Премини към съдържанието

Препоръчан отговор


пиша нова публикация ,защото явно неправилно се прикачвам към предни коментари

Sorry, we are experiencing temporary technical problem, please check back later.

това ми съобщава фб от преди 5 дни

прочетох и изпълних първите стъпки от др коментари- и ето прикачените файлове

моля за помощ

Extras.Txt

OTL.Txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стартирайте отново OTL, копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта.

:Processes
killallprocesses
:OTL
PRC - [2011/07/25 18:24:10 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
PRC - [2011/07/24 00:27:46 | 000,495,616 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe
PRC - [2011/07/24 00:27:46 | 000,495,616 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe
PRC - [2011/07/23 00:22:06 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
PRC - [2011/07/21 23:32:42 | 000,340,992 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe
PRC - [2011/07/21 23:32:42 | 000,340,992 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe
PRC - [2011/07/19 23:26:46 | 000,114,176 | ---- | M] () -- C:\WINDOWS\systemup.exe
PRC - [2011/07/19 22:57:18 | 001,147,392 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe
PRC - [2011/07/19 22:57:18 | 001,147,392 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe
SRV - File not found [Auto | Stopped] --  -- (Spooler)
SRV - File not found [Auto | Stopped] --  -- (Spool SubSystem App)
SRV - File not found [Auto | Stopped] --  -- (MSDisk)
SRV - File not found [Auto | Stopped] --  -- (Microsoft Visual Basic )
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - [2011/07/25 18:24:10 | 000,256,000 | ---- | M] () [Auto | Running] -- C:\WINDOWS\sysdriver32.exe -- (srvsysdriver32)
SRV - [2011/07/24 00:27:46 | 000,495,616 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.2\svchost.exe -- (srviecheck)
SRV - [2011/07/21 23:32:42 | 000,340,992 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.5.0\svchost.exe -- (srvbtcclient)
SRV - [2011/07/19 22:57:18 | 001,147,392 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\update.1\svchost.exe -- (wxpdrivers)
DRV - [2011/01/30 02:34:50 | 000,052,992 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\hivfdzfmxifdg.sys -- (fakhu)
DRV - [2010/11/01 20:45:06 | 000,000,000 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\hghmxd.sys -- (bdwhwvw)
DRV - [2010/10/16 07:37:26 | 000,040,128 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\fdtyjuor.sys -- (fdtyjuor)
O3 - HKLM\..\Toolbar: (My &Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  File not found
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} -  File not found
O3 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} -  File not found
O4 - HKLM..\Run: [1100683.exe] C:\WINDOWS\TEMP\1100683.exe ()
O4 - HKLM..\Run: [3524987.exe] C:\Documents and Settings\ani\Local Settings\Temp\3524987.exe ()
O4 - HKLM..\Run: [3779670.exe] C:\WINDOWS\TEMP\3779670.exe ()
O4 - HKLM..\Run: [4955271-loader2.exe] C:\Documents and Settings\ani\Local Settings\Temp\4955271-loader2.exe ()
O4 - HKLM..\Run: [59421119-loader2.exe] C:\Documents and Settings\ani\Local Settings\Temp\59421119-loader2.exe ()
O4 - HKLM..\Run: [6361036.exe] C:\Documents and Settings\ani\Local Settings\Temp\6361036.exe ()
O4 - HKLM..\Run: [69458479-loader2.exe] C:\Documents and Settings\ani\Local Settings\Temp\69458479-loader2.exe ()
O4 - HKLM..\Run: [8961158.exe] C:\WINDOWS\TEMP\8961158.exe ()
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [l1rezerv.exe] C:\WINDOWS\l1rezerv.exe ()
O4 - HKLM..\Run: [pgtjgcmj] C:\Documents and Settings\ani\Local Settings\Application Data\nufaol.exe ()
O4 - HKLM..\Run: [sysdriver32.exe] C:\WINDOWS\sysdriver32.exe ()
O4 - HKLM..\Run: [sysdriver32_.exe] C:\WINDOWS\sysdriver32_.exe ()
O4 - HKLM..\Run: [systemup] C:\WINDOWS\systemup.exe ()
O4 - HKLM..\Run: [WinampAgent]  File not found
O4 - HKLM..\Run: [wxpdrv] C:\WINDOWS\update.1\svchost.exe ()
O4 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004..\Run: [pgtjgcmj] C:\Documents and Settings\ani\Local Settings\Application Data\nufaol.exe ()
O4 - Startup: C:\Documents and Settings\ani\Start Menu\Programs\Startup\miurb.exe ()
O31 - SafeBoot: AlternateShell - services32.exe
[2011/07/19 23:02:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
[2011/07/19 23:02:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer
[2011/07/19 23:02:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
[2011/07/19 23:02:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
[2011/07/19 23:00:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0
[2011/07/19 22:59:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1
[2011/07/25 18:24:12 | 000,000,180 | ---- | M] () -- C:\WINDOWS\info1
[2011/07/25 18:24:10 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32_.exe
[2011/07/25 18:24:10 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
[2011/07/23 00:22:06 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
[2011/07/19 23:26:46 | 000,114,176 | ---- | M] () -- C:\WINDOWS\systemup.exe
[2011/07/19 23:02:26 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
[2011/07/19 23:02:26 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
[2011/07/19 23:02:26 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
[2011/07/19 23:02:24 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
[2011/07/19 23:01:50 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
[2011/07/19 23:00:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
[2011/07/19 22:57:18 | 001,147,392 | ---- | M] () -- C:\WINDOWS\services32.exe
[2011/07/19 23:26:52 | 000,114,176 | ---- | C] () -- C:\WINDOWS\systemup.exe
[2011/07/19 23:15:15 | 000,232,960 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe
[2011/07/19 23:02:24 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011/07/19 23:02:23 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
[2011/07/19 23:02:23 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
[2011/07/19 23:01:50 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
[2011/07/19 23:01:49 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
[2011/07/19 23:01:49 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011/07/19 23:00:59 | 000,000,180 | ---- | C] () -- C:\WINDOWS\info1
[2011/07/19 23:00:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
[2011/07/19 23:00:08 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32_.exe
[2011/07/19 22:59:54 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32.exe
[2011/07/19 22:59:25 | 001,147,392 | ---- | C] () -- C:\WINDOWS\services32.exe
[2011/02/16 01:47:44 | 000,057,344 | RHS- | C] () -- C:\Documents and Settings\ani\Local Settings\Application Data\nufaol.exe
[2011/01/28 12:12:28 | 000,052,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\hivfdzfmxifdg.sys
[2010/10/29 16:55:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\hghmxd.sys
[2010/10/26 22:05:54 | 000,055,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndisvvan.sys
[2010/10/16 07:37:24 | 000,040,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\fdtyjuor.sys
:Reg

:files
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\update.1\svchost.exe
C:\WINDOWS\update.1\svchost.exe

autorun.inf /alldrives
autorun.exe /alldrives
recycler /alldrives
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[resethosts]
[clearallrestorepoints]
[emptyflash]
[Reboot]

След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Това го свърших, обаче-

Windows ще се рестартира и ще се създаде лог файл-

както е това и къде да го търся ?

извинявам си за невежествотоПубликувано изображение

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ами той веднага се генерира след рестарта...ако го няма на десктопа ,го потърсете в c:\_OTL\ OTL.txt. Кажете ми след изпълнението на скрипта какво е положението с проблема ви..и системата ви..?

  • Харесва ми 3

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

в c:\_OTL няма txt файл - а на десктопа мисля ,че е първия,но го прилагам

OTL logfile created on: 7/25/2011 6:35:32 PM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\ani\My Documents\Downloads

Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2800.1106)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.47 Mb Total Physical Memory | 44.03 Mb Available Physical Memory | 11.51% Memory free

729.40 Mb Paging File | 426.21 Mb Available in Paging File | 58.43% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19.00 Gb Total Space | 12.13 Gb Free Space | 63.87% Space Free | Partition Type: FAT32

Computer Name: USER-J6N84X6A5O | User Name: ani | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/07/25 18:32:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ani\My Documents\Downloads\OTL.exe

PRC - [2011/07/25 18:24:10 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe

PRC - [2011/07/24 00:27:46 | 000,495,616 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe

PRC - [2011/07/24 00:27:46 | 000,495,616 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe

PRC - [2011/07/23 00:22:06 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe

PRC - [2011/07/21 23:32:42 | 000,340,992 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe

PRC - [2011/07/21 23:32:42 | 000,340,992 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe

PRC - [2011/07/19 23:26:46 | 000,114,176 | ---- | M] () -- C:\WINDOWS\systemup.exe

PRC - [2011/07/19 22:57:18 | 001,147,392 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe

PRC - [2011/07/19 22:57:18 | 001,147,392 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe

PRC - [2011/06/25 02:36:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011/02/24 19:26:16 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe

PRC - [2011/02/16 01:47:46 | 000,057,344 | RHS- | M] () -- C:\Documents and Settings\ani\Local Settings\Application Data\nufaol.exe

PRC - [2010/12/12 12:13:54 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\setup.exe

PRC - [2010/07/20 10:28:50 | 000,079,360 | RHS- | M] () -- C:\WINDOWS\jusched.exe

PRC - [2010/03/09 10:02:14 | 026,100,520 | R--- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\ani\Desktop\Skype.exe

PRC - [2002/09/17 08:53:18 | 001,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2000/12/30 12:39:58 | 000,151,552 | ---- | M] () -- C:\WINDOWS\Datecs\Flex2K.exe

========== Modules (SafeList) ==========

MOD - [2011/07/25 18:32:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ani\My Documents\Downloads\OTL.exe

MOD - [2002/09/17 08:51:32 | 000,921,600 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

MOD - [2000/12/13 00:55:40 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\newdll.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Spooler)

SRV - File not found [Auto | Stopped] -- -- (Spool SubSystem App)

SRV - File not found [Auto | Stopped] -- -- (MSDisk)

SRV - File not found [Auto | Stopped] -- -- (Microsoft Visual Basic )

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2011/07/25 18:24:10 | 000,256,000 | ---- | M] () [Auto | Running] -- C:\WINDOWS\sysdriver32.exe -- (srvsysdriver32)

SRV - [2011/07/24 00:27:46 | 000,495,616 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.2\svchost.exe -- (srviecheck)

SRV - [2011/07/21 23:32:42 | 000,340,992 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.5.0\svchost.exe -- (srvbtcclient)

SRV - [2011/07/19 22:57:18 | 001,147,392 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\update.1\svchost.exe -- (wxpdrivers)

SRV - [2010/12/12 12:13:54 | 000,057,344 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\System32\setup.exe -- (AMService)

