Желание за преглед на лог от HijackThis

[regbor]

Бихте ли прегледали този лог?! :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:40:25, on 24.03.2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\acer\Empowering Technology\ePower\epm-dm.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\Administrator.ACER-684C9A655D\Desktop\AdA\HiJackThis202.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.comodo.com/search/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: AcroIEHlprObj Class - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe

O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot

O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{0287E462-2975-49A3-A896-3A1BF3BC82DF}: NameServer = 10.28.4.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{0287E462-2975-49A3-A896-3A1BF3BC82DF}: NameServer = 10.28.4.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{0287E462-2975-49A3-A896-3A1BF3BC82DF}: NameServer = 10.28.4.1

O17 - HKLM\System\CS3\Services\Tcpip\..\{0287E462-2975-49A3-A896-3A1BF3BC82DF}: NameServer = 10.28.4.1

O17 - HKLM\System\CS4\Services\Tcpip\..\{0287E462-2975-49A3-A896-3A1BF3BC82DF}: NameServer = 10.28.4.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs:

O20 - Winlogon Notify: bfbafeffaecaf - C:\WINDOWS\

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

 

--

End of file - 7484 bytes

[Night_Raven]

ПреглСканирай с Malwarebytes' Anti-Malware и SUPERAntiSpyware Free. Ако вече имаш програмите, провери дали имаш последните версии и ако нямаш, премахни твоите и инсталирай най-новите. Ако тепърва инсталираш програмите, след инсталацията те ще предложат да се обновят автоматично, съгласи се. В противен случай обнови дефинициите им ръчно.

 

За Malwarebytes' Anti-Malware:

- стартирай програмата;

- избери Perform quick scan (Бързо сканиране) и кликни бутон Scan (Сканирай);

- като приключи сканирането кликни бутон OK и после Show results (Покажи резултатите);

- кликни бутон Remove Selected (Премахни избраните);

- ще се появи текстов файл (лог), копирай съдържанието му тук.

 

За SUPERAntiSpyware:

- стартирай програмата;

- кликни бутон Scan your Computer (Сканиране на компютъра);

- вляво избери само дял C:, а вдясно избери Perform Complete Scan (Извърши пълно сканиране);

- кликни Next и изчакай програмата да сканира;

- ако има засечени заплахи, кликни OK на съобщението;

- кликни Next, за да се премахнат гадинките, OK на потвърждението и накрая Finish;

- кликни бутон Preferences... (Настройки) и иди на подпрозорец Statistics/Logs (Дневници), маркирай последния лог по дата и кликни бутон View Log... (Покажи дневника);

- копирай съдържанието му тук.

 

Ако е нужен рестарт при някое от сканиранията, се съгласи и рестартирай веднага.

[vampira96]

Ако може прегледайте и моите логове.

 

Ако може прегледайте и моите логове.

 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 09:56:04, on 25.3.2010 a.

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\oodag.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\vsnpstd3.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\bgsmsnd.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Styler\Styler.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\HijackThis\TrendMicro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\system32\bgsmsnd.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: Styler.lnk = ?

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Transform XP to Vista\Yahoo! Widgets\Widgets\YahooWidgets.exe

O8 - Extra context menu item: &С&валяне &с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &С&валяне на всички с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &С&валяне на всичкото видео с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Преведи - {60237576-b24c-4ba9-9740-c9f3ec9db557} - C:\PROGRA~1\SkyCode\WEBTRA~1\wt2ie.dll

O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F61346-A9D5-42E8-8FFC-6E49FBB1FF9C}: NameServer = 80.253.48.5 80.253.48.6

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c987655de3f73c) (gupdate1c987655de3f73c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\OAcat.exe (file missing)

O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)

 

--

End of file - 10391 bytes

 

 

 

Malwarebytes' Anti-Malware 1.44

Версия на базата от данни: 3910

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

 

25.3.2010 a. 10:11:45

mbam-log-2010-03-25 (10-11-45).txt

 

Тип сканиране: Бързо сканиране

Сканирани обекти: 126800

Изминало време: 4 minute(s), 28 second(s)

 

Заразени процеси в паметта: 0

Заразени модули в паметта: 0

Заразени ключове в регистратурата: 0

Заразени стойности в регистратурата: 0

Заразени информационни обекти в регистратурата: 0

Заразени папки: 0

Заразени файлове: 0

 

Заразени процеси в паметта:

