Jump to content

Препоръчан пост

Изтеглете OTL

  • Запазете файла на Вашия десктоп.
  • Стартирайте инструмента.
  • Уверете се, че процесът на сканиране няма да бъде прекъснат.
  • В главния прозорец на програмата сложете отметка пред Scan All Users.
  • В полето Output изберете Minimal Output.
  • В полето Standart Registry изберете All.
  • Сложете отметки пред LOP Check и Purity Check.
  • От падащото меню File Age изберете 90 days.
  • Уверете се, че има отметкa пред Skip Microsoft Files.
  • В полето Custom Scans/Fixes поставете следния текст:

netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%*.*
%USERPROFILE%*.*
%USERPROFILE%AppDataLocal*.*
%USERPROFILE%AppDataRoaming*.*
%ProgramData%*.*
%CommonProgramFiles%*.*
%PROGRAMFILES%*.*
%systemroot%system32*.dll /lockedfiles
%systemroot%Tasks*.job /lockedfiles
%systemroot%system32drivers*.sys /90
%systemroot%system32drivers*.sys /lockedfiles
%systemroot%system32Spoolprtprocsw32x86*.dll
%systemroot%\*. /mp /s
/md5start
hlp.dat
winlogon.exe
wininit.exe
userinit.exe
explorer.exe
volsnap.sys
/md5stop

 

 

Копирайте кода точно както е даден. Уверете се, че всяка от командите е на нов ред, както е в полето.

 

Натиснете бутона Run Scan. Ще започне сканиране, което няма да продължи дълго.Когато сканирането приключи автоматично ще се отворят два Notepad лог-файла - OTL.txt и Extras.txt.

 

Моля, прикачете тези два файла към следващия си коментар.

Link to comment
Сподели другаде

  • Отговори 57
  • Създадена
  • Последен отговор

ТОП потребители в тази тема

ТОП потребители в тази тема

Публикувани изображения

OTL:

 

OTL logfile created on: 3.1.2012 г. 21:57:44 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\B-boy\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000402 | Country: България | Language: BGR | Date Format: d.M.yyyy 'г.'

 

2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,26% Memory free

4,00 Gb Paging File | 2,90 Gb Available in Paging File | 72,57% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 48,83 Gb Total Space | 16,70 Gb Free Space | 34,20% Space Free | Partition Type: NTFS

Drive D: | 416,92 Gb Total Space | 278,68 Gb Free Space | 66,84% Space Free | Partition Type: NTFS

Drive F: | 6,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: B-BOY-PC | User Name: B-boy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\B-boy\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files\Opera\opera.exe (Opera Software)

PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)

PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)

PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()

MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (aswFW) -- C:\Windows\System32\drivers\aswFW.sys (AVAST Software)

DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswNdis2) -- C:\Windows\System32\drivers\aswNdis2.sys (AVAST Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (aswNdis) -- C:\Windows\system32\DRIVERS\aswNdis.sys (ALWIL Software)

DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Almico Software)

DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (giveio) -- C:\Windows\system32\giveio.sys ()

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-932158286-1761716740-2224712450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-21-932158286-1761716740-2224712450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg

IE - HKU\S-1-5-21-932158286-1761716740-2224712450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 04 31 B5 A4 7F CC 01 [binary data]

IE - HKU\S-1-5-21-932158286-1761716740-2224712450-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-932158286-1761716740-2224712450-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-21-932158286-1761716740-2224712450-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-932158286-1761716740-2224712450-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg

IE - HKU\S-1-5-21-932158286-1761716740-2224712450-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 04 31 B5 A4 7F CC 01 [binary data]

IE - HKU\S-1-5-21-932158286-1761716740-2224712450-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: ""

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.01.01 18:16:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.25 15:39:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.25 15:39:49 | 000,000,000 | ---D | M]

 

[2011.09.30 21:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\B-boy\AppData\Roaming\mozilla\Extensions

[2011.12.30 22:17:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\B-boy\AppData\Roaming\mozilla\Firefox\Profiles\bijwnhum.default\extensions

[2011.12.28 15:46:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\B-boy\AppData\Roaming\mozilla\Firefox\Profiles\bijwnhum.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.09.30 21:20:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2012.01.01 18:16:57 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2011.03.18 19:55:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.11.03 08:59:20 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

[2010.01.01 10:00:00 | 000,001,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\911bg.xml

[2010.01.01 10:00:00 | 000,002,442 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\diribg.xml

[2010.01.01 10:00:00 | 000,001,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pe-bg.xml

[2010.01.01 10:00:00 | 000,001,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml

[2010.01.01 10:00:00 | 000,001,220 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bg.xml

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [TaskTray] File not found

O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1000..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray File not found

O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1000..\Run: [bitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)

O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1003..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray File not found

