regbor Публикувано Март 24, 2010 Report Share Публикувано Март 24, 2010 Бихте ли прегледали този лог?! : Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:40:25, on 24.03.2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\LogMeIn Hamachi\hamachi-2.exeC:\Program Files\CDBurnerXP\NMSAccessU.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\SOUNDMAN.EXEC:\acer\Empowering Technology\ePower\epm-dm.exeC:\Program Files\DAEMON Tools\daemon.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\taskmgr.exeC:\Documents and Settings\Administrator.ACER-684C9A655D\Desktop\AdA\HiJackThis202.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.comodo.com/search/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005O2 - BHO: AcroIEHlprObj Class - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dllO2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dllO3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dllO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exeO4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe bootO4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: Bluetooth.lnk = ?O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{0287E462-2975-49A3-A896-3A1BF3BC82DF}: NameServer = 10.28.4.1O17 - HKLM\System\CS1\Services\Tcpip\..\{0287E462-2975-49A3-A896-3A1BF3BC82DF}: NameServer = 10.28.4.1O17 - HKLM\System\CS2\Services\Tcpip\..\{0287E462-2975-49A3-A896-3A1BF3BC82DF}: NameServer = 10.28.4.1O17 - HKLM\System\CS3\Services\Tcpip\..\{0287E462-2975-49A3-A896-3A1BF3BC82DF}: NameServer = 10.28.4.1O17 - HKLM\System\CS4\Services\Tcpip\..\{0287E462-2975-49A3-A896-3A1BF3BC82DF}: NameServer = 10.28.4.1O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: O20 - Winlogon Notify: bfbafeffaecaf - C:\WINDOWS\O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exeO23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe --End of file - 7484 bytes Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Март 24, 2010 Report Share Публикувано Март 24, 2010 ПреглСканирай с Malwarebytes' Anti-Malware и SUPERAntiSpyware Free. Ако вече имаш програмите, провери дали имаш последните версии и ако нямаш, премахни твоите и инсталирай най-новите. Ако тепърва инсталираш програмите, след инсталацията те ще предложат да се обновят автоматично, съгласи се. В противен случай обнови дефинициите им ръчно. За Malwarebytes' Anti-Malware:- стартирай програмата;- избери Perform quick scan (Бързо сканиране) и кликни бутон Scan (Сканирай);- като приключи сканирането кликни бутон OK и после Show results (Покажи резултатите);- кликни бутон Remove Selected (Премахни избраните);- ще се появи текстов файл (лог), копирай съдържанието му тук. За SUPERAntiSpyware:- стартирай програмата;- кликни бутон Scan your Computer (Сканиране на компютъра);- вляво избери само дял C:, а вдясно избери Perform Complete Scan (Извърши пълно сканиране);- кликни Next и изчакай програмата да сканира;- ако има засечени заплахи, кликни OK на съобщението;- кликни Next, за да се премахнат гадинките, OK на потвърждението и накрая Finish;- кликни бутон Preferences... (Настройки) и иди на подпрозорец Statistics/Logs (Дневници), маркирай последния лог по дата и кликни бутон View Log... (Покажи дневника);- копирай съдържанието му тук. Ако е нужен рестарт при някое от сканиранията, се съгласи и рестартирай веднага. Цитирай Link to comment Сподели другаде More sharing options...
vampira96 Публикувано Март 25, 2010 Report Share Публикувано Март 25, 2010 Ако може прегледайте и моите логове. Ако може прегледайте и моите логове. Logfile of Trend Micro HijackThis v2.0.3 (BETA)Scan saved at 09:56:04, on 25.3.2010 a.Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\WgaTray.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exec:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeC:\WINDOWS\system32\oodag.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\vsnpstd3.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\bgsmsnd.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\BitComet\BitComet.exeC:\Program Files\Stardock\ObjectDock\ObjectDock.exeC:\Program Files\Styler\Styler.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\HijackThis\TrendMicro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%sR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - - (no file)R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dllO2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dllO3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dllO3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquietO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\system32\bgsmsnd.exeO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /trayO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exeO4 - Startup: Styler.lnk = ?O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Transform XP to Vista\Yahoo! Widgets\Widgets\YahooWidgets.exeO8 - Extra context menu item: &С&валяне &с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &С&валяне на всички с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: &С&валяне на всичкото видео с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Преведи - {60237576-b24c-4ba9-9740-c9f3ec9db557} - C:\PROGRA~1\SkyCode\WEBTRA~1\wt2ie.dllO9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{C8F61346-A9D5-42E8-8FFC-6E49FBB1FF9C}: NameServer = 80.253.48.5 80.253.48.6O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Update Service (gupdate1c987655de3f73c) (gupdate1c987655de3f73c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exeO23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exeO23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\OAcat.exe (file missing)O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing) --End of file - 10391 bytes Malwarebytes' Anti-Malware 1.44Версия на базата от данни: 3910Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.13 25.3.2010 a. 10:11:45mbam-log-2010-03-25 (10-11-45).txt Тип сканиране: Бързо сканиранеСканирани обекти: 126800Изминало време: 4 minute(s), 28 second(s) Заразени процеси в паметта: 0Заразени модули в паметта: 0Заразени ключове