Jump to content

Проблес със Скайп

justinn
 Share

Препоръчан пост

justinn Новобранец

justinn

Публикувано
Публикувано
Преди около час ми пратиха някакви линкове по скайп и без да искам натиснах на единия от тях и се почнаха проблемите. Когато е включен скайп, ако отворя интернет браузерите или някои други програми сле по малко от секунда се затварят и не мога да редактирам регистрите. Когато го изключа нямам проблем. Преинсталирах го, но не се оправи. Ето това са процесите които са към него в task menager.

post-4667-12613487482468_thumb.jpg

Link to comment
Сподели другаде
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

Пипнали сте вируса Win32.Chydo.

 

Изтеглете OTL.exe и го запазете на десктопа.

 

Стартирайте файла http://billy-oneal.com/forums/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png с двукратен клик на мишката.

 

Направете следните настройки:

 

http://i47.tinypic.com/f1a78i.jpg

 

Натиснете Run Scan.

Като приключи проверката публикувайте двата лог файла - OTL.Txt и Extras.Txt.

Link to comment
Сподели другаде
justinn Новобранец

justinn

Публикувано
  • Author
Публикувано

OTL logfile created on: 21.12.2009 01:17:13 - Run 1

OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Radoslav\My Documents\Bluetooth\share

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000402 | Country: Bulgaria | Language: bgr | Date Format: dd.MM.yyyy

 

511.00 Mb Total Physical Memory | 127.00 Mb Available Physical Memory | 25.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 24.42 Gb Total Space | 10.05 Gb Free Space | 41.14% Space Free | Partition Type: NTFS

Drive D: | 99.23 Gb Total Space | 57.28 Gb Free Space | 57.72% Space Free | Partition Type: NTFS

Drive E: | 25.39 Gb Total Space | 15.96 Gb Free Space | 62.86% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: HOME-PC

Current User Name: Radoslav

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Radoslav\My Documents\Bluetooth\share\OTL.exe (OldTimer Tools)

PRC - C:\Documents and Settings\Radoslav\Local Settings\Temp\xrfpkwtgrkpsznld.exe ()

PRC - C:\Documents and Settings\Radoslav\Local Settings\Temp\lvzzkm.exe ()

PRC - C:\Program Files\utorrent\utorrent.exe (BitTorrent, Inc.)

PRC - C:\Program Files\Opera\opera.exe (Opera Software)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)

PRC - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)

PRC - C:\Program Files\Bluetooth\BtTray.exe ()

PRC - C:\Program Files\Bluetooth\BsHelpCS.exe ()

PRC - C:\Program Files\Bluetooth\BsMobileCS.exe ()

PRC - C:\Program Files\Bluetooth\BlueSoleilCS.exe ()

PRC - C:\Program Files\LCD Monitor\MultiScreen\MultiScreen.exe ()

PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Active Desktop Calendar\ADC.exe (XemiComputers ltd.)

PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\IoctlSvc.exe (Prolific Technology Inc.)

PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\VIA\RAID\raid_tool.exe (VIA)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Radoslav\My Documents\Bluetooth\share\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\LCD Monitor\MultiScreen\ServiceHook.dll ()

MOD - C:\WINDOWS\system32\mfc42.dll (Microsoft Corporation)

MOD - C:\Program Files\Active Desktop Calendar\MouseHook.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (PDEngine) -- C:\Program Files\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)

SRV - (PDAgent) -- C:\Program Files\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)

SRV - (NMIndexingService) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)

SRV - (Nero BackItUp Scheduler 3) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)

SRV - (BsHelpCS) -- C:\Program Files\Bluetooth\BsHelpCS.exe ()

SRV - (BsMobileCS) -- C:\Program Files\Bluetooth\BsMobileCS.exe ()

SRV - (BlueSoleilCS) -- C:\Program Files\Bluetooth\BlueSoleilCS.exe ()

SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (PLFlash DeviceIoControl Service) -- C:\WINDOWS\system32\IoctlSvc.exe (Prolific Technology Inc.)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)

DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)

DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (DefragFS) -- C:\WINDOWS\system32\drivers\DefragFs.sys (Raxco Software, Inc.)

DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.)

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (BtHidBus) -- C:\WINDOWS\System32\Drivers\BtHidBus.sys (IVT Corporation.)

DRV - (IvtBtBUs) -- C:\WINDOWS\system32\drivers\IvtBtBus.sys (IVT Corporation.)

DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (usbser) -- C:\WINDOWS\system32\drivers\usbser.sys (Microsoft Corporation)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (BT) -- C:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.)

DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.)

DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)

DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)

DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)

DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)

DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )

DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)

DRV - (viasraid) -- C:\WINDOWS\system32\drivers\viasraid.sys (VIA Technologies inc,.ltd)

DRV - (CA561) ICatch (VI) -- C:\WINDOWS\system32\drivers\SPCA561.SYS (SP)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

 

 

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg

IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 B9 1F 98 BC 81 CA 01 [binary data]

IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1003\S-1-5-21-2000478354-1957994488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

O1 HOSTS File: (801 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 66.98.148.65 auto.search.msn.com

O1 - Hosts: 66.98.148.65 auto.search.msn.es

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-2000478354-1957994488-839522115-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [btTray] C:\Program Files\Bluetooth\BtTray.exe ()

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MultiScreen] C:\Program Files\LCD Monitor\MultiScreen\MultiScreen.exe ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [njzliwvkxszenddxih] C:\Documents and Settings\Radoslav\Local Settings\Temp\azshhyasigqykdgdrtsla.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [pfpvmunwdsts] C:\WINDOWS\System32\njzliwvkxszenddxih.exe ()

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

O4 - HKU\S-1-5-21-2000478354-1957994488-839522115-1003..\Run: [Active Desktop Calendar] C:\Program Files\Active Desktop Calendar\ADC.exe (XemiComputers ltd.)

