12.13 Gb Free Space | 63.87% Space Free | Partition Type: FAT32

    Computer Name: USER-J6N84X6A5O | User Name: ani | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: All users

    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/07/25 18:32:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ani\My Documents\Downloads\OTL.exe

    PRC - [2011/07/25 18:24:10 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe

    PRC - [2011/07/24 00:27:46 | 000,495,616 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe

    PRC - [2011/07/24 00:27:46 | 000,495,616 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe

    PRC - [2011/07/23 00:22:06 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe

    PRC - [2011/07/21 23:32:42 | 000,340,992 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe

    PRC - [2011/07/21 23:32:42 | 000,340,992 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe

    PRC - [2011/07/19 23:26:46 | 000,114,176 | ---- | M] () -- C:\WINDOWS\systemup.exe

    PRC - [2011/07/19 22:57:18 | 001,147,392 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe

    PRC - [2011/07/19 22:57:18 | 001,147,392 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe

    PRC - [2011/06/25 02:36:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

    PRC - [2011/02/24 19:26:16 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe

    PRC - [2011/02/16 01:47:46 | 000,057,344 | RHS- | M] () -- C:\Documents and Settings\ani\Local Settings\Application Data\nufaol.exe

    PRC - [2010/12/12 12:13:54 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\setup.exe

    PRC - [2010/07/20 10:28:50 | 000,079,360 | RHS- | M] () -- C:\WINDOWS\jusched.exe

    PRC - [2010/03/09 10:02:14 | 026,100,520 | R--- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\ani\Desktop\Skype.exe

    PRC - [2002/09/17 08:53:18 | 001,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

    PRC - [2000/12/30 12:39:58 | 000,151,552 | ---- | M] () -- C:\WINDOWS\Datecs\Flex2K.exe

    ========== Modules (SafeList) ==========

    MOD - [2011/07/25 18:32:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ani\My Documents\Downloads\OTL.exe

    MOD - [2002/09/17 08:51:32 | 000,921,600 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

    MOD - [2000/12/13 00:55:40 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\newdll.dll

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (Spooler)

    SRV - File not found [Auto | Stopped] -- -- (Spool SubSystem App)

    SRV - File not found [Auto | Stopped] -- -- (MSDisk)

    SRV - File not found [Auto | Stopped] -- -- (Microsoft Visual Basic )

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)

    SRV - [2011/07/25 18:24:10 | 000,256,000 | ---- | M] () [Auto | Running] -- C:\WINDOWS\sysdriver32.exe -- (srvsysdriver32)

    SRV - [2011/07/24 00:27:46 | 000,495,616 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.2\svchost.exe -- (srviecheck)

    SRV - [2011/07/21 23:32:42 | 000,340,992 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.5.0\svchost.exe -- (srvbtcclient)

    SRV - [2011/07/19 22:57:18 | 001,147,392 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\update.1\svchost.exe -- (wxpdrivers)

    SRV - [2010/12/12 12:13:54 | 000,057,344 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\System32\setup.exe -- (AMService)

    ========== Driver Services (SafeList) ==========

    DRV - [2011/01/30 02:34:50 | 000,052,992 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\hivfdzfmxifdg.sys -- (fakhu)

    DRV - [2010/11/01 20:45:06 | 000,000,000 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\hghmxd.sys -- (bdwhwvw)

    DRV - [2010/10/16 07:37:26 | 000,040,128 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\fdtyjuor.sys -- (fdtyjuor)

    DRV - [2007/02/03 15:46:32 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)

    DRV - [2006/12/19 19:28:52 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

    DRV - [2001/08/17 12:49:58 | 000,018,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)

    DRV - [2001/08/17 12:49:54 | 000,012,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)

    DRV - [2001/08/17 12:49:50 | 000,023,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)

    DRV - [2001/08/17 12:49:46 | 000,031,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)

    DRV - [2001/08/17 12:49:42 | 000,044,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV03nt.sys -- (iAimTV2)

    DRV - [2001/08/17 12:49:36 | 000,019,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)

    DRV - [2001/08/17 12:49:34 | 000,029,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)

    DRV - [2001/08/17 12:49:32 | 000,012,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)

    DRV - [2001/08/17 12:49:26 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)

    DRV - [2001/08/17 12:49:22 | 000,012,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)

    DRV - [2001/08/17 12:49:18 | 000,138,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)

    DRV - [2001/08/17 12:11:02 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xnd5.sys -- (EL90X)

    ========== Standard Registry (All) ==========

    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - File not found

    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm

    IE - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

    IE - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

    IE - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://getredirected.info/

    IE - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - File not found

    IE - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

    IE - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Winamp Search"

    FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="

    FF - prefs.js..browser.search.selectedEngine: "Winamp Search"

    FF - prefs.js..browser.search.useDBForOrder: true

    FF - prefs.js..browser.startup.homepage: "http://getredirected.info/"

    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17

    FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()

    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

    FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\DOCUME~1\ani\APPLIC~1\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/14 19:40:34 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/14 19:40:36 | 000,000,000 | ---D | M]

    [2009/12/14 19:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ani\Application Data\Mozilla\Extensions

    [2009/12/14 19:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ani\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

    [2009/12/14 19:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ani\Application Data\Mozilla\Firefox\Profiles\yz40z8oy.default\extensions

    [2009/12/17 19:47:26 | 000,000,362 | ---- | M] () -- C:\Documents and Settings\ani\Application Data\Mozilla\Firefox\Profiles\yz40z8oy.default\searchplugins\winamp-search.xml

    [2010/10/29 11:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    [2010/10/29 11:58:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    File not found (No name found) --

    [2011/06/25 02:36:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

    [2009/12/17 01:03:36 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

    [2011/05/07 23:06:06 | 000,001,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\911bg.xml

    [2011/05/07 23:06:06 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

    [2011/05/07 23:06:06 | 000,002,442 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\diribg.xml

    [2011/05/07 23:06:06 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

    [2011/05/07 23:06:06 | 000,001,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pe-bg.xml

    [2011/05/07 23:06:06 | 000,001,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml

    [2011/05/07 23:06:06 | 000,001,220 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bg.xml

    O1 HOSTS File: ([2011/07/25 18:23:24 | 000,203,160 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

    O1 - Hosts: 127.0.0.1 localhost

    O1 - Hosts: 127.0.0.1 vkontakte.ru

    O1 - Hosts: 127.0.0.1 www.vkontakte.ru

    O1 - Hosts: 127.0.0.1 login.vk.com

    O1 - Hosts: 127.0.0.1 vk.com

    O1 - Hosts: 127.0.0.1 www.vk.com

    O1 - Hosts: 127.0.0.1 odnoklassniki.ru

    O1 - Hosts: 127.0.0.1 www.odnoklassniki.ru

    O1 - Hosts: 127.0.0.1 facebook.com

    O1 - Hosts: 127.0.0.1 www.facebook.com

    O1 - Hosts: 127.0.0.1 af-za.facebook.com

    O1 - Hosts: 127.0.0.1 az-az.facebook.com

    O1 - Hosts: 127.0.0.1 id-id.facebook.com

    O1 - Hosts: 127.0.0.1 ms-my.facebook.com

    O1 - Hosts: 127.0.0.1 bs-ba.facebook.com

    O1 - Hosts: 127.0.0.1 ca-es.facebook.com

    O1 - Hosts: 127.0.0.1 cs-cz.facebook.com

    O1 - Hosts: 127.0.0.1 cy-gb.facebook.com

    O1 - Hosts: 127.0.0.1 da-dk.facebook.com

    O1 - Hosts: 127.0.0.1 de-de.facebook.com

    O1 - Hosts: 127.0.0.1 et-ee.facebook.com

    O1 - Hosts: 127.0.0.1 en-gb.facebook.com

    O1 - Hosts: 127.0.0.1 es-la.facebook.com

    O1 - Hosts: 127.0.0.1 eo-eo.facebook.com

    O1 - Hosts: 127.0.0.1 eu-es.facebook.com

    O1 - Hosts: 50060 more lines...

    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()

    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

    O3 - HKLM\..\Toolbar: (My &Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - File not found

    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

    O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()

    O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - File not found

    O3 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

    O3 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

    O3 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

    O3 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

    O3 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

    O3 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - File not found

    O4 - HKLM..\Run: [1100683.exe] C:\WINDOWS\TEMP\1100683.exe ()

    O4 - HKLM..\Run: [3524987.exe] C:\Documents and Settings\ani\Local Settings\Temp\3524987.exe ()

    O4 - HKLM..\Run: [3779670.exe] C:\WINDOWS\TEMP\3779670.exe ()

    O4 - HKLM..\Run: [4955271-loader2.exe] C:\Documents and Settings\ani\Local Settings\Temp\4955271-loader2.exe ()

    O4 - HKLM..\Run: [59421119-loader2.exe] C:\Documents and Settings\ani\Local Settings\Temp\59421119-loader2.exe ()

    O4 - HKLM..\Run: [6361036.exe] C:\Documents and Settings\ani\Local Settings\Temp\6361036.exe ()

    O4 - HKLM..\Run: [69458479-loader2.exe] C:\Documents and Settings\ani\Local Settings\Temp\69458479-loader2.exe ()

    O4 - HKLM..\Run: [8961158.exe] C:\WINDOWS\TEMP\8961158.exe ()

    O4 - HKLM..\Run: [Java developer Script Browse] C:\WINDOWS\jusched.exe ()

    O4 - HKLM..\Run: [KernelFaultCheck] File not found

    O4 - HKLM..\Run: [l1rezerv.exe] C:\WINDOWS\l1rezerv.exe ()

    O4 - HKLM..\Run: [pgtjgcmj] C:\Documents and Settings\ani\Local Settings\Application Data\nufaol.exe ()

    O4 - HKLM..\Run: [sysdriver32.exe] C:\WINDOWS\sysdriver32.exe ()

    O4 - HKLM..\Run: [sysdriver32_.exe] C:\WINDOWS\sysdriver32_.exe ()

    O4 - HKLM..\Run: [systemup] C:\WINDOWS\systemup.exe ()

    O4 - HKLM..\Run: [WinampAgent] File not found

    O4 - HKLM..\Run: [wmupdater] C:\Program Files\Windows Media Player\wmupdater.exe ()

    O4 - HKLM..\Run: [wxpdrv] C:\WINDOWS\update.1\svchost.exe ()

    O4 - HKU\.DEFAULT..\Run: [AMService] C:\WINDOWS\system32\config\systemprofile\setup.exe ()

    O4 - HKU\S-1-5-18..\Run: [AMService] C:\WINDOWS\system32\config\systemprofile\setup.exe ()

    O4 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004..\Run: [Java developer Script Browse] C:\WINDOWS\jusched.exe ()

    O4 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004..\Run: [MSConfig] File not found

    O4 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

    O4 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004..\Run: [pgtjgcmj] C:\Documents and Settings\ani\Local Settings\Application Data\nufaol.exe ()

    O4 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004..\Run: [skype] C:\Documents and Settings\ani\Desktop\Skype.exe (Skype Technologies S.A.)