O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1003..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-932158286-1761716740-2224712450-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-932158286-1761716740-2224712450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-932158286-1761716740-2224712450-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-932158286-1761716740-2224712450-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Експортиране към Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: &Изпрати към OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O9 - Extra Button: Изпрати към OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Изпрати към OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: &Свързани бележки на OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Свързани бележки на OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E4C8561-28ED-4651-90A5-806F110D2E85}: NameServer = 192.168.111.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010.09.10 23:33:59 | 000,000,000 | R--D | M] - F:\AutoRun -- [ UDF ]

O32 - AutoRun File - [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - F:\AutoRun.exe -- [ UDF ]

O32 - AutoRun File - [2010.09.10 23:34:02 | 007,864,832 | R--- | M] () - F:\autorun.dat -- [ UDF ]

O32 - AutoRun File - [2010.09.10 23:33:38 | 000,000,141 | R--- | M] () - F:\autorun.inf -- [ UDF ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

MsConfig - State: "startup" - 2

 

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

========== Files/Folders - Created Within 90 Days ==========

 

[2012.01.03 21:56:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\B-boy\Desktop\OTL.exe

[2012.01.02 00:56:51 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live for Speed (5)

[2012.01.02 00:55:44 | 000,000,000 | ---D | C] -- C:\LFS

[2012.01.01 18:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security

[2012.01.01 18:17:29 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2012.01.01 18:17:29 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2012.01.01 18:17:26 | 000,111,320 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys

[2012.01.01 18:17:12 | 000,195,416 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys

[2012.01.01 18:17:12 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2012.01.01 18:17:12 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2012.01.01 18:17:11 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2012.01.01 18:17:11 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2012.01.01 18:16:56 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2012.01.01 18:16:56 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2012.01.01 18:16:56 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys

[2012.01.01 18:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012.01.01 16:14:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime

[2011.12.30 20:34:51 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\Leadertech

[2011.12.30 01:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent

[2011.12.30 01:15:02 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\BitTorrent

[2011.12.30 01:14:56 | 006,053,744 | ---- | C] (BitTorrent, Inc.) -- C:\Users\B-boy\Documents\BitTorrent-7.6.exe

[2011.12.29 09:55:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM

[2011.12.29 09:55:05 | 003,319,400 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll

[2011.12.29 09:55:05 | 002,359,400 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll

[2011.12.29 09:55:05 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll

[2011.12.29 09:55:05 | 001,497,704 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl

[2011.12.29 09:55:05 | 001,378,920 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll

[2011.12.29 09:55:05 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll

[2011.12.29 09:55:05 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll

[2011.12.29 09:55:05 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll

[2011.12.29 09:55:05 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll

[2011.12.29 09:55:05 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll

[2011.12.29 09:55:05 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll

[2011.12.29 09:55:05 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll

[2011.12.29 09:55:05 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll

[2011.12.29 09:55:05 | 000,083,560 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll

[2011.12.29 09:55:05 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll

[2011.12.29 09:55:05 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll

[2011.12.29 09:55:05 | 000,013,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoLDR.dll

[2011.12.29 09:55:04 | 001,836,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll

[2011.12.29 09:55:04 | 000,749,144 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBAPO32.dll

[2011.12.29 09:55:04 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll

[2011.12.29 09:55:04 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll

[2011.12.29 09:55:04 | 000,053,848 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBppld32.dll

[2011.12.29 09:55:04 | 000,050,776 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBPPCn32.dll

[2011.12.29 09:55:03 | 001,740,352 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll

[2011.12.29 09:55:03 | 000,175,200 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll

[2011.12.29 09:55:03 | 000,096,160 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll

[2011.12.29 00:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek

[2011.12.29 00:41:48 | 000,070,232 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBWrp32.dll

[2011.12.29 00:34:57 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Local\ElevatedDiagnostics

[2011.12.29 00:34:33 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Local\ApplicationHistory

[2011.12.29 00:30:41 | 000,000,000 | ---D | C] -- C:\Users\B-boy\Documents\DriverGenius

[2011.12.29 00:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition

[2011.12.29 00:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft

[2011.12.29 00:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius

[2011.12.29 00:09:33 | 000,427,864 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedZip.dll

[2011.12.29 00:09:32 | 001,686,016 | ---- | C] (Clever Components) -- C:\Windows\System32\clinetsuitex6.ocx

[2011.12.27 12:04:46 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex

[2011.12.26 22:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Valve

[2011.12.26 19:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Мастер Визиток

[2011.12.26 17:36:33 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BusinessCards MX

[2011.12.26 17:36:08 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\mojosoft

[2011.12.26 17:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\mojosoft

[2011.12.26 17:36:08 | 000,000,000 | ---D | C] -- C:\Users\B-boy\Documents\BusinessCardsMX templates