O4 - HKU\S-1-5-21-2000478354-1957994488-839522115-1003..\Run: [pfpvmunwdsts] C:\Documents and Settings\Radoslav\Local Settings\Temp\yvmzxmmcqmuakbcxjjg.exe ()

O4 - HKU\S-1-5-21-2000478354-1957994488-839522115-1003..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKU\S-1-5-21-2000478354-1957994488-839522115-1003..\Run: [slyhbmiuewacivs] C:\WINDOWS\System32\njzliwvkxszenddxih.exe ()

O4 - HKU\S-1-5-21-2000478354-1957994488-839522115-1003..\Run: [uTorrent] C:\Program Files\utorrent\utorrent.exe (BitTorrent, Inc.)

O4 - HKLM..\RunOnce: [ezozvigugagkshgzj] C:\Documents and Settings\Radoslav\Local Settings\Temp\ezozvigugagkshgzj.exe ()

O4 - HKLM..\RunOnce: [ofqxpysckaccg] C:\WINDOWS\System32\ezozvigugagkshgzj.exe ()

O4 - HKU\S-1-5-21-2000478354-1957994488-839522115-1003..\RunOnce: [ofqxpysckaccg] C:\Documents and Settings\Radoslav\Local Settings\Temp\xrfpkwtgrkpsznld.exe ()

O4 - HKU\S-1-5-21-2000478354-1957994488-839522115-1003..\RunOnce: [xrfpkwtgrkpsznld] C:\WINDOWS\System32\yvmzxmmcqmuakbcxjjg.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe (VIA)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: phtbuezktknotf = ljbpoefwliryjbdzmnld.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: shqvlsksymm = C:\DOCUME~1\Radoslav\LOCALS~1\Temp\ljbpoefwliryjbdzmnld.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2000478354-1957994488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1

O7 - HKU\S-1-5-21-2000478354-1957994488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\Bluetooth\TransSend\IE\tsinfo.htm ()

O8 - Extra context menu item: Send via &Message... - C:\Program Files\Bluetooth\TransSend\IE\tssms.htm ()

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.08.18 20:16:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009.12.21 01:06:36 | 00,000,838 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009.12.21 01:06:37 | 00,000,839 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009.12.21 01:06:38 | 00,000,792 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2009.12.20 23:53:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Radoslav\Application Data\Malwarebytes

[2009.12.20 23:53:57 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009.12.20 23:53:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009.12.20 23:53:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009.12.20 23:53:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009.12.20 23:31:53 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Radoslav\Recent

[2009.12.20 23:23:49 | 00,000,000 | ---D | C] -- C:\Program Files\Skype

[2009.12.20 23:23:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2009.12.19 21:29:02 | 00,000,000 | ---D | C] -- C:\Program Files\Nero

[2009.12.19 20:27:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Radoslav\Application Data\Nero

[2009.12.19 20:23:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero

[2009.12.19 20:23:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero

[2009.12.12 05:45:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Radoslav\Desktop\New Folder

[2009.12.08 14:28:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Radoslav\Desktop\Music

[2009.12.08 10:07:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\Nokia

[2009.12.08 10:06:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\NokiaAccount

[2009.12.08 09:22:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache

[2009.11.22 17:28:02 | 00,000,000 | ---D | C] -- C:\Program Files\LCD Monitor

[2009.10.04 21:53:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009.09.19 02:05:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009.08.18 22:06:56 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2009.08.18 20:20:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2005.05.11 22:36:48 | 00,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2009.12.21 01:19:23 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\ofqxpysckaccgrmbhbsdkclfpxnpptezouo.qxp

[2009.12.21 01:19:23 | 00,000,316 | -H-- | M] () -- C:\Program Files\ofqxpysckaccgrmbhbsdkclfpxnpptezouo.qxp

[2009.12.21 01:19:23 | 00,000,316 | -H-- | M] () -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\ofqxpysckaccgrmbhbsdkclfpxnpptezouo.qxp

[2009.12.21 01:19:20 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\xltxmsjqvihefnfrulzhlagxejwvstbt.izn

[2009.12.21 01:19:20 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\System32\xltxmsjqvihefnfrulzhlagxejwvstbt.izn

[2009.12.21 01:19:20 | 00,002,408 | -H-- | M] () -- C:\Program Files\xltxmsjqvihefnfrulzhlagxejwvstbt.izn

[2009.12.21 01:19:20 | 00,002,408 | -H-- | M] () -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\xltxmsjqvihefnfrulzhlagxejwvstbt.izn

[2009.12.21 01:19:20 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\bfdxcyfcxapctrzbubfdxc.fcx

[2009.12.21 01:19:20 | 00,000,280 | -H-- | M] () -- C:\Program Files\bfdxcyfcxapctrzbubfdxc.fcx

[2009.12.21 01:19:20 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\bfdxcyfcxapctrzbubfdxc.fcx

[2009.12.21 01:19:19 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\rrlbcuxqhgranhljybbvlm.exe

[2009.12.21 01:19:18 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\yvmzxmmcqmuakbcxjjg.exe

[2009.12.21 01:19:18 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\xrfpkwtgrkpsznld.exe