в регистратурата: 0Заразени стойности в регистратурата: 0Заразени информационни обекти в регистратурата: 0Заразени папки: 0Заразени файлове: 0 Заразени процеси в паметта:(Не бяха открити заплахи) Заразени модули в паметта:(Не бяха открити заплахи) Заразени ключове в регистратурата:(Не бяха открити заплахи) Заразени стойности в регистратурата:(Не бяха открити заплахи) Заразени информационни обекти в регистратурата:(Не бяха открити заплахи) Заразени папки:(Не бяха открити заплахи) Заразени файлове:(Не бяха открити заплахи) SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 03/25/2010 at 11:13 AM Application Version : 4.34.1000 Core Rules Database Version : 4729Trace Rules Database Version: 2541 Scan type : Complete ScanTotal Scan Time : 00:30:34 Memory items scanned : 519Memory threats detected : 0Registry items scanned : 6809Registry threats detected : 0File items scanned : 23214File threats detected : 33 Adware.Tracking Cookie C:\Documents and Settings\user_1\Cookies\user_1@CADVYNGZ.txt C:\Documents and Settings\user_1\Cookies\user_1@CA4BPGZ2.txt C:\Documents and Settings\user_1\Cookies\user_1@CADXY51W.txt C:\Documents and Settings\user_1\Cookies\user_1@statcounter[9].txt C:\Documents and Settings\user_1\Cookies\user_1@statcounter[8].txt C:\Documents and Settings\user_1\Cookies\user_1@statcounter[7].txt C:\Documents and Settings\user_1\Cookies\user_1@statcounter[6].txt C:\Documents and Settings\user_1\Cookies\user_1@microsoftwga.112.2o7[2].txt C:\Documents and Settings\user_1\Cookies\user_1@microsoftwga.112.2o7[3].txt C:\Documents and Settings\user_1\Cookies\user_1@microsoftwga.112.2o7[1].txt C:\Documents and Settings\user_1\Cookies\user_1@avgtechnologies.112.2o7[1].txt C:\Documents and Settings\user_1\Cookies\user_1@avgtechnologies.112.2o7[5].txt C:\Documents and Settings\user_1\Cookies\user_1@avgtechnologies.112.2o7[4].txt C:\Documents and Settings\user_1\Cookies\user_1@avgtechnologies.112.2o7[3].txt C:\Documents and Settings\user_1\Cookies\user_1@avgtechnologies.112.2o7[2].txt C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[10].txt C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[11].txt C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[4].txt C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[5].txt C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[2].txt C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[3].txt C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[1].txt C:\Documents and Settings\user_1\Cookies\user_1@statcounter[10].txt C:\Documents and Settings\user_1\Cookies\user_1@statcounter[11].txt C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[8].txt C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[9].txt C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[6].txt C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[7].txt C:\Documents and Settings\user_1\Cookies\user_1@statcounter[1].txt C:\Documents and Settings\user_1\Cookies\user_1@statcounter[2].txt C:\Documents and Settings\user_1\Cookies\user_1@statcounter[3].txt C:\Documents and Settings\user_1\Cookies\user_1@statcounter[4].txt C:\Documents and Settings\user_1\Cookies\user_1@statcounter[5].txt Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Март 25, 2010 Report Share Публикувано Март 25, 2010 Хайде един по един, а? Цитирай Link to comment Сподели другаде More sharing options...
regbor Публикувано Март 25, 2010 Author Report Share Публикувано Март 25, 2010 Malwarebytes' Anti-Malware 1.44Database version: 3914Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.13 26.03.2010 0:31:37mbam-log-2010-03-26 (00-31-37).txt Scan type: Quick ScanObjects scanned: 163601Time elapsed: 7 minute(s), 41 second(s) Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 2Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0 Memory Processes Infected:(No malicious items detected) Memory Modules Infected:(No malicious items detected) Registry Keys Infected:HKEY_CLASSES_ROOT\Interface\{43143878-efed-4d03-b1f8-b8a5e5520109} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{6c5ba655-5cec-47bb-a6d3-82a4afe7da87} (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected:(No malicious items detected) Registry Data Items Infected:(No malicious items detected) Folders Infected:(No malicious items detected) Files Infected:(No malicious items detected)------------------------------------------------------------------------------------------------------------------------- SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 03/26/2010 at 01:04 AM Application Version : 4.34.1000 Core Rules Database Version : 4731Trace Rules Database Version: 2543 Scan type : Complete ScanTotal Scan Time : 00:25:51 Memory items scanned : 488Memory threats detected : 0Registry items scanned : 5503Registry threats detected : 0File items scanned : 25303File threats detected : 0 Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Март 26, 2010 Report Share Публикувано Март 26, 2010 Какъв всъщност е проблемът? Още ли е налице? Ако да, тогава... Изтегли OTL и го запази на работния плот:- в поле Custom Scans/Fixes (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V):netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\*.* /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys /md5stop CREATERESTOREPOINT %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %PROGRAMFILES%\*. %userprofile%\Desktop\*.* %userprofile%\Desktop\*. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs- в поле Output избери Minimal Output;- увери се, че е избрана опцията Use SafeList във всичките 6 полета в лявата половина на прозореца;- увери се, че е избрана опцията File Age в двете полета в дясната половина на прозореца;- постави отметки на всички опции, налични в прозореца на програмата;- кликни бутон Run Scan;Изчакай сканирането да приключи. След края на сканирането автоматично ще се отворят двата новосъздадени на работния плот файла: OTL.txt и Extras.txt.Моля, прикачи тези два файла (поотделно или в архив) към следващия си коментар. Цитирай Link to comment Сподели другаде More sharing options...