========== Driver Services (SafeList) ==========

DRV - [2011/01/30 02:34:50 | 000,052,992 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\hivfdzfmxifdg.sys -- (fakhu)

DRV - [2010/11/01 20:45:06 | 000,000,000 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\hghmxd.sys -- (bdwhwvw)

DRV - [2010/10/16 07:37:26 | 000,040,128 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\fdtyjuor.sys -- (fdtyjuor)

DRV - [2007/02/03 15:46:32 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)

DRV - [2006/12/19 19:28:52 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2001/08/17 12:49:58 | 000,018,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)

DRV - [2001/08/17 12:49:54 | 000,012,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)

DRV - [2001/08/17 12:49:50 | 000,023,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)

DRV - [2001/08/17 12:49:46 | 000,031,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)

DRV - [2001/08/17 12:49:42 | 000,044,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV03nt.sys -- (iAimTV2)

DRV - [2001/08/17 12:49:36 | 000,019,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)

DRV - [2001/08/17 12:49:34 | 000,029,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)

DRV - [2001/08/17 12:49:32 | 000,012,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)

DRV - [2001/08/17 12:49:26 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)

DRV - [2001/08/17 12:49:22 | 000,012,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)

DRV - [2001/08/17 12:49:18 | 000,138,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)

DRV - [2001/08/17 12:11:02 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xnd5.sys -- (EL90X)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm

IE - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://getredirected.info/

IE - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - File not found

IE - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="

FF - prefs.js..browser.search.selectedEngine: "Winamp Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://getredirected.info/"

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17

FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\DOCUME~1\ani\APPLIC~1\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/14 19:40:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/14 19:40:36 | 000,000,000 | ---D | M]

[2009/12/14 19:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ani\Application Data\Mozilla\Extensions

[2009/12/14 19:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ani\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/12/14 19:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ani\Application Data\Mozilla\Firefox\Profiles\yz40z8oy.default\extensions

[2009/12/17 19:47:26 | 000,000,362 | ---- | M] () -- C:\Documents and Settings\ani\Application Data\Mozilla\Firefox\Profiles\yz40z8oy.default\searchplugins\winamp-search.xml

[2010/10/29 11:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/29 11:58:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

File not found (No name found) --

[2011/06/25 02:36:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2009/12/17 01:03:36 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2011/05/07 23:06:06 | 000,001,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\911bg.xml

[2011/05/07 23:06:06 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2011/05/07 23:06:06 | 000,002,442 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\diribg.xml

[2011/05/07 23:06:06 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2011/05/07 23:06:06 | 000,001,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pe-bg.xml

[2011/05/07 23:06:06 | 000,001,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml

[2011/05/07 23:06:06 | 000,001,220 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bg.xml

O1 HOSTS File: ([2011/07/25 18:23:24 | 000,203,160 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 vkontakte.ru

O1 - Hosts: 127.0.0.1 www.vkontakte.ru

O1 - Hosts: 127.0.0.1 login.vk.com

O1 - Hosts: 127.0.0.1 vk.com

O1 - Hosts: 127.0.0.1 www.vk.com

O1 - Hosts: 127.0.0.1 odnoklassniki.ru

O1 - Hosts: 127.0.0.1 www.odnoklassniki.ru

O1 - Hosts: 127.0.0.1 facebook.com

O1 - Hosts: 127.0.0.1 www.facebook.com

O1 - Hosts: 127.0.0.1 af-za.facebook.com

O1 - Hosts: 127.0.0.1 az-az.facebook.com

O1 - Hosts: 127.0.0.1 id-id.facebook.com

O1 - Hosts: 127.0.0.1 ms-my.facebook.com

O1 - Hosts: 127.0.0.1 bs-ba.facebook.com

O1 - Hosts: 127.0.0.1 ca-es.facebook.com

O1 - Hosts: 127.0.0.1 cs-cz.facebook.com

O1 - Hosts: 127.0.0.1 cy-gb.facebook.com

O1 - Hosts: 127.0.0.1 da-dk.facebook.com

O1 - Hosts: 127.0.0.1 de-de.facebook.com

O1 - Hosts: 127.0.0.1 et-ee.facebook.com

O1 - Hosts: 127.0.0.1 en-gb.facebook.com

O1 - Hosts: 127.0.0.1 es-la.facebook.com

O1 - Hosts: 127.0.0.1 eo-eo.facebook.com

O1 - Hosts: 127.0.0.1 eu-es.facebook.com

O1 - Hosts: 50060 more lines...

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (My &Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - File not found

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()

O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - File not found

O3 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - File not found

O4 - HKLM..\Run: [1100683.exe] C:\WINDOWS\TEMP\1100683.exe ()

O4 - HKLM..\Run: [3524987.exe] C:\Documents and Settings\ani\Local Settings\Temp\3524987.exe ()

O4 - HKLM..\Run: [3779670.exe] C:\WINDOWS\TEMP\3779670.exe ()

O4 - HKLM..\Run: [4955271-loader2.exe] C:\Documents and Settings\ani\Local Settings\Temp\4955271-loader2.exe ()

O4 - HKLM..\Run: [59421119-loader2.exe] C:\Documents and Settings\ani\Local Settings\Temp\59421119-loader2.exe ()

O4 - HKLM..\Run: [6361036.exe] C:\Documents and Settings\ani\Local Settings\Temp\6361036.exe ()

O4 - HKLM..\Run: [69458479-loader2.exe] C:\Documents and Settings\ani\Local Settings\Temp\69458479-loader2.exe ()

O4 - HKLM..\Run: [8961158.exe] C:\WINDOWS\TEMP\8961158.exe ()

O4 - HKLM..\Run: [Java developer Script Browse] C:\WINDOWS\jusched.exe ()

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [l1rezerv.exe] C:\WINDOWS\l1rezerv.exe ()

O4 - HKLM..\Run: [pgtjgcmj] C:\Documents and Settings\ani\Local Settings\Application Data\nufaol.exe ()

O4 - HKLM..\Run: [sysdriver32.exe] C:\WINDOWS\sysdriver32.exe ()

O4 - HKLM..\Run: [sysdriver32_.exe] C:\WINDOWS\sysdriver32_.exe ()

O4 - HKLM..\Run: [systemup] C:\WINDOWS\systemup.exe ()

O4 - HKLM..\Run: [WinampAgent] File not found

O4 - HKLM..\Run: [wmupdater] C:\Program Files\Windows Media Player\wmupdater.exe ()

O4 - HKLM..\Run: [wxpdrv] C:\WINDOWS\update.1\svchost.exe ()

O4 - HKU\.DEFAULT..\Run: [AMService] C:\WINDOWS\system32\config\systemprofile\setup.exe ()

O4 - HKU\S-1-5-18..\Run: [AMService] C:\WINDOWS\system32\config\systemprofile\setup.exe ()

O4 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004..\Run: [Java developer Script Browse] C:\WINDOWS\jusched.exe ()

O4 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004..\Run: [MSConfig] File not found

O4 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004..\Run: [pgtjgcmj] C:\Documents and Settings\ani\Local Settings\Application Data\nufaol.exe ()

O4 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004..\Run: [skype] C:\Documents and Settings\ani\Desktop\Skype.exe (Skype Technologies S.A.)

O4 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk = C:\WINDOWS\Datecs\Flex2K.exe ()

O4 - Startup: C:\Documents and Settings\ani\Start Menu\Programs\Startup\miurb.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1390067357-1229272821-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()

O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 () - file:///C:/Documents%20and%20Settings/ani/Desktop/profile.php_files/148667_129929000396022_100001367675045_145462_141398_n.jpg

O24 - Desktop Components:1 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\ani\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\ani\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - services32.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/08/24 17:26:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: AVG7_CC - hkey= - key= - File not found

MsConfig - StartUpReg: AVG7_EMC - hkey= - key= - File not found

MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)

MsConfig - StartUpReg: My Web Search Bar - hkey= - key= - File not found

MsConfig - StartUpReg: MyWebSearch Email Plugin - hkey= - key= - File not found

MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

MsConfig - StartUpReg: WhenUSearch - hkey= - key= - File not found

MsConfig - StartUpReg: WhenUSearchWHSE - hkey= - key= - File not found

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)

Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)

Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)

Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)

Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)

Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)

Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)

Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)

Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)

Drivers32: vidc.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)

Drivers32: vidc.MP43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)

Drivers32: vidc.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)

Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)

Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)

Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: VIDC.VP31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)

Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)

Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)

Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)

Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)

Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)

Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2011/07/19 23:15:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2011/07/19 23:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ani\Desktop\Flash-Player

[2011/07/19 23:02:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa

[2011/07/19 23:02:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer

[2011/07/19 23:02:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix

[2011/07/19 23:02:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2

[2011/07/19 23:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR

[2011/07/19 23:00:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0

[2011/07/19 22:59:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1

[2011/07/18 13:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ani\Desktop\Programi

[2011/07/16 17:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ani\Local Settings\Application Data\Help

[2011/07/16 17:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ani\Application Data\Help

[2011/07/06 22:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

[2011/05/13 22:13:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ani\Desktop\liverpool fc

[2011/05/13 14:04:22 | 000,000,000 | -HSD | C] -- C:\FOUND.032

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[164 C:\Documents and Settings\ani\Application Data\*.tmp files -> C:\Documents and Settings\ani\Application Data\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2011/07/25 18:25:08 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/25 18:24:12 | 000,000,180 | ---- | M] () -- C:\WINDOWS\info1

[2011/07/25 18:24:10 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32_.exe

[2011/07/25 18:24:10 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe

[2011/07/25 18:23:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/25 18:21:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/25 18:21:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/23 00:22:06 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe

[2011/07/22 12:55:08 | 000,000,027 | ---- | M] () -- C:\Documents and Settings\ani\Desktop\home(4).php

[2011/07/19 23:26:46 | 000,114,176 | ---- | M] () -- C:\WINDOWS\systemup.exe

[2011/07/19 23:04:02 | 001,137,275 | ---- | M] () -- C:\Documents and Settings\ani\Desktop\Flash-Player.rar

[2011/07/19 23:02:26 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar

[2011/07/19 23:02:26 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe

[2011/07/19 23:02:26 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar

[2011/07/19 23:02:24 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar

[2011/07/19 23:01:50 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar

[2011/07/19 23:00:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok

[2011/07/19 22:57:18 | 001,147,392 | ---- | M] () -- C:\WINDOWS\services32.exe

[2011/07/19 22:57:18 | 001,147,392 | ---- | M] () -- C:\Documents and Settings\ani\Desktop\Flash-Player.exe