(Не бяха открити заплахи)

 

Заразени модули в паметта:

(Не бяха открити заплахи)

 

Заразени ключове в регистратурата:

(Не бяха открити заплахи)

 

Заразени стойности в регистратурата:

(Не бяха открити заплахи)

 

Заразени информационни обекти в регистратурата:

(Не бяха открити заплахи)

 

Заразени папки:

(Не бяха открити заплахи)

 

Заразени файлове:

(Не бяха открити заплахи)

 

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 03/25/2010 at 11:13 AM

 

Application Version : 4.34.1000

 

Core Rules Database Version : 4729

Trace Rules Database Version: 2541

 

Scan type : Complete Scan

Total Scan Time : 00:30:34

 

Memory items scanned : 519

Memory threats detected : 0

Registry items scanned : 6809

Registry threats detected : 0

File items scanned : 23214

File threats detected : 33

 

Adware.Tracking Cookie

C:\Documents and Settings\user_1\Cookies\user_1@CADVYNGZ.txt

C:\Documents and Settings\user_1\Cookies\user_1@CA4BPGZ2.txt

C:\Documents and Settings\user_1\Cookies\user_1@CADXY51W.txt

C:\Documents and Settings\user_1\Cookies\user_1@statcounter[9].txt

C:\Documents and Settings\user_1\Cookies\user_1@statcounter[8].txt

C:\Documents and Settings\user_1\Cookies\user_1@statcounter[7].txt

C:\Documents and Settings\user_1\Cookies\user_1@statcounter[6].txt

C:\Documents and Settings\user_1\Cookies\user_1@microsoftwga.112.2o7[2].txt

C:\Documents and Settings\user_1\Cookies\user_1@microsoftwga.112.2o7[3].txt

C:\Documents and Settings\user_1\Cookies\user_1@microsoftwga.112.2o7[1].txt

C:\Documents and Settings\user_1\Cookies\user_1@avgtechnologies.112.2o7[1].txt

C:\Documents and Settings\user_1\Cookies\user_1@avgtechnologies.112.2o7[5].txt

C:\Documents and Settings\user_1\Cookies\user_1@avgtechnologies.112.2o7[4].txt

C:\Documents and Settings\user_1\Cookies\user_1@avgtechnologies.112.2o7[3].txt

C:\Documents and Settings\user_1\Cookies\user_1@avgtechnologies.112.2o7[2].txt

C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[10].txt

C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[11].txt

C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[4].txt

C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[5].txt

C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[2].txt

C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[3].txt

C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[1].txt

C:\Documents and Settings\user_1\Cookies\user_1@statcounter[10].txt

C:\Documents and Settings\user_1\Cookies\user_1@statcounter[11].txt

C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[8].txt

C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[9].txt

C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[6].txt

C:\Documents and Settings\user_1\Cookies\user_1@doubleclick[7].txt

C:\Documents and Settings\user_1\Cookies\user_1@statcounter[1].txt

C:\Documents and Settings\user_1\Cookies\user_1@statcounter[2].txt

C:\Documents and Settings\user_1\Cookies\user_1@statcounter[3].txt

C:\Documents and Settings\user_1\Cookies\user_1@statcounter[4].txt

C:\Documents and Settings\user_1\Cookies\user_1@statcounter[5].txt

[Night_Raven]

Хайде един по един, а?

[regbor]

Malwarebytes' Anti-Malware 1.44

Database version: 3914

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

 

26.03.2010 0:31:37

mbam-log-2010-03-26 (00-31-37).txt

 

Scan type: Quick Scan

Objects scanned: 163601

Time elapsed: 7 minute(s), 41 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{43143878-efed-4d03-b1f8-b8a5e5520109} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{6c5ba655-5cec-47bb-a6d3-82a4afe7da87} (Trojan.BHO) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

-------------------------------------------------------------------------------------------------------------------------

 

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 03/26/2010 at 01:04 AM

 

Application Version : 4.34.1000

 

Core Rules Database Version : 4731

Trace Rules Database Version: 2543

 

Scan type : Complete Scan

Total Scan Time : 00:25:51

 

Memory items scanned : 488

Memory threats detected : 0

Registry items scanned : 5503

Registry threats detected : 0

File items scanned : 25303

File threats detected : 0

[Night_Raven]

Какъв всъщност е проблемът? Още ли е налице?

 

Ако да, тогава...