regbor Публикувано Март 26, 2010 Author Report Share Публикувано Март 26, 2010 OTL logfile created on: 26.03.2010 11:31:17 - Run 1OTL by OldTimer - Version 3.1.37.3 Folder = C:\DownloadsWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000419 | Country: Russia | Language: RUS | Date Format: dd.MM.yyyy 502,00 Mb Total Physical Memory | 140,00 Mb Available Physical Memory | 28,00% Memory free1,00 Gb Paging File | 1,00 Gb Available in Paging File | 74,00% Paging File freePaging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 35,06 Gb Total Space | 5,81 Gb Free Space | 16,58% Space Free | Partition Type: FAT32Drive D: | 35,54 Gb Total Space | 11,86 Gb Free Space | 33,37% Space Free | Partition Type: FAT32E: Drive not present or media not loadedDrive F: | 654,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFSG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: ACER-684C9A655DCurrent User Name: PetiaLogged in as Administrator. Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OnFile Age = 30 DaysOutput = Minimal ========== Processes (SafeList) ========== PRC - C:\Downloads\OTL.exe (OldTimer Tools)PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)PRC - C:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc)PRC - C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) ========== Modules (SafeList) ========== MOD - C:\Downloads\OTL.exe (OldTimer Tools)MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) ========== Win32 Services (SafeList) ========== SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)SRV - (AWService) -- C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) ========== Driver Services (SafeList) ========== DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation)DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys ()DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()DRV - (usbvm328) -- C:\WINDOWS\system32\drivers\usbvm326.sys (Vimicro Corporation)DRV - (BTCAMDRV) -- C:\WINDOWS\system32\drivers\BTCamDrv.sys (Windows ® 2000 DDK provider)DRV - (vmfilter326) -- C:\WINDOWS\system32\drivers\vmfilter326.sys (Vimicro Corporation)DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys ()DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)DRV - (BTSLBCSP) -- C:\WINDOWS\system32\drivers\btslbcsp.sys (Broadcom Corporation.)DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)DRV - (NdisFilt) -- C:\WINDOWS\system32\drivers\NdisFilt.sys (OSA Technologies)DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)DRV - (UnlockerDriver4) -- C:\Program Files\Unlocker\UnlockerDriver4.sys ()DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company)DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys ()DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA)DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider)DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)DRV - (UBHelper) -- C:\WINDOWS\system32\drivers\UBHelper.sys ()DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA)DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-497276788-121197650-1682483655-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.comodo.com/search/IE - HKU\S-1-5-21-497276788-121197650-1682483655-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/IE - HKU\S-1-5-21-497276788-121197650-1682483655-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.10 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.02.14 10:01:56 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.02.14 10:01:56 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.02.04 12:29:44 | 000,000,000 | ---D | M] [2009.02.14 10:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Mozilla\Extensions[2009.02.14 10:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Mozilla\Firefox\Profiles\nbt5h1zi.default\extensions[2010.02.04 10:28:00 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Petia\Application Data\Mozilla\Firefox\Profiles\nbt5h1zi.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}[2009.09.08 10:58:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Petia\Application Data\Mozilla\Firefox\Profiles\nbt5h1zi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2010.02.04 10:28:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Petia\Application Data\Mozilla\Firefox\Profiles\nbt5h1zi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}[2009.02.14 10:01:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2010.02.09 17:44:40 | 000,001,083 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\911bg.xml[2010.02.09 17:44:40 | 000,002,442 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\diribg.xml[2010.02.09 17:44:40 | 000,001,515 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pe-bg.xml[2010.02.09 17:44:40 | 000,001,857 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\portalbgdict.xml[2010.02.09 17:44:40 | 000,001,220 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-bg.xml O1 HOSTS File: ([2009.11.05 04:33:22 | 000,350,617 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: 127.0.0.1 www.007guard.comO1 - Hosts: 127.0.0.1 007guard.comO1 - Hosts: 127.0.0.1 008i.comO1 - Hosts: 127.0.0.1 www.008k.comO1 - Hosts: 127.0.0.1 008k.comO1 - Hosts: 127.0.0.1 www.00hq.comO1 - Hosts: 127.0.0.1 00hq.comO1 - Hosts: 127.0.0.1 010402.comO1 - Hosts: 127.0.0.1 www.032439.comO1 - Hosts: 127.0.0.1 032439.comO1 - Hosts: 127.0.0.1 www.0scan.comO1 - Hosts: 127.0.0.1 0scan.comO1 - Hosts: 127.0.0.1 1000gratisproben.comO1 - Hosts: 127.0.0.1 www.1000gratisproben.comO1 - Hosts: 127.0.0.1 1001namen.comO1 - Hosts: 127.0.0.1 www.1001namen.comO1 - Hosts: 127.0.0.1 100888290cs.comO1 - Hosts: 127.0.0.1 www.100888290cs.comO1 - Hosts: 127.0.0.1 www.100sexlinks.comO1 - Hosts: 127.0.0.1 100sexlinks.comO1 - Hosts: 127.0.0.1 10sek.comO1 - Hosts: 127.0.0.1 www.10sek.comO1 - Hosts: 127.0.0.1 www.1-2005-search.comO1 - Hosts: 127.0.0.1 1-2005-search.comO1 - Hosts: 12022 more lines...O2 - BHO: (AcroIEHlprObj Class) - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)O4 - HKLM..\Run: [EPM-DM] c:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc)O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)O4 - HKU\S-1-5-21-497276788-121197650-1682483655-1006..