[2011/07/17 03:24:22 | 004,636,907 | ---- | M] () -- C:\WINDOWS\geoiplist

[2011/05/25 22:08:52 | 000,050,309 | ---- | M] () -- C:\Documents and Settings\ani\My Documents\VO2O6088.jpg

[2011/05/25 22:08:20 | 000,054,205 | ---- | M] () -- C:\Documents and Settings\ani\My Documents\VO2O6087.jpg

[2011/05/25 22:08:00 | 000,025,969 | ---- | M] () -- C:\Documents and Settings\ani\My Documents\VO2O6084.jpg

[2011/05/17 21:08:38 | 000,005,670 | ---- | M] () -- C:\Documents and Settings\ani\Desktop\displayimage.rar

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[164 C:\Documents and Settings\ani\Application Data\*.tmp files -> C:\Documents and Settings\ani\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/22 12:53:19 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\ani\Desktop\home(4).php

[2011/07/19 23:26:52 | 000,114,176 | ---- | C] () -- C:\WINDOWS\systemup.exe

[2011/07/19 23:15:15 | 000,232,960 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe

[2011/07/19 23:03:59 | 001,137,275 | ---- | C] () -- C:\Documents and Settings\ani\Desktop\Flash-Player.rar

[2011/07/19 23:02:24 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar

[2011/07/19 23:02:23 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar

[2011/07/19 23:02:23 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar

[2011/07/19 23:01:50 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist

[2011/07/19 23:01:49 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar

[2011/07/19 23:01:49 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe

[2011/07/19 23:00:59 | 000,000,180 | ---- | C] () -- C:\WINDOWS\info1

[2011/07/19 23:00:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok

[2011/07/19 23:00:08 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32_.exe

[2011/07/19 22:59:54 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32.exe

[2011/07/19 22:59:25 | 001,147,392 | ---- | C] () -- C:\WINDOWS\services32.exe

[2011/07/19 22:57:17 | 001,147,392 | ---- | C] () -- C:\Documents and Settings\ani\Desktop\Flash-Player.exe

[2011/05/25 22:08:50 | 000,050,309 | ---- | C] () -- C:\Documents and Settings\ani\My Documents\VO2O6088.jpg

[2011/05/25 22:08:18 | 000,054,205 | ---- | C] () -- C:\Documents and Settings\ani\My Documents\VO2O6087.jpg

[2011/05/25 22:07:56 | 000,025,969 | ---- | C] () -- C:\Documents and Settings\ani\My Documents\VO2O6084.jpg

[2011/05/17 21:08:37 | 000,005,670 | ---- | C] () -- C:\Documents and Settings\ani\Desktop\displayimage.rar

[2011/05/07 23:06:14 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2011/02/16 01:47:44 | 000,057,344 | RHS- | C] () -- C:\Documents and Settings\ani\Local Settings\Application Data\nufaol.exe

[2011/01/28 12:12:28 | 000,052,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\hivfdzfmxifdg.sys

[2010/10/29 16:55:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\hghmxd.sys

[2010/10/26 22:05:54 | 000,055,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndisvvan.sys

[2010/10/16 07:37:24 | 000,040,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\fdtyjuor.sys

[2010/10/16 07:36:09 | 000,071,680 | -H-- | C] () -- C:\WINDOWS\System32\secupdat.dat

[2010/07/20 10:28:49 | 000,079,360 | RHS- | C] () -- C:\WINDOWS\jusched.exe

[2009/12/23 18:02:52 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009/12/14 19:41:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/02/04 22:25:15 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\.exe

[2008/07/15 12:57:57 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\ani\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/25 15:08:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2007/02/03 15:46:30 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys

[2006/11/25 18:27:44 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006/08/25 10:48:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/08/25 10:35:51 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\newdll.dll

[2006/08/25 10:30:53 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2006/08/25 10:30:03 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll

[2006/08/25 10:30:02 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2006/08/25 10:30:02 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll

[2006/08/25 10:30:02 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2006/08/25 10:29:57 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2006/08/25 10:28:37 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe

[2006/08/24 17:32:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2006/08/24 17:20:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2006/08/24 17:09:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2006/08/24 17:08:08 | 000,118,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2002/09/17 08:55:20 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\tftp.exe

[2002/09/17 08:55:03 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\setup.exe

[2002/09/17 08:55:01 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2002/09/17 08:55:01 | 000,004,573 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2002/09/17 08:54:37 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2002/09/17 08:54:37 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2002/09/17 08:54:36 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2002/09/17 08:54:36 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2002/09/17 08:54:30 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2002/09/17 08:54:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2002/09/17 08:54:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2002/09/17 08:53:49 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2002/09/17 08:53:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2002/09/17 08:53:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2002/09/17 08:52:54 | 000,001,740 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

========== LOP Check ==========

[2007/03/10 10:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Opera

[2007/02/03 13:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera

[2008/06/30 08:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ani\Application Data\WhenU

[2009/12/14 19:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ani\Application Data\TeamViewer

[2009/12/16 19:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ani\Application Data\uTorrent

[2009/12/16 20:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ani\Application Data\PowerChallenge

[2008/11/07 08:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\WhenU

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2011/07/25 18:21:26 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys

[2002/09/17 08:54:20 | 000,233,632 | RHS- | M] () -- C:\ntldr

[2002/09/17 08:54:20 | 000,047,580 | RHS- | M] () -- C:\NTDETECT.COM

[2009/12/04 12:05:08 | 000,000,194 | -HS- | M] () -- C:\boot.ini

[2006/08/24 17:26:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2006/08/24 17:26:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2006/08/24 17:26:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2006/08/24 17:26:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2011/02/17 17:12:20 | 000,000,066 | ---- | M] () -- C:\DebugTrace.log

[2010/08/06 06:08:36 | 000,048,121 | ---- | M] () -- C:\ssA1234567890.exe

[2011/01/15 15:46:10 | 000,120,320 | ---- | M] () -- C:\cdfss.exe

[2011/02/16 01:47:44 | 000,057,344 | ---- | M] () -- C:\asagddsag.exe

< %PROGRAMFILES%\*.* >

< %systemroot%\system32\*.dll /lockedfiles >

[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll

< MD5 for: ATAPI.SYS >

[2002/09/17 08:55:12 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys

[2002/09/17 08:52:38 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EXPLORER.EXE >

[2002/09/17 08:53:18 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\explorer.exe

[2002/09/17 08:53:18 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >

[2002/09/17 11:55:18 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\WINDOWS\system32\dllcache\svchost.exe

[2002/09/17 08:55:18 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\WINDOWS\system32\svchost.exe

[2011/07/24 00:27:46 | 000,495,616 | ---- | M] () MD5=B29DC60E06AF2B9ED13E6C6935BC3670 -- C:\WINDOWS\update.2\svchost.exe

[2011/07/21 23:32:42 | 000,340,992 | ---- | M] () MD5=DDE08469DED554140851ACFFCB8F4802 -- C:\WINDOWS\update.5.0\svchost.exe

[2011/07/19 22:57:18 | 001,147,392 | -H-- | M] () MD5=F9C017A0A25030600EAA7F8973D29E23 -- C:\WINDOWS\update.1\svchost.exe

< MD5 for: USERINIT.EXE >

[2002/09/17 08:55:26 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\WINDOWS\system32\dllcache\userinit.exe

[2002/09/17 08:55:26 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >

[2002/09/17 08:55:28 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=6FDC9523EF81617CF5028F47FCAF0FBE -- C:\WINDOWS\system32\dllcache\volsnap.sys

[2002/09/17 08:55:28 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=6FDC9523EF81617CF5028F47FCAF0FBE -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >

[2002/09/17 11:55:34 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\system32\dllcache\winlogon.exe

[2002/09/17 08:55:34 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\system32\winlogon.exe

< End of report >


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Кажете ми след изпълнението на скрипта какво е положението с проблема ви..и системата ви..?

Чакам отговор...!Имате ли достъп до Фейсбоок..!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

а след рестарта другото изглежда наред, а фб Не може да бъде установена връзка Firefox не може да установи връзка с www.facebook.com. Сайтът може да е временно недостъпен или твърде зает. Опитайте пак след малко. Ако не можете да заредите коя да е страница, проверете хардуера на компютъра. Ако компютърът или мрежата са зад защитна стена или прокси, проверете дали на Firefox е разрешен достъпът до Интернет.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Така ясно..имаме още малко работа:

Стоп...!!!Ама вие не сте изпълнили скрипта ми...?Какво правим ...?

Изтеглете ComboFix от тук или тук и го запазете на десктопа си.

  • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

  • Стартирайте Combo-Fix.com и следвайте инструкциите.

Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

  • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.
  • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

Публикувано изображение

След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

Публикувано изображение

Изберете Yes, за да продължи сканирането за зловреден софтуер.

Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

Бележка:

  • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
  • ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
  • ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
  • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
  • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

  • Харесва ми 4

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

изпълних го но както ви писах: не намерих в c:\_OTL няма txt файл - а на десктопа мисля ,че е първия,но го прилагам