[2009.12.21 01:19:18 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\njzliwvkxszenddxih.exe

[2009.12.21 01:19:18 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\ljbpoefwliryjbdzmnld.exe

[2009.12.21 01:19:18 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\ezozvigugagkshgzj.exe

[2009.12.21 01:19:18 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\azshhyasigqykdgdrtsla.exe

[2009.12.21 01:18:37 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\bfdxcyfcxapctrzbubfdxc.fcx

[2009.12.21 01:18:22 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\System32\ofqxpysckaccgrmbhbsdkclfpxnpptezouo.qxp

[2009.12.21 01:13:15 | 00,000,260 | ---- | M] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI

[2009.12.21 01:07:27 | 00,006,644 | ---- | M] () -- C:\WINDOWS\System32\LOCALSERVICE.INI

[2009.12.21 01:07:27 | 00,000,966 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini

[2009.12.21 01:07:27 | 00,000,099 | ---- | M] () -- C:\WINDOWS\System32\LOCALDEVICE.INI

[2009.12.21 01:06:36 | 00,000,838 | RHS- | M] () -- C:\autorun.inf

[2009.12.21 01:05:21 | 00,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009.12.21 01:05:10 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\System32\rrlbcuxqhgranhljybbvlm.exe

[2009.12.21 01:05:10 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\System32\azshhyasigqykdgdrtsla.exe

[2009.12.21 01:05:09 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\System32\yvmzxmmcqmuakbcxjjg.exe

[2009.12.21 01:05:09 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\System32\xrfpkwtgrkpsznld.exe

[2009.12.21 01:05:09 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\System32\njzliwvkxszenddxih.exe

[2009.12.21 01:05:09 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\System32\ljbpoefwliryjbdzmnld.exe

[2009.12.21 01:05:09 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\System32\ezozvigugagkshgzj.exe

[2009.12.21 01:04:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009.12.21 01:04:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009.12.21 01:04:46 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys

[2009.12.21 01:03:56 | 04,718,592 | -H-- | M] () -- C:\Documents and Settings\Radoslav\NTUSER.DAT

[2009.12.21 01:03:56 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Radoslav\ntuser.ini

[2009.12.20 23:53:57 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009.12.20 23:47:54 | 00,166,533 | ---- | M] () -- C:\Documents and Settings\Radoslav\Desktop\untitled 1.JPG

[2009.12.20 23:47:19 | 00,282,183 | ---- | M] () -- C:\Documents and Settings\Radoslav\Desktop\untitled.JPG

[2009.12.20 23:28:09 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009.12.20 22:59:35 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009.12.20 22:55:27 | 00,000,138 | -H-- | M] () -- C:\WINDOWS\System32\phtbuezktknotfbrytlxfyidoxorsxjfvcxp.jcm

[2009.12.20 22:55:27 | 00,000,138 | -H-- | M] () -- C:\WINDOWS\phtbuezktknotfbrytlxfyidoxorsxjfvcxp.jcm

[2009.12.20 22:55:27 | 00,000,138 | -H-- | M] () -- C:\Program Files\phtbuezktknotfbrytlxfyidoxorsxjfvcxp.jcm

[2009.12.20 22:55:27 | 00,000,138 | -H-- | M] () -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\phtbuezktknotfbrytlxfyidoxorsxjfvcxp.jcm

[2009.12.20 22:55:02 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\System32\shqvlsksymmkmvobfxmvaqxpxdrrpratg.cra

[2009.12.20 22:55:02 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\shqvlsksymmkmvobfxmvaqxpxdrrpratg.cra

[2009.12.20 22:55:02 | 00,004,248 | -H-- | M] () -- C:\Program Files\shqvlsksymmkmvobfxmvaqxpxdrrpratg.cra

[2009.12.20 22:55:02 | 00,004,248 | -H-- | M] () -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\shqvlsksymmkmvobfxmvaqxpxdrrpratg.cra

[2009.12.20 16:13:50 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.12.19 21:38:32 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009.12.19 21:36:52 | 00,002,352 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk

[2009.12.19 21:34:42 | 00,001,024 | ---- | M] () -- C:\Documents and Settings\Radoslav\.rnd

[2009.12.19 21:07:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Irremote.ini

[2009.12.13 12:29:23 | 04,474,880 | ---- | M] () -- C:\Documents and Settings\Radoslav\Desktop\50 Cent - Baby By Me (Feat Ne-Yo).mp3

[2009.12.12 13:53:15 | 00,444,342 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009.12.12 13:53:14 | 00,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009.12.12 13:53:14 | 00,072,218 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009.12.06 21:53:45 | 00,000,192 | ---- | M] () -- C:\WINDOWS\winamp.ini

[2009.12.06 21:53:24 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\Radoslav\Desktop\Winamp.lnk

[2009.12.03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009.12.03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009.12.02 20:00:03 | 05,314,086 | -H-- | M] () -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\IconCache.db

[2009.11.22 22:33:41 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\Radoslav\Desktop\Counter Strike.lnk

[2009.11.22 22:22:43 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009.11.22 20:44:32 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\XTCS Counter-Strike 1.6 Final Release.lnk

[2009.11.22 18:44:27 | 00,000,113 | ---- | M] () -- C:\WINDOWS\bkg.ini

[2009.11.22 17:33:48 | 00,074,376 | ---- | M] () -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009.11.22 17:33:12 | 00,278,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2009.12.20 23:53:57 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009.12.20 23:47:53 | 00,166,533 | ---- | C] () -- C:\Documents and Settings\Radoslav\Desktop\untitled 1.JPG