    O4 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

    O4 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk = C:\WINDOWS\Datecs\Flex2K.exe ()

    O4 - Startup: C:\Documents and Settings\ani\Start Menu\Programs\Startup\miurb.exe ()

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0

    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]

    O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()

    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)

    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

    O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()

    O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()

    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab (Reg Error: Key error.)

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

    O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

    O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

    O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

    O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

    O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

    O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

    O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

    O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

    O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

    O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

    O24 - Desktop Components:0 () - file:///C:/Documents%20and%20Settings/ani/Desktop/profile.php_files/148667_129929000396022_100001367675045_145462_141398_n.jpg

    O24 - Desktop Components:1 (My Current Home Page) - About:Home

    O24 - Desktop WallPaper: C:\Documents and Settings\ani\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

    O24 - Desktop BackupWallPaper: C:\Documents and Settings\ani\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

    O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

    O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

    O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

    O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

    O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

    O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

    O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

    O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

    O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

    O31 - SafeBoot: AlternateShell - services32.exe

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2006/08/24 17:26:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]

    O34 - HKLM BootExecute: (autocheck autochk *) - File not found

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37 - HKLM\...com [@ = comfile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found

    NetSvcs: HidServ - File not found

    NetSvcs: Ias - File not found

    NetSvcs: Iprip - File not found

    NetSvcs: Irmon - File not found

    NetSvcs: NWCWorkstation - File not found

    NetSvcs: Nwsapagent - File not found

    NetSvcs: WmdmPmSp - File not found

    MsConfig - StartUpReg: AVG7_CC - hkey= - key= - File not found

    MsConfig - StartUpReg: AVG7_EMC - hkey= - key= - File not found

    MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)

    MsConfig - StartUpReg: My Web Search Bar - hkey= - key= - File not found

    MsConfig - StartUpReg: MyWebSearch Email Plugin - hkey= - key= - File not found

    MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

    MsConfig - StartUpReg: WhenUSearch - hkey= - key= - File not found

    MsConfig - StartUpReg: WhenUSearchWHSE - hkey= - key= - File not found

    MsConfig - State: "system.ini" - 0

    MsConfig - State: "win.ini" - 0

    MsConfig - State: "bootini" - 0

    MsConfig - State: "services" - 0

    MsConfig - State: "startup" - 2

    Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)

    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

    Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)

    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

    Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)

    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)

    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)

    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)

    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)

    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)

    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

    Drivers32: vidc.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)

    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

    Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)

    Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)

    Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)

    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

    Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)

    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)

    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)

    Drivers32: vidc.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)

    Drivers32: vidc.MP43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)

    Drivers32: vidc.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)

    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)

    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)

    Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

    Drivers32: VIDC.VP31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)

    Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)

    Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)

    Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)

    Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)

    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

    Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

    Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)

    Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    ========== Files/Folders - Created Within 90 Days ==========

    [2011/07/19 23:15:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information

    [2011/07/19 23:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ani\Desktop\Flash-Player

    [2011/07/19 23:02:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa

    [2011/07/19 23:02:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer

    [2011/07/19 23:02:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix

    [2011/07/19 23:02:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2

    [2011/07/19 23:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR

    [2011/07/19 23:00:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0

    [2011/07/19 22:59:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1

    [2011/07/18 13:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ani\Desktop\Programi

    [2011/07/16 17:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ani\Local Settings\Application Data\Help

    [2011/07/16 17:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ani\Application Data\Help

    [2011/07/06 22:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

    [2011/05/13 22:13:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ani\Desktop\liverpool fc

    [2011/05/13 14:04:22 | 000,000,000 | -HSD | C] -- C:\FOUND.032

    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    [164 C:\Documents and Settings\ani\Application Data\*.tmp files -> C:\Documents and Settings\ani\Application Data\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2011/07/25 18:25:08 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

    [2011/07/25 18:24:12 | 000,000,180 | ---- | M] () -- C:\WINDOWS\info1

    [2011/07/25 18:24:10 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32_.exe

    [2011/07/25 18:24:10 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe

    [2011/07/25 18:23:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

    [2011/07/25 18:21:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

    [2011/07/25 18:21:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

    [2011/07/23 00:22:06 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe

    [2011/07/22 12:55:08 | 000,000,027 | ---- | M] () -- C:\Documents and Settings\ani\Desktop\home(4).php

    [2011/07/19 23:26:46 | 000,114,176 | ---- | M] () -- C:\WINDOWS\systemup.exe

    [2011/07/19 23:04:02 | 001,137,275 | ---- | M] () -- C:\Documents and Settings\ani\Desktop\Flash-Player.rar

    [2011/07/19 23:02:26 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar

    [2011/07/19 23:02:26 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe

    [2011/07/19 23:02:26 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar

    [2011/07/19 23:02:24 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar

    [2011/07/19 23:01:50 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar

    [2011/07/19 23:00:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok

    [2011/07/19 22:57:18 | 001,147,392 | ---- | M] () -- C:\WINDOWS\services32.exe

    [2011/07/19 22:57:18 | 001,147,392 | ---- | M] () -- C:\Documents and Settings\ani\Desktop\Flash-Player.exe

    [2011/07/17 03:24:22 | 004,636,907 | ---- | M] () -- C:\WINDOWS\geoiplist

    [2011/05/25 22:08:52 | 000,050,309 | ---- | M] () -- C:\Documents and Settings\ani\My Documents\VO2O6088.jpg

    [2011/05/25 22:08:20 | 000,054,205 | ---- | M] () -- C:\Documents and Settings\ani\My Documents\VO2O6087.jpg

    [2011/05/25 22:08:00 | 000,025,969 | ---- | M] () -- C:\Documents and Settings\ani\My Documents\VO2O6084.jpg

    [2011/05/17 21:08:38 | 000,005,670 | ---- | M] () -- C:\Documents and Settings\ani\Desktop\displayimage.rar

    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    [164 C:\Documents and Settings\ani\Application Data\*.tmp files -> C:\Documents and Settings\ani\Application Data\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/07/22 12:53:19 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\ani\Desktop\home(4).php

    [2011/07/19 23:26:52 | 000,114,176 | ---- | C] () -- C:\WINDOWS\systemup.exe

    [2011/07/19 23:15:15 | 000,232,960 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe

    [2011/07/19 23:03:59 | 001,137,275 | ---- | C] () -- C:\Documents and Settings\ani\Desktop\Flash-Player.rar

    [2011/07/19 23:02:24 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar

    [2011/07/19 23:02:23 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar

    [2011/07/19 23:02:23 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar

    [2011/07/19 23:01:50 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist

    [2011/07/19 23:01:49 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar

    [2011/07/19 23:01:49 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe

    [2011/07/19 23:00:59 | 000,000,180 | ---- | C] () -- C:\WINDOWS\info1

    [2011/07/19 23:00:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok

    [2011/07/19 23:00:08 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32_.exe

    [2011/07/19 22:59:54 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32.exe

    [2011/07/19 22:59:25 | 001,147,392 | ---- | C] () -- C:\WINDOWS\services32.exe

    [2011/07/19 22:57:17 | 001,147,392 | ---- | C] () -- C:\Documents and Settings\ani\Desktop\Flash-Player.exe

    [2011/05/25 22:08:50 | 000,050,309 | ---- | C] () -- C:\Documents and Settings\ani\My Documents\VO2O6088.jpg

    [2011/05/25 22:08:18 | 000,054,205 | ---- | C] () -- C:\Documents and Settings\ani\My Documents\VO2O6087.jpg

    [2011/05/25 22:07:56 | 000,025,969 | ---- | C] () -- C:\Documents and Settings\ani\My Documents\VO2O6084.jpg

    [2011/05/17 21:08:37 | 000,005,670 | ---- | C] () -- C:\Documents and Settings\ani\Desktop\displayimage.rar

    [2011/05/07 23:06:14 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

    [2011/02/16 01:47:44 | 000,057,344 | RHS- | C] () -- C:\Documents and Settings\ani\Local Settings\Application Data\nufaol.exe

    [2011/01/28 12:12:28 | 000,052,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\hivfdzfmxifdg.sys

    [2010/10/29 16:55:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\hghmxd.sys

    [2010/10/26 22:05:54 | 000,055,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndisvvan.sys

    [2010/10/16 07:37:24 | 000,040,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\fdtyjuor.sys

    [2010/10/16 07:36:09 | 000,071,680 | -H-- | C] () -- C:\WINDOWS\System32\secupdat.dat

    [2010/07/20 10:28:49 | 000,079,360 | RHS- | C] () -- C:\WINDOWS\jusched.exe

    [2009/12/23 18:02:52 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

    [2009/12/14 19:41:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

    [2009/02/04 22:25:15 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\.exe

    [2008/07/15 12:57:57 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\ani\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2008/06/25 15:08:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

    [2007/02/03 15:46:30 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys

    [2006/11/25 18:27:44 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wininit.ini

    [2006/08/25 10:48:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

    [2006/08/25 10:35:51 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\newdll.dll

    [2006/08/25 10:30:53 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini

    [2006/08/25 10:30:03 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll

    [2006/08/25 10:30:02 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

    [2006/08/25 10:30:02 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll

    [2006/08/25 10:30:02 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

    [2006/08/25 10:29:57 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

    [2006/08/25 10:28:37 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe

    [2006/08/24 17:32:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

    [2006/08/24 17:20:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

    [2006/08/24 17:09:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

    [2006/08/24 17:08:08 | 000,118,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    [2002/09/17 08:55:20 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\tftp.exe

    [2002/09/17 08:55:03 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\setup.exe

    [2002/09/17 08:55:01 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

    [2002/09/17 08:55:01 | 000,004,573 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