 

Изтегли OTL и го запази на работния плот:

- в поле Custom Scans/Fixes (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V):

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
CREATERESTOREPOINT
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%PROGRAMFILES%\*.
%userprofile%\Desktop\*.*
%userprofile%\Desktop\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

- в поле Output избери Minimal Output;

- увери се, че е избрана опцията Use SafeList във всичките 6 полета в лявата половина на прозореца;

- увери се, че е избрана опцията File Age в двете полета в дясната половина на прозореца;

- постави отметки на всички опции, налични в прозореца на програмата;

- кликни бутон Run Scan;

Изчакай сканирането да приключи. След края на сканирането автоматично ще се отворят двата новосъздадени на работния плот файла: OTL.txt и Extras.txt.

Моля, прикачи тези два файла (поотделно или в архив) към следващия си коментар.

[regbor]

OTL logfile created on: 26.03.2010 11:31:17 - Run 1

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000419 | Country: Russia | Language: RUS | Date Format: dd.MM.yyyy

 

502,00 Mb Total Physical Memory | 140,00 Mb Available Physical Memory | 28,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 74,00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 35,06 Gb Total Space | 5,81 Gb Free Space | 16,58% Space Free | Partition Type: FAT32

Drive D: | 35,54 Gb Total Space | 11,86 Gb Free Space | 33,37% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

Drive F: | 654,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ACER-684C9A655D

Current User Name: Petia

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc)

PRC - C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)

MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()

MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)

SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)

SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (AWService) -- C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)

DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)

DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)

DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)

DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)

DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)

DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)

DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)

DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)

DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)

DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)

DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation)

DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)

DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys ()

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (usbvm328) -- C:\WINDOWS\system32\drivers\usbvm326.sys (Vimicro Corporation)

DRV - (BTCAMDRV) -- C:\WINDOWS\system32\drivers\BTCamDrv.sys (Windows ® 2000 DDK provider)

DRV - (vmfilter326) -- C:\WINDOWS\system32\drivers\vmfilter326.sys (Vimicro Corporation)

DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys ()

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)

DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)

DRV - (BTSLBCSP) -- C:\WINDOWS\system32\drivers\btslbcsp.sys (Broadcom Corporation.)

DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)

DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)

DRV - (NdisFilt) -- C:\WINDOWS\system32\drivers\NdisFilt.sys (OSA Technologies)

DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)

DRV - (UnlockerDriver4) -- C:\Program Files\Unlocker\UnlockerDriver4.sys ()

DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company)

DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys ()

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider)

DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - (UBHelper) -- C:\WINDOWS\system32\drivers\UBHelper.sys ()

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )

DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)

DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)

DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA)

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-497276788-121197650-1682483655-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.comodo.com/search/

IE - HKU\S-1-5-21-497276788-121197650-1682483655-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/

IE - HKU\S-1-5-21-497276788-121197650-1682483655-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.10

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.02.14 10:01:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.02.14 10:01:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.02.04 12:29:44 | 000,000,000 | ---D | M]

 

[2009.02.14 10:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Mozilla\Extensions

[2009.02.14 10:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Mozilla\Firefox\Profiles\nbt5h1zi.default\extensions

[2010.02.04 10:28:00 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Petia\Application Data\Mozilla\Firefox\Profiles\nbt5h1zi.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

[2009.09.08 10:58:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Petia\Application Data\Mozilla\Firefox\Profiles\nbt5h1zi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.02.04 10:28:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Petia\Application Data\Mozilla\Firefox\Profiles\nbt5h1zi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009.02.14 10:01:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010.02.09 17:44:40 | 000,001,083 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\911bg.xml

[2010.02.09 17:44:40 | 000,002,442 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\diribg.xml

[2010.02.09 17:44:40 | 000,001,515 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pe-bg.xml

[2010.02.09 17:44:40 | 000,001,857 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\portalbgdict.xml

[2010.02.09 17:44:40 | 000,001,220 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-bg.xml

 

O1 HOSTS File: ([2009.11.05 04:33:22 | 000,350,617 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 12022 more lines...