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

копютъра се рестартира на два пъти и накрая излезе това ComboFix 11-07-25.02 - ani 07/25/2011 22:18:04.1.1 - FAT32x86 Running from: c:\documents and settings\ani\Desktop\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\ani\LOCALS~1\Temp\3524987.exe c:\docume~1\ani\LOCALS~1\Temp\6361036.exe c:\documents and settings\ani\Application Data\12C.tmp c:\documents and settings\ani\Application Data\12D.tmp c:\documents and settings\ani\Application Data\12E.tmp c:\documents and settings\ani\Application Data\12F.tmp c:\documents and settings\ani\Application Data\130.tmp c:\documents and settings\ani\Application Data\15.tmp c:\documents and settings\ani\Application Data\151.tmp c:\documents and settings\ani\Application Data\152.tmp c:\documents and settings\ani\Application Data\154.tmp c:\documents and settings\ani\Application Data\155.tmp c:\documents and settings\ani\Application Data\16.tmp c:\documents and settings\ani\Application Data\164.tmp c:\documents and settings\ani\Application Data\165.tmp c:\documents and settings\ani\Application Data\17C.tmp c:\documents and settings\ani\Application Data\18A.tmp c:\documents and settings\ani\Application Data\194.tmp c:\documents and settings\ani\Application Data\197.tmp c:\documents and settings\ani\Application Data\198.tmp c:\documents and settings\ani\Application Data\1D.tmp c:\documents and settings\ani\Application Data\1E.tmp c:\documents and settings\ani\Application Data\1FC.tmp c:\documents and settings\ani\Application Data\21.tmp c:\documents and settings\ani\Application Data\26C.tmp c:\documents and settings\ani\Application Data\26D.tmp c:\documents and settings\ani\Application Data\275.tmp c:\documents and settings\ani\Application Data\276.tmp c:\documents and settings\ani\Application Data\2CB.tmp c:\documents and settings\ani\Application Data\2CC.tmp c:\documents and settings\ani\Application Data\2CD.tmp c:\documents and settings\ani\Application Data\329.tmp c:\documents and settings\ani\Application Data\32B.tmp c:\documents and settings\ani\Application Data\333.tmp c:\documents and settings\ani\Application Data\334.tmp c:\documents and settings\ani\Application Data\365.tmp c:\documents and settings\ani\Application Data\366.tmp c:\documents and settings\ani\Application Data\368.tmp c:\documents and settings\ani\Application Data\36B.tmp c:\documents and settings\ani\Application Data\36C.tmp c:\documents and settings\ani\Application Data\36E.tmp c:\documents and settings\ani\Application Data\37.tmp c:\documents and settings\ani\Application Data\37D.tmp c:\documents and settings\ani\Application Data\37E.tmp c:\documents and settings\ani\Application Data\38.tmp c:\documents and settings\ani\Application Data\38B.tmp c:\documents and settings\ani\Application Data\38C.tmp c:\documents and settings\ani\Application Data\38E.tmp c:\documents and settings\ani\Application Data\38F.tmp c:\documents and settings\ani\Application Data\3B.tmp c:\documents and settings\ani\Application Data\3C3.tmp c:\documents and settings\ani\Application Data\3C4.tmp c:\documents and settings\ani\Application Data\3C5.tmp c:\documents and settings\ani\Application Data\3C6.tmp c:\documents and settings\ani\Application Data\3C8.tmp c:\documents and settings\ani\Application Data\3CA.tmp c:\documents and settings\ani\Application Data\3D5.tmp c:\documents and settings\ani\Application Data\3D6.tmp c:\documents and settings\ani\Application Data\3DD.tmp c:\documents and settings\ani\Application Data\3E6.tmp c:\documents and settings\ani\Application Data\3EA.tmp c:\documents and settings\ani\Application Data\3EB.tmp c:\documents and settings\ani\Application Data\3EC.tmp c:\documents and settings\ani\Application Data\421.tmp c:\documents and settings\ani\Application Data\422.tmp c:\documents and settings\ani\Application Data\423.tmp c:\documents and settings\ani\Application Data\424.tmp c:\documents and settings\ani\Application Data\425.tmp c:\documents and settings\ani\Application Data\42C.tmp c:\documents and settings\ani\Application Data\43D.tmp c:\documents and settings\ani\Application Data\43E.tmp c:\documents and settings\ani\Application Data\490.tmp c:\documents and settings\ani\Application Data\491.tmp c:\documents and settings\ani\Application Data\492.tmp c:\documents and settings\ani\Application Data\4DC.tmp c:\documents and settings\ani\Application Data\51.tmp c:\documents and settings\ani\Application Data\52.tmp c:\documents and settings\ani\Application Data\53.tmp c:\documents and settings\ani\Application Data\54.tmp c:\documents and settings\ani\Application Data\543.tmp c:\documents and settings\ani\Application Data\55.tmp c:\documents and settings\ani\Application Data\552.tmp c:\documents and settings\ani\Application Data\553.tmp c:\documents and settings\ani\Application Data\554.tmp c:\documents and settings\ani\Application Data\56.tmp c:\documents and settings\ani\Application Data\57.tmp c:\documents and settings\ani\Application Data\575.tmp c:\documents and settings\ani\Application Data\576.tmp c:\documents and settings\ani\Application Data\577.tmp c:\documents and settings\ani\Application Data\59.tmp c:\documents and settings\ani\Application Data\5A.tmp c:\documents and settings\ani\Application Data\5A4.tmp c:\documents and settings\ani\Application Data\5A5.tmp c:\documents and settings\ani\Application Data\5B.tmp c:\documents and settings\ani\Application Data\5C.tmp c:\documents and settings\ani\Application Data\5D.tmp c:\documents and settings\ani\Application Data\5DA.tmp c:\documents and settings\ani\Application Data\5DB.tmp c:\documents and settings\ani\Application Data\5F.tmp c:\documents and settings\ani\Application Data\6.tmp c:\documents and settings\ani\Application Data\60.tmp c:\documents and settings\ani\Application Data\62.tmp c:\documents and settings\ani\Application Data\7.tmp c:\documents and settings\ani\Application Data\73.tmp c:\documents and settings\ani\Application Data\73C.tmp c:\documents and settings\ani\Application Data\73D.tmp c:\documents and settings\ani\Application Data\73E.tmp c:\documents and settings\ani\Application Data\73F.tmp c:\documents and settings\ani\Application Data\740.tmp c:\documents and settings\ani\Application Data\74B.tmp c:\documents and settings\ani\Application Data\74C.tmp c:\documents and settings\ani\Application Data\74D.tmp c:\documents and settings\ani\Application Data\77.tmp c:\documents and settings\ani\Application Data\78.tmp c:\documents and settings\ani\Application Data\78A.tmp c:\documents and settings\ani\Application Data\78B.tmp c:\documents and settings\ani\Application Data\78C.tmp c:\documents and settings\ani\Application Data\78D.tmp c:\documents and settings\ani\Application Data\79A.tmp c:\documents and settings\ani\Application Data\7F.tmp c:\documents and settings\ani\Application Data\8.tmp c:\documents and settings\ani\Application Data\80.tmp c:\documents and settings\ani\Application Data\81.tmp c:\documents and settings\ani\Application Data\81F.tmp c:\documents and settings\ani\Application Data\82.tmp c:\documents and settings\ani\Application Data\828.tmp c:\documents and settings\ani\Application Data\829.tmp c:\documents and settings\ani\Application Data\831.tmp c:\documents and settings\ani\Application Data\856.tmp c:\documents and settings\ani\Application Data\857.tmp c:\documents and settings\ani\Application Data\85B.tmp c:\documents and settings\ani\Application Data\85C.tmp c:\documents and settings\ani\Application Data\85D.tmp c:\documents and settings\ani\Application Data\872.tmp c:\documents and settings\ani\Application Data\873.tmp c:\documents and settings\ani\Application Data\874.tmp c:\documents and settings\ani\Application Data\8AF.tmp c:\documents and settings\ani\Application Data\8C4.tmp c:\documents and settings\ani\Application Data\8C5.tmp c:\documents and settings\ani\Application Data\A1.tmp c:\documents and settings\ani\Application Data\AB.tmp c:\documents and settings\ani\Application Data\AF.tmp c:\documents and settings\ani\Application Data\B.tmp c:\documents and settings\ani\Application Data\B0.tmp c:\documents and settings\ani\Application Data\C.tmp c:\documents and settings\ani\Application Data\CB.tmp c:\documents and settings\ani\Application Data\CC.tmp c:\documents and settings\ani\Application Data\CD.tmp c:\documents and settings\ani\Application Data\D.tmp c:\documents and settings\ani\Application Data\D2.tmp c:\documents and settings\ani\Application Data\D3.tmp c:\documents and settings\ani\Application Data\E2.tmp c:\documents and settings\ani\Application Data\E3.tmp c:\documents and settings\ani\Application Data\E4.tmp c:\documents and settings\ani\Application Data\E5.tmp c:\documents and settings\ani\Application Data\E8.tmp c:\documents and settings\ani\Application Data\E9.tmp c:\documents and settings\ani\Application Data\Qjgkga.exe c:\documents and settings\ani\fidtqx.exe c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe c:\program files\FunWebProducts c:\program files\FunWebProducts\ScreenSaver\Images\001D2108.urr c:\program files\FunWebProducts\ScreenSaver\Images\0757E943.urr c:\program files\Save c:\program files\Save\ACM.dll c:\program files\Save\save.db c:\program files\Save\SaveNowupdate.exe c:\program files\Save\store.db c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf c:\windows\IsUn0407.exe c:\windows\jusched.exe c:\windows\sysdriver32_.exe c:\windows\system32\.exe c:\windows\system32\config\systemprofile\setup.exe c:\windows\TEMP\1100683.exe c:\windows\TEMP\3779670.exe c:\windows\update.1 c:\windows\update.2 c:\windows\update.5.0 . c:\windows\system32\qmgr.dll . . . is infected!! . c:\windows\system32\tftp.exe . . . is infected!! . . ((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 ))))))))))))))))))))))))))))))) . . 2011-07-25 19:31 . 2011-07-25 19:32 57344 ----a-w- c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe 2011-07-25 19:12 . 2011-07-25 19:12 -------- d-----w- C:\FOUND.033 2011-07-25 17:55 . 2011-07-25 17:55 -------- d-----w- C:\_OTL 2011-07-19 20:26 . 2011-07-19 20:26 114176 ----a-w- c:\windows\systemup.exe 2011-07-19 20:15 . 2011-07-22 21:22 232960 ----a-w- c:\windows\l1rezerv.exe 2011-07-19 20:02 . 2011-07-19 20:02 -------- d-----w- c:\windows\ufa 2011-07-19 20:02 . 2011-07-19 20:02 -------- d-----w- c:\windows\rpcminer 2011-07-19 20:02 . 2011-07-19 20:02 -------- d-----w- c:\windows\phoenix 2011-07-19 20:01 . 2011-07-19 20:02 246272 ----a-w- c:\windows\unrar.exe 2011-07-19 19:59 . 2011-07-19 19:57 1147392 ----a-w- c:\windows\services32.exe 2011-07-16 14:00 . 2011-07-16 14:00 -------- d-----w- c:\documents and settings\ani\Local Settings\Application Data\Help 2011-07-07 23:24 . 2011-07-07 23:24 15696 ----a-w- c:\documents and settings\ani\Application Data\42B.tmp 2011-07-07 20:49 . 