    [2002/09/17 08:54:37 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

    [2002/09/17 08:54:37 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

    [2002/09/17 08:54:36 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

    [2002/09/17 08:54:36 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

    [2002/09/17 08:54:30 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

    [2002/09/17 08:54:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

    [2002/09/17 08:54:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

    [2002/09/17 08:53:49 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

    [2002/09/17 08:53:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

    [2002/09/17 08:53:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

    [2002/09/17 08:52:54 | 000,001,740 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

    ========== LOP Check ==========

    [2007/03/10 10:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Opera

    [2007/02/03 13:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera

    [2008/06/30 08:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ani\Application Data\WhenU

    [2009/12/14 19:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ani\Application Data\TeamViewer

    [2009/12/16 19:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ani\Application Data\uTorrent

    [2009/12/16 20:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ani\Application Data\PowerChallenge

    [2008/11/07 08:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\WhenU

    ========== Purity Check ==========

    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >

    [2011/07/25 18:21:26 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys

    [2002/09/17 08:54:20 | 000,233,632 | RHS- | M] () -- C:\ntldr

    [2002/09/17 08:54:20 | 000,047,580 | RHS- | M] () -- C:\NTDETECT.COM

    [2009/12/04 12:05:08 | 000,000,194 | -HS- | M] () -- C:\boot.ini

    [2006/08/24 17:26:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

    [2006/08/24 17:26:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

    [2006/08/24 17:26:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

    [2006/08/24 17:26:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

    [2011/02/17 17:12:20 | 000,000,066 | ---- | M] () -- C:\DebugTrace.log

    [2010/08/06 06:08:36 | 000,048,121 | ---- | M] () -- C:\ssA1234567890.exe

    [2011/01/15 15:46:10 | 000,120,320 | ---- | M] () -- C:\cdfss.exe

    [2011/02/16 01:47:44 | 000,057,344 | ---- | M] () -- C:\asagddsag.exe

    < %PROGRAMFILES%\*.* >

    < %systemroot%\system32\*.dll /lockedfiles >

    [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

    [2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll

    < MD5 for: ATAPI.SYS >

    [2002/09/17 08:55:12 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys

    [2002/09/17 08:52:38 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\drivers\atapi.sys

    < MD5 for: EXPLORER.EXE >

    [2002/09/17 08:53:18 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\explorer.exe

    [2002/09/17 08:53:18 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\system32\dllcache\explorer.exe

    < MD5 for: SVCHOST.EXE >

    [2002/09/17 11:55:18 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\WINDOWS\system32\dllcache\svchost.exe

    [2002/09/17 08:55:18 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\WINDOWS\system32\svchost.exe

    [2011/07/24 00:27:46 | 000,495,616 | ---- | M] () MD5=B29DC60E06AF2B9ED13E6C6935BC3670 -- C:\WINDOWS\update.2\svchost.exe

    [2011/07/21 23:32:42 | 000,340,992 | ---- | M] () MD5=DDE08469DED554140851ACFFCB8F4802 -- C:\WINDOWS\update.5.0\svchost.exe

    [2011/07/19 22:57:18 | 001,147,392 | -H-- | M] () MD5=F9C017A0A25030600EAA7F8973D29E23 -- C:\WINDOWS\update.1\svchost.exe

    < MD5 for: USERINIT.EXE >

    [2002/09/17 08:55:26 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\WINDOWS\system32\dllcache\userinit.exe

    [2002/09/17 08:55:26 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: VOLSNAP.SYS >

    [2002/09/17 08:55:28 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=6FDC9523EF81617CF5028F47FCAF0FBE -- C:\WINDOWS\system32\dllcache\volsnap.sys

    [2002/09/17 08:55:28 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=6FDC9523EF81617CF5028F47FCAF0FBE -- C:\WINDOWS\system32\drivers\volsnap.sys

    < MD5 for: WINLOGON.EXE >

    [2002/09/17 11:55:34 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\system32\dllcache\winlogon.exe

    [2002/09/17 08:55:34 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\system32\winlogon.exe

    < End of report >


    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Кажете ми след изпълнението на скрипта какво е положението с проблема ви..и системата ви..?

    Чакам отговор...!Имате ли достъп до Фейсбоок..!

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    а след рестарта другото изглежда наред, а фб Не може да бъде установена връзка Firefox не може да установи връзка с www.facebook.com. Сайтът може да е временно недостъпен или твърде зает. Опитайте пак след малко. Ако не можете да заредите коя да е страница, проверете хардуера на компютъра. Ако компютърът или мрежата са зад защитна стена или прокси, проверете дали на Firefox е разрешен достъпът до Интернет.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Така ясно..имаме още малко работа:

    Стоп...!!!Ама вие не сте изпълнили скрипта ми...?Какво правим ...?

    Изтеглете ComboFix от тук или тук и го запазете на десктопа си.

    • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

    Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

    • Стартирайте Combo-Fix.com и следвайте инструкциите.

    Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

    • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.
    • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

    ** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

    Публикувано изображение

    След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

    Публикувано изображение

    Изберете Yes, за да продължи сканирането за зловреден софтуер.

    Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

    Бележка:

    • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
    • ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
    • ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
    • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
    • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

    Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

    Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

    • Харесва ми 4

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    изпълних го но както ви писах: не намерих в c:\_OTL няма txt файл - а на десктопа мисля ,че е първия,но го прилагам