[2009.12.20 23:47:18 | 00,282,183 | ---- | C] () -- C:\Documents and Settings\Radoslav\Desktop\untitled.JPG

[2009.12.20 23:23:51 | 00,002,257 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009.12.20 22:55:29 | 00,000,838 | RHS- | C] () -- C:\autorun.inf

[2009.12.20 22:55:18 | 00,002,402 | -H-- | C] () -- C:\WINDOWS\xltxmsjqvihefnfrulzhlagxejwvstbt.izn

[2009.12.20 22:55:18 | 00,002,402 | -H-- | C] () -- C:\WINDOWS\System32\xltxmsjqvihefnfrulzhlagxejwvstbt.izn

[2009.12.20 22:55:18 | 00,002,402 | -H-- | C] () -- C:\Program Files\xltxmsjqvihefnfrulzhlagxejwvstbt.izn

[2009.12.20 22:55:18 | 00,002,402 | -H-- | C] () -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\xltxmsjqvihefnfrulzhlagxejwvstbt.izn

[2009.12.20 22:55:18 | 00,000,316 | -H-- | C] () -- C:\WINDOWS\System32\ofqxpysckaccgrmbhbsdkclfpxnpptezouo.qxp

[2009.12.20 22:55:18 | 00,000,316 | -H-- | C] () -- C:\WINDOWS\ofqxpysckaccgrmbhbsdkclfpxnpptezouo.qxp

[2009.12.20 22:55:18 | 00,000,316 | -H-- | C] () -- C:\Program Files\ofqxpysckaccgrmbhbsdkclfpxnpptezouo.qxp

[2009.12.20 22:55:18 | 00,000,316 | -H-- | C] () -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\ofqxpysckaccgrmbhbsdkclfpxnpptezouo.qxp

[2009.12.20 22:55:17 | 00,000,138 | -H-- | C] () -- C:\WINDOWS\System32\phtbuezktknotfbrytlxfyidoxorsxjfvcxp.jcm

[2009.12.20 22:55:17 | 00,000,138 | -H-- | C] () -- C:\WINDOWS\phtbuezktknotfbrytlxfyidoxorsxjfvcxp.jcm

[2009.12.20 22:55:17 | 00,000,138 | -H-- | C] () -- C:\Program Files\phtbuezktknotfbrytlxfyidoxorsxjfvcxp.jcm

[2009.12.20 22:55:17 | 00,000,138 | -H-- | C] () -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\phtbuezktknotfbrytlxfyidoxorsxjfvcxp.jcm

[2009.12.20 22:55:02 | 00,004,248 | -H-- | C] () -- C:\WINDOWS\System32\shqvlsksymmkmvobfxmvaqxpxdrrpratg.cra

[2009.12.20 22:55:02 | 00,004,248 | -H-- | C] () -- C:\WINDOWS\shqvlsksymmkmvobfxmvaqxpxdrrpratg.cra

[2009.12.20 22:55:02 | 00,004,248 | -H-- | C] () -- C:\Program Files\shqvlsksymmkmvobfxmvaqxpxdrrpratg.cra

[2009.12.20 22:55:02 | 00,004,248 | -H-- | C] () -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\shqvlsksymmkmvobfxmvaqxpxdrrpratg.cra

[2009.12.20 22:55:02 | 00,000,280 | -H-- | C] () -- C:\WINDOWS\System32\bfdxcyfcxapctrzbubfdxc.fcx

[2009.12.20 22:55:02 | 00,000,280 | -H-- | C] () -- C:\WINDOWS\bfdxcyfcxapctrzbubfdxc.fcx

[2009.12.20 22:55:02 | 00,000,280 | -H-- | C] () -- C:\Program Files\bfdxcyfcxapctrzbubfdxc.fcx

[2009.12.20 22:55:02 | 00,000,280 | -H-- | C] () -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\bfdxcyfcxapctrzbubfdxc.fcx

[2009.12.20 22:54:37 | 00,561,152 | RHS- | C] () -- C:\WINDOWS\yvmzxmmcqmuakbcxjjg.exe

[2009.12.20 22:54:37 | 00,561,152 | RHS- | C] () -- C:\WINDOWS\System32\yvmzxmmcqmuakbcxjjg.exe

[2009.12.20 22:54:37 | 00,561,152 | RHS- | C] () -- C:\WINDOWS\xrfpkwtgrkpsznld.exe

[2009.12.20 22:54:37 | 00,561,152 | RHS- | C] () -- C:\WINDOWS\System32\rrlbcuxqhgranhljybbvlm.exe

[2009.12.20 22:54:37 | 00,561,152 | RHS- | C] () -- C:\WINDOWS\rrlbcuxqhgranhljybbvlm.exe

[2009.12.20 22:54:37 | 00,561,152 | RHS- | C] () -- C:\WINDOWS\njzliwvkxszenddxih.exe

[2009.12.20 22:54:37 | 00,561,152 | RHS- | C] () -- C:\WINDOWS\System32\ljbpoefwliryjbdzmnld.exe

[2009.12.20 22:54:37 | 00,561,152 | RHS- | C] () -- C:\WINDOWS\ljbpoefwliryjbdzmnld.exe

[2009.12.20 22:54:37 | 00,561,152 | RHS- | C] () -- C:\WINDOWS\ezozvigugagkshgzj.exe

[2009.12.20 22:54:37 | 00,561,152 | RHS- | C] () -- C:\WINDOWS\System32\azshhyasigqykdgdrtsla.exe