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel presentO7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel presentO7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel presentO7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel presentO7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-497276788-121197650-1682483655-1006\Software\Policies\Microsoft\Internet Explorer\control panel presentO7 - HKU\S-1-5-21-497276788-121197650-1682483655-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\S-1-5-21-497276788-121197650-1682483655-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 01 00 00 00 [binary data]O7 - HKU\S-1-5-21-497276788-121197650-1682483655-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-21-497276788-121197650-1682483655-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)O20 - Winlogon\Notify\bfbafeffaecaf: DllName - Reg Error: Value error. - Reg Error: Value error. File not foundO20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)O24 - Desktop WallPaper: C:\Documents and Settings\Petia\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Petia\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2002.08.26 20:54:46 | 000,000,209 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: Ias - C:\WINDOWS\system32\ias [2004.09.14 12:52:08 | 000,000,000 | ---D | M]NetSvcs: Iprip - File not foundNetSvcs: LanmanWorkstation - File not foundNetSvcs: Messenger - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)NetSvcs: WmdmPmSp - File not found ========== Files/Folders - Created Within 30 Days ========== [2010.03.26 00:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com[2010.03.26 00:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petia\Application Data\SUPERAntiSpyware.com[2010.03.26 00:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware[2010.03.26 00:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard[2010.03.25 23:50:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010.03.25 23:50:26 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2010.03.25 23:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2010.03.10 01:47:22 | 000,000,000 | -HSD | C] -- C:\FOUND.016[2010.02.27 22:59:32 | 000,000,000 | -HSD | C] -- C:\FOUND.015[2009.11.04 23:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi[2009.09.12 19:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe[2009.02.16 12:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET[2004.09.14 13:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft[2004.09.14 13:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft[2004.09.14 12:56:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft[2004.09.14 12:56:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.03.26 11:15:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010.03.26 11:15:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010.03.26 11:15:14 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys[2010.03.26 01:41:54 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat[2010.03.26 01:41:50 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\Petia\NTUSER.DAT[2010.03.26 01:41:50 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Petia\ntuser.ini[2010.03.26 00:16:48 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk[2010.03.25 23:50:36 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2010.03.24 19:36:06 | 002,110,178 | -H-- | M] () -- C:\Documents and Settings\Petia\Local Settings\Application Data\IconCache.db[2010.03.23 19:39:16 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk[2010.03.14 01:55:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.03.26 00:16:47 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk[2010.03.25 23:50:34 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2008.12.29 02:31:09 | 000,039,464 | ---- | C] () -- C:\Documents and Settings\Petia\Local Settings\Application Data\FASTWiz.log[2008.12.20 16:57:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt[2008.12.20 16:55:12 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys[2008.10.27 23:48:46 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Petia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2008.10.27 22:20:53 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Petia\Application Data\$_hpcst$.hpc[2007.12.02 16:38:59 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat[2007.06.01 13:35:09 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini[2007.06.01 13:29:11 | 000,000,080 | ---- | C] () -- C:\WINDOWS\my.ini[2007.03.25 22:10:15 | 000,000,030 | ---- | C] () -- C:\WINDOWS\iedit.INI[2007.03.25 16:32:16 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Pex.INI[2007.03.25 16:07:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ulead32.ini[2007.03.09 15:45:00 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2007.03.09 15:45:00 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2007.03.09 15:45:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2007.03.09 15:44:57 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2007.03.09 15:44:57 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest[2007.02.08 14:42:41 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys[2007.02.08 14:41:11 | 000,664,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys[2007.02.08 14:41:11 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd9917.sys[2006.11.18 16:50:32 | 000,000,533 | ---- | C] () -- C:\WINDOWS\wincmd.ini[2006.11.08 20:21:47 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI[2006.11.07 01:34:05 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2006.10.04 07:15:14 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI[2006.10.01 23:22:22 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2006.10.01 23:22:12 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll[2006.10.01 20:44:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2006.09.09 18:44:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll[2006.09.09 18:44:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll[2006.09.09 18:44:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll[2006.09.09 18:44:54 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll[2006.09.09 18:44:54 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll[2006.09.09 18:43:38 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini[2006.03.09 23:18:16 | 000,036,404 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini[2005.11.24 14:08:48 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll[2005.11.24 14:08:04 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll[2005.11.24 14:08:04 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll[2005.11.24 14:08:04 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll[2005.11.24 14:08:04 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll[2005.09.19 15:50:42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll[2005.06.20 