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    копютъра се рестартира на два пъти и накрая излезе това ComboFix 11-07-25.02 - ani 07/25/2011 22:18:04.1.1 - FAT32x86 Running from: c:\documents and settings\ani\Desktop\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\ani\LOCALS~1\Temp\3524987.exe c:\docume~1\ani\LOCALS~1\Temp\6361036.exe c:\documents and settings\ani\Application Data\12C.tmp c:\documents and settings\ani\Application Data\12D.tmp c:\documents and settings\ani\Application Data\12E.tmp c:\documents and settings\ani\Application Data\12F.tmp c:\documents and settings\ani\Application Data\130.tmp c:\documents and settings\ani\Application Data\15.tmp c:\documents and settings\ani\Application Data\151.tmp c:\documents and settings\ani\Application Data\152.tmp c:\documents and settings\ani\Application Data\154.tmp c:\documents and settings\ani\Application Data\155.tmp c:\documents and settings\ani\Application Data\16.tmp c:\documents and settings\ani\Application Data\164.tmp c:\documents and settings\ani\Application Data\165.tmp c:\documents and settings\ani\Application Data\17C.tmp c:\documents and settings\ani\Application Data\18A.tmp c:\documents and settings\ani\Application Data\194.tmp c:\documents and settings\ani\Application Data\197.tmp c:\documents and settings\ani\Application Data\198.tmp c:\documents and settings\ani\Application Data\1D.tmp c:\documents and settings\ani\Application Data\1E.tmp c:\documents and settings\ani\Application Data\1FC.tmp c:\documents and settings\ani\Application Data\21.tmp c:\documents and settings\ani\Application Data\26C.tmp c:\documents and settings\ani\Application Data\26D.tmp c:\documents and settings\ani\Application Data\275.tmp c:\documents and settings\ani\Application Data\276.tmp c:\documents and settings\ani\Application Data\2CB.tmp c:\documents and settings\ani\Application Data\2CC.tmp c:\documents and settings\ani\Application Data\2CD.tmp c:\documents and settings\ani\Application Data\329.tmp c:\documents and settings\ani\Application Data\32B.tmp c:\documents and settings\ani\Application Data\333.tmp c:\documents and settings\ani\Application Data\334.tmp c:\documents and settings\ani\Application Data\365.tmp c:\documents and settings\ani\Application Data\366.tmp c:\documents and settings\ani\Application Data\368.tmp c:\documents and settings\ani\Application Data\36B.tmp c:\documents and settings\ani\Application Data\36C.tmp c:\documents and settings\ani\Application Data\36E.tmp c:\documents and settings\ani\Application Data\37.tmp c:\documents and settings\ani\Application Data\37D.tmp c:\documents and settings\ani\Application Data\37E.tmp c:\documents and settings\ani\Application Data\38.tmp c:\documents and settings\ani\Application Data\38B.tmp c:\documents and settings\ani\Application Data\38C.tmp c:\documents and settings\ani\Application Data\38E.tmp c:\documents and settings\ani\Application Data\38F.tmp c:\documents and settings\ani\Application Data\3B.tmp c:\documents and settings\ani\Application Data\3C3.tmp c:\documents and settings\ani\Application Data\3C4.tmp c:\documents and settings\ani\Application Data\3C5.tmp c:\documents and settings\ani\Application Data\3C6.tmp c:\documents and settings\ani\Application Data\3C8.tmp c:\documents and settings\ani\Application Data\3CA.tmp c:\documents and settings\ani\Application Data\3D5.tmp c:\documents and settings\ani\Application Data\3D6.tmp c:\documents and settings\ani\Application Data\3DD.tmp c:\documents and settings\ani\Application Data\3E6.tmp c:\documents and settings\ani\Application Data\3EA.tmp c:\documents and settings\ani\Application Data\3EB.tmp c:\documents and settings\ani\Application Data\3EC.tmp c:\documents and settings\ani\Application Data\421.tmp c:\documents and settings\ani\Application Data\422.tmp c:\documents and settings\ani\Application Data\423.tmp c:\documents and settings\ani\Application Data\424.tmp c:\documents and settings\ani\Application Data\425.tmp c:\documents and settings\ani\Application Data\42C.tmp c:\documents and settings\ani\Application Data\43D.tmp c:\documents and settings\ani\Application Data\43E.tmp c:\documents and settings\ani\Application Data\490.tmp c:\documents and settings\ani\Application Data\491.tmp c:\documents and settings\ani\Application Data\492.tmp c:\documents and settings\ani\Application Data\4DC.tmp c:\documents and settings\ani\Application Data\51.tmp c:\documents and settings\ani\Application Data\52.tmp c:\documents and settings\ani\Application Data\53.tmp c:\documents and settings\ani\Application Data\54.tmp c:\documents and settings\ani\Application Data\543.tmp c:\documents and settings\ani\Application Data\55.tmp c:\documents and settings\ani\Application Data\552.tmp c:\documents and settings\ani\Application Data\553.tmp c:\documents and settings\ani\Application Data\554.tmp c:\documents and settings\ani\Application Data\56.tmp c:\documents and settings\ani\Application Data\57.tmp c:\documents and settings\ani\Application Data\575.tmp c:\documents and settings\ani\Application Data\576.tmp c:\documents and settings\ani\Application Data\577.tmp c:\documents and settings\ani\Application Data\59.tmp c:\documents and settings\ani\Application Data\5A.tmp c:\documents and settings\ani\Application Data\5A4.tmp c:\documents and settings\ani\Application Data\5A5.tmp c:\documents and settings\ani\Application Data\5B.tmp c:\documents and settings\ani\Application Data\5C.tmp c:\documents and settings\ani\Application Data\5D.tmp c:\documents and settings\ani\Application Data\5DA.tmp c:\documents and settings\ani\Application Data\5DB.tmp c:\documents and settings\ani\Application Data\5F.tmp c:\documents and settings\ani\Application Data\6.tmp c:\documents and settings\ani\Application Data\60.tmp c:\documents and settings\ani\Application Data\62.tmp c:\documents and settings\ani\Application Data\7.tmp c:\documents and settings\ani\Application Data\73.tmp c:\documents and settings\ani\Application Data\73C.tmp c:\documents and settings\ani\Application Data\73D.tmp c:\documents and settings\ani\Application Data\73E.tmp c:\documents and settings\ani\Application Data\73F.tmp c:\documents and settings\ani\Application Data\740.tmp c:\documents and settings\ani\Application Data\74B.tmp c:\documents and settings\ani\Application Data\74C.tmp c:\documents and settings\ani\Application Data\74D.tmp c:\documents and settings\ani\Application Data\77.tmp c:\documents and settings\ani\Application Data\78.tmp c:\documents and settings\ani\Application Data\78A.tmp c:\documents and settings\ani\Application Data\78B.tmp c:\documents and settings\ani\Application Data\78C.tmp c:\documents and settings\ani\Application Data\78D.tmp c:\documents and settings\ani\Application Data\79A.tmp c:\documents and settings\ani\Application Data\7F.tmp c:\documents and settings\ani\Application Data\8.tmp c:\documents and settings\ani\Application Data\80.tmp c:\documents and settings\ani\Application Data\81.tmp c:\documents and settings\ani\Application Data\81F.tmp c:\documents and settings\ani\Application Data\82.tmp c:\documents and settings\ani\Application Data\828.tmp c:\documents and settings\ani\Application Data\829.tmp c:\documents and settings\ani\Application Data\831.tmp c:\documents and settings\ani\Application Data\856.tmp c:\documents and settings\ani\Application Data\857.tmp c:\documents and settings\ani\Application Data\85B.tmp c:\documents and settings\ani\Application Data\85C.tmp c:\documents and settings\ani\Application Data\85D.tmp c:\documents and settings\ani\Application Data\872.tmp c:\documents and settings\ani\Application Data\873.tmp c:\documents and settings\ani\Application Data\874.tmp c:\documents and settings\ani\Application Data\8AF.tmp c:\documents and settings\ani\Application Data\8C4.tmp c:\documents and settings\ani\Application Data\8C5.tmp c:\documents and settings\ani\Application Data\A1.tmp c:\documents and settings\ani\Application Data\AB.tmp c:\documents and settings\ani\Application Data\AF.tmp c:\documents and settings\ani\Application Data\B.tmp c:\documents and settings\ani\Application Data\B0.tmp c:\documents and settings\ani\Application Data\C.tmp c:\documents and settings\ani\Application Data\CB.tmp c:\documents and settings\ani\Application Data\CC.tmp c:\documents and settings\ani\Application Data\CD.tmp c:\documents and settings\ani\Application Data\D.tmp c:\documents and settings\ani\Application Data\D2.tmp c:\documents and settings\ani\Application Data\D3.tmp c:\documents and settings\ani\Application Data\E2.tmp c:\documents and settings\ani\Application Data\E3.tmp c:\documents and settings\ani\Application Data\E4.tmp c:\documents and settings\ani\Application Data\E5.tmp c:\documents and settings\ani\Application Data\E8.tmp c:\documents and settings\ani\Application Data\E9.tmp c:\documents and settings\ani\Application Data\Qjgkga.exe c:\documents and settings\ani\fidtqx.exe c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe c:\program files\FunWebProducts c:\program files\FunWebProducts\ScreenSaver\Images\001D2108.urr c:\program files\FunWebProducts\ScreenSaver\Images\0757E943.urr c:\program files\Save c:\program files\Save\ACM.dll c:\program files\Save\save.db c:\program files\Save\SaveNowupdate.exe c:\program files\Save\store.db c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf c:\windows\IsUn0407.exe c:\windows\jusched.exe c:\windows\sysdriver32_.exe c:\windows\system32\.exe c:\windows\system32\config\systemprofile\setup.exe c:\windows\TEMP\1100683.exe c:\windows\TEMP\3779670.exe c:\windows\update.1 c:\windows\update.2 c:\windows\update.5.0 . c:\windows\system32\qmgr.dll . . . is infected!! . c:\windows\system32\tftp.exe . . . is infected!! . . ((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 ))))))))))))))))))))))))))))))) . . 2011-07-25 19:31 . 2011-07-25 19:32 57344 ----a-w- c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe 2011-07-25 19:12 . 2011-07-25 19:12 -------- d-----w- C:\FOUND.033 2011-07-25 17:55 . 2011-07-25 17:55 -------- d-----w- C:\_OTL 2011-07-19 20:26 . 2011-07-19 20:26 114176 ----a-w- c:\windows\systemup.exe 2011-07-19 20:15 . 2011-07-22 21:22 232960 ----a-w- c:\windows\l1rezerv.exe 2011-07-19 20:02 . 2011-07-19 20:02 -------- d-----w- c:\windows\ufa 2011-07-19 20:02 . 2011-07-19 20:02 -------- d-----w- c:\windows\rpcminer 2011-07-19 20:02 . 2011-07-19 20:02 -------- d-----w- c:\windows\phoenix 2011-07-19 20:01 . 2011-07-19 20:02 246272 ----a-w- c:\windows\unrar.exe 2011-07-19 19:59 . 2011-07-19 19:57 1147392 ----a-w- c:\windows\services32.exe 2011-07-16 14:00 . 2011-07-16 14:00 -------- d-----w- c:\documents and settings\ani\Local Settings\Application Data\Help 2011-07-07 23:24 . 2011-07-07 23:24 15696 ----a-w- c:\documents and settings\ani\Application Data\42B.tmp 2011-07-07 20:49 . 