2011-07-07 20:49 15696 ----a-w- c:\documents and settings\ani\Application Data\42A.tmp 2011-07-07 08:10 . 2011-07-07 08:10 15696 ----a-w- c:\documents and settings\ani\Application Data\413.tmp 2011-06-28 16:59 . 2011-06-28 16:59 15696 ----a-w- c:\documents and settings\ani\Application Data\85A.tmp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-15 23:36 . 2011-06-15 23:36 15444 ----a-w- c:\documents and settings\ani\Application Data\38D.tmp 2011-05-11 07:28 . 2011-05-11 07:28 199 ----a-w- c:\documents and settings\ani\Application Data\17B.tmp 2011-05-10 16:15 . 2011-05-10 16:15 199 ----a-w- c:\documents and settings\ani\Application Data\12B.tmp 2011-05-10 16:13 . 2011-05-10 16:13 199 ----a-w- c:\documents and settings\ani\Application Data\12A.tmp 2011-05-05 22:06 . 2011-05-05 22:06 198 ----a-w- c:\documents and settings\ani\Application Data\5E.tmp 2011-06-24 23:36 . 2011-05-07 20:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2002-09-17 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\drivers\atapi.sys . [-] 2002-09-17 . 03F403B07A884FC2AA54A0916C410931 . 13568 . . [5.1.2600.0] . . c:\windows\system32\drivers\asyncmac.sys [-] 2002-09-17 . 03F403B07A884FC2AA54A0916C410931 . 13568 . . [5.1.2600.0] . . c:\windows\system32\dllcache\asyncmac.sys . [-] 2002-09-17 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys [-] 2002-09-17 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys . [-] 2002-09-17 . 1E7F78C2FC393356CD884C6FDE7966F9 . 23424 . . [5.1.2600.1106] . . c:\windows\system32\drivers\kbdclass.sys . [-] 2002-09-17 . 3B350E5A2A5E951453F3993275A4523A . 167552 . . [5.1.2600.1106] . . c:\windows\system32\drivers\ndis.sys [-] 2002-09-17 . 3B350E5A2A5E951453F3993275A4523A . 167552 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\ndis.sys . [-] 2002-09-17 . E3AE9C79498210A5F39FE5A9AD62BC55 . 561920 . . [5.1.2600.1106] . . c:\windows\system32\drivers\ntfs.sys [-] 2002-09-17 . E3AE9C79498210A5F39FE5A9AD62BC55 . 561920 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\ntfs.sys . [-] 2002-09-17 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys [-] 2002-09-17 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys . [-] 2002-09-17 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\system32\drivers\tcpip.sys [-] 2002-09-17 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\tcpip.sys . [-] 2002-09-17 . 3671D928554E124A8AC326A1769F2FFB . 49152 . . [5.1.2600.1106] . . c:\windows\system32\browser.dll [-] 2002-09-17 . 3671D928554E124A8AC326A1769F2FFB . 49152 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\browser.dll . [-] 2002-09-17 . B2B6BA905D0E3F8A32A0EB3B4051807B . 11776 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\lsass.exe [-] 2002-09-17 . B2B6BA905D0E3F8A32A0EB3B4051807B . 11776 . . [5.1.2600.1106] . . c:\windows\system32\lsass.exe . [-] 2002-09-17 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\netman.dll [-] 2002-09-17 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\system32\netman.dll . [-] 2002-09-17 08:52 . 1F51839ECCF908FD86558198909262E4 . 792064 . . [2001.12.4414.42] . . c:\windows\system32\dllcache\comres.dll [-] 2002-09-17 05:52 . 1F51839ECCF908FD86558198909262E4 . 792064 . . [2001.12.4414.42] . . c:\windows\system32\comres.dll . [-] 2002-09-17 . 6A1CF14D0E7D0B2241F552223769C8A7 . 221696 . . [6.2.2600.1106] . . c:\windows\system32\qmgr.dll . [-] 2002-09-17 . 493FCBED180DCACF0B5D4C8C29949CA9 . 260608 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\rpcss.dll [-] 2002-09-17 . 493FCBED180DCACF0B5D4C8C29949CA9 . 260608 . . [5.1.2600.1106] . . c:\windows\system32\rpcss.dll . [-] 2002-09-17 . E3DF4A0252D287C44606EE55355E1623 . 101376 . . [5.1.2600.0] . . c:\windows\system32\dllcache\services.exe [-] 2002-09-17 . E3DF4A0252D287C44606EE55355E1623 . 101376 . . [5.1.2600.0] . . c:\windows\system32\services.exe . [-] 2002-09-17 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\system32\dllcache\spoolsv.exe . [-] 2002-09-17 . 2246D8D8F4714A2CEDB21AB9B1849ABB . 516608 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\winlogon.exe [-] 2002-09-17 . 2246D8D8F4714A2CEDB21AB9B1849ABB . 516608 . . [5.1.2600.1106] . . c:\windows\system32\winlogon.exe . [-] 2002-09-17 . A3763CE319D9EB3EC2AC04901F293B9D . 139776 . . [5.4.3630.1106] . . c:\windows\system32\wuauclt.exe [-] 2002-09-17 . A3763CE319D9EB3EC2AC04901F293B9D . 139776 . . [5.4.3630.1106] . . c:\windows\system32\dllcache\wuauclt.exe . [-] 2002-09-17 . 0B5D337119929505EE72D4E4A41ED1FD . 557056 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll [-] 2002-09-17 . 0B5D337119929505EE72D4E4A41ED1FD . 557056 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2002-09-17 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [-] 2002-09-17 . 76B90BD220F1B1CC9E183C6B1AE9FBB4 . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll . [-] 2002-09-17 . 41C70161BFCB17E7E12ED89BADD2AEF4 . 53248 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\cryptsvc.dll [-] 2002-09-17 . 41C70161BFCB17E7E12ED89BADD2AEF4 . 53248 . . [5.1.2600.1106] . . c:\windows\system32\cryptsvc.dll . [-] 2002-09-17 05:53 . C9702DDD814C39DC1254CF757C31C6E4 . 225280 . . [2001.12.4414.46] . . c:\windows\system32\es.dll [-] 2002-09-17 05:53 . C9702DDD814C39DC1254CF757C31C6E4 . 225280 . . [2001.12.4414.46] . . c:\windows\system32\dllcache\es.dll . [-] 2002-09-17 . C9F9E3E6B59C6D6CBCE7F14494A4518A . 103936 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\imm32.dll [-] 2002-09-17 . C9F9E3E6B59C6D6CBCE7F14494A4518A . 103936 . . [5.1.2600.1106] . . c:\windows\system32\imm32.dll . [-] 2002-09-17 . 8F162DC91D67D87C1A481BF602A9DAC8 . 930304 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\kernel32.dll [-] 2002-09-17 . 8F162DC91D67D87C1A481BF602A9DAC8 . 930304 . . [5.1.2600.1106] . . c:\windows\system32\kernel32.dll . [-] 2002-09-17 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\system32\linkinfo.dll [-] 2002-09-17 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\system32\dllcache\linkinfo.dll . [-] 2002-09-17 . 55990CA08692E2739A8DDCE0B04352AC . 18944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\lpk.dll [-] 2002-09-17 . 55990CA08692E2739A8DDCE0B04352AC . 18944 . . [5.1.2600.0] . . c:\windows\system32\lpk.dll . [-] 2002-09-17 . 448EE0A3EDFC3339EC70E93C027E28C8 . 2833920 . . [6.00.2800.1106] . . c:\windows\system32\mshtml.dll [-] 2002-09-17 . 448EE0A3EDFC3339EC70E93C027E28C8 . 2833920 . . [6.00.2800.1106] . . c:\windows\system32\dllcache\mshtml.dll . [-] 2002-09-17 . 886A6C3C185AAEDECD00477F72279B07 . 323072 . . [7.0.2600.1106] . . c:\windows\system32\dllcache\msvcrt.dll [-] 2002-09-17 . 886A6C3C185AAEDECD00477F72279B07 . 323072 . . [7.0.2600.1106] . . c:\windows\system32\msvcrt.dll [-] 2002-09-17 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll [-] 2002-09-17 . 70630CAD245477F8DB02B79D9A92834C . 323072 . . [7.0.2600.1106] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll . [-] 2002-09-17 . 18A8BE5A66B93F9C9615F7D4C148EDE2 . 228352 . . [5.1.2600.0] . . c:\windows\system32\dllcache\mswsock.dll [-] 2002-09-17 . 18A8BE5A66B93F9C9615F7D4C148EDE2 . 228352 . . [5.1.2600.0] . . c:\windows\system32\mswsock.dll . [-] 2002-09-17 . 3ADD563ED7A1C66E6F5E0F7A661AA96D . 399360 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\netlogon.dll [-] 2002-09-17 . 3ADD563ED7A1C66E6F5E0F7A661AA96D . 399360 . . [5.1.2600.1106] . . c:\windows\system32\netlogon.dll . [-] 2002-09-17 . 865AD7CCB20856727D5BD994B094DC5E . 14848 . . [6.00.2600.0000] . . c:\windows\system32\dllcache\powrprof.dll [-] 2002-09-17 . 865AD7CCB20856727D5BD994B094DC5E . 14848 . . [6.00.2600.0000] . . c:\windows\system32\powrprof.dll . [-] 2002-09-17 . 97418A5C642A5C748A28BD7CF6860B57 . 174592 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\scecli.dll [-] 2002-09-17 . 97418A5C642A5C748A28BD7CF6860B57 . 174592 . . [5.1.2600.1106] . . c:\windows\system32\scecli.dll . [-] 2002-09-17 . 52BB2A508CB3EB8AAA5F6F142F5B73D6 . 4096 . . [5.1.2600.0] . . c:\windows\system32\dllcache\sfc.dll [-] 2002-09-17 . 52BB2A508CB3EB8AAA5F6F142F5B73D6 . 4096 . . [5.1.2600.0] . . c:\windows\system32\sfc.dll . [-] 2002-09-17 . 0F7D9C87B0CE1FA520473119752C6F79 . 12800 . . [5.1.2600.0] . . c:\windows\system32\dllcache\svchost.exe [-] 2002-09-17 . 0F7D9C87B0CE1FA520473119752C6F79 . 12800 . . [5.1.2600.0] . . c:\windows\system32\svchost.exe . [-] 2002-09-17 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\tapisrv.dll [-] 2002-09-17 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\system32\tapisrv.dll . [-] 2002-09-17 . DD9269230C21EE8FB7FD3FCCC3B1CFCB . 560128 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\user32.dll [-] 2002-09-17 . DD9269230C21EE8FB7FD3FCCC3B1CFCB . 560128 . . [5.1.2600.1106] . . c:\windows\system32\user32.dll . [-] 2002-09-17 . E931E0A2B8BF0019DB902E98D03662CB . 22016 . . [5.1.2600.1106] . . c:\windows\system32\userinit.exe [-] 2002-09-17 . E931E0A2B8BF0019DB902E98D03662CB . 22016 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\userinit.exe . [-] 2002-09-17 . F3587750A7481DCCBEA13D473A0700BE . 599040 . . [6.00.2800.1106] . . c:\windows\system32\dllcache\wininet.dll [-] 2002-09-17 . F3587750A7481DCCBEA13D473A0700BE . 599040 . . [6.00.2800.1106] . . c:\windows\system32\wininet.dll . [-] 2002-09-17 . 8529C295DF59B564D37A73B5629162B1 . 75264 . . [5.1.2600.0] . . c:\windows\system32\dllcache\ws2_32.dll [-] 2002-09-17 . 8529C295DF59B564D37A73B5629162B1 . 75264 . . [5.1.2600.0] . . c:\windows\system32\ws2_32.dll . [-] 2002-09-17 . 235C7EF9AEDDE76801169DC61FA72DEF . 18944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\ws2help.dll [-] 2002-09-17 . 235C7EF9AEDDE76801169DC61FA72DEF . 18944 . . [5.1.2600.0] . . c:\windows\system32\ws2help.dll . [-] 2002-09-17 . A82B28BFC2E4455FE43022A498C0EF0A . 1004032 . . [6.00.2800.1106] . . c:\windows\explorer.exe [-] 2002-09-17 . A82B28BFC2E4455FE43022A498C0EF0A . 1004032 . . [6.00.2800.1106] . . c:\windows\system32\dllcache\explorer.exe . [-] 2002-09-17 . B28FB518CD2949715CBFCE0E93A7A535 . 134144 . . [5.1.2600.1106] . . c:\windows\regedit.exe [-] 2002-09-17 . B28FB518CD2949715CBFCE0E93A7A535 . 134144 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\regedit.exe . [-] 2002-09-17 . CB598C117C6AB02584BB3B3452A04F11 . 1169920 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\ole32.dll [-] 2002-09-17 . CB598C117C6AB02584BB3B3452A04F11 . 1169920 . . [5.1.2600.1106] . . c:\windows\system32\ole32.dll . [-] 2002-09-17 . 73C90911DD86A10D4004C7D6E655A41B . 339456 . . [1.0409.2600.1106] . . c:\windows\system32\dllcache\usp10.dll [-] 2002-09-17 . 73C90911DD86A10D4004C7D6E655A41B . 