02:42:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2005.05.02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys[2005.01.21 11:48:08 | 000,225,280 | ---- | C] () -- C:\WINDOWS\Capsule.dll[2004.12.17 01:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys[2004.09.07 14:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll[2004.08.04 05:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll[2004.08.04 05:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll[2004.08.04 05:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll[2004.08.04 05:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll[2004.08.04 05:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll[2004.08.04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini[2003.12.29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll[2003.11.24 15:55:48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll[2003.11.24 15:55:32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll[2002.05.15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest[2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll[2001.11.23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll[2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll[2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll[2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2006.09.09 18:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer[2006.11.08 20:13:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ[2006.11.08 20:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft[2007.03.09 15:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP[2007.03.25 16:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems[2009.02.16 12:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET[2006.09.09 18:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Acer[2007.12.03 18:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\BSplayer Pro[2006.11.10 17:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Canon[2007.10.31 15:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Leadertech[2007.12.02 14:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\MSNInstaller[2006.11.08 20:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\ScanSoft[2008.06.13 00:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Sprite PC Agent[2008.06.13 00:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Sprite Setup Wizard[2008.06.13 00:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Sprite Software[2008.01.29 19:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Thinstall[2007.03.25 16:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Ulead Systems[2007.12.03 19:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\uTorrent[2008.12.20 16:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Samsung[2009.02.16 19:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Canneverbe_Limited[2009.04.14 14:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Desktopicon ========== Purity Check ========== < End of report > =========================================================================================================================================================================================================================================================================== OTL Extras logfile created on: 26.03.2010 11:31:17 - Run 1OTL by OldTimer - Version 3.1.37.3 Folder = C:\DownloadsWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000419 | Country: Russia | Language: RUS | Date Format: dd.MM.yyyy 502,00 Mb Total Physical Memory | 140,00 Mb Available Physical Memory | 28,00% Memory free1,00 Gb Paging File | 1,00 Gb Available in Paging File | 74,00% Paging File freePaging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 35,06 Gb Total Space | 5,81 Gb Free Space | 16,58% Space Free | Partition Type: FAT32Drive D: | 35,54 Gb Total Space | 11,86 Gb Free Space | 33,37% Space Free | Partition Type: FAT32E: Drive not present or media not loadedDrive F: | 654,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFSG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: ACER-684C9A655DCurrent User Name: PetiaLogged in as Administrator. Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OnFile Age = 30 DaysOutput = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-497276788-121197650-1682483655-1006\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [Winamp.Bookmark] -- "D:\DC++\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)Directory [Winamp.Enqueue] -- "D:\DC++\Winamp\winamp.exe" /ADD "%1" (Nullsoft)Directory [Winamp.Play] -- "D:\DC++\Winamp\winamp.exe" "%1" (Nullsoft)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DoNotAllowExceptions" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009"1723:TCP" = 1723:TCP:*:Disabled:@xpsp2res.dll,-22015"1701:UDP" = 1701:UDP:*:Disabled:@xpsp2res.dll,-22016"500:UDP" = 500:UDP:*:Disabled:@xpsp2res.dll,-22017 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)"E:\DWizard300.exe" = E:\DWizard300.exe:*:Enabled:DCCWizard -- File not found"E:\libNEAP.dll" = E:\libNEAP.dll:*:Enabled:DCClibrary -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.5"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0"{30283233-3BE6-473D-A47C-ED964A2F78B4}_is1" = Inpaint 2.0"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup"{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software"{4B30335C-5C3E-436F-95B6-237FCFE15C33}" = Heroes of Might and Magic IV: The Gathering Storm"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0"{4DA416AE-6D1C-40D6-BCA3-A65A59DD60FC}" = Acer eDataSecurity Management"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6"{5F947508-7916-4FE4-BB53-6E75C9F88FAA}" = Application Suite"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD"{6864ABC3-A982-436B-BEF1-5652D6303361}" = ESET NOD32 Antivirus"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{ABC5404F-F0F3-4221-8DB9-5D34DD866E50}" = Sprite Backup"{AC1FBAF2-2B8D-4E9D-B881-37D1A52E77C5}" = Ulead COOL 360"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.26"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe"{FE58B892-3825-4610-A6A2-E6EFCA83BD97}" = Ulead PhotoImpact 10"adobe flash player activex" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"CCleaner" = CCleaner (remove only)"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025" = SoftV90 Data Fax Modem with SmartCP"CNXT_MODEM_PCI_VEN_8086&DEV_266D_CplEFL5k" = Soft Data Fax Modem with SmartCP"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint"Easy-WebPrint" = Easy-WebPrint"ePresentation" = Acer ePresentation Management"eset online