[2011.12.26 17:33:48 | 092,000,504 | ---- | C] (mojosoft ) -- C:\Users\B-boy\Documents\BusinessCardsMX-setup.exe

[2011.12.25 21:22:11 | 000,000,000 | ---D | C] -- C:\Downloads

[2011.12.24 13:05:05 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Local\BitTorrent

[2011.12.24 12:37:03 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\BitComet

[2011.12.19 16:15:36 | 014,935,896 | ---- | C] (Foxit Corporation ) -- C:\Users\B-boy\Documents\FoxitReader513.1201_enu_Setup.exe

[2011.12.03 22:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft

[2011.12.03 22:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Aerosoft

[2011.12.01 14:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD

[2011.12.01 14:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2011.11.28 15:06:56 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Local\RadonLabs

[2011.11.25 19:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield

[2011.11.15 16:04:02 | 000,000,000 | ---D | C] -- C:\Users\B-boy\Documents\Any Video Converter

[2011.11.15 16:03:56 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\AnvSoft

[2011.11.15 16:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft

[2011.11.15 16:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft

[2011.11.10 17:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\Total Video Converter

[2011.11.10 17:07:43 | 000,045,056 | ---- | C] (DGPDev) -- C:\Windows\System32\CxxProgressBar.ocx

[2011.11.10 16:49:53 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\TeamViewer

[2011.11.08 19:08:05 | 000,000,000 | ---D | C] -- C:\Users\B-boy\dwhelper

[2011.11.08 13:01:51 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

[2011.11.02 21:56:13 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS

[2011.10.22 13:21:38 | 000,065,536 | ---- | C] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll

[2011.10.19 18:27:43 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Local\Diagnostics

[2011.10.19 18:26:24 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\Thinstall

[2011.10.18 13:52:55 | 000,000,000 | ---D | C] -- C:\Users\B-boy\Documents\Презентации

[2011.10.16 17:54:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011.10.16 17:44:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011.10.16 14:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.10.16 14:38:07 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.10.16 14:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.10.16 14:35:07 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\SUPERAntiSpyware.com

[2011.10.16 14:34:39 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2011.10.16 14:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2011.10.16 14:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2011.10.16 12:58:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx

[2011.10.16 09:16:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2011.10.15 21:57:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS

[2011.10.15 21:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters

[2011.10.15 21:54:05 | 019,087,360 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\System32\mkl_blueripple.dll

[2011.10.15 21:54:04 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll

[2011.10.15 20:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL

[2011.10.15 18:38:30 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys

[2011.10.15 18:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite

[2011.10.15 18:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite

[2011.10.11 14:40:25 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\HD Tune Pro

[2011.10.11 14:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune Pro

[2011.10.10 20:14:00 | 000,000,000 | ---D | C] -- C:\Fraps

[2011.10.10 20:13:41 | 002,309,616 | ---- | C] (Beepa Pty Ltd) -- C:\Users\B-boy\Documents\setup.exe

[2011.10.09 16:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2011.10.09 16:26:30 | 003,730,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll

[2011.10.09 16:26:30 | 002,558,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll

[2011.10.09 16:26:30 | 000,111,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll

[2011.10.09 16:26:30 | 000,066,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll

[2011.10.09 16:26:08 | 017,193,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll

[2011.10.09 16:26:08 | 016,595,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll

[2011.10.09 16:26:08 | 012,636,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll

[2011.10.09 16:26:08 | 010,304,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys

[2011.10.09 16:26:08 | 006,613,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll

[2011.10.09 16:26:08 | 005,404,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll

[2011.10.09 16:26:08 | 002,412,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll

[2011.10.09 16:26:08 | 002,391,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll

[2011.10.09 16:26:08 | 002,090,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll

[2011.10.09 16:26:08 | 000,914,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll

[2011.10.09 16:26:08 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll

[2011.10.09 16:25:28 | 000,000,000 | ---D | C] -- C:\NVIDIA

[2011.10.09 16:03:32 | 000,865,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322090.dll

[2011.10.09 16:03:31 | 000,012,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd

[2011.10.07 13:33:24 | 000,000,000 | ---D | C] -- C:\Users\B-boy\Documents\hack

[2011.10.06 19:34:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2011.10.06 18:47:28 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Local\Google

[2011.10.06 18:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2011.10.06 18:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2011.10.06 18:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2011.10.06 18:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2011.10.06 18:45:38 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Local\Adobe

[2011.10.06 14:11:00 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\EiM2CD2

[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 

========== Files - Modified Within 90 Days ==========

 

[2012.01.03 21:56:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\B-boy\Desktop\OTL.exe

[2012.01.03 21:43:32 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.03 21:43:32 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.03 21:38:32 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job