339456 . . [1.0409.2600.1106] . . c:\windows\system32\usp10.dll . [-] 2002-12-11 21:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\system32\ksuser.dll [-] 2002-12-11 21:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\Driver Cache\i386\ksuser.dll [-] 2002-12-11 21:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll . [-] 2002-09-17 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . c:\windows\system32\srsvc.dll [-] 2002-09-17 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\srsvc.dll . . . [-] 2002-09-17 . BF3C8CF53C77B48206B39910B6D6CBCC . 49152 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\eventlog.dll [-] 2002-09-17 . BF3C8CF53C77B48206B39910B6D6CBCC . 49152 . . [5.1.2600.1106] . . c:\windows\system32\eventlog.dll . [-] 2002-09-17 . 2564949DBE5F643F50913BBE45D346E2 . 1157632 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\sfcfiles.dll [-] 2002-09-17 . 2564949DBE5F643F50913BBE45D346E2 . 1157632 . . [5.1.2600.1106] . . c:\windows\system32\sfcfiles.dll . [-] 2002-09-17 . 414DE7CF9D3F19C3EA902F1BB38EC116 . 13312 . . [5.1.2600.1106] . . c:\windows\system32\ctfmon.exe [-] 2002-09-17 . 414DE7CF9D3F19C3EA902F1BB38EC116 . 13312 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\ctfmon.exe . [-] 2002-09-17 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\system32\dllcache\shsvcs.dll [-] 2002-09-17 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\system32\shsvcs.dll . [-] 2002-09-17 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\system32\regsvc.dll [-] 2002-09-17 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\system32\dllcache\regsvc.dll . [-] 2002-09-17 . 719B05113003A1934EA25EA1FED68C85 . 159232 . . [5.1.2600.1106] . . c:\windows\system32\schedsvc.dll [-] 2002-09-17 . 719B05113003A1934EA25EA1FED68C85 . 159232 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\schedsvc.dll . [-] 2002-09-17 . 75B5821307B2F4491F9ED06732366872 . 43008 . . [5.1.2600.1106] . . c:\windows\system32\ssdpsrv.dll [-] 2002-09-17 . 75B5821307B2F4491F9ED06732366872 . 43008 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\ssdpsrv.dll . [-] 2002-09-17 . FE84E045A09A4ABC4DEEF7270448B64E . 200192 . . [5.1.2600.1106] . . c:\windows\system32\termsrv.dll [-] 2002-09-17 . FE84E045A09A4ABC4DEEF7270448B64E . 200192 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\termsrv.dll . [-] 2002-09-17 . F5FBCABFE303D309DF5163ABFBBB6958 . 240640 . . [5.1.2600.1106] . . c:\windows\system32\hnetcfg.dll [-] 2002-09-17 . F5FBCABFE303D309DF5163ABFBBB6958 . 240640 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\hnetcfg.dll . [-] 2002-09-17 . AE0BDD0E65987747988861103B50FA4F . 156672 . . [5.1.2600.1106] . . c:\windows\system32\appmgmts.dll [-] 2002-09-17 . AE0BDD0E65987747988861103B50FA4F . 156672 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\appmgmts.dll . [-] 2002-09-17 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys . [7] 2002-08-28 20:16 . FF773FEDA15E8BD97FD54FE87A0ACDBE . 142208 . . [5.1.2601.1095 built by: xpsp1] . . c:\windows\system32\drivers\aec.sys . [7] 2002-09-17 05:53 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll [7] 2002-09-17 05:53 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll . [7] 2002-09-17 . A81487520F11F65BF270D50EE29887B2 . 34304 . . [5.1.2600.0] . . c:\windows\system32\msgsvc.dll [7] 2002-09-17 . A81487520F11F65BF270D50EE29887B2 . 34304 . . [5.1.2600.0] . . c:\windows\system32\dllcache\msgsvc.dll . [7] 2005-01-28 10:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll [7] 2005-01-28 10:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll . [7] 2002-09-17 . 0E8EFB15746878A9B256E75267337233 . 1947904 . . [5.1.2600.1106] . . c:\windows\system32\ntkrnlpa.exe . [7] 2002-09-17 05:54 . AAC49EF5C84A2EBD7409A51A1B65C542 . 392704 . . [5.1.2400.1106] . . c:\windows\system32\ntmssvc.dll [7] 2002-09-17 05:54 . AAC49EF5C84A2EBD7409A51A1B65C542 . 392704 . . [5.1.2400.1106] . . c:\windows\system32\dllcache\ntmssvc.dll . [7] 2002-09-17 . 848CE0601B58410FF2DFB6BC8449AFE7 . 164864 . . [5.1.2600.1106] . . c:\windows\system32\upnphost.dll [7] 2002-09-17 . 848CE0601B58410FF2DFB6BC8449AFE7 . 164864 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\upnphost.dll . [7] 2004-07-09 01:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\dsound.dll [7] 2004-07-09 01:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\dllcache\dsound.dll [7] 2004-07-09 01:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll . [-] 2004-07-09 01:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\d3d9.dll . [7] 2004-07-09 01:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\ddraw.dll [7] 2004-07-09 01:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\dllcache\ddraw.dll [7] 2004-07-09 01:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll . [7] 2002-09-17 05:54 . 76E77301A8A73457A5B55E76847DB892 . 106496 . . [5.0.5014] . . c:\windows\system32\olepro32.dll [7] 2002-09-17 05:54 . 76E77301A8A73457A5B55E76847DB892 . 106496 . . [5.0.5014] . . c:\windows\system32\dllcache\olepro32.dll . [7] 2002-09-17 . 972EFFC80D9E806539489883D37032F5 . 37376 . . [5.1.2600.0] . . c:\windows\system32\perfctrs.dll [7] 2002-09-17 . 972EFFC80D9E806539489883D37032F5 . 37376 . . [5.1.2600.0] . . c:\windows\system32\dllcache\perfctrs.dll . [7] 2002-09-17 . 90D0D0BEA6FBC19E765E30B7DDF52B9A . 16384 . . [5.1.2600.0] . . c:\windows\system32\dllcache\version.dll [7] 2002-09-17 . 90D0D0BEA6FBC19E765E30B7DDF52B9A . 16384 . . [5.1.2600.0] . . c:\windows\system32\version.dll . [7] 2002-09-17 . 418D301C3B1FA94B19584AEEB3D65166 . 91136 . . [6.00.2800.1106] . . c:\windows\system32\dllcache\iexplore.exe . . [7] 2002-09-17 . B9080D97DBD631AADF9128F7316958D2 . 2042240 . . [5.1.2600.1106] . . c:\windows\system32\ntoskrnl.exe . [7] 2002-09-17 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . c:\windows\system32\srsvc.dll [7] 2002-09-17 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\srsvc.dll . [7] 2002-09-17 . A14F6DEDA6E1B5D13A0C225E84988EEA . 165376 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\w32time.dll [7] 2002-09-17 . A14F6DEDA6E1B5D13A0C225E84988EEA . 165376 . . [5.1.2600.1106] . . c:\windows\system32\w32time.dll . [7] 2002-09-17 . 0AC40B75640B550C26347B5F65F6E0EE . 316416 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\wiaservc.dll [7] 2002-09-17 . 0AC40B75640B550C26347B5F65F6E0EE . 316416 . . [5.1.2600.1106] . . c:\windows\system32\wiaservc.dll . [7] 2002-09-17 . 5A80CD832A19D92CEAED6D5C0316D1B1 . 17920 . . [5.1.2600.0] . . c:\windows\system32\midimap.dll [7] 2002-09-17 . 5A80CD832A19D92CEAED6D5C0316D1B1 . 17920 . . [5.1.2600.0] . . c:\windows\system32\dllcache\midimap.dll . [7] 2002-09-17 . C5ABBBD9C7307679B4FBA203213A6FD4 . 6144 . . [5.1.2600.0] . . c:\windows\system32\rasadhlp.dll [7] 2002-09-17 . C5ABBBD9C7307679B4FBA203213A6FD4 . 6144 . . [5.1.2600.0] . . c:\windows\system32\dllcache\rasadhlp.dll . c:\windows\System32\spoolsv.exe ... is missing !! c:\windows\System32\wscntfy.exe ... is missing !! c:\windows\System32\xmlprov.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-10 68856] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-02-24 395640] "Skype"="c:\documents and settings\ani\Desktop\Skype.exe" [2010-03-09 26100520] "pgtjgcmj"="c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe" [2011-07-25 57344] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "wmupdater"="c:\program files\Windows Media Player\wmupdater.exe" [2010-11-25 214016] "pgtjgcmj"="c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe" [2011-07-25 57344] "l1rezerv.exe"="c:\windows\l1rezerv.exe" [2011-07-22 232960] "systemup"="c:\windows\systemup.exe" [2011-07-19 114176] . c:\documents and settings\ani\Start Menu\Programs\Startup\ miurb.exe [2011-2-16 57344] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2005-11-08 21:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-06-10 14:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Documents and Settings\\ani\\Desktop\\Flash-Player.exe"= . 2;2 AMService;AMService;c:\windows\System32\setup.exe run [x] R0 cwydtuhdyfaijds;cwydtuhdyfaijds;c:\windows\system32\drivers\ghhsfuact.sys [x] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664] R3 autorun;autorun;c:\huadio.tmp [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664] S0 fdtyjuor;fdtyjuor;c:\windows\System32\Drivers\fdtyjuor.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2006-12-19 639224] . . Contents of the 'Scheduled Tasks' folder . 2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 05:51] . 2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 05:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://getredirected.info/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe TCP: DhcpNameServer = 192.168.1.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\ani\Application Data\Mozilla\Firefox\Profiles\yz40z8oy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Winamp Search FF - prefs.js: browser.startup.homepage - hxxp://getredirected.info/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - c:\program files\Winamp Toolbar\winamptb.dll HKCU-Run-Qjgkga - c:\documents and settings\ani\Application Data\Qjgkga.exe HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe HKLM-Run-wxpdrv - c:\windows\update.1\svchost.exe HKLM-Run-sysdriver32.exe - c:\windows\sysdriver32.exe HKLM-Run-sysdriver32_.exe - c:\windows\sysdriver32_.exe SafeBoot-fdtyjuor.sys MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe MSConfigStartUp-AVG7_EMC - c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe MSConfigStartUp-WhenUSearch - c:\program files\DAEMON Tools SearchBar\Search.exe MSConfigStartUp-WhenUSearchWHSE - c:\program files\DAEMON Tools SearchBar\whse.exe AddRemove-eMusic Promotion - c:\program files\Winamp\eMusic\Uninst-eMusic-promotion.exe AddRemove-SaveNow - c:\program files\Save\SaveUninst.exe AddRemove-ShockwaveFlash - c:\windows\System32\Macromed\Flash\FlashUtil9b.exe AddRemove-VLC media player - c:\program files\VideoLAN\VLC\uninstall.exe AddRemove-WhenUSearch - c:\program files\DAEMON Tools SearchBar\Uninst.exe AddRemove-Winamp - c:\program files\Winamp\UninstWA.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-25 22:34 Windows 5.1.2600 Service Pack 1 FAT NTAPI . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\autorun] "ImagePath"="\??\c:\huadio.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(564) c:\windows\System32\ODBC32.dll . - - - - - - - > 'lsass.exe'(620) c:\windows\System32\dssenh.dll . - - - - - - - > 'explorer.exe'(3476) c:\windows\System32\newdll.dll c:\windows\System32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\Datecs\Flex2K.exe c:\windows\System32\setup.exe c:\windows\System32\wdfmgr.exe . ************************************************************************** . Completion time: 2011-07-25 22:41:45 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-25 19:41 . Pre-Run: 13,032,407,040 bytes free Post-Run: 14,405,844,992 bytes free . winxpsp1_en_pro_bf.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect . - - End Of File - - FCF3CE7ACE73C9FA1AD640C0E587F5FA