scanner" = ESET Online Scanner v3"ExtractNow_is1" = ExtractNow"FlashGet" = FlashGet 1.9.6.1073"GridVista" = Acer GridVista"HijackThis" = HijackThis 2.0.2"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs"ie7" = Windows Internet Explorer 7"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.65"LogMeIn Hamachi" = LogMeIn Hamachi"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)"MP Navigator 3.0" = Canon MP Navigator 3.0"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"MSNINST" = MSN"My Free Mahjong_is1" = My Free Mahjong"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"OUTLOOKR" = Microsoft Office Outlook 2007 Trial"ProInst" = Intel® PROSet/Wireless Software"Revo Uninstaller" = Revo Uninstaller 1.85"SA Dictionary 2004 Datacenter" = SA Dictionary 2004 Datacenter"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software"SynTPDeinstKey" = Synaptics Pointing Device Driver"The KMPlayer" = The KMPlayer (remove only)"Tweak UI 2.10" = Tweak UI"Unlocker" = Unlocker 1.8.7"uTorrent" = µTorrent"vis_MojoMaster.dllWinamp" = Mojo Master Winamp Visualizer for Winamp (remove only)"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5"WebTrance2" = WebTrance2 (деинсталиране)"WIC" = Windows Imaging Component"Winamp" = Winamp"Windows Media Encoder 9" = Windows Media Encoder 9 Series"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook"Windows XP Service Pack" = Windows XP Service Pack 3"WinRAR archiver" = WinRAR archiver"WMFDist11" = Windows Media Format 11 runtime"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-497276788-121197650-1682483655-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ]Error - 21.03.2010 6:45:18 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000Description = Faulting application epm-dm.exe, version 0.2.8.0, faulting module epm-dm.exe, version 0.2.8.0, fault address 0x00008b09. Error - 21.03.2010 8:34:30 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000Description = Faulting application epm-dm.exe, version 0.2.8.0, faulting module epm-dm.exe, version 0.2.8.0, fault address 0x00008b09. Error - 22.03.2010 9:42:45 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000Description = Faulting application epm-dm.exe, version 0.2.8.0, faulting module epm-dm.exe, version 0.2.8.0, fault address 0x00008b09. Error - 23.03.2010 7:42:22 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x00010a19. Error - 23.03.2010 8:10:58 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000Description = Faulting application epm-dm.exe, version 0.2.8.0, faulting module epm-dm.exe, version 0.2.8.0, fault address 0x00008b09. Error - 23.03.2010 13:53:36 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000Description = Faulting application epm-dm.exe, version 0.2.8.0, faulting module epm-dm.exe, version 0.2.8.0, fault address 0x00008b09. Error - 24.03.2010 11:42:06 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000Description = Faulting application epm-dm.exe, version 0.2.8.0, faulting module epm-dm.exe, version 0.2.8.0, fault address 0x00008b09. Error - 24.03.2010 18:14:13 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000Description = Faulting application epm-dm.exe, version 0.2.8.0, faulting module epm-dm.exe, version 0.2.8.0, fault address 0x00008b09. Error - 25.03.2010 8:51:38 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000Description = Faulting application epm-dm.exe, version 0.2.8.0, faulting module epm-dm.exe, version 0.2.8.0, fault address 0x00008b09. Error - 25.03.2010 18:31:11 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000Description = Faulting application epm-dm.exe, version 0.2.8.0, faulting module epm-dm.exe, version 0.2.8.0, fault address 0x00008b09. [ System Events ]Error - 25.03.2010 14:17:48 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7023Description = The IPSEC Services service terminated with the following error: %%1747 Error - 25.03.2010 14:30:44 | Computer Name = ACER-684C9A655D | Source = Dhcp | ID = 1001Description = Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00166FADB6AF. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Error - 25.03.2010 17:34:42 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7002Description = The Routing and Remote Access service depends on the NetBIOSGroup group and no member of this group started. Error - 25.03.2010 17:34:42 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7023Description = The IPSEC Services service terminated with the following error: %%1747 Error - 25.03.2010 17:35:00 | Computer Name = ACER-684C9A655D | Source = DCOM | ID = 10005Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 26.03.2010 5:16:52 | Computer Name = ACER-684C9A655D | Source = DCOM | ID = 10005Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 26.03.2010 5:16:54 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7002Description = The Routing and Remote Access service depends on the NetBIOSGroup group and no member of this group started. Error - 26.03.2010 5:16:54 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7023Description = The IPSEC Services service terminated with the following error: %%1747 Error - 26.03.2010 5:18:06 | Computer Name = ACER-684C9A655D | Source = Dhcp | ID = 1001Description = Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00166FADB6AF. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Error - 26.03.2010 5:20:36 | Computer Name = ACER-684C9A655D | Source = Dhcp | ID = 1001Description = Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00166FADB6AF. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. < End of report > Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Март 26, 2010 Report Share Публикувано Март 26, 2010 Стартирай отново OTL. В празното поле "Custom Scans/Fixes" (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V): :OTL O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O20 - Winlogon\Notify\bfbafeffaecaf: DllName - Reg Error: Value error. - Reg Error: Value error. File not found [2010.03.10 01:47:22 | 000,000,000 | -HSD | C] -- C:\FOUND.016 [2010.02.27 22:59:32 | 000,000,000 | -HSD | C] -- C:\FOUND.015 :Files C:\WINDOWS\*.tmp C:\WINDOWS\System32\*.tmp :Commands [emptytemp] [reboot]Кликни бутон Run Fix. Потвърди с OK на съобщението, че е нужен рестарт на системата. След рестарта ще се появи текстов дневник/лог. Същият файл се намира в C:\_OTL\MovedFiles. Моля, прикачи го към следващия си коментар. Някакъв конкретен проблем ли има със системата, че се налага преглед на логове? Цитирай Link to comment Сподели другаде More sharing options...