O2 - BHO: (AcroIEHlprObj Class) - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()

O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)

O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)

O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [EPM-DM] c:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKU\S-1-5-21-497276788-121197650-1682483655-1006..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-497276788-121197650-1682483655-1006\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-21-497276788-121197650-1682483655-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-497276788-121197650-1682483655-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 01 00 00 00 [binary data]

O7 - HKU\S-1-5-21-497276788-121197650-1682483655-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-497276788-121197650-1682483655-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)

O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\bfbafeffaecaf: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Petia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Petia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2002.08.26 20:54:46 | 000,000,209 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: Ias - C:\WINDOWS\system32\ias [2004.09.14 12:52:08 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: LanmanWorkstation - File not found

NetSvcs: Messenger - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010.03.26 00:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2010.03.26 00:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petia\Application Data\SUPERAntiSpyware.com

[2010.03.26 00:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010.03.26 00:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010.03.25 23:50:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.03.25 23:50:26 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.03.25 23:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010.03.10 01:47:22 | 000,000,000 | -HSD | C] -- C:\FOUND.016

[2010.02.27 22:59:32 | 000,000,000 | -HSD | C] -- C:\FOUND.015

[2009.11.04 23:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi

[2009.09.12 19:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2009.02.16 12:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET

[2004.09.14 13:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2004.09.14 13:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2004.09.14 12:56:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2004.09.14 12:56:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010.03.26 11:15:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.03.26 11:15:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.03.26 11:15:14 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys

[2010.03.26 01:41:54 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat

[2010.03.26 01:41:50 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\Petia\NTUSER.DAT

[2010.03.26 01:41:50 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Petia\ntuser.ini

[2010.03.26 00:16:48 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010.03.25 23:50:36 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.03.24 19:36:06 | 002,110,178 | -H-- | M] () -- C:\Documents and Settings\Petia\Local Settings\Application Data\IconCache.db

[2010.03.23 19:39:16 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010.03.14 01:55:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010.03.26 00:16:47 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010.03.25 23:50:34 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008.12.29 02:31:09 | 000,039,464 | ---- | C] () -- C:\Documents and Settings\Petia\Local Settings\Application Data\FASTWiz.log

[2008.12.20 16:57:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt

[2008.12.20 16:55:12 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2008.10.27 23:48:46 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Petia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.10.27 22:20:53 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Petia\Application Data\$_hpcst$.hpc

[2007.12.02 16:38:59 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat

[2007.06.01 13:35:09 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini

[2007.06.01 13:29:11 | 000,000,080 | ---- | C] () -- C:\WINDOWS\my.ini

[2007.03.25 22:10:15 | 000,000,030 | ---- | C] () -- C:\WINDOWS\iedit.INI

[2007.03.25 16:32:16 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Pex.INI

[2007.03.25 16:07:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ulead32.ini

[2007.03.09 15:45:00 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2007.03.09 15:45:00 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2007.03.09 15:45:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2007.03.09 15:44:57 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2007.03.09 15:44:57 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2007.02.08 14:42:41 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys

[2007.02.08 14:41:11 | 000,664,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2007.02.08 14:41:11 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd9917.sys

[2006.11.18 16:50:32 | 000,000,533 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2006.11.08 20:21:47 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2006.11.07 01:34:05 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006.10.04 07:15:14 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2006.10.01 23:22:22 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2006.10.01 23:22:12 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2006.10.01 20:44:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006.09.09 18:44:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll

[2006.09.09 18:44:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll

[2006.09.09 18:44:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll

[2006.09.09 18:44:54 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll

[2006.09.09 18:44:54 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll

[2006.09.09 18:43:38 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini

[2006.03.09 23:18:16 | 000,036,404 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2005.11.24 14:08:48 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll

[2005.11.24 14:08:04 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll

[2005.11.24 14:08:04 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll

[2005.11.24 14:08:04 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll

[2005.11.24 14:08:04 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll

[2005.09.19 15:50:42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2005.06.20 02:42:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005.05.02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys

[2005.01.21 11:48:08 | 000,225,280 | ---- | C] () -- C:\WINDOWS\Capsule.dll

[2004.12.17 01:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys

[2004.09.07 14:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2004.08.04 05:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2004.08.04 05:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2004.08.04 05:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2004.08.04 05:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2004.08.04 05:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2004.08.04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2003.12.29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll

[2003.11.24 15:55:48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll

[2003.11.24 15:55:32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll

[2002.05.15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll

[2001.11.23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll

[2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll

[2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

 

========== LOP Check ==========

 

[2006.09.09 18:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer

[2006.11.08 20:13:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2006.11.08 20:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2007.03.09 15:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2007.03.25 16:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2009.02.16 12:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET

[2006.09.09 18:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Acer

[2007.12.03 18:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\BSplayer Pro

[2006.11.10 17:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Canon

[2007.10.31 15:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Leadertech

[2007.12.02 14:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\MSNInstaller

[2006.11.08 20:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\ScanSoft

[2008.06.13 00:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Sprite PC Agent

[2008.06.13 00:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Sprite Setup Wizard

[2008.06.13 00:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Sprite Software

[2008.01.29 19:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Thinstall

[2007.03.25 16:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Ulead Systems

[2007.12.03 19:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\uTorrent

[2008.12.20 16:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Samsung

[2009.02.16 19:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Canneverbe_Limited

[2009.04.14 14:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petia\Application Data\Desktopicon

 

========== Purity Check ==========

 

 

< End of report >

 

 

 

 

=========================================================================================

=========================================================================================

=========================================================================================

 

 

 

 

 

OTL Extras logfile created on: 26.03.2010 11:31:17 - Run 1

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000419 | Country: Russia | Language: RUS | Date Format: dd.MM.yyyy

 

502,00 Mb Total Physical Memory | 140,00 Mb Available Physical Memory | 28,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 74,00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 35,06 Gb Total Space | 5,81 Gb Free Space | 16,58% Space Free | Partition Type: FAT32

Drive D: | 35,54 Gb Total Space | 11,86 Gb Free Space | 33,37% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

Drive F: | 654,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ACER-684C9A655D

Current User Name: Petia

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_USERS\S-1-5-21-497276788-121197650-1682483655-1006\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "D:\DC++\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "D:\DC++\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "D:\DC++\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015

"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016

"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"1723:TCP" = 1723:TCP:*:Disabled:@xpsp2res.dll,-22015

"1701:UDP" = 1701:UDP:*:Disabled:@xpsp2res.dll,-22016

"500:UDP" = 500:UDP:*:Disabled:@xpsp2res.dll,-22017

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)

"E:\DWizard300.exe" = E:\DWizard300.exe:*:Enabled:DCCWizard -- File not found

"E:\libNEAP.dll" = E:\libNEAP.dll:*:Enabled:DCClibrary -- File not found

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.5

"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160

"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0

"{30283233-3BE6-473D-A47C-ED964A2F78B4}_is1" = Inpaint 2.0

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3

"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software

"{4B30335C-5C3E-436F-95B6-237FCFE15C33}" = Heroes of Might and Magic IV: The Gathering Storm

"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0

"{4DA416AE-6D1C-40D6-BCA3-A65A59DD60FC}" = Acer eDataSecurity Management

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6

"{5F947508-7916-4FE4-BB53-6E75C9F88FAA}" = Application Suite

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6864ABC3-A982-436B-BEF1-5652D6303361}" = ESET NOD32 Antivirus

"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage

"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007

"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{ABC5404F-F0F3-4221-8DB9-5D34DD866E50}" = Sprite Backup

"{AC1FBAF2-2B8D-4E9D-B881-37D1A52E77C5}" = Ulead COOL 360

"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0

"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver

"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management

"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.26

"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"{FE58B892-3825-4610-A6A2-E6EFCA83BD97}" = Ulead PhotoImpact 10

"adobe flash player activex" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"CCleaner" = CCleaner (remove only)

"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025" = SoftV90 Data Fax Modem with SmartCP

"CNXT_MODEM_PCI_VEN_8086&DEV_266D_CplEFL5k" = Soft Data Fax Modem with SmartCP

"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint

"Easy-WebPrint" = Easy-WebPrint

"ePresentation" = Acer ePresentation Management

"eset online scanner" = ESET Online Scanner v3

"ExtractNow_is1" = ExtractNow

"FlashGet" = FlashGet 1.9.6.1073

"GridVista" = Acer GridVista

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework

"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4

"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management

"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management

"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.65

"LogMeIn Hamachi" = LogMeIn Hamachi

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)

"MP Navigator 3.0" = Canon MP Navigator 3.0

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"My Free Mahjong_is1" = My Free Mahjong

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"OUTLOOKR" = Microsoft Office Outlook 2007 Trial

"ProInst" = Intel® PROSet/Wireless Software

"Revo Uninstaller" = Revo Uninstaller 1.85

"SA Dictionary 2004 Datacenter" = SA Dictionary 2004 Datacenter

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"The KMPlayer" = The KMPlayer (remove only)