[2012.01.03 21:37:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.03 21:37:26 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.03 10:36:52 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.02 23:47:56 | 000,660,706 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.01.02 23:47:56 | 000,124,896 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.01.02 21:28:12 | 000,001,572 | ---- | M] () -- C:\Users\B-boy\Desktop\cstrike - Пряк път.lnk

[2012.01.02 00:56:51 | 000,000,534 | ---- | M] () -- C:\Users\B-boy\Desktop\LFS.lnk

[2012.01.01 18:17:30 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk

[2012.01.01 18:17:11 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2012.01.01 16:22:16 | 000,004,608 | ---- | M] () -- C:\Users\B-boy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.01.01 16:11:54 | 039,138,304 | ---- | M] () -- C:\Users\B-boy\Documents\camtasia.msi

[2011.12.30 01:15:23 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk

[2011.12.30 01:14:56 | 006,053,744 | ---- | M] (BitTorrent, Inc.) -- C:\Users\B-boy\Documents\BitTorrent-7.6.exe

[2011.12.29 00:34:33 | 000,000,093 | ---- | M] () -- C:\Users\B-boy\AppData\Local\fusioncache.dat

[2011.12.29 00:29:39 | 000,001,165 | ---- | M] () -- C:\Users\B-boy\Desktop\Driver Genius Professional Edition.lnk

[2011.12.26 17:36:33 | 000,001,180 | ---- | M] () -- C:\Users\B-boy\Desktop\BusinessCardsMX.lnk

[2011.12.26 17:35:15 | 092,000,504 | ---- | M] (mojosoft ) -- C:\Users\B-boy\Documents\BusinessCardsMX-setup.exe

[2011.12.19 16:15:41 | 014,935,896 | ---- | M] (Foxit Corporation ) -- C:\Users\B-boy\Documents\FoxitReader513.1201_enu_Setup.exe

[2011.12.14 13:33:35 | 000,408,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.12.13 16:58:18 | 001,497,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl

[2011.12.13 16:25:38 | 000,200,468 | ---- | M] () -- C:\Windows\System32\drivers\RTAIODAT.DAT

[2011.12.13 11:01:00 | 001,698,408 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll

[2011.12.12 17:20:18 | 000,083,560 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll

[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.12.09 20:17:55 | 004,102,653 | ---- | M] () -- C:\Users\B-boy\Desktop\100 Kila - Super Fresh.mp3

[2011.12.08 17:28:12 | 001,378,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll

[2011.12.08 16:27:38 | 003,319,400 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll

[2011.11.28 20:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2011.11.28 20:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2011.11.28 19:54:38 | 000,111,320 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys

[2011.11.28 19:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2011.11.28 19:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2011.11.28 19:53:22 | 000,195,416 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys

[2011.11.28 19:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2011.11.28 19:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2011.11.28 19:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2011.11.28 19:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2011.11.28 19:26:19 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys

[2011.11.22 22:08:28 | 004,386,540 | ---- | M] () -- C:\Users\B-boy\Desktop\Poli Genova - Na Inat [bulgaria] - Eurovision 2011.mp3

[2011.11.22 16:28:58 | 000,013,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoLDR.dll

[2011.11.22 11:36:06 | 002,359,400 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll

[2011.11.15 16:03:52 | 000,001,194 | ---- | M] () -- C:\Users\B-boy\Desktop\Any Video Converter.lnk

[2011.11.10 17:06:27 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2011.11.10 16:14:24 | 000,749,144 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\MBAPO32.dll

[2011.10.22 13:21:38 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll

[2011.10.16 14:34:39 | 000,001,961 | ---- | M] () -- C:\Users\B-boy\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011.10.15 18:38:30 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys

[2011.10.10 20:13:50 | 002,309,616 | ---- | M] (Beepa Pty Ltd) -- C:\Users\B-boy\Documents\setup.exe

[2011.10.08 10:38:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2011.10.06 18:43:54 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012.01.03 10:36:52 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.02 21:28:12 | 000,001,572 | ---- | C] () -- C:\Users\B-boy\Desktop\cstrike - Пряк път.lnk

[2012.01.02 00:56:51 | 000,000,534 | ---- | C] () -- C:\Users\B-boy\Desktop\LFS.lnk

[2012.01.01 18:17:30 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk

[2012.01.01 16:21:26 | 000,004,608 | ---- | C] () -- C:\Users\B-boy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.01.01 16:11:18 | 039,138,304 | ---- | C] () -- C:\Users\B-boy\Documents\camtasia.msi

[2011.12.30 01:15:23 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk

[2011.12.29 09:55:05 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT

[2011.12.29 00:34:33 | 000,000,093 | ---- | C] () -- C:\Users\B-boy\AppData\Local\fusioncache.dat