[2009.12.20 22:54:37 | 00,561,152 | RHS- | C] () -- C:\WINDOWS\azshhyasigqykdgdrtsla.exe

[2009.12.20 22:54:36 | 00,561,152 | RHS- | C] () -- C:\WINDOWS\System32\xrfpkwtgrkpsznld.exe

[2009.12.20 22:54:36 | 00,561,152 | RHS- | C] () -- C:\WINDOWS\System32\njzliwvkxszenddxih.exe

[2009.12.20 22:54:36 | 00,561,152 | RHS- | C] () -- C:\WINDOWS\System32\ezozvigugagkshgzj.exe

[2009.12.19 21:36:52 | 00,002,352 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk

[2009.12.19 21:07:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini

[2009.12.19 20:26:02 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\Radoslav\.rnd

[2009.12.07 19:50:25 | 04,474,880 | ---- | C] () -- C:\Documents and Settings\Radoslav\Desktop\50 Cent - Baby By Me (Feat Ne-Yo).mp3

[2009.12.06 21:53:24 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\Radoslav\Desktop\Winamp.lnk

[2009.11.22 20:44:32 | 00,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\XTCS Counter-Strike 1.6 Final Release.lnk

[2009.11.09 20:57:46 | 00,004,166 | ---- | C] () -- C:\Documents and Settings\Radoslav\Application Data\Hewlett-PackardHP PSC 1400 series1250625336_PROTOCOL.log

[2009.11.09 20:57:46 | 00,001,196 | ---- | C] () -- C:\Documents and Settings\Radoslav\Application Data\Hewlett-PackardHP PSC 1400 series1250625336_UI.log

[2009.11.09 20:57:46 | 00,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini

[2009.11.09 20:57:46 | 00,000,220 | ---- | C] () -- C:\Documents and Settings\Radoslav\Application Data\Hewlett-PackardHP PSC 1400 series1250625336_API.log

[2009.10.27 11:55:26 | 00,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini

[2009.10.08 12:07:53 | 00,536,968 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2009.09.09 11:10:15 | 00,000,113 | ---- | C] () -- C:\WINDOWS\bkg.ini

[2009.08.18 22:18:56 | 00,000,131 | ---- | C] () -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\fusioncache.dat

[2009.08.18 22:13:06 | 00,057,132 | ---- | C] () -- C:\Documents and Settings\Radoslav\Application Data\Update_HP_RedboxHprblog_HPSU.log

[2009.08.18 22:13:06 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini

[2009.08.18 22:13:04 | 00,002,453 | ---- | C] () -- C:\Documents and Settings\Radoslav\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log

[2009.08.18 22:13:04 | 00,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini

[2009.08.18 22:13:01 | 00,002,858 | ---- | C] () -- C:\Documents and Settings\Radoslav\Application Data\PatchUpdate_InstantShareJPG.log

[2009.08.18 22:13:01 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini

[2009.08.18 22:12:57 | 00,101,035 | ---- | C] () -- C:\Documents and Settings\Radoslav\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log

[2009.08.18 22:12:57 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini

[2009.08.18 22:02:32 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009.08.18 22:01:47 | 00,070,144 | ---- | C] () -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.08.18 21:47:07 | 00,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009.08.18 21:45:25 | 00,002,646 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2009.08.18 21:36:50 | 00,001,872 | ---- | C] () -- C:\WINDOWS\System32\SHORTCUT.INI

[2009.08.18 21:36:44 | 00,000,260 | ---- | C] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI

[2009.08.18 21:35:55 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009.08.18 21:21:17 | 00,006,644 | ---- | C] () -- C:\WINDOWS\System32\LOCALSERVICE.INI

[2009.08.18 21:21:07 | 00,000,099 | ---- | C] () -- C:\WINDOWS\System32\LOCALDEVICE.INI

[2009.08.18 21:19:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\BSPRINT.INI

[2009.08.18 21:15:48 | 00,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini

[2009.08.18 21:15:48 | 00,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini

[2009.08.18 20:41:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2009.08.18 20:40:35 | 00,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009.08.18 20:40:35 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009.08.18 20:38:27 | 00,000,024 | ---- | C] () -- C:\WINDOWS\dlb.ini

[2009.08.18 20:37:20 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2009.08.18 20:26:18 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2008.11.01 08:56:10 | 00,000,966 | ---- | C] () -- C:\WINDOWS\System32\bscs.ini

[2008.11.01 08:32:58 | 00,405,589 | ---- | C] () -- C:\WINDOWS\System32\BsUI.dll

[2008.11.01 08:32:36 | 00,278,647 | ---- | C] () -- C:\WINDOWS\System32\outlookAddin.dll

[2008.11.01 08:32:16 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\HtmPrintHelper.dll

[2008.11.01 08:32:00 | 00,622,693 | ---- | C] () -- C:\WINDOWS\System32\BSShell.dll

[2008.11.01 08:29:56 | 00,098,403 | ---- | C] () -- C:\WINDOWS\System32\Bs2Res.dll

[2008.11.01 08:29:20 | 00,122,976 | ---- | C] () -- C:\WINDOWS\System32\BsMobileSDK.dll

[2008.11.01 08:29:12 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\BsMobileCSps.dll

[2008.10.22 14:30:30 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\BsVistaCommon.dll

[2008.05.16 13:01:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008.05.16 13:01:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008.05.16 13:01:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008.05.16 13:01:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2008.05.16 13:01:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2008.03.07 12:54:22 | 17,907,824 | ---- | C] () -- C:\WINDOWS\System32\BsLangInDepRes.dll