"Tweak UI 2.10" = Tweak UI

"Unlocker" = Unlocker 1.8.7

"uTorrent" = µTorrent

"vis_MojoMaster.dllWinamp" = Mojo Master Winamp Visualizer for Winamp (remove only)

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WebTrance2" = WebTrance2 (деинсталиране)

"WIC" = Windows Imaging Component

"Winamp" = Winamp

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-497276788-121197650-1682483655-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent" = µTorrent

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 21.03.2010 6:45:18 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000

Description = Faulting application epm-dm.exe, version 0.2.8.0, faulting module

epm-dm.exe, version 0.2.8.0, fault address 0x00008b09.

 

Error - 21.03.2010 8:34:30 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000

Description = Faulting application epm-dm.exe, version 0.2.8.0, faulting module

epm-dm.exe, version 0.2.8.0, fault address 0x00008b09.

 

Error - 22.03.2010 9:42:45 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000

Description = Faulting application epm-dm.exe, version 0.2.8.0, faulting module

epm-dm.exe, version 0.2.8.0, fault address 0x00008b09.

 

Error - 23.03.2010 7:42:22 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting

module ntdll.dll, version 5.1.2600.5755, fault address 0x00010a19.

 

Error - 23.03.2010 8:10:58 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000

Description = Faulting application epm-dm.exe, version 0.2.8.0, faulting module

epm-dm.exe, version 0.2.8.0, fault address 0x00008b09.

 

Error - 23.03.2010 13:53:36 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000

Description = Faulting application epm-dm.exe, version 0.2.8.0, faulting module

epm-dm.exe, version 0.2.8.0, fault address 0x00008b09.

 

Error - 24.03.2010 11:42:06 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000

Description = Faulting application epm-dm.exe, version 0.2.8.0, faulting module

epm-dm.exe, version 0.2.8.0, fault address 0x00008b09.

 

Error - 24.03.2010 18:14:13 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000

Description = Faulting application epm-dm.exe, version 0.2.8.0, faulting module

epm-dm.exe, version 0.2.8.0, fault address 0x00008b09.

 

Error - 25.03.2010 8:51:38 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000

Description = Faulting application epm-dm.exe, version 0.2.8.0, faulting module

epm-dm.exe, version 0.2.8.0, fault address 0x00008b09.

 

Error - 25.03.2010 18:31:11 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000

Description = Faulting application epm-dm.exe, version 0.2.8.0, faulting module

epm-dm.exe, version 0.2.8.0, fault address 0x00008b09.

 

[ System Events ]

Error - 25.03.2010 14:17:48 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7023

Description = The IPSEC Services service terminated with the following error: %%1747

 

Error - 25.03.2010 14:30:44 | Computer Name = ACER-684C9A655D | Source = Dhcp | ID = 1001

Description = Your computer was not assigned an address from the network (by the

DHCP Server) for the Network Card with network address 00166FADB6AF. The following

error occurred: %%1223. Your computer will continue to try and obtain an address

on its own from the network address (DHCP) server.

 

Error - 25.03.2010 17:34:42 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7002

Description = The Routing and Remote Access service depends on the NetBIOSGroup

group and no member of this group started.

 

Error - 25.03.2010 17:34:42 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7023

Description = The IPSEC Services service terminated with the following error: %%1747

 

Error - 25.03.2010 17:35:00 | Computer Name = ACER-684C9A655D | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service wuauserv with

arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

Error - 26.03.2010 5:16:52 | Computer Name = ACER-684C9A655D | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service wuauserv with

arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

Error - 26.03.2010 5:16:54 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7002

Description = The Routing and Remote Access service depends on the NetBIOSGroup

group and no member of this group started.

 

Error - 26.03.2010 5:16:54 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7023

Description = The IPSEC Services service terminated with the following error: %%1747

 

Error - 26.03.2010 5:18:06 | Computer Name = ACER-684C9A655D | Source = Dhcp | ID = 1001

Description = Your computer was not assigned an address from the network (by the

DHCP Server) for the Network Card with network address 00166FADB6AF. The following

error occurred: %%1223. Your computer will continue to try and obtain an address

on its own from the network address (DHCP) server.

 

Error - 26.03.2010 5:20:36 | Computer Name = ACER-684C9A655D | Source = Dhcp | ID = 1001

Description = Your computer was not assigned an address from the network (by the

DHCP Server) for the Network Card with network address 00166FADB6AF. The following

error occurred: %%1223. Your computer will continue to try and obtain an address

on its own from the network address (DHCP) server.