[2011.12.29 00:29:39 | 000,001,165 | ---- | C] () -- C:\Users\B-boy\Desktop\Driver Genius Professional Edition.lnk

[2011.12.26 17:36:33 | 000,001,180 | ---- | C] () -- C:\Users\B-boy\Desktop\BusinessCardsMX.lnk

[2011.12.09 20:17:51 | 004,102,653 | ---- | C] () -- C:\Users\B-boy\Desktop\100 Kila - Super Fresh.mp3

[2011.11.22 22:08:25 | 004,386,540 | ---- | C] () -- C:\Users\B-boy\Desktop\Poli Genova - Na Inat [bulgaria] - Eurovision 2011.mp3

[2011.11.15 16:03:52 | 000,001,194 | ---- | C] () -- C:\Users\B-boy\Desktop\Any Video Converter.lnk

[2011.11.02 21:56:13 | 000,000,266 | ---- | C] () -- C:\Windows\tasks\AutoKMS.job

[2011.10.16 14:34:39 | 000,001,961 | ---- | C] () -- C:\Users\B-boy\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011.10.08 10:38:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2011.10.01 19:26:52 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin

[2011.10.01 08:35:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2011.10.01 08:34:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011.09.30 20:56:08 | 000,921,665 | ---- | C] () -- C:\Windows\System32\msvcrt-ruby18.dll

[2011.09.30 20:56:08 | 000,271,264 | ---- | C] () -- C:\Windows\System32\vbrun100.dll

[2011.09.30 20:56:08 | 000,210,944 | ---- | C] () -- C:\Windows\System32\msvcrt10.dll

[2011.09.30 20:56:08 | 000,027,136 | ---- | C] () -- C:\Windows\System32\pythonw.exe

[2011.09.30 20:56:08 | 000,026,624 | ---- | C] () -- C:\Windows\System32\python.exe

[2011.09.30 20:56:08 | 000,020,537 | ---- | C] () -- C:\Windows\System32\rubyw.exe

[2011.09.30 20:56:08 | 000,020,536 | ---- | C] () -- C:\Windows\System32\ruby.exe

[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe

[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 06:33:53 | 000,408,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.07.14 04:05:48 | 000,660,706 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009.07.14 04:05:48 | 000,124,896 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

 

========== LOP Check ==========

 

[2011.11.15 16:03:56 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\AnvSoft

[2011.12.30 01:08:15 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\BitComet

[2012.01.03 21:38:27 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\BitTorrent

[2011.12.30 20:27:48 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\DAEMON Tools Lite

[2011.10.06 14:12:01 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\EiM2CD2

[2011.10.11 14:40:25 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\HD Tune Pro

[2011.12.30 20:34:51 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\Leadertech

[2011.12.26 17:36:08 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\mojosoft

[2011.10.04 06:58:48 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\Opera

[2011.11.30 15:02:36 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\TeamViewer

[2011.10.19 18:26:24 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\Thinstall

[2012.01.03 21:38:32 | 000,000,266 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job

[2011.12.13 10:17:50 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%*.* >

[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2010.11.20 14:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr

[2011.10.01 07:45:12 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2012.01.03 21:37:26 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys

[2011.10.01 12:11:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2011.10.01 12:11:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2012.01.03 21:37:26 | 2146,754,560 | -HS- | M] () -- C:\pagefile.sys

[2011.09.30 21:26:10 | 000,000,000 | RHS- | M] () -- C:\pclv.ld

[2011.09.30 21:26:10 | 000,288,001 | RHS- | M] () -- C:\SDYBO

 

< %USERPROFILE%*.* >

[2012.01.03 22:00:29 | 001,835,008 | -HS- | M] () -- C:\Users\B-boy\ntuser.dat

[2012.01.03 22:00:28 | 000,262,144 | -HS- | M] () -- C:\Users\B-boy\ntuser.dat.LOG1

[2011.09.30 20:58:19 | 000,000,000 | -HS- | M] () -- C:\Users\B-boy\ntuser.dat.LOG2

[2011.11.09 14:51:59 | 000,065,536 | -HS- | M] () -- C:\Users\B-boy\ntuser.dat{6d419d3a-0abd-11e1-9d72-0019663e49cd}.TM.blf

[2011.11.09 14:51:59 | 000,524,288 | -HS- | M] () -- C:\Users\B-boy\ntuser.dat{6d419d3a-0abd-11e1-9d72-0019663e49cd}.TMContainer00000000000000000001.regtrans-ms

[2011.11.09 14:51:59 | 000,524,288 | -HS- | M] () -- C:\Users\B-boy\ntuser.dat{6d419d3a-0abd-11e1-9d72-0019663e49cd}.TMContainer00000000000000000002.regtrans-ms

[2012.01.01 13:53:47 | 000,000,020 | -HS- | M] () -- C:\Users\B-boy\ntuser.ini

 