[2001.07.06 14:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

 

========== LOP Check ==========

 

[2009.10.26 19:43:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CornerBowl

[2009.08.18 22:45:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations

[2009.11.16 19:40:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner

[2009.11.16 09:30:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2009.10.08 10:14:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microinvest

[2009.10.29 13:18:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia

[2009.12.08 09:22:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache

[2009.08.18 22:50:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2009.08.18 22:08:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRSLabs

[2009.08.18 20:35:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XemiComputers

[2009.11.17 18:18:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Radoslav\Application Data\COWON

[2009.11.16 19:11:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Radoslav\Application Data\DAEMON Tools

[2009.08.18 22:38:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Radoslav\Application Data\Datalayer

[2009.09.02 10:32:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Radoslav\Application Data\FarmingSimulator2008

[2009.12.08 10:10:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Radoslav\Application Data\Nokia

[2009.10.31 19:17:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Radoslav\Application Data\Opera

[2009.09.03 21:46:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Radoslav\Application Data\PC Suite

[2009.11.16 19:40:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Radoslav\Application Data\Uniblue

[2009.12.21 01:15:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Radoslav\Application Data\uTorrent

[2009.08.18 20:35:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Radoslav\Application Data\XemiComputers

 

========== Purity Check ==========

 

 

< End of report >

Link to comment
Сподели другаде
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

Стартирайте OTL.exe и copy/paste под колонката "Custom Scans/Fixes" въведете това:

 

:OTL

PRC - C:\Documents and Settings\Radoslav\Local Settings\Temp\xrfpkwtgrkpsznld.exe ()

PRC - C:\Documents and Settings\Radoslav\Local Settings\Temp\lvzzkm.exe ()

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4 - HKLM..\Run: [njzliwvkxszenddxih] C:\Documents and Settings\Radoslav\Local Settings\Temp\azshhyasigqykdgdrtsla.exe ()

O4 - HKLM..\Run: [pfpvmunwdsts] C:\WINDOWS\System32\njzliwvkxszenddxih.exe ()

O4 - HKU\S-1-5-21-2000478354-1957994488-839522115-1003..\Run: [pfpvmunwdsts] C:\Documents and Settings\Radoslav\Local Settings\Temp\yvmzxmmcqmuakbcxjjg.exe ()

O4 - HKU\S-1-5-21-2000478354-1957994488-839522115-1003..\Run: [slyhbmiuewacivs] C:\WINDOWS\System32\njzliwvkxszenddxih.exe ()

O4 - HKLM..\RunOnce: [ezozvigugagkshgzj] C:\Documents and Settings\Radoslav\Local Settings\Temp\ezozvigugagkshgzj.exe ()

O4 - HKLM..\RunOnce: [ofqxpysckaccg] C:\WINDOWS\System32\ezozvigugagkshgzj.exe ()

O4 - HKU\S-1-5-21-2000478354-1957994488-839522115-1003..\RunOnce: [ofqxpysckaccg] C:\Documents and Settings\Radoslav\Local Settings\Temp\xrfpkwtgrkpsznld.exe ()

O4 - HKU\S-1-5-21-2000478354-1957994488-839522115-1003..\RunOnce: [xrfpkwtgrkpsznld] C:\WINDOWS\System32\yvmzxmmcqmuakbcxjjg.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: phtbuezktknotf = ljbpoefwliryjbdzmnld.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: shqvlsksymm = C:\DOCUME~1\Radoslav\LOCALS~1\Temp\ljbpoefwliryjbdzmnld.exe ()

O32 - AutoRun File - [2009.12.21 01:06:36 | 00,000,838 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009.12.21 01:06:37 | 00,000,839 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009.12.21 01:06:38 | 00,000,792 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]

[2009.12.21 01:19:23 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\ofqxpysckaccgrmbhbsdkclfpxnpptezouo.qxp

[2009.12.21 01:19:23 | 00,000,316 | -H-- | M] () -- C:\Program Files\ofqxpysckaccgrmbhbsdkclfpxnpptezouo.qxp

[2009.12.21 01:19:23 | 00,000,316 | -H-- | M] () -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\ofqxpysckaccgrmbhbsdkclfpxnpptezouo.qxp

[2009.12.21 01:19:20 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\xltxmsjqvihefnfrulzhlagxejwvstbt.izn

[2009.12.21 01:19:20 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\System32\xltxmsjqvihefnfrulzhlagxejwvstbt.izn

[2009.12.21 01:19:20 | 00,002,408 | -H-- | M] () -- C:\Program Files\xltxmsjqvihefnfrulzhlagxejwvstbt.izn

[2009.12.21 01:19:20 | 00,002,408 | -H-- | M] () -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\xltxmsjqvihefnfrulzhlagxejwvstbt.izn

[2009.12.21 01:19:20 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\bfdxcyfcxapctrzbubfdxc.fcx

[2009.12.21 01:19:20 | 00,000,280 | -H-- | M] () -- C:\Program Files\bfdxcyfcxapctrzbubfdxc.fcx

[2009.12.21 01:19:20 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\bfdxcyfcxapctrzbubfdxc.fcx

[2009.12.21 01:19:19 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\rrlbcuxqhgranhljybbvlm.exe

[2009.12.21 01:19:18 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\yvmzxmmcqmuakbcxjjg.exe

[2009.12.21 01:19:18 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\xrfpkwtgrkpsznld.exe

[2009.12.21 01:19:18 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\njzliwvkxszenddxih.exe