stanilabg Публикувано Март 26, 2010 Report Share Публикувано Март 26, 2010 Night_Raven здравей. Стана ми интересно за OTL, тъй като досега разглеждайки форума, не съм се срещнал с препоръка за влагане на някакъв текст преди сканирането с нея. Задължително ли е да се прави? Какво е предназначението на този текст? Явно някакви команди. Цитирай Link to comment Сподели другаде More sharing options...
regbor Публикувано Март 26, 2010 Author Report Share Публикувано Март 26, 2010 All processes killedError: Unable to interpret <:OTLO2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.O20 - Winlogon\Notify\bfbafeffaecaf: DllName - Reg Error: Value error. - Reg Error: Value error. File not found[2010.03.10 01:47:22 | 000,000,000 | -HSD | C] -- C:\FOUND.016[2010.02.27 22:59:32 | 000,000,000 | -HSD | C] -- C:\FOUND.015:FilesC:\WINDOWS\*.tmpC:\WINDOWS\System32\*.tmp:Commands[emptytemp][reboot]> in the current context! OTL by OldTimer - Version 3.1.37.3 log created on 03262010_210159 Files\Folders moved on Reboot... Registry entries deleted on Reboot... ------------------------------------------------------------------------------------------------------------------------- Проблема със системата е, че постоянно забива без видима причина...Другото,което се получава е 5-10 минути 100% CPU активност на EKRN.EXE, без да е стартиран никакъв процес или да е отворена някаква страница....,но това е може би поради самия софтуер. Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Март 27, 2010 Report Share Публикувано Март 27, 2010 Night_Raven здравей. Стана ми интересно за OTL, тъй като досега разглеждайки форума, не съм се срещнал с препоръка за влагане на някакъв текст преди сканирането с нея. Задължително ли е да се прави? Какво е предназначението на този текст? Явно някакви команди.По принцип не е задължително, но е полезно, защото предоставя допълнителна информация, която помага за засичане на някои гадинки, които не биха се засекли при нормално сканиране. All processes killedError: Unable to interpret <:OTLO2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.O20 - Winlogon\Notify\bfbafeffaecaf: DllName - Reg Error: Value error. - Reg Error: Value error. File not found[2010.03.10 01:47:22 | 000,000,000 | -HSD | C] -- C:\FOUND.016[2010.02.27 22:59:32 | 000,000,000 | -HSD | C] -- C:\FOUND.015:FilesC:\WINDOWS\*.tmpC:\WINDOWS\System32\*.tmp:Commands[emptytemp][reboot]> in the current context! OTL by OldTimer - Version 3.1.37.3 log created on 03262010_210159 Files\Folders moved on Reboot... Registry entries deleted on Reboot... ------------------------------------------------------------------------------------------------------------------------- Проблема със системата е, че постоянно забива без видима причина...Другото,което се получава е 5-10 минути 100% CPU активност на EKRN.EXE, без да е стартиран никакъв процес или да е отворена някаква страница....,но това е може би поради самия софтуер.Сигурен ли си, че си копирал текста както трябва - да е както е тук: всяка команда да е на нов ред и т.н.? Цитирай Link to comment Сподели другаде More sharing options...