2011-07-07 20:49 15696 ----a-w- c:\documents and settings\ani\Application Data\42A.tmp 2011-07-07 08:10 . 2011-07-07 08:10 15696 ----a-w- c:\documents and settings\ani\Application Data\413.tmp 2011-06-28 16:59 . 2011-06-28 16:59 15696 ----a-w- c:\documents and settings\ani\Application Data\85A.tmp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-15 23:36 . 2011-06-15 23:36 15444 ----a-w- c:\documents and settings\ani\Application Data\38D.tmp 2011-05-11 07:28 . 2011-05-11 07:28 199 ----a-w- c:\documents and settings\ani\Application Data\17B.tmp 2011-05-10 16:15 . 2011-05-10 16:15 199 ----a-w- c:\documents and settings\ani\Application Data\12B.tmp 2011-05-10 16:13 . 2011-05-10 16:13 199 ----a-w- c:\documents and settings\ani\Application Data\12A.tmp 2011-05-05 22:06 . 2011-05-05 22:06 198 ----a-w- c:\documents and settings\ani\Application Data\5E.tmp 2011-06-24 23:36 . 2011-05-07 20:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2002-09-17 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\drivers\atapi.sys . [-] 2002-09-17 . 03F403B07A884FC2AA54A0916C410931 . 13568 . . [5.1.2600.0] . . c:\windows\system32\drivers\asyncmac.sys [-] 2002-09-17 . 03F403B07A884FC2AA54A0916C410931 . 13568 . . [5.1.2600.0] . . c:\windows\system32\dllcache\asyncmac.sys . [-] 2002-09-17 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys [-] 2002-09-17 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys . [-] 2002-09-17 . 1E7F78C2FC393356CD884C6FDE7966F9 . 23424 . . [5.1.2600.1106] . . c:\windows\system32\drivers\kbdclass.sys . [-] 2002-09-17 . 3B350E5A2A5E951453F3993275A4523A . 167552 . . [5.1.2600.1106] . . c:\windows\system32\drivers\ndis.sys [-] 2002-09-17 . 3B350E5A2A5E951453F3993275A4523A . 167552 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\ndis.sys . [-] 2002-09-17 . E3AE9C79498210A5F39FE5A9AD62BC55 . 561920 . . [5.1.2600.1106] . . c:\windows\system32\drivers\ntfs.sys [-] 2002-09-17 . E3AE9C79498210A5F39FE5A9AD62BC55 . 561920 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\ntfs.sys . [-] 2002-09-17 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys [-] 2002-09-17 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys . [-] 2002-09-17 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\system32\drivers\tcpip.sys [-] 2002-09-17 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\tcpip.sys . [-] 2002-09-17 . 3671D928554E124A8AC326A1769F2FFB . 49152 . . [5.1.2600.1106] . . c:\windows\system32\browser.dll [-] 2002-09-17 . 3671D928554E124A8AC326A1769F2FFB . 49152 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\browser.dll . [-] 2002-09-17 . B2B6BA905D0E3F8A32A0EB3B4051807B . 11776 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\lsass.exe [-] 2002-09-17 . B2B6BA905D0E3F8A32A0EB3B4051807B . 11776 . . [5.1.2600.1106] . . c:\windows\system32\lsass.exe . [-] 2002-09-17 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\netman.dll [-] 2002-09-17 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\system32\netman.dll . [-] 2002-09-17 08:52 . 1F51839ECCF908FD86558198909262E4 . 792064 . . [2001.12.4414.42] . . c:\windows\system32\dllcache\comres.dll [-] 2002-09-17 05:52 . 1F51839ECCF908FD86558198909262E4 . 792064 . . [2001.12.4414.42] . . c:\windows\system32\comres.dll . [-] 2002-09-17 . 6A1CF14D0E7D0B2241F552223769C8A7 . 221696 . . [6.2.2600.1106] . . c:\windows\system32\qmgr.dll . [-] 2002-09-17 . 493FCBED180DCACF0B5D4C8C29949CA9 . 260608 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\rpcss.dll [-] 2002-09-17 . 493FCBED180DCACF0B5D4C8C29949CA9 . 260608 . . [5.1.2600.1106] . . c:\windows\system32\rpcss.dll . [-] 2002-09-17 . E3DF4A0252D287C44606EE55355E1623 . 101376 . . [5.1.2600.0] . . c:\windows\system32\dllcache\services.exe [-] 2002-09-17 . E3DF4A0252D287C44606EE55355E1623 . 101376 . . [5.1.2600.0] . . c:\windows\system32\services.exe . [-] 2002-09-17 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\system32\dllcache\spoolsv.exe . [-] 2002-09-17 . 2246D8D8F4714A2CEDB21AB9B1849ABB . 516608 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\winlogon.exe [-] 2002-09-17 . 2246D8D8F4714A2CEDB21AB9B1849ABB . 516608 . . [5.1.2600.1106] . . c:\windows\system32\winlogon.exe . [-] 2002-09-17 . A3763CE319D9EB3EC2AC04901F293B9D . 139776 . . [5.4.3630.1106] . . c:\windows\system32\wuauclt.exe [-] 2002-09-17 . A3763CE319D9EB3EC2AC04901F293B9D . 139776 . . [5.4.3630.1106] . . c:\windows\system32\dllcache\wuauclt.exe . [-] 2002-09-17 . 0B5D337119929505EE72D4E4A41ED1FD . 557056 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll [-] 2002-09-17 . 0B5D337119929505EE72D4E4A41ED1FD . 557056 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2002-09-17 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [-] 2002-09-17 . 76B90BD220F1B1CC9E183C6B1AE9FBB4 . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll . [-] 2002-09-17 . 41C70161BFCB17E7E12ED89BADD2AEF4 . 53248 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\cryptsvc.dll [-] 2002-09-17 . 41C70161BFCB17E7E12ED89BADD2AEF4 . 53248 . . [5.1.2600.1106] . . c:\windows\system32\cryptsvc.dll . [-] 2002-09-17 05:53 . C9702DDD814C39DC1254CF757C31C6E4 . 225280 . . [2001.12.4414.46] . . c:\windows\system32\es.dll [-] 2002-09-17 05:53 . C9702DDD814C39DC1254CF757C31C6E4 . 225280 . . [2001.12.4414.46] . . c:\windows\system32\dllcache\es.dll . [-] 2002-09-17 . C9F9E3E6B59C6D6CBCE7F14494A4518A . 103936 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\imm32.dll [-] 2002-09-17 . C9F9E3E6B59C6D6CBCE7F14494A4518A . 103936 . . [5.1.2600.1106] . . c:\windows\system32\imm32.dll . [-] 2002-09-17 . 8F162DC91D67D87C1A481BF602A9DAC8 . 930304 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\kernel32.dll [-] 2002-09-17 . 8F162DC91D67D87C1A481BF602A9DAC8 . 930304 . . [5.1.2600.1106] . . c:\windows\system32\kernel32.dll . [-] 2002-09-17 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\system32\linkinfo.dll [-] 2002-09-17 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\system32\dllcache\linkinfo.dll . [-] 2002-09-17 . 55990CA08692E2739A8DDCE0B04352AC . 18944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\lpk.dll [-] 2002-09-17 . 55990CA08692E2739A8DDCE0B04352AC . 18944 . . [5.1.2600.0] . . c:\windows\system32\lpk.dll . [-] 2002-09-17 . 448EE0A3EDFC3339EC70E93C027E28C8 . 2833920 . . [6.00.2800.1106] . . c:\windows\system32\mshtml.dll [-] 2002-09-17 . 448EE0A3EDFC3339EC70E93C027E28C8 . 2833920 . . [6.00.2800.1106] . . c:\windows\system32\dllcache\mshtml.dll . [-] 2002-09-17 . 886A6C3C185AAEDECD00477F72279B07 . 323072 . . [7.0.2600.1106] . . c:\windows\system32\dllcache\msvcrt.dll [-] 2002-09-17 . 886A6C3C185AAEDECD00477F72279B07 . 323072 . . [7.0.2600.1106] . . c:\windows\system32\msvcrt.dll [-] 2002-09-17 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll [-] 2002-09-17 . 70630CAD245477F8DB02B79D9A92834C . 323072 . . [7.0.2600.1106] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll . [-] 2002-09-17 . 18A8BE5A66B93F9C9615F7D4C148EDE2 . 228352 . . [5.1.2600.0] . . c:\windows\system32\dllcache\mswsock.dll [-] 2002-09-17 . 18A8BE5A66B93F9C9615F7D4C148EDE2 . 228352 . . [5.1.2600.0] . . c:\windows\system32\mswsock.dll . [-] 2002-09-17 . 3ADD563ED7A1C66E6F5E0F7A661AA96D . 399360 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\netlogon.dll [-] 2002-09-17 . 3ADD563ED7A1C66E6F5E0F7A661AA96D . 399360 . . [5.1.2600.1106] . . c:\windows\system32\netlogon.dll . [-] 2002-09-17 . 865AD7CCB20856727D5BD994B094DC5E . 14848 . . [6.00.2600.0000] . . c:\windows\system32\dllcache\powrprof.dll [-] 2002-09-17 . 865AD7CCB20856727D5BD994B094DC5E . 14848 . . [6.00.2600.0000] . . c:\windows\system32\powrprof.dll . [-] 2002-09-17 . 97418A5C642A5C748A28BD7CF6860B57 . 174592 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\scecli.dll [-] 2002-09-17 . 97418A5C642A5C748A28BD7CF6860B57 . 174592 . . [5.1.2600.1106] . . c:\windows\system32\scecli.dll . [-] 2002-09-17 . 52BB2A508CB3EB8AAA5F6F142F5B73D6 . 4096 . . [5.1.2600.0] . . c:\windows\system32\dllcache\sfc.dll [-] 2002-09-17 . 52BB2A508CB3EB8AAA5F6F142F5B73D6 . 4096 . . [5.1.2600.0] . . c:\windows\system32\sfc.dll . [-] 2002-09-17 . 0F7D9C87B0CE1FA520473119752C6F79 . 12800 . . [5.1.2600.0] . . c:\windows\system32\dllcache\svchost.exe [-] 2002-09-17 . 0F7D9C87B0CE1FA520473119752C6F79 . 12800 . . [5.1.2600.0] . . c:\windows\system32\svchost.exe . [-] 2002-09-17 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\tapisrv.dll [-] 2002-09-17 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\system32\tapisrv.dll . [-] 2002-09-17 . DD9269230C21EE8FB7FD3FCCC3B1CFCB . 560128 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\user32.dll [-] 2002-09-17 . DD9269230C21EE8FB7FD3FCCC3B1CFCB . 560128 . . [5.1.2600.1106] . . c:\windows\system32\user32.dll . [-] 2002-09-17 . E931E0A2B8BF0019DB902E98D03662CB . 22016 . . [5.1.2600.1106] . . c:\windows\system32\userinit.exe [-] 2002-09-17 . E931E0A2B8BF0019DB902E98D03662CB . 22016 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\userinit.exe . [-] 2002-09-17 . F3587750A7481DCCBEA13D473A0700BE . 599040 . . [6.00.2800.1106] . . c:\windows\system32\dllcache\wininet.dll [-] 2002-09-17 . F3587750A7481DCCBEA13D473A0700BE . 599040 . . [6.00.2800.1106] . . c:\windows\system32\wininet.dll . [-] 2002-09-17 . 8529C295DF59B564D37A73B5629162B1 . 75264 . . [5.1.2600.0] . . c:\windows\system32\dllcache\ws2_32.dll [-] 2002-09-17 . 8529C295DF59B564D37A73B5629162B1 . 75264 . . [5.1.2600.0] . . c:\windows\system32\ws2_32.dll . [-] 2002-09-17 . 235C7EF9AEDDE76801169DC61FA72DEF . 18944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\ws2help.dll [-] 2002-09-17 . 235C7EF9AEDDE76801169DC61FA72DEF . 18944 . . [5.1.2600.0] . . c:\windows\system32\ws2help.dll . [-] 2002-09-17 . A82B28BFC2E4455FE43022A498C0EF0A . 1004032 . . [6.00.2800.1106] . . c:\windows\explorer.exe [-] 2002-09-17 . A82B28BFC2E4455FE43022A498C0EF0A . 1004032 . . [6.00.2800.1106] . . c:\windows\system32\dllcache\explorer.exe . [-] 2002-09-17 . B28FB518CD2949715CBFCE0E93A7A535 . 134144 . . [5.1.2600.1106] . . c:\windows\regedit.exe [-] 2002-09-17 . B28FB518CD2949715CBFCE0E93A7A535 . 134144 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\regedit.exe . [-] 2002-09-17 . CB598C117C6AB02584BB3B3452A04F11 . 1169920 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\ole32.dll [-] 2002-09-17 . CB598C117C6AB02584BB3B3452A04F11 . 1169920 . . [5.1.2600.1106] . . c:\windows\system32\ole32.dll . [-] 2002-09-17 . 73C90911DD86A10D4004C7D6E655A41B . 339456 . . [1.0409.2600.1106] . . c:\windows\system32\dllcache\usp10.dll [-] 2002-09-17 . 73C90911DD86A10D4004C7D6E655A41B . 