[2009.12.21 01:19:18 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\ljbpoefwliryjbdzmnld.exe

[2009.12.21 01:19:18 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\ezozvigugagkshgzj.exe

[2009.12.21 01:19:18 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\azshhyasigqykdgdrtsla.exe

[2009.12.21 01:18:37 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\bfdxcyfcxapctrzbubfdxc.fcx

[2009.12.21 01:18:22 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\System32\ofqxpysckaccgrmbhbsdkclfpxnpptezouo.qxp

[2009.12.21 01:05:10 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\System32\rrlbcuxqhgranhljybbvlm.exe

[2009.12.21 01:05:10 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\System32\azshhyasigqykdgdrtsla.exe

[2009.12.21 01:05:09 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\System32\yvmzxmmcqmuakbcxjjg.exe

[2009.12.21 01:05:09 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\System32\xrfpkwtgrkpsznld.exe

[2009.12.21 01:05:09 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\System32\njzliwvkxszenddxih.exe

[2009.12.21 01:05:09 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\System32\ljbpoefwliryjbdzmnld.exe

[2009.12.21 01:05:09 | 00,561,152 | RHS- | M] () -- C:\WINDOWS\System32\ezozvigugagkshgzj.exe

[2009.12.20 22:55:27 | 00,000,138 | -H-- | M] () -- C:\WINDOWS\System32\phtbuezktknotfbrytlxfyidoxorsxjfvcxp.jcm

[2009.12.20 22:55:27 | 00,000,138 | -H-- | M] () -- C:\WINDOWS\phtbuezktknotfbrytlxfyidoxorsxjfvcxp.jcm

[2009.12.20 22:55:27 | 00,000,138 | -H-- | M] () -- C:\Program Files\phtbuezktknotfbrytlxfyidoxorsxjfvcxp.jcm

[2009.12.20 22:55:27 | 00,000,138 | -H-- | M] () -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\phtbuezktknotfbrytlxfyidoxorsxjfvcxp.jcm

[2009.12.20 22:55:02 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\System32\shqvlsksymmkmvobfxmvaqxpxdrrpratg.cra

[2009.12.20 22:55:02 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\shqvlsksymmkmvobfxmvaqxpxdrrpratg.cra

[2009.12.20 22:55:02 | 00,004,248 | -H-- | M] () -- C:\Program Files\shqvlsksymmkmvobfxmvaqxpxdrrpratg.cra

[2009.12.20 22:55:02 | 00,004,248 | -H-- | M] () -- C:\Documents and Settings\Radoslav\Local Settings\Application Data\shqvlsksymmkmvobfxmvaqxpxdrrpratg.cra

:files

C:\Documents and Settings\Radoslav\Local Settings\Temp\xrfpkwtgrkpsznld.exe

C:\Documents and Settings\Radoslav\Local Settings\Temp\lvzzkm.exe

:reg

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

:Commands

[purity]

[emptytemp]

[Reboot]

 

Натиснете бутона Run Fix

 

Ще се създаде лог файл. Копирайте го в следващия си пост.

Link to comment
Сподели другаде
justinn Новобранец

justinn

Публикувано
  • Author
Публикувано

All processes killed

========== OTL ==========

No active process named xrfpkwtgrkpsznld.exe was found!

No active process named lvzzkm.exe was found!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\njzliwvkxszenddxih deleted successfully.

C:\Documents and Settings\Radoslav\Local Settings\Temp\azshhyasigqykdgdrtsla.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pfpvmunwdsts deleted successfully.

C:\WINDOWS\system32\njzliwvkxszenddxih.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-2000478354-1957994488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\pfpvmunwdsts deleted successfully.

C:\Documents and Settings\Radoslav\Local Settings\Temp\yvmzxmmcqmuakbcxjjg.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-2000478354-1957994488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\slyhbmiuewacivs deleted successfully.

File C:\WINDOWS\System32\njzliwvkxszenddxih.exe not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ezozvigugagkshgzj deleted successfully.

C:\Documents and Settings\Radoslav\Local Settings\Temp\ezozvigugagkshgzj.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ofqxpysckaccg deleted successfully.

C:\WINDOWS\system32\ezozvigugagkshgzj.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-2000478354-1957994488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ofqxpysckaccg deleted successfully.

C:\Documents and Settings\Radoslav\Local Settings\Temp\xrfpkwtgrkpsznld.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-2000478354-1957994488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\xrfpkwtgrkpsznld deleted successfully.

C:\WINDOWS\system32\yvmzxmmcqmuakbcxjjg.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\phtbuezktknotf deleted successfully.

C:\WINDOWS\System32\ljbpoefwliryjbdzmnld.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\shqvlsksymm deleted successfully.

C:\Documents and Settings\Radoslav\Local Settings\Temp\ljbpoefwliryjbdzmnld.exe moved successfully.

C:\autorun.inf moved successfully.

D:\autorun.inf moved successfully.

E:\autorun.inf moved successfully.

C:\WINDOWS\ofqxpysckaccgrmbhbsdkclfpxnpptezouo.qxp moved successfully.

C:\Program Files\ofqxpysckaccgrmbhbsdkclfpxnpptezouo.qxp moved successfully.

C:\Documents and Settings\Radoslav\Local Settings\Application Data\ofqxpysckaccgrmbhbsdkclfpxnpptezouo.qxp moved successfully.

C:\WINDOWS\xltxmsjqvihefnfrulzhlagxejwvstbt.izn moved successfully.