stanilabg Публикувано Март 27, 2010 Report Share Публикувано Март 27, 2010 По принцип не е задължително, но е полезно, защото предоставя допълнителна информация, която помага за засичане на някои гадинки, които не биха се засекли при нормално сканиране.Извинявам се за спама, но как се разчита един такъв лог. файл (кое е лошо, кое добре)? За мен е тъмна Индия. Респективно, как се създава после лог. файл с който се показва на програмата какво да трие?Преди няколко дена ми се наложи да се преборя с едни гадини и след като сканирах с Malwarebytes Anty-Malware и SUPERAntiSpyware Free, които не откриваха нищо (сканирането продължаваше по 2 часа, въпреки, че при нормални условия се извършваше за 15-20 мин.), реших да пробвам и OTL. Е да, ама нищо не разбирам, кое трябва да се премахне (ако въобще трябва). Затова и питам.Между другото, и HijackThis и Autoruns показваха необичаен за системата ми процес - syspck32.exe, който не се премахваше от двете програми, защото нещо го използвало. Иначе проблема се състоеше в това, че компютъра зареждаше бавно, както всички останали приложения, които се опитвах да отворя + това, че процесора беше непрекъснато на 100% и вентилаторите не спираха да се въртят на максимум. Вече се готвих да попитам в една доста нашумяла тези дни тема Компютърът ми се стартира страшно бавно, бях насъбрал над 7-8 лог. файла на различни програми, когато реших да пробвам и под Safe Mode Malwarebytes Anty-Malware. За мое щастие, откри въпросната гадина и след рестарт я премахна. Цитирай Link to comment Сподели другаде More sharing options...
regbor Публикувано Март 27, 2010 Author Report Share Публикувано Март 27, 2010 All processes killed========== OTL ==========Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\bfbafeffaecaf\ deleted successfully.C:\FOUND.016 folder moved successfully.C:\FOUND.015 folder moved successfully.========== FILES ==========C:\WINDOWS\002878_.tmp moved successfully.C:\WINDOWS\msdownld.tmp folder moved successfully.File\Folder C:\WINDOWS\System32\*.tmp not found.========== COMMANDS ========== [EMPTYTEMP] User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytes User: All Users User: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes User: LocalService->Temp folder emptied: 66016 bytes->Temporary Internet Files folder emptied: 32902 bytes User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytes User: Administrator.ACER-684C9A655D->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytes User: Administrator.ACER-684C9A655D.000->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytes User: Petia->Temp folder emptied: 286366214 bytes->Temporary Internet Files folder emptied: 36677360 bytes->FireFox cache emptied: 63360139 bytes->Flash cache emptied: 16987 bytes User: w User: Downloads %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 5472562 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23372686 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytesRecycleBin emptied: 357289 bytes Total Files Cleaned = 397,00 mb OTL by OldTimer - Version 3.1.37.3 log created on 03272010_143333 Files\Folders moved on Reboot...C:\Documents and Settings\Petia\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.C:\Documents and Settings\Petia\Local Settings\Temporary Internet Files\Content.IE5\NS8E5NPU\ads[10].htm moved successfully.C:\Documents and Settings\Petia\Local Settings\Temporary Internet Files\Content.IE5\OY13IAL9\ads[6].htm moved successfully.C:\Documents and Settings\Petia\Local Settings\Temporary Internet Files\Content.IE5\OY13IAL9\index[3].htm moved successfully.C:\Documents and Settings\Petia\Local Settings\Temporary Internet Files\Content.IE5\8G1NUCSE\ads[5].htm moved successfully.C:\Documents and Settings\Petia\Local Settings\Temporary Internet Files\Content.IE5\8G1NUCSE\ads[6].htm moved successfully.C:\Documents and Settings\Petia\Local Settings\Temporary Internet Files\Content.IE5\8G1NUCSE\ads[7].htm moved successfully.C:\Documents and Settings\Petia\Local Settings\Temporary Internet Files\Content.IE5\4OX700SA\ishow1[1].htm moved successfully. Registry entries deleted on Reboot... Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Март 27, 2010 Report Share Публикувано Март 27, 2010 stanilabg, не може да се опише с няколко изречения как точно се разпознава кое е зловредно и кое не е. Принципът е същият като при всички подобни програми, които просто сканират системата и извеждат информация за най-различни файлове, папки, ключове и стойности в регистратурата и т.н. и т.н. Положението е много сходно с HijackThis например. Потребителят трябва да е наясно какво точно се сканира, какво означава всеки сканиран обект, да има определени познания относно работата на операционната система, да познава основните и често срещаните като имена нейни файлове, да има представа за основните типове поведения на зловредния код, за да знае кое да заподозре и кое не и да знае къде и как да търси в интернет за допълнителна информация.Трудничко може да се даде подробно обяснение как да се работи с програмата, защото то не опира само до познаване на самата програма, а и до други, външни фактори. Нещата са комплексни и взаимнозависими.За създаване на скрипт за почистване е нужно потребителят разбира се успешно да е открил зловредните/ненужните обекти и да знае какви са командите на програмата, за да може да създаде въпросния скрипт. Regbor, проблемът още ли е налице? Цитирай Link to comment Сподели другаде More sharing options...
regbor Публикувано Март 28, 2010 Author Report Share Публикувано Март 28, 2010 Остана част от проблема... За да се отвори определена страница е необходим неколкократен рефреш на страницата. Проблема не е в сигнала, а в самият комп. Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.