< %USERPROFILE%AppDataLocal*.* >

 

< %USERPROFILE%AppDataRoaming*.* >

 

< %ProgramData%*.* >

 

< %CommonProgramFiles%*.* >

 

< %PROGRAMFILES%*.* >

[2009.07.14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

 

< %systemroot%system32*.dll /lockedfiles >

 

< %systemroot%Tasks*.job /lockedfiles >

 

< %systemroot%system32drivers*.sys /90 >

 

< %systemroot%system32drivers*.sys /lockedfiles >

 

< %systemroot%system32Spoolprtprocsw32x86*.dll >

 

< %systemroot%\*. /mp /s >

 

 

< MD5 for: EXPLORER.EXE >

[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe

[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe

[2010.07.14 03:22:50 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe

[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[2010.07.14 03:21:06 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2010.07.14 03:21:06 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2010.07.14 03:22:50 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

 

< MD5 for: USERINIT.EXE >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 

< MD5 for: VOLSNAP.SYS >

[2009.07.14 03:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys

[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys

[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys

[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

 

< MD5 for: WININIT.EXE >

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 

< MD5 for: WINLOGON.EXE >

[2010.07.14 03:22:50 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2010.07.14 03:22:50 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 

< End of report >

 

 

 

Extras:

 

 

OTL Extras logfile created on: 3.1.2012 г. 21:57:44 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\B-boy\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000402 | Country: България | Language: BGR | Date Format: d.M.yyyy 'г.'

 

2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,26% Memory free

4,00 Gb Paging File | 2,90 Gb Available in Paging File | 72,57% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 48,83 Gb Total Space | 16,70 Gb Free Space | 34,20% Space Free | Partition Type: NTFS

Drive D: | 416,92 Gb Total Space | 278,68 Gb Free Space | 66,84% Space Free | Partition Type: NTFS

Drive F: | 6,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: B-BOY-PC | User Name: B-boy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0D5B5ED2-3E38-4585-B1F3-64B2A9EA95D6}_is1" = BusinessCards MX

"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{5C9DA6A8-6479-47FE-B67E-F3953E2FCD7A}_is1" = Мастер Визиток 4.61

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0015-0402-0000-0000000FF1CE}" = Microsoft Office Access MUI (Bulgarian) 2010

"{90140000-0015-0402-0000-0000000FF1CE}_Office14.PROPLUS_{59A0F32E-76D1-4BD1-BE32-554DD2F05DB4}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0402-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Bulgarian) 2010

"{90140000-0016-0402-0000-0000000FF1CE}_Office14.PROPLUS_{59A0F32E-76D1-4BD1-BE32-554DD2F05DB4}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0402-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Bulgarian) 2010

"{90140000-0018-0402-0000-0000000FF1CE}_Office14.PROPLUS_{59A0F32E-76D1-4BD1-BE32-554DD2F05DB4}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0402-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Bulgarian) 2010

"{90140000-0019-0402-0000-0000000FF1CE}_Office14.PROPLUS_{59A0F32E-76D1-4BD1-BE32-554DD2F05DB4}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0402-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Bulgarian) 2010

"{90140000-001A-0402-0000-0000000FF1CE}_Office14.PROPLUS_{59A0F32E-76D1-4BD1-BE32-554DD2F05DB4}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0402-0000-0000000FF1CE}" = Microsoft Office Word MUI (Bulgarian) 2010

"{90140000-001B-0402-0000-0000000FF1CE}_Office14.PROPLUS_{59A0F32E-76D1-4BD1-BE32-554DD2F05DB4}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0402-0000-0000000FF1CE}" = Microsoft Office Proof (Bulgarian) 2010

"{90140000-001F-0402-0000-0000000FF1CE}_Office14.PROPLUS_{0709C35F-CF3B-4B05-8A2D-6FFD8F9A5F67}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010

"{90140000-001F-0419-0000-0000000FF1CE}_Office14.PROPLUS_{DD6E7CDF-BDFF-43CF-8CCE-84FBEC5ABB77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0402-0000-0000000FF1CE}" = Microsoft Office Proofing (Bulgarian) 2010

"{90140000-002C-0402-0000-0000000FF1CE}_Office14.PROPLUS_{C8054E0D-931E-4977-873A-017236B74357}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0402-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Bulgarian) 2010

"{90140000-0044-0402-0000-0000000FF1CE}_Office14.PROPLUS_{59A0F32E-76D1-4BD1-BE32-554DD2F05DB4}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0402-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Bulgarian) 2010

"{90140000-006E-0402-0000-0000000FF1CE}_Office14.PROPLUS_{2800BF0D-D21D-49F8-988D-6F521900953C}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0402-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Bulgarian) 2010