C:\WINDOWS\system32\xltxmsjqvihefnfrulzhlagxejwvstbt.izn moved successfully.

C:\Program Files\xltxmsjqvihefnfrulzhlagxejwvstbt.izn moved successfully.

C:\Documents and Settings\Radoslav\Local Settings\Application Data\xltxmsjqvihefnfrulzhlagxejwvstbt.izn moved successfully.

C:\WINDOWS\bfdxcyfcxapctrzbubfdxc.fcx moved successfully.

C:\Program Files\bfdxcyfcxapctrzbubfdxc.fcx moved successfully.

C:\Documents and Settings\Radoslav\Local Settings\Application Data\bfdxcyfcxapctrzbubfdxc.fcx moved successfully.

C:\WINDOWS\rrlbcuxqhgranhljybbvlm.exe moved successfully.

C:\WINDOWS\yvmzxmmcqmuakbcxjjg.exe moved successfully.

C:\WINDOWS\xrfpkwtgrkpsznld.exe moved successfully.

C:\WINDOWS\njzliwvkxszenddxih.exe moved successfully.

C:\WINDOWS\ljbpoefwliryjbdzmnld.exe moved successfully.

C:\WINDOWS\ezozvigugagkshgzj.exe moved successfully.

C:\WINDOWS\azshhyasigqykdgdrtsla.exe moved successfully.

C:\WINDOWS\system32\bfdxcyfcxapctrzbubfdxc.fcx moved successfully.

C:\WINDOWS\system32\ofqxpysckaccgrmbhbsdkclfpxnpptezouo.qxp moved successfully.

C:\WINDOWS\system32\rrlbcuxqhgranhljybbvlm.exe moved successfully.

C:\WINDOWS\system32\azshhyasigqykdgdrtsla.exe moved successfully.

File C:\WINDOWS\System32\yvmzxmmcqmuakbcxjjg.exe not found.

C:\WINDOWS\system32\xrfpkwtgrkpsznld.exe moved successfully.

File C:\WINDOWS\System32\njzliwvkxszenddxih.exe not found.

File C:\WINDOWS\System32\ljbpoefwliryjbdzmnld.exe not found.

File C:\WINDOWS\System32\ezozvigugagkshgzj.exe not found.

C:\WINDOWS\system32\phtbuezktknotfbrytlxfyidoxorsxjfvcxp.jcm moved successfully.

C:\WINDOWS\phtbuezktknotfbrytlxfyidoxorsxjfvcxp.jcm moved successfully.

C:\Program Files\phtbuezktknotfbrytlxfyidoxorsxjfvcxp.jcm moved successfully.

C:\Documents and Settings\Radoslav\Local Settings\Application Data\phtbuezktknotfbrytlxfyidoxorsxjfvcxp.jcm moved successfully.

C:\WINDOWS\system32\shqvlsksymmkmvobfxmvaqxpxdrrpratg.cra moved successfully.

C:\WINDOWS\shqvlsksymmkmvobfxmvaqxpxdrrpratg.cra moved successfully.

C:\Program Files\shqvlsksymmkmvobfxmvaqxpxdrrpratg.cra moved successfully.

C:\Documents and Settings\Radoslav\Local Settings\Application Data\shqvlsksymmkmvobfxmvaqxpxdrrpratg.cra moved successfully.

========== FILES ==========

File\Folder C:\Documents and Settings\Radoslav\Local Settings\Temp\xrfpkwtgrkpsznld.exe not found.

C:\Documents and Settings\Radoslav\Local Settings\Temp\lvzzkm.exe moved successfully.

========== REGISTRY ==========

\\O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools | 0 /E :invalid edit format. No such root key.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Radoslav

->Temp folder emptied: 7109536 bytes

->Temporary Internet Files folder emptied: 499033 bytes

->Opera cache emptied: 1779859 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2859115 bytes

%systemroot%\System32 .tmp files removed: 102417 bytes

Windows Temp folder emptied: 682 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23914698 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 35.00 mb

 

 

OTL by OldTimer - Version 3.1.19.0 log created on 12212009_104402

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

Link to comment
Сподели другаде
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

СТЪПКА 1

 

Изтеглете => FixPolicies

Запазете го някъде на декстопа.Кликнете два пъти върху файла и изберете Install.Ще се създаде папка с името FixPolicies на десктопа.Отворете я и стартирайте файла Fix_policies.cmd.

 

СТЪПКА 2

 

Изтеглете SafeBootKeyRepair.exe и го стартирайте.

 

Следвайте инструкциите.

 

Публикувайте лог файла.

 

СТЪПКА 3

 

Изтеглете програмата => Dr.Web CureIt

 

Алтернативен линк => http://www.freedrweb.com/download+cureit/gr/

 

*Стартирайте я.

*Натиснете клавиш F9 и направете следните настройки:

-В категория проверка се придвижете до списък с изключени файлове.

-Маркирайте всичките и изберете Изтрий. Потвърдете с Apply.

-Придвижете се до категория действия.

Приложете настройките от снимката и натиснете Apply.

http://i.imagehost.org/0908/2009-11-18_02_35_34.jpg

-Пуснете пълна проверка на системата.

-Публикувайте лог файла (DrWeb.csv) от проверката в следващия си пост или го качете на адрес http://rapidshare.de/ и публикувайте линка за да го изтеглим.

Link to comment
Сподели другаде

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гост
Отговори на тази тема

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   Не можете да качите директно снимка. Качете или добавете изображението от линк (URL)

Loading...
×
 Share
Иди на предишната тема
×
×
  • Създай ново...