 

 

< End of report >

[Night_Raven]

Стартирай отново OTL. В празното поле "Custom Scans/Fixes" (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V):

 

:OTL
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O20 - Winlogon\Notify\bfbafeffaecaf: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
[2010.03.10 01:47:22 | 000,000,000 | -HSD | C] -- C:\FOUND.016
[2010.02.27 22:59:32 | 000,000,000 | -HSD | C] -- C:\FOUND.015
:Files
C:\WINDOWS\*.tmp
C:\WINDOWS\System32\*.tmp
:Commands
[emptytemp]
[reboot]

Кликни бутон Run Fix. Потвърди с OK на съобщението, че е нужен рестарт на системата.

 

След рестарта ще се появи текстов дневник/лог. Същият файл се намира в C:\_OTL\MovedFiles. Моля, прикачи го към следващия си коментар.

 

Някакъв конкретен проблем ли има със системата, че се налага преглед на логове?

[stanilabg]

Night_Raven здравей.

 

Стана ми интересно за OTL, тъй като досега разглеждайки форума, не съм се срещнал с препоръка за влагане на някакъв текст преди сканирането с нея. Задължително ли е да се прави? Какво е предназначението на този текст? Явно някакви команди.

[regbor]

All processes killed

Error: Unable to interpret <:OTLO2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.O20 - Winlogon\Notify\bfbafeffaecaf: DllName - Reg Error: Value error. - Reg Error: Value error. File not found[2010.03.10 01:47:22 | 000,000,000 | -HSD | C] -- C:\FOUND.016[2010.02.27 22:59:32 | 000,000,000 | -HSD | C] -- C:\FOUND.015:FilesC:\WINDOWS\*.tmpC:\WINDOWS\System32\*.tmp:Commands[emptytemp][reboot]> in the current context!

 

OTL by OldTimer - Version 3.1.37.3 log created on 03262010_210159

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

 

 

-------------------------------------------------------------------------------------------------------------------------

 

Проблема със системата е, че постоянно забива без видима причина...Другото,което се получава е 5-10 минути 100% CPU активност на EKRN.EXE, без да е стартиран никакъв процес или да е отворена някаква страница....,но това е може би поради самия софтуер.

[Night_Raven]

Night_Raven здравей.

 

Стана ми интересно за OTL, тъй като досега разглеждайки форума, не съм се срещнал с препоръка за влагане на някакъв текст преди сканирането с нея. Задължително ли е да се прави? Какво е предназначението на този текст? Явно някакви команди.

По принцип не е задължително, но е полезно, защото предоставя допълнителна информация, която помага за засичане на някои гадинки, които не биха се засекли при нормално сканиране.

 

All processes killed

Error: Unable to interpret <:OTLO2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.O20 - Winlogon\Notify\bfbafeffaecaf: DllName - Reg Error: Value error. - Reg Error: Value error. File not found[2010.03.10 01:47:22 | 000,000,000 | -HSD | C] -- C:\FOUND.016[2010.02.27 22:59:32 | 000,000,000 | -HSD | C] -- C:\FOUND.015:FilesC:\WINDOWS\*.tmpC:\WINDOWS\System32\*.tmp:Commands[emptytemp][reboot]> in the current context!

 

OTL by OldTimer - Version 3.1.37.3 log created on 03262010_210159

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

 

 

-------------------------------------------------------------------------------------------------------------------------

 

Проблема със системата е, че постоянно забива без видима причина...Другото,което се получава е 5-10 минути 100% CPU активност на EKRN.EXE, без да е стартиран никакъв процес или да е отворена някаква страница....,но това е може би поради самия софтуер.

Сигурен ли си, че си копирал текста както трябва - да е както е тук: всяка команда да е на нов ред и т.н.?

[stanilabg]

По принцип не е задължително, но е полезно, защото предоставя допълнителна информация, която помага за засичане на някои гадинки, които не биха се засекли при нормално сканиране.

Извинявам се за спама, но как се разчита един такъв лог. файл (кое е лошо, кое добре)? За мен е тъмна Индия.    Респективно, как се създава после лог. файл с който се показва на програмата какво да трие?