"{90140000-00A1-0402-0000-0000000FF1CE}_Office14.PROPLUS_{59A0F32E-76D1-4BD1-BE32-554DD2F05DB4}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0402-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Bulgarian) 2010

"{90140000-00BA-0402-0000-0000000FF1CE}_Office14.PROPLUS_{59A0F32E-76D1-4BD1-BE32-554DD2F05DB4}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AIDA64 Business Edition_is1" = AIDA64 Business Edition v1.85

"Any Video Converter_is1" = Any Video Converter 3.3.0

"avast" = avast! Internet Security

"BitTorrent" = BitTorrent

"CCleaner" = CCleaner

"DAEMON Tools Lite" = DAEMON Tools Lite

"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware, версия 1.60.0.1800

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Mozilla Firefox 4.0 (x86 bg)" = Mozilla Firefox 4.0 (x86 bg)

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"Opera 11.01.1190" = Opera 11.01

"SpeedFan" = SpeedFan (remove only)

"The KMPlayer" = The KMPlayer (remove only)

"WinRAR archiver" = WinRAR 4.01 (32-битова версия)

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-932158286-1761716740-2224712450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Counter-Strike 1.6: New Era" = Counter-Strike 1.6: New Era

 

========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

Link to comment
Сподели другаде

Стартирайте отново OTL.

  • В полето Custom Scans/Fixes поставете следния текст:

:OTL
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1000..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray File not found
O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1003..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray File not found
O8 - Extra context menu item: &Експортиране към Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Изпрати към OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
:Commands
[emptytemp]
[reboot]

 

 

Копирайте кода точно както е даден. Уверете се, че не изтървате някое от двуеточията в началото. Уверете се също така, че всяка от командите е на нов ред, както е в полето.

  • След въвеждане на кода в полето Custom Scans/Fixes, натиснете бутона Run Fix. Потвърдете съобщението за рестартиране на системата.

След рестартирането на системата, ще се появи лог-файл, намиращ се в C:\_OTL\Moved Files. Моля, прикачете съответния лог -файл към следващия Ви коментар.

 

 

Като цяло това са "козметични" промени по системата. Не намерих следи от зловреден код, настанил се на Вашата система.

 

Ще Ви посъветвам да промените настройката на UAC (User Account Control), като за текуща стойност зададете най-оптималната такава. Също така препоръчвам изключването на Autoplay функцията за преносимите устройства.

 

Виждам, че използвате SuperAntiSpyware. Спрете работата на въпросното приложение в реално време. Проверете дали проблемът е налице.

 

Стартирайте системата в Safe Mode with Networking. Проверете дали има забавяне при тези условия на работа със системата.

Link to comment
Сподели другаде

Стартирайте отново OTL.

  • В полето Custom Scans/Fixes поставете следния текст:

:OTL
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1000..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray File not found
O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1003..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray File not found
O8 - Extra context menu item: &Експортиране към Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Изпрати към OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
:Commands
[emptytemp]
[reboot]

 

 

Копирайте кода точно както е даден. Уверете се, че не изтървате някое от двуеточията в началото. Уверете се също така, че всяка от командите е на нов ред, както е в полето.

  • След въвеждане на кода в полето Custom Scans/Fixes, натиснете бутона Run Fix. Потвърдете съобщението за рестартиране на системата.

След рестартирането на системата, ще се появи лог-файл, намиращ се в C:\_OTL\Moved Files. Моля, прикачете съответния лог -файл към следващия Ви коментар.

 

 

Като цяло това са "козметични" промени по системата. Не намерих следи от зловреден код, настанил се на Вашата система.

 

Ще Ви посъветвам да промените настройката на UAC (User Account Control), като за текуща стойност зададете най-оптималната такава. Също така препоръчвам изключването на Autoplay функцията за преносимите устройства.

 

Виждам, че използвате SuperAntiSpyware. Спрете работата на въпросното приложение в реално време. Проверете дали проблемът е налице.

 

Стартирайте системата в Safe Mode with Networking. Проверете дали има забавяне при тези условия на работа със системата.

 

 

 

Как се стартира това нещо? : Safe Mode with Networking

Link to comment
Сподели другаде

Как се стартира това нещо? : Safe Mode with Networking

  • Рестартирайте системата.
  • След появата на началните надписи, след стартиране на системата (Power-On Self Test - POST), започнете да натискатe клавиша F8. По този начин ще стартирате Windows Advanced Options Menu.
  • Изберете Safe Mode with Networking и натиснете Enter.

Е ако нямам вирус на какво се дължи проблема?

 

Точно това се опитваме да разберем. Моля, не бъдете припряни.

Link to comment
Сподели другаде

  • 2 weeks later...