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изтеглете SystemLook и запазете програмата на десктопа.

  • Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
  • Копирайте съдържанието от цитата по-долу в текстовото поле на програмата:
:filefind 
*qmgr.dll*
*tftp.exe*
  • Кликнете на бутона Look, за да започне сканирането.
  • Когато сканирането завърши ще се отвори Notepad с резултата от сканирането. После публикувайте лог файла в следващия си коментар.
  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Имам вече фб !!!/иска ми някакви бисквитки ?!?-ще се оправя някак/ много благодаря за съдействието и търпението приятна вечер !

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

не разбрах ,че има още SystemLook 04.09.10 by jpshortstuff Log created at 23:33 on 25/07/2011 by ani Administrator - Elevation successful ========== filefind ========== Searching for "*qmgr.dll*" C:\WINDOWS\system32\qmgr.dll --a---- 221696 bytes [14:22 24/08/2006] [08:54 17/09/2002] 6A1CF14D0E7D0B2241F552223769C8A7 Searching for "*tftp.exe*" C:\WINDOWS\system32\tftp.exe --a---- 16896 bytes [05:55 17/09/2002] [18:07 10/07/2008] DB3F663417BAEC4D8DA89267A4A27DF5 -= EOF =-

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изтеглете SystemLook и запазете програмата на десктопа.

  • Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
  • Копирайте съдържанието от цитата по-долу в текстовото поле на програмата:
:filefind
*qmgr*
*tftp*
  • Кликнете на бутона Look, за да започне сканирането.
  • Когато сканирането завърши ще се отвори Notepad с резултата от сканирането. После публикувайте лог файла в следващия си коментар.

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

KILLALL::

File::
c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe
c:\windows\systemup.exe
c:\windows\l1rezerv.exe
c:\windows\unrar.exe
c:\windows\services32.exe
c:\windows\system32\drivers\ghhsfuact.sys
c:\windows\System32\Drivers\fdtyjuor.sys
 
Folder::
c:\windows\ufa
c:\windows\rpcminer
c:\windows\phoenix

Driver::
cwydtuhdyfaijds
fdtyjuor
 
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pgtjgcmj"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pgtjgcmj"=-
"l1rezerv.exe"=-
"systemup"=-

Reboot::
 

След съхранението преместете CFScript.txt на иконата на ComboFix.exe

Публикувано изображение

Генерирания рапорт прикачете в следващия си пост..!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

<pre class="prettyprint">:filefind*qmgr**tftp*</pre>

  • Кликнете на бутона Look, за да започне сканирането.
  • Когато сканирането завърши ще се отвори Notepad с резултата от сканирането. После публикувайте лог файла в следващия си коментар.
Това го направих ,но не успях да публикувам лог файла, защото ми се рестартира комютъра

и продължих с ComboFix и ето:

ComboFix 11-07-26.02 - ani 07/26/2011 20:01:58.2.1 - FAT32x86

Running from: c:\documents and settings\ani\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\ani\Desktop\CFScript.txt

* Created a new restore point

.

FILE ::

"c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe"

"c:\windows\l1rezerv.exe"

"c:\windows\services32.exe"

"c:\windows\System32\Drivers\fdtyjuor.sys"

"c:\windows\system32\drivers\ghhsfuact.sys"

"c:\windows\systemup.exe"

"c:\windows\unrar.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\phoenix

c:\windows\phoenix\kernels\phatk\__init__.py

c:\windows\phoenix\kernels\phatk\__init__.pyc

c:\windows\phoenix\kernels\phatk\BFIPatcher.py

c:\windows\phoenix\kernels\phatk\kernel.cl

c:\windows\phoenix\kernels\poclbm\__init__.py

c:\windows\phoenix\kernels\poclbm\__init__.pyc

c:\windows\phoenix\kernels\poclbm\BFIPatcher.py

c:\windows\phoenix\kernels\poclbm\kernel.cl

c:\windows\phoenix\phoenix.exe

c:\windows\rpcminer

c:\windows\rpcminer\bitcoinminercuda_10.cubin

c:\windows\rpcminer\bitcoinminercuda_11.cubin

c:\windows\rpcminer\bitcoinminercuda_20.cubin

c:\windows\rpcminer\bitcoinmineropencl.cl

c:\windows\rpcminer\cudart32_32_16.dll

c:\windows\rpcminer\curllib.dll

c:\windows\rpcminer\libeay32.dll

c:\windows\rpcminer\libsasl.dll

c:\windows\rpcminer\openldap.dll

c:\windows\rpcminer\rpcminer-4way.exe

c:\windows\rpcminer\rpcminer-cpu.exe

c:\windows\rpcminer\rpcminer-cuda.exe

c:\windows\rpcminer\rpcminer-opencl.exe

c:\windows\rpcminer\ssleay32.dll

c:\windows\system32\config\systemprofile\setup.exe

c:\windows\ufa

c:\windows\ufa\ufa.exe

.

c:\windows\system32\qmgr.dll . . . is infected!!

.

c:\windows\system32\tftp.exe . . . is infected!!

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_FDTYJUOR

-------\Service_cwydtuhdyfaijds

-------\Service_fdtyjuor

.

.

((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 )))))))))))))))))))))))))))))))

.

.

2011-07-26 17:12 . 2010-12-12 09:13 57344 ----a-w- c:\windows\system32\config\systemprofile\setup.exe

2011-07-25 19:31 . 2011-07-26 17:12 57344 --sh--r- c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe

2011-07-25 19:12 . 2011-07-25 19:12 -------- d-----w- C:\FOUND.033

2011-07-25 17:55 . 2011-07-25 17:55 -------- d-----w- C:\_OTL

2011-07-19 20:26 . 2011-07-19 20:26 114176 ----a-w- c:\windows\systemup.exe

2011-07-19 20:15 . 2011-07-22 21:22 232960 ----a-w- c:\windows\l1rezerv.exe

2011-07-19 20:01 . 2011-07-19 20:02 246272 ----a-w- c:\windows\unrar.exe

2011-07-19 19:59 . 2011-07-19 19:57 1147392 ----a-w- c:\windows\services32.exe

2011-07-16 14:00 . 2011-07-16 14:00 -------- d-----w- c:\documents and settings\ani\Local Settings\Application Data\Help

2011-07-07 23:24 . 2011-07-07 23:24 15696 ----a-w- c:\documents and settings\ani\Application Data\42B.tmp

2011-07-07 20:49 . 2011-07-07 20:49 15696 ----a-w- c:\documents and settings\ani\Application Data\42A.tmp

2011-07-07 08:10 . 2011-07-07 08:10 15696 ----a-w- c:\documents and settings\ani\Application Data\413.tmp

2011-06-28 16:59 . 2011-06-28 16:59 15696 ----a-w- c:\documents and settings\ani\Application Data\85A.tmp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-15 23:36 . 2011-06-15 23:36 15444 ----a-w- c:\documents and settings\ani\Application Data\38D.tmp

2011-05-11 07:28 . 2011-05-11 07:28 199 ----a-w- c:\documents and settings\ani\Application Data\17B.tmp

2011-05-10 16:15 . 2011-05-10 16:15 199 ----a-w- c:\documents and settings\ani\Application Data\12B.tmp

2011-05-10 16:13 . 2011-05-10 16:13 199 ----a-w- c:\documents and settings\ani\Application Data\12A.tmp

2011-05-05 22:06 . 2011-05-05 22:06 198 ----a-w- c:\documents and settings\ani\Application Data\5E.tmp

2011-06-24 23:36 . 2011-05-07 20:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-07-25_19.32.02 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-10-16 04:36 . 2010-10-27 06:59 71680 c:\windows\system32\secupdat.dat

+ 2010-10-26 19:05 . 2010-10-26 19:05 55040 c:\windows\system32\drivers\ndisvvan.sys

+ 2010-10-16 04:37 . 2010-10-16 04:37 40128 c:\windows\system32\drivers\fdtyjuor.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-10 68856]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-02-24 395640]

"Skype"="c:\documents and settings\ani\Desktop\Skype.exe" [2010-03-09 26100520]

"pgtjgcmj"="c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe" [2011-07-26 57344]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"wmupdater"="c:\program files\Windows Media Player\wmupdater.exe" [2010-11-25 214016]

"pgtjgcmj"="c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe" [2011-07-26 57344]

.

c:\documents and settings\ani\Start Menu\Programs\Startup\

miurb.exe [2011-2-16 57344]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

FlexType 2K.lnk - [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableSecureUIAPaths"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

2005-11-08 21:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-06-10 14:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"DisableThumbnailCache"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Documents and Settings\\ani\\Desktop\\Flash-Player.exe"=

.