Преди няколко дена ми се наложи да се преборя с едни гадини и след като сканирах с Malwarebytes Anty-Malware и SUPERAntiSpyware Free, които не откриваха нищо (сканирането продължаваше по 2 часа, въпреки, че при нормални условия се извършваше за 15-20 мин.), реших да пробвам и OTL. Е да, ама нищо не разбирам, кое трябва да се премахне (ако въобще трябва). Затова и питам.

Между другото, и HijackThis и Autoruns показваха необичаен за системата ми процес - syspck32.exe, който не се премахваше от двете програми, защото нещо го използвало. Иначе проблема се състоеше в това, че компютъра зареждаше бавно, както всички останали приложения, които се опитвах да отворя + това, че процесора беше непрекъснато на 100% и вентилаторите не спираха да се въртят на максимум. Вече се готвих да попитам в една доста нашумяла тези дни тема Компютърът ми се стартира страшно бавно, бях насъбрал над 7-8 лог. файла на различни програми, когато реших да пробвам и под Safe Mode Malwarebytes Anty-Malware. За мое щастие, откри въпросната гадина и след рестарт я премахна.

[regbor]

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\bfbafeffaecaf\ deleted successfully.

C:\FOUND.016 folder moved successfully.

C:\FOUND.015 folder moved successfully.

========== FILES ==========

C:\WINDOWS\002878_.tmp moved successfully.

C:\WINDOWS\msdownld.tmp folder moved successfully.

File\Folder C:\WINDOWS\System32\*.tmp not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: All Users

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: Administrator.ACER-684C9A655D

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: Administrator.ACER-684C9A655D.000

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Petia

->Temp folder emptied: 286366214 bytes

->Temporary Internet Files folder emptied: 36677360 bytes

->FireFox cache emptied: 63360139 bytes

->Flash cache emptied: 16987 bytes

 

User: w

 

User: Downloads

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5472562 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23372686 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 357289 bytes

 

Total Files Cleaned = 397,00 mb

 

 

OTL by OldTimer - Version 3.1.37.3 log created on 03272010_143333

 

Files\Folders moved on Reboot...

C:\Documents and Settings\Petia\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

C:\Documents and Settings\Petia\Local Settings\Temporary Internet Files\Content.IE5\NS8E5NPU\ads[10].htm moved successfully.

C:\Documents and Settings\Petia\Local Settings\Temporary Internet Files\Content.IE5\OY13IAL9\ads[6].htm moved successfully.

C:\Documents and Settings\Petia\Local Settings\Temporary Internet Files\Content.IE5\OY13IAL9\index[3].htm moved successfully.

C:\Documents and Settings\Petia\Local Settings\Temporary Internet Files\Content.IE5\8G1NUCSE\ads[5].htm moved successfully.

C:\Documents and Settings\Petia\Local Settings\Temporary Internet Files\Content.IE5\8G1NUCSE\ads[6].htm moved successfully.

C:\Documents and Settings\Petia\Local Settings\Temporary Internet Files\Content.IE5\8G1NUCSE\ads[7].htm moved successfully.

C:\Documents and Settings\Petia\Local Settings\Temporary Internet Files\Content.IE5\4OX700SA\ishow1[1].htm moved successfully.

 

Registry entries deleted on Reboot...

[Night_Raven]

stanilabg, не може да се опише с няколко изречения как точно се разпознава кое е зловредно и кое не е. Принципът е същият като при всички подобни програми, които просто сканират системата и извеждат информация за най-различни файлове, папки, ключове и стойности в регистратурата и т.н. и т.н. Положението е много сходно с HijackThis например. Потребителят трябва да е наясно какво точно се сканира, какво означава всеки сканиран обект, да има определени познания относно работата на операционната система, да познава основните и често срещаните като имена нейни файлове, да има представа за основните типове поведения на зловредния код, за да знае кое да заподозре и кое не и да знае къде и как да търси в интернет за допълнителна информация.

Трудничко може да се даде подробно обяснение как да се работи с програмата, защото то не опира само до познаване на самата програма, а и до други, външни фактори. Нещата са комплексни и взаимнозависими.

За създаване на скрипт за почистване е нужно потребителят разбира се успешно да е открил зловредните/ненужните обекти и да знае какви са командите на програмата, за да може да създаде въпросния скрипт.

 

Regbor, проблемът още ли е налице?

[regbor]

Остана част от проблема... За да се отвори определена страница е необходим неколкократен рефреш на страницата. Проблема не е в сигнала, а в самият комп.