339456 . . [1.0409.2600.1106] . . c:\windows\system32\usp10.dll . [-] 2002-12-11 21:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\system32\ksuser.dll [-] 2002-12-11 21:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\Driver Cache\i386\ksuser.dll [-] 2002-12-11 21:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll . [-] 2002-09-17 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . c:\windows\system32\srsvc.dll [-] 2002-09-17 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\srsvc.dll . . . [-] 2002-09-17 . BF3C8CF53C77B48206B39910B6D6CBCC . 49152 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\eventlog.dll [-] 2002-09-17 . BF3C8CF53C77B48206B39910B6D6CBCC . 49152 . . [5.1.2600.1106] . . c:\windows\system32\eventlog.dll . [-] 2002-09-17 . 2564949DBE5F643F50913BBE45D346E2 . 1157632 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\sfcfiles.dll [-] 2002-09-17 . 2564949DBE5F643F50913BBE45D346E2 . 1157632 . . [5.1.2600.1106] . . c:\windows\system32\sfcfiles.dll . [-] 2002-09-17 . 414DE7CF9D3F19C3EA902F1BB38EC116 . 13312 . . [5.1.2600.1106] . . c:\windows\system32\ctfmon.exe [-] 2002-09-17 . 414DE7CF9D3F19C3EA902F1BB38EC116 . 13312 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\ctfmon.exe . [-] 2002-09-17 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\system32\dllcache\shsvcs.dll [-] 2002-09-17 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\system32\shsvcs.dll . [-] 2002-09-17 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\system32\regsvc.dll [-] 2002-09-17 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\system32\dllcache\regsvc.dll . [-] 2002-09-17 . 719B05113003A1934EA25EA1FED68C85 . 159232 . . [5.1.2600.1106] . . c:\windows\system32\schedsvc.dll [-] 2002-09-17 . 719B05113003A1934EA25EA1FED68C85 . 159232 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\schedsvc.dll . [-] 2002-09-17 . 75B5821307B2F4491F9ED06732366872 . 43008 . . [5.1.2600.1106] . . c:\windows\system32\ssdpsrv.dll [-] 2002-09-17 . 75B5821307B2F4491F9ED06732366872 . 43008 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\ssdpsrv.dll . [-] 2002-09-17 . FE84E045A09A4ABC4DEEF7270448B64E . 200192 . . [5.1.2600.1106] . . c:\windows\system32\termsrv.dll [-] 2002-09-17 . FE84E045A09A4ABC4DEEF7270448B64E . 200192 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\termsrv.dll . [-] 2002-09-17 . F5FBCABFE303D309DF5163ABFBBB6958 . 240640 . . [5.1.2600.1106] . . c:\windows\system32\hnetcfg.dll [-] 2002-09-17 . F5FBCABFE303D309DF5163ABFBBB6958 . 240640 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\hnetcfg.dll . [-] 2002-09-17 . AE0BDD0E65987747988861103B50FA4F . 156672 . . [5.1.2600.1106] . . c:\windows\system32\appmgmts.dll [-] 2002-09-17 . AE0BDD0E65987747988861103B50FA4F . 156672 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\appmgmts.dll . [-] 2002-09-17 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys . [7] 2002-08-28 20:16 . FF773FEDA15E8BD97FD54FE87A0ACDBE . 142208 . . [5.1.2601.1095 built by: xpsp1] . . c:\windows\system32\drivers\aec.sys . [7] 2002-09-17 05:53 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll [7] 2002-09-17 05:53 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll . [7] 2002-09-17 . A81487520F11F65BF270D50EE29887B2 . 34304 . . [5.1.2600.0] . . c:\windows\system32\msgsvc.dll [7] 2002-09-17 . A81487520F11F65BF270D50EE29887B2 . 34304 . . [5.1.2600.0] . . c:\windows\system32\dllcache\msgsvc.dll . [7] 2005-01-28 10:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll [7] 2005-01-28 10:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll . [7] 2002-09-17 . 0E8EFB15746878A9B256E75267337233 . 1947904 . . [5.1.2600.1106] . . c:\windows\system32\ntkrnlpa.exe . [7] 2002-09-17 05:54 . AAC49EF5C84A2EBD7409A51A1B65C542 . 392704 . . [5.1.2400.1106] . . c:\windows\system32\ntmssvc.dll [7] 2002-09-17 05:54 . AAC49EF5C84A2EBD7409A51A1B65C542 . 392704 . . [5.1.2400.1106] . . c:\windows\system32\dllcache\ntmssvc.dll . [7] 2002-09-17 . 848CE0601B58410FF2DFB6BC8449AFE7 . 164864 . . [5.1.2600.1106] . . c:\windows\system32\upnphost.dll [7] 2002-09-17 . 848CE0601B58410FF2DFB6BC8449AFE7 . 164864 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\upnphost.dll . [7] 2004-07-09 01:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\dsound.dll [7] 2004-07-09 01:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\dllcache\dsound.dll [7] 2004-07-09 01:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll . [-] 2004-07-09 01:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\d3d9.dll . [7] 2004-07-09 01:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\ddraw.dll [7] 2004-07-09 01:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\dllcache\ddraw.dll [7] 2004-07-09 01:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll . [7] 2002-09-17 05:54 . 76E77301A8A73457A5B55E76847DB892 . 106496 . . [5.0.5014] . . c:\windows\system32\olepro32.dll [7] 2002-09-17 05:54 . 76E77301A8A73457A5B55E76847DB892 . 106496 . . [5.0.5014] . . c:\windows\system32\dllcache\olepro32.dll . [7] 2002-09-17 . 972EFFC80D9E806539489883D37032F5 . 37376 . . [5.1.2600.0] . . c:\windows\system32\perfctrs.dll [7] 2002-09-17 . 972EFFC80D9E806539489883D37032F5 . 37376 . . [5.1.2600.0] . . c:\windows\system32\dllcache\perfctrs.dll . [7] 2002-09-17 . 90D0D0BEA6FBC19E765E30B7DDF52B9A . 16384 . . [5.1.2600.0] . . c:\windows\system32\dllcache\version.dll [7] 2002-09-17 . 90D0D0BEA6FBC19E765E30B7DDF52B9A . 16384 . . [5.1.2600.0] . . c:\windows\system32\version.dll . [7] 2002-09-17 . 418D301C3B1FA94B19584AEEB3D65166 . 91136 . . [6.00.2800.1106] . . c:\windows\system32\dllcache\iexplore.exe . . [7] 2002-09-17 . B9080D97DBD631AADF9128F7316958D2 . 2042240 . . [5.1.2600.1106] . . c:\windows\system32\ntoskrnl.exe . [7] 2002-09-17 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . c:\windows\system32\srsvc.dll [7] 2002-09-17 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\srsvc.dll . [7] 2002-09-17 . A14F6DEDA6E1B5D13A0C225E84988EEA . 165376 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\w32time.dll [7] 2002-09-17 . A14F6DEDA6E1B5D13A0C225E84988EEA . 165376 . . [5.1.2600.1106] . . c:\windows\system32\w32time.dll . [7] 2002-09-17 . 0AC40B75640B550C26347B5F65F6E0EE . 316416 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\wiaservc.dll [7] 2002-09-17 . 0AC40B75640B550C26347B5F65F6E0EE . 316416 . . [5.1.2600.1106] . . c:\windows\system32\wiaservc.dll . [7] 2002-09-17 . 5A80CD832A19D92CEAED6D5C0316D1B1 . 17920 . . [5.1.2600.0] . . c:\windows\system32\midimap.dll [7] 2002-09-17 . 5A80CD832A19D92CEAED6D5C0316D1B1 . 17920 . . [5.1.2600.0] . . c:\windows\system32\dllcache\midimap.dll . [7] 2002-09-17 . C5ABBBD9C7307679B4FBA203213A6FD4 . 6144 . . [5.1.2600.0] . . c:\windows\system32\rasadhlp.dll [7] 2002-09-17 . C5ABBBD9C7307679B4FBA203213A6FD4 . 6144 . . [5.1.2600.0] . . c:\windows\system32\dllcache\rasadhlp.dll . c:\windows\System32\spoolsv.exe ... is missing !! c:\windows\System32\wscntfy.exe ... is missing !! c:\windows\System32\xmlprov.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-10 68856] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-02-24 395640] "Skype"="c:\documents and settings\ani\Desktop\Skype.exe" [2010-03-09 26100520] "pgtjgcmj"="c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe" [2011-07-25 57344] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "wmupdater"="c:\program files\Windows Media Player\wmupdater.exe" [2010-11-25 214016] "pgtjgcmj"="c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe" [2011-07-25 57344] "l1rezerv.exe"="c:\windows\l1rezerv.exe" [2011-07-22 232960] "systemup"="c:\windows\systemup.exe" [2011-07-19 114176] . c:\documents and settings\ani\Start Menu\Programs\Startup\ miurb.exe [2011-2-16 57344] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2005-11-08 21:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-06-10 14:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Documents and Settings\\ani\\Desktop\\Flash-Player.exe"= . 2;2 AMService;AMService;c:\windows\System32\setup.exe run [x] R0 cwydtuhdyfaijds;cwydtuhdyfaijds;c:\windows\system32\drivers\ghhsfuact.sys [x] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664] R3 autorun;autorun;c:\huadio.tmp [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664] S0 fdtyjuor;fdtyjuor;c:\windows\System32\Drivers\fdtyjuor.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2006-12-19 639224] . . Contents of the 'Scheduled Tasks' folder . 2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 05:51] . 2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 05:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://getredirected.info/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe TCP: DhcpNameServer = 192.168.1.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\ani\Application Data\Mozilla\Firefox\Profiles\yz40z8oy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Winamp Search FF - prefs.js: browser.startup.homepage - hxxp://getredirected.info/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - c:\program files\Winamp Toolbar\winamptb.dll HKCU-Run-Qjgkga - c:\documents and settings\ani\Application Data\Qjgkga.exe HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe HKLM-Run-wxpdrv - c:\windows\update.1\svchost.exe HKLM-Run-sysdriver32.exe - c:\windows\sysdriver32.exe HKLM-Run-sysdriver32_.exe - c:\windows\sysdriver32_.exe SafeBoot-fdtyjuor.sys MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe MSConfigStartUp-AVG7_EMC - c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe MSConfigStartUp-WhenUSearch - c:\program files\DAEMON Tools SearchBar\Search.exe MSConfigStartUp-WhenUSearchWHSE - c:\program files\DAEMON Tools SearchBar\whse.exe AddRemove-eMusic Promotion - c:\program files\Winamp\eMusic\Uninst-eMusic-promotion.exe AddRemove-SaveNow - c:\program files\Save\SaveUninst.exe AddRemove-ShockwaveFlash - c:\windows\System32\Macromed\Flash\FlashUtil9b.exe AddRemove-VLC media player - c:\program files\VideoLAN\VLC\uninstall.exe AddRemove-WhenUSearch - c:\program files\DAEMON Tools SearchBar\Uninst.exe AddRemove-Winamp - c:\program files\Winamp\UninstWA.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-25 22:34 Windows 5.1.2600 Service Pack 1 FAT NTAPI . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\autorun] "ImagePath"="\??\c:\huadio.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(564) c:\windows\System32\ODBC32.dll . - - - - - - - > 'lsass.exe'(620) c:\windows\System32\dssenh.dll . - - - - - - - > 'explorer.exe'(3476) c:\windows\System32\newdll.dll c:\windows\System32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\Datecs\Flex2K.exe c:\windows\System32\setup.exe c:\windows\System32\wdfmgr.exe . ************************************************************************** . Completion time: 2011-07-25 22:41:45 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-25 19:41 . Pre-Run: 13,032,407,040 bytes free Post-Run: 14,405,844,992 bytes free . winxpsp1_en_pro_bf.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect . - - End Of File - - FCF3CE7ACE73C9FA1AD640C0E587F5FA