2;2 AMService;AMService;c:\windows\System32\setup.exe run [x]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]

R3 autorun;autorun;c:\huadio.tmp [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2006-12-19 639224]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 05:51]

.

2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 05:51]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://getredirected.info/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe

TCP: DhcpNameServer = 192.168.1.1

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\ani\Application Data\Mozilla\Firefox\Profiles\yz40z8oy.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Winamp Search

FF - prefs.js: browser.startup.homepage - hxxp://getredirected.info/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-fdtyjuor.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-26 20:14

Windows 5.1.2600 Service Pack 1 FAT NTAPI

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\autorun]

"ImagePath"="\??\c:\huadio.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(564)

c:\windows\System32\ODBC32.dll

.

- - - - - - - > 'lsass.exe'(620)

c:\windows\System32\dssenh.dll

.

- - - - - - - > 'explorer.exe'(1896)

c:\windows\System32\newdll.dll

c:\windows\System32\msi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\Datecs\Flex2K.exe

c:\windows\System32\setup.exe

c:\windows\System32\wdfmgr.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Completion time: 2011-07-26 20:16:02 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-26 17:16

ComboFix2.txt 2011-07-25 19:41

.

Pre-Run: 14,311,096,320 bytes free

Post-Run: 14,259,847,168 bytes free

.

- - End Of File - - 9C508F283DA20E08B7459D1F38672358

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Това го направих ,но не успях да публикувам лог файла, защото ми се рестартира комютъра

и продължих с ComboFix и ето:

Опитай пак..защото:

c:\windows\system32\qmgr.dll . . . is infected!!

c:\windows\system32\tftp.exe . . . is infected!!

и се опитвам да намеря чист файл за замяна...!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

SystemLook 04.09.10 by jpshortstuff Log created at 20:56 on 26/07/2011 by ani Administrator - Elevation successful ========== filefind ========== Searching for "*qmgr*" C:\WINDOWS\system32\qmgr.dll --a---- 221696 bytes [14:22 24/08/2006] [08:54 17/09/2002] 6A1CF14D0E7D0B2241F552223769C8A7 C:\WINDOWS\system32\qmgrprxy.dll --a---- 17408 bytes [14:22 24/08/2006] [08:54 17/09/2002] 6C49784B2B470F51472BA620510A05A8 C:\WINDOWS\system32\dllcache\qmgrprxy.dll --a---- 17408 bytes [14:22 24/08/2006] [08:54 17/09/2002] 6C49784B2B470F51472BA620510A05A8 C:\WINDOWS\inf\qmgr.inf --a---- 3208 bytes [05:54 17/09/2002] [05:54 17/09/2002] 6C951FBA5786E17F3E79CBC11203D3D3 C:\WINDOWS\inf\qmgr.PNF --a---- 8252 bytes [14:10 24/08/2006] [17:41 09/04/2011] CB870A2669B9681797F42EF2C9790E48 C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat --a---- 6688 bytes [19:46 11/09/2006] [17:00 26/07/2011] (Unable to calculate MD5) C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat --a---- 5622 bytes [19:46 11/09/2006] [17:00 26/07/2011] (Unable to calculate MD5) C:\Qoobox\Quarantine\C\WINDOWS\system32\qmgr.dll.vir --a---- 221696 bytes [14:22 24/08/2006] [08:54 17/09/2002] 6A1CF14D0E7D0B2241F552223769C8A7 Searching for "*tftp*" C:\WINDOWS\system32\tftp.exe --a---- 16896 bytes [05:55 17/09/2002] [18:07 10/07/2008] DB3F663417BAEC4D8DA89267A4A27DF5 C:\WINDOWS\system32\Microsoft\backup.tftp ------- 16896 bytes [13:10 28/06/2008] [05:55 17/09/2002] C6E8683B44521D6D5E86443BC3464FB3 -= EOF =-

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Лоша работа..!

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

KILLALL::
 
File::
c:\windows\systemup.exe
c:\windows\l1rezerv.exe
c:\windows\unrar.exe
c:\windows\services32.exe
c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe
c:\documents and settings\ani\Start Menu\Programs\Startup\miurb.exe
c:\huadio.tmp
 
Driver::
autorun
 
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pgtjgcmj"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pgtjgcmj"=-
 
Reboot::
 

След съхранението преместете CFScript.txt на иконата на ComboFix.exe

Публикувано изображение

Генерирания рапорт прикачете в следващия си пост..!

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

--------------------------- Submit Files for further analysis --------------------------- ComboFix needs to submit malware files for further analysis. Please ensure that you're connected to the internet before clicking OK --------------------------- OK ---------------------------

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

ComboFix 11-07-26.03 - ani 07/26/2011 22:12:04.3.1 - FAT32x86 Running from: c:\documents and settings\ani\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\ani\Desktop\CFScript.Txt * Created a new restore point . FILE :: "c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe" "c:\documents and settings\ani\Start Menu\Programs\Startup\miurb.exe" "c:\huadio.tmp" "c:\windows\l1rezerv.exe" "c:\windows\services32.exe" "c:\windows\systemup.exe" "c:\windows\unrar.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\ani\Application Data\12A.tmp c:\documents and settings\ani\Application Data\12B.tmp c:\documents and settings\ani\Application Data\17B.tmp c:\documents and settings\ani\Application Data\38D.tmp c:\documents and settings\ani\Application Data\413.tmp c:\documents and settings\ani\Application Data\42A.tmp c:\documents and settings\ani\Application Data\42B.tmp c:\documents and settings\ani\Application Data\5E.tmp c:\documents and settings\ani\Application Data\85A.tmp c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe c:\windows\system32\config\systemprofile\setup.exe c:\windows\system32\Drivers\fdtyjuor.sys . c:\windows\system32\qmgr.dll . . . is infected!! . c:\windows\system32\tftp.exe . . . is infected!! . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_AUTORUN -------\Service_autorun . . ((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 ))))))))))))))))))))))))))))))) . . 2011-07-26 19:24 . 2011-07-26 19:25 57344 --sh--r- c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe 2011-07-26 19:07 . 2011-07-26 19:07 -------- d-----w- c:\documents and settings\ani\Application Data\Media Player Classic 2011-07-25 19:12 . 2011-07-25 19:12 -------- d-----w- C:\FOUND.033 2011-07-25 17:55 . 2011-07-25 17:55 -------- d-----w- C:\_OTL 2011-07-19 20:26 . 2011-07-19 20:26 114176 ----a-w- c:\windows\systemup.exe 2011-07-19 20:15 . 2011-07-22 21:22 232960 ----a-w- c:\windows\l1rezerv.exe 2011-07-19 20:01 . 2011-07-19 20:02 246272 ----a-w- c:\windows\unrar.exe 2011-07-19 19:59 . 2011-07-19 19:57 1147392 ----a-w- c:\windows\services32.exe 2011-07-16 14:00 . 2011-07-16 14:00 -------- d-----w- c:\documents and settings\ani\Local Settings\Application Data\Help . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-24 23:36 . 2011-05-07 20:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-07-25_19.32.02 ))))))))))))))))))))))))))))))))))))))))) . + 2010-10-16 04:36 . 2010-10-27 06:59 71680 c:\windows\system32\secupdat.dat + 2010-10-26 19:05 . 2010-10-26 19:05 55040 c:\windows\system32\drivers\ndisvvan.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-10 68856] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-02-24 395640] "Skype"="c:\documents and settings\ani\Desktop\Skype.exe" [2010-03-09 26100520] "pgtjgcmj"="c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe" [2011-07-26 57344] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "wmupdater"="c:\program files\Windows Media Player\wmupdater.exe" [2010-11-25 214016] "pgtjgcmj"="c:\documents and settings\ani\Local Settings\Application Data\nufaol.exe" [2011-07-26 57344] . c:\documents and settings\ani\Start Menu\Programs\Startup\ miurb.exe [2011-2-16 57344] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2005-11-08 21:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-06-10 14:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Documents and Settings\\ani\\Desktop\\Flash-Player.exe"= . 2;2 AMService;AMService;c:\windows\System32\setup.exe run [x] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2006-12-19 639224] . . Contents of the 'Scheduled Tasks' folder . 2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 05:51] . 2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 05:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://getredirected.info/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe TCP: DhcpNameServer = 192.168.1.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\ani\Application Data\Mozilla\Firefox\Profiles\yz40z8oy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Winamp Search FF - prefs.js: browser.startup.homepage - hxxp://getredirected.info/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-26 22:24 Windows 5.1.2600 Service Pack 1 FAT NTAPI . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(564) c:\windows\System32\ODBC32.dll . - - - - - - - > 'lsass.exe'(620) c:\windows\System32\dssenh.dll . - - - - - - - > 'explorer.exe'(1716) c:\windows\System32\newdll.dll c:\windows\System32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\setup.exe c:\windows\System32\wdfmgr.exe c:\windows\Datecs\Flex2K.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2011-07-26 22:27:56 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-26 19:27 ComboFix2.txt 2011-07-26 17:16 ComboFix3.txt 2011-07-25 19:41 . Pre-Run: 14,277,984,256 bytes free Post-Run: 14,264,156,160 bytes free . - - End Of File - - 2D5DB1E2D7A1F1EAC26B011DF999F608

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сега как е положението със системата ви..? Имате ли инсталационен диск за Windows..?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сега как е положението със системата ви..?

Имате ли инсталационен диск за Windows..?

ами,,,изглежда наред-доколкото мога да преценя/зарежда разл,сайтове/, само във фб

Изискват се бисквитки

Бисквитките са изключени от Вашият браузър. Моля настройте и коригирайте това в настройките си за сигурност преди да продължите.

е те - това!

и не, нямам инсталационен диск

много ли сме оцапани ?

:)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.