Докато браузвах, изведнъж се появи прозореца на NOD Antivirus V5 с предупреждение за открита зараза. Това фалшива тревога ли е? Сканирах с MABM и SAS - нищо не откриват.post-8656-0-29968900-1326721854_thumb.png

 

Няколко пъти поред зададох изтриване и прозореца пак изскачаше. С нещо друго да сканирам ли и какъв е този файл,който е проблемен, според NOD? Благодаря.

 

п.п сега забелязах, че Nod скапва адблока в мозила. Явно трие филтъра, защото рекламите се появиха и когато се опитах да добавя bulgarian+easy list в адблока, нода полудя. Смятам че е фалшива тревога, но какво ще препоръчате?post-8656-0-57803200-1326723619_thumb.png

Link to comment
Сподели другаде

Пробвай да ги сложиш в изключенията или ги прати за анализ на лабораторията им да си оправят дефинициите... (ако вече не са го сторили).

Това е доста използван плъгин и сигурно вече се е разчула ситуацията.

Link to comment
Сподели другаде

Пратих ги за анализ. NOD вече не засича заплаха при добавяне на филтъра. Последното oбновяване на антивируса е от 18:12 часа, а малко преди това пратих файловете за анализ. Явно бързо действат. :)

 

Благодаря b-boy.

Link to comment
Сподели другаде

  • 2 months later...

Здравейте,за да не пускам нова тема питам тук-имам следния проблем ;Явно с някоя програма ми се е инсталирал "Яндекс",аз го изтрих от мозилата като добавка,и от контрол панела,търсих и с кучето и изтрих всичко,обаче явно пак е останал някъде и сега ми блокирва един сайт и не само него- какво трябва да направя да го махна това чудо напълно?Аз съм с Windows XP

http://store.picbg.net/pubpic/E3/15/6c13667aa31ee315.JPG http://store.picbg.net/pubpic/DB/F6/49061ed1efccdbf6.JPG :lookaround:

Link to comment
Сподели другаде

Здравейте,за да не пускам нова тема питам тук-имам следния проблем ;Явно с някоя програма ми се е инсталирал "Яндекс",аз го изтрих от мозилата като добавка,и от контрол панела,търсих и с кучето и изтрих всичко,обаче явно пак е останал някъде и сега ми блокирва един сайт и не само него- какво трябва да направя да го махна това чудо напълно?Аз съм с Windows XP

http://store.picbg.n...67aa31ee315.JPG http://store.picbg.n...ed1efccdbf6.JPG :lookaround:

 

От лентата с менютата на Firefox, избираш Инструменти - Настройки - Сигурност, махаш отметките на:

  • Блокиране на сайтовете, докладвани като "атакуващи"
  • Блокиране на сайтовете, докладвани като "измамнически"

post-16842-0-68993100-1333792328_thumb.png

 

Потвърждаваш с бутона "Добре" и рестартираш Firefox.

Link to comment
Сподели другаде

И защо да маха тези отметки ? А и така ще ги премахне за всички сайтове, не само за yandex. :)

 

@zygi123

 

 

Изтеглете OTL.exe и го запазете на десктопа.

  • Стартирайте OTL.exe
  • Направете следните настройки:
  • Сложете отметка пред Scan All Users http://img408.imageshack.us/img408/1442/46625204.png
  • Под менюто File Age изберете 90 days
  • Под менюто Standard Registry променете на ALL
  • Сложете отметки пред LOP и Purity Check

Под http://store.picbg.net/pubpic/0A/C1/c814d031472c0ac1.png с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):

netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\Application Data\*.*
%USERPROFILE%\Local Settings\Application Data\*.*
%AllUsersProfile%\*.*
%AllUsersProfile%\Application Data\*.*
%USERPROFILE%\My Documents\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\config\systemprofile\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*
%windir%\temp*.*
%windir%\system32\*.
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /rp /s
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\assembly\GAC_MSIL\*.* /S /MD5
/md5start
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
hlp.dat
/md5stop

  • Натиснете маркираният в синьо бутон: Run Scan.
  • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

Link to comment
Сподели другаде

И защо да маха тези отметки ? А и така ще ги премахне за всички сайтове, не само за yandex. :)

 

Защото е практически безполезна опция. Веднъж на 1000 - грубо казано, можеш да получиш такова съобщение и нищо чудно да е фалшива тревога. Предпочитам да разчитам на антивирусния софтуер, като ESET или avast!, които си проверяват дали страницата е опасна и съответно те махат оттам, прекратявайки връзката към нея. Все пак последните постоянно се актуализират и със сигурност защитават по-надежно от тази вградена опция на Firefox.

 

П.П. Добре е да си обнови avast!-a до последна версия - avast!

и да го регистрира

Link to comment
Сподели другаде

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гост
Отговори на тази тема

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   Не можете да качите директно снимка. Качете или добавете изображението от линк (URL)

Loading...

×
×
  • Създай ново...