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Изтеглете SystemLook и запазете програмата на десктопа.

    • Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
    • Копирайте съдържанието от цитата по-долу в текстовото поле на програмата:
    :filefind 
    *qmgr.dll*
    *tftp.exe*
    
    • Кликнете на бутона Look, за да започне сканирането.
    • Когато сканирането завърши ще се отвори Notepad с резултата от сканирането. После публикувайте лог файла в следващия си коментар.
    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Имам вече фб !!!/иска ми някакви бисквитки ?!?-ще се оправя някак/ много благодаря за съдействието и търпението приятна вечер !

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    не разбрах ,че има още SystemLook 04.09.10 by jpshortstuff Log created at 23:33 on 25/07/2011 by ani Administrator - Elevation successful ========== filefind ========== Searching for "*qmgr.dll*" C:\WINDOWS\system32\qmgr.dll --a---- 221696 bytes [14:22 24/08/2006] [08:54 17/09/2002] 6A1CF14D0E7D0B2241F552223769C8A7 Searching for "*tftp.exe*" C:\WINDOWS\system32\tftp.exe --a---- 16896 bytes [05:55 17/09/2002] [18:07 10/07/2008] DB3F663417BAEC4D8DA89267A4A27DF5 -= EOF =-

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Изтеглете SystemLook и запазете програмата на десктопа.

    • Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
    • Копирайте съдържанието от цитата по-долу в текстовото поле на програмата:
    :filefind
    *qmgr*
    *tftp*
    
    • Кликнете на бутона Look, за да започне сканирането.
    • Когато сканирането завърши ще се отвори Notepad с резултата от сканирането. После публикувайте лог файла в следващия си коментар.

    Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

    KILLALL::
    
    File::
    c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe
    c:\windows\systemup.exe
    c:\windows\l1rezerv.exe
    c:\windows\unrar.exe
    c:\windows\services32.exe
    c:\windows\system32\drivers\ghhsfuact.sys
    c:\windows\System32\Drivers\fdtyjuor.sys
     
    Folder::
    c:\windows\ufa
    c:\windows\rpcminer
    c:\windows\phoenix
    
    Driver::
    cwydtuhdyfaijds
    fdtyjuor
     
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "pgtjgcmj"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "pgtjgcmj"=-
    "l1rezerv.exe"=-
    "systemup"=-
    
    Reboot::
     
    

    След съхранението преместете CFScript.txt на иконата на ComboFix.exe

    Публикувано изображение

    Генерирания рапорт прикачете в следващия си пост..!

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    <pre class="prettyprint">:filefind*qmgr**tftp*</pre>

    • Кликнете на бутона Look, за да започне сканирането.
    • Когато сканирането завърши ще се отвори Notepad с резултата от сканирането. После публикувайте лог файла в следващия си коментар.
    Това го направих ,но не успях да публикувам лог файла, защото ми се рестартира комютъра

    и продължих с ComboFix и ето:

    ComboFix 11-07-26.02 - ani 07/26/2011 20:01:58.2.1 - FAT32x86

    Running from: c:\documents and settings\ani\Desktop\ComboFix.exe

    Command switches used :: c:\documents and settings\ani\Desktop\CFScript.txt

    * Created a new restore point

    .

    FILE ::

    "c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe"

    "c:\windows\l1rezerv.exe"

    "c:\windows\services32.exe"

    "c:\windows\System32\Drivers\fdtyjuor.sys"

    "c:\windows\system32\drivers\ghhsfuact.sys"

    "c:\windows\systemup.exe"

    "c:\windows\unrar.exe"

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\windows\phoenix

    c:\windows\phoenix\kernels\phatk\__init__.py

    c:\windows\phoenix\kernels\phatk\__init__.pyc

    c:\windows\phoenix\kernels\phatk\BFIPatcher.py

    c:\windows\phoenix\kernels\phatk\kernel.cl

    c:\windows\phoenix\kernels\poclbm\__init__.py

    c:\windows\phoenix\kernels\poclbm\__init__.pyc

    c:\windows\phoenix\kernels\poclbm\BFIPatcher.py

    c:\windows\phoenix\kernels\poclbm\kernel.cl

    c:\windows\phoenix\phoenix.exe

    c:\windows\rpcminer

    c:\windows\rpcminer\bitcoinminercuda_10.cubin

    c:\windows\rpcminer\bitcoinminercuda_11.cubin

    c:\windows\rpcminer\bitcoinminercuda_20.cubin

    c:\windows\rpcminer\bitcoinmineropencl.cl

    c:\windows\rpcminer\cudart32_32_16.dll

    c:\windows\rpcminer\curllib.dll

    c:\windows\rpcminer\libeay32.dll

    c:\windows\rpcminer\libsasl.dll

    c:\windows\rpcminer\openldap.dll

    c:\windows\rpcminer\rpcminer-4way.exe

    c:\windows\rpcminer\rpcminer-cpu.exe

    c:\windows\rpcminer\rpcminer-cuda.exe

    c:\windows\rpcminer\rpcminer-opencl.exe

    c:\windows\rpcminer\ssleay32.dll

    c:\windows\system32\config\systemprofile\setup.exe

    c:\windows\ufa

    c:\windows\ufa\ufa.exe

    .

    c:\windows\system32\qmgr.dll . . . is infected!!

    .

    c:\windows\system32\tftp.exe . . . is infected!!

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    -------\Legacy_FDTYJUOR

    -------\Service_cwydtuhdyfaijds

    -------\Service_fdtyjuor

    .

    .

    ((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 )))))))))))))))))))))))))))))))

    .

    .

    2011-07-26 17:12 . 2010-12-12 09:13 57344 ----a-w- c:\windows\system32\config\systemprofile\setup.exe

    2011-07-25 19:31 . 2011-07-26 17:12 57344 --sh--r- c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe

    2011-07-25 19:12 . 2011-07-25 19:12 -------- d-----w- C:\FOUND.033

    2011-07-25 17:55 . 2011-07-25 17:55 -------- d-----w- C:\_OTL

    2011-07-19 20:26 . 2011-07-19 20:26 114176 ----a-w- c:\windows\systemup.exe

    2011-07-19 20:15 . 2011-07-22 21:22 232960 ----a-w- c:\windows\l1rezerv.exe

    2011-07-19 20:01 . 2011-07-19 20:02 246272 ----a-w- c:\windows\unrar.exe

    2011-07-19 19:59 . 2011-07-19 19:57 1147392 ----a-w- c:\windows\services32.exe

    2011-07-16 14:00 . 2011-07-16 14:00 -------- d-----w- c:\documents and settings\ani\Local Settings\Application Data\Help

    2011-07-07 23:24 . 2011-07-07 23:24 15696 ----a-w- c:\documents and settings\ani\Application Data\42B.tmp

    2011-07-07 20:49 . 2011-07-07 20:49 15696 ----a-w- c:\documents and settings\ani\Application Data\42A.tmp

    2011-07-07 08:10 . 2011-07-07 08:10 15696 ----a-w- c:\documents and settings\ani\Application Data\413.tmp

    2011-06-28 16:59 . 2011-06-28 16:59 15696 ----a-w- c:\documents and settings\ani\Application Data\85A.tmp

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2011-06-15 23:36 . 2011-06-15 23:36 15444 ----a-w- c:\documents and settings\ani\Application Data\38D.tmp

    2011-05-11 07:28 . 2011-05-11 07:28 199 ----a-w- c:\documents and settings\ani\Application Data\17B.tmp

    2011-05-10 16:15 . 2011-05-10 16:15 199 ----a-w- c:\documents and settings\ani\Application Data\12B.tmp

    2011-05-10 16:13 . 2011-05-10 16:13 199 ----a-w- c:\documents and settings\ani\Application Data\12A.tmp

    2011-05-05 22:06 . 2011-05-05 22:06 198 ----a-w- c:\documents and settings\ani\Application Data\5E.tmp

    2011-06-24 23:36 . 2011-05-07 20:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

    .

    .

    ((((((((((((((((((((((((((((( SnapShot@2011-07-25_19.32.02 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2010-10-16 04:36 . 2010-10-27 06:59 71680 c:\windows\system32\secupdat.dat

    + 2010-10-26 19:05 . 2010-10-26 19:05 55040 c:\windows\system32\drivers\ndisvvan.sys

    + 2010-10-16 04:37 . 2010-10-16 04:37 40128 c:\windows\system32\drivers\fdtyjuor.sys

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-10 68856]

    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-02-24 395640]

    "Skype"="c:\documents and settings\ani\Desktop\Skype.exe" [2010-03-09 26100520]

    "pgtjgcmj"="c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe" [2011-07-26 57344]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "wmupdater"="c:\program files\Windows Media Player\wmupdater.exe" [2010-11-25 214016]

    "pgtjgcmj"="c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe" [2011-07-26 57344]

    .

    c:\documents and settings\ani\Start Menu\Programs\Startup\

    miurb.exe [2011-2-16 57344]

    .

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    FlexType 2K.lnk - [N/A]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableSecureUIAPaths"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

    2005-11-08 21:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

    2008-06-10 14:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusOverride"=dword:00000001

    "FirewallOverride"=dword:00000001

    "DisableThumbnailCache"=dword:00000001

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "c:\\Documents and Settings\\ani\\Desktop\\Flash-Player.exe"=

    .

    2;2 AMService;AMService;c:\windows\System32\setup.exe run [x]

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]

    R3 autorun;autorun;c:\huadio.tmp [x]

    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]

    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2006-12-19 639224]

    .

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 05:51]

    .

    2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 05:51]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://getredirected.info/

    uSearch Page = hxxp://www.google.com

    uSearch Bar = hxxp://www.google.com/ie

    mDefault_Search_URL = hxxp://www.google.com/ie

    uInternet Connection Wizard,ShellNext = iexplore

    uSearchAssistant = hxxp://www.google.com/ie

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    mSearchAssistant = hxxp://www.google.com/ie

    IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

    IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

    IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe

    TCP: DhcpNameServer = 192.168.1.1

    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

    FF - ProfilePath - c:\documents and settings\ani\Application Data\Mozilla\Firefox\Profiles\yz40z8oy.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

    FF - prefs.js: browser.search.selectedEngine - Winamp Search

    FF - prefs.js: browser.startup.homepage - hxxp://getredirected.info/

    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

    .

    - - - - ORPHANS REMOVED - - - -

    .

    SafeBoot-fdtyjuor.sys

    .

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2011-07-26 20:14

    Windows 5.1.2600 Service Pack 1 FAT NTAPI

    .

    scanning hidden processes ...

    .

    scanning hidden autostart entries ...

    .

    scanning hidden files ...

    .

    scan completed successfully

    hidden files: 0

    .

    **************************************************************************

    .

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\autorun]

    "ImagePath"="\??\c:\huadio.tmp"

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    .

    - - - - - - - > 'winlogon.exe'(564)

    c:\windows\System32\ODBC32.dll

    .

    - - - - - - - > 'lsass.exe'(620)

    c:\windows\System32\dssenh.dll

    .

    - - - - - - - > 'explorer.exe'(1896)

    c:\windows\System32\newdll.dll

    c:\windows\System32\msi.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\windows\Datecs\Flex2K.exe

    c:\windows\System32\setup.exe

    c:\windows\System32\wdfmgr.exe

    c:\program files\Skype\Plugin Manager\skypePM.exe

    .

    **************************************************************************

    .

    Completion time: 2011-07-26 20:16:02 - machine was rebooted

    ComboFix-quarantined-files.txt 2011-07-26 17:16

    ComboFix2.txt 2011-07-25 19:41

    .

    Pre-Run: 14,311,096,320 bytes free

    Post-Run: 14,259,847,168 bytes free

    .

    - - End Of File - - 9C508F283DA20E08B7459D1F38672358

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Това го направих ,но не успях да публикувам лог файла, защото ми се рестартира комютъра

    и продължих с ComboFix и ето:

    Опитай пак..защото:

    c:\windows\system32\qmgr.dll . . . is infected!!

    c:\windows\system32\tftp.exe . . . is infected!!

    и се опитвам да намеря чист файл за замяна...!

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    SystemLook 04.09.10 by jpshortstuff Log created at 20:56 on 26/07/2011 by ani Administrator - Elevation successful ========== filefind ========== Searching for "*qmgr*" C:\WINDOWS\system32\qmgr.dll --a---- 221696 bytes [14:22 24/08/2006] [08:54 17/09/2002] 6A1CF14D0E7D0B2241F552223769C8A7 C:\WINDOWS\system32\qmgrprxy.dll --a---- 17408 bytes [14:22 24/08/2006] [08:54 17/09/2002] 6C49784B2B470F51472BA620510A05A8 C:\WINDOWS\system32\dllcache\qmgrprxy.dll --a---- 17408 bytes [14:22 24/08/2006] [08:54 17/09/2002] 6C49784B2B470F51472BA620510A05A8 C:\WINDOWS\inf\qmgr.inf --a---- 3208 bytes [05:54 17/09/2002] [05:54 17/09/2002] 6C951FBA5786E17F3E79CBC11203D3D3 C:\WINDOWS\inf\qmgr.PNF --a---- 8252 bytes [14:10 24/08/2006] [17:41 09/04/2011] CB870A2669B9681797F42EF2C9790E48 C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat --a---- 6688 bytes [19:46 11/09/2006] [17:00 26/07/2011] (Unable to calculate MD5) C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat --a---- 5622 bytes [19:46 11/09/2006] [17:00 26/07/2011] (Unable to calculate MD5) C:\Qoobox\Quarantine\C\WINDOWS\system32\qmgr.dll.vir --a---- 221696 bytes [14:22 24/08/2006] [08:54 17/09/2002] 6A1CF14D0E7D0B2241F552223769C8A7 Searching for "*tftp*" C:\WINDOWS\system32\tftp.exe --a---- 16896 bytes [05:55 17/09/2002] [18:07 10/07/2008] DB3F663417BAEC4D8DA89267A4A27DF5 C:\WINDOWS\system32\Microsoft\backup.tftp ------- 16896 bytes [13:10 28/06/2008] [05:55 17/09/2002] C6E8683B44521D6D5E86443BC3464FB3 -= EOF =-

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Лоша работа..!

    Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

    KILLALL::
     
    File::
    c:\windows\systemup.exe
    c:\windows\l1rezerv.exe
    c:\windows\unrar.exe
    c:\windows\services32.exe
    c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe
    c:\documents and settings\ani\Start Menu\Programs\Startup\miurb.exe
    c:\huadio.tmp
     
    Driver::
    autorun
     
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "pgtjgcmj"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "pgtjgcmj"=-
     
    Reboot::
     
    

    След съхранението преместете CFScript.txt на иконата на ComboFix.exe

    Публикувано изображение

    Генерирания рапорт прикачете в следващия си пост..!

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    --------------------------- Submit Files for further analysis --------------------------- ComboFix needs to submit malware files for further analysis. Please ensure that you're connected to the internet before clicking OK --------------------------- OK ---------------------------

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ComboFix 11-07-26.03 - ani 07/26/2011 22:12:04.3.1 - FAT32x86 Running from: c:\documents and settings\ani\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\ani\Desktop\CFScript.Txt * Created a new restore point . FILE :: "c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe" "c:\documents and settings\ani\Start Menu\Programs\Startup\miurb.exe" "c:\huadio.tmp" "c:\windows\l1rezerv.exe" "c:\windows\services32.exe" "c:\windows\systemup.exe" "c:\windows\unrar.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\ani\Application Data\12A.tmp c:\documents and settings\ani\Application Data\12B.tmp c:\documents and settings\ani\Application Data\17B.tmp c:\documents and settings\ani\Application Data\38D.tmp c:\documents and settings\ani\Application Data\413.tmp c:\documents and settings\ani\Application Data\42A.tmp c:\documents and settings\ani\Application Data\42B.tmp c:\documents and settings\ani\Application Data\5E.tmp c:\documents and settings\ani\Application Data\85A.tmp c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe c:\windows\system32\config\systemprofile\setup.exe c:\windows\system32\Drivers\fdtyjuor.sys . c:\windows\system32\qmgr.dll . . . is infected!! . c:\windows\system32\tftp.exe . . . is infected!! . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_AUTORUN -------\Service_autorun . . ((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 ))))))))))))))))))))))))))))))) . . 2011-07-26 19:24 . 2011-07-26 19:25 57344 --sh--r- c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe 2011-07-26 19:07 . 2011-07-26 19:07 -------- d-----w- c:\documents and settings\ani\Application Data\Media Player Classic 2011-07-25 19:12 . 2011-07-25 19:12 -------- d-----w- C:\FOUND.033 2011-07-25 17:55 . 2011-07-25 17:55 -------- d-----w- C:\_OTL 2011-07-19 20:26 . 2011-07-19 20:26 114176 ----a-w- c:\windows\systemup.exe 2011-07-19 20:15 . 2011-07-22 21:22 232960 ----a-w- c:\windows\l1rezerv.exe 2011-07-19 20:01 . 2011-07-19 20:02 246272 ----a-w- c:\windows\unrar.exe 2011-07-19 19:59 . 2011-07-19 19:57 1147392 ----a-w- c:\windows\services32.exe 2011-07-16 14:00 . 2011-07-16 14:00 -------- d-----w- c:\documents and settings\ani\Local Settings\Application Data\Help . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-24 23:36 . 2011-05-07 20:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-07-25_19.32.02 ))))))))))))))))))))))))))))))))))))))))) . + 2010-10-16 04:36 . 2010-10-27 06:59 71680 c:\windows\system32\secupdat.dat + 2010-10-26 19:05 . 2010-10-26 19:05 55040 c:\windows\system32\drivers\ndisvvan.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-10 68856] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-02-24 395640] "Skype"="c:\documents and settings\ani\Desktop\Skype.exe" [2010-03-09 26100520] "pgtjgcmj"="c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe" [2011-07-26 57344] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "wmupdater"="c:\program files\Windows Media Player\wmupdater.exe" [2010-11-25 214016] "pgtjgcmj"="c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe" [2011-07-26 57344] . c:\documents and settings\ani\Start Menu\Programs\Startup\ miurb.exe [2011-2-16 57344] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2005-11-08 21:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-06-10 14:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Documents and Settings\\ani\\Desktop\\Flash-Player.exe"= . 2;2 AMService;AMService;c:\windows\System32\setup.exe run [x] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2006-12-19 639224] . . Contents of the 'Scheduled Tasks' folder . 2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 05:51] . 2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 05:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://getredirected.info/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe TCP: DhcpNameServer = 192.168.1.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\ani\Application Data\Mozilla\Firefox\Profiles\yz40z8oy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Winamp Search FF - prefs.js: browser.startup.homepage - hxxp://getredirected.info/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-26 22:24 Windows 5.1.2600 Service Pack 1 FAT NTAPI . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(564) c:\windows\System32\ODBC32.dll . - - - - - - - > 'lsass.exe'(620) c:\windows\System32\dssenh.dll . - - - - - - - > 'explorer.exe'(1716) c:\windows\System32\newdll.dll c:\windows\System32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\setup.exe c:\windows\System32\wdfmgr.exe c:\windows\Datecs\Flex2K.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2011-07-26 22:27:56 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-26 19:27 ComboFix2.txt 2011-07-26 17:16 ComboFix3.txt 2011-07-25 19:41 . Pre-Run: 14,277,984,256 bytes free Post-Run: 14,264,156,160 bytes free . - - End Of File - - 2D5DB1E2D7A1F1EAC26B011DF999F608

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Сега как е положението със системата ви..? Имате ли инсталационен диск за Windows..?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Сега как е положението със системата ви..?

    Имате ли инсталационен диск за Windows..?

    ами,,,изглежда наред-доколкото мога да преценя/зарежда разл,сайтове/, само във фб

    Изискват се бисквитки

    Бисквитките са изключени от Вашият браузър. Моля настройте и коригирайте това в настройките си за сигурност преди да продължите.

    е те - това!

    и не, нямам инсталационен диск

    много ли сме оцапани ?

    :)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.