Не мога да отварям facebook

[Svetlozar]

Не мога да отварям facebook от какъвто и да било браузър! Всички други страници ги отварям, но този сайт не мога, знаете ли как да го оправя? Може би нещо блокира сайта?Изчистих кеша но не стана...

[panevdd]

Напиши някаква по-конкретна информация - операционна система, браузър...

Какво точно се случва при опит да отвориш сайта, покажи screenshot.

[Svetlozar]

windows 7, всички браузъри, когато се опитам да отворя http://facebook.com ми пише че няма такъв сайт

[draco_volans]

Следвай тази методика.

Сканирай с Malwarebytes' Anti-Malware и SUPERAntiSpyware Free. Ако вече имаш програмите, провери дали имаш последните версии и ако нямаш, премахни твоите и инсталирай най-новите. Ако тепърва инсталираш програмите, след инсталацията те ще предложат да се обновят автоматично, съгласи се. В противен случай обнови дефинициите им ръчно.

 

За Malwarebytes' Anti-Malware:

- стартирай програмата;

- избери Perform quick scan (Бързо сканиране) и кликни бутон Scan (Сканиране);

- след като приключи сканирането, ако не са открити заплахи, ще се отвори автоматично текстов файл (който можеш да затвориш) и програмата ще те уведоми, че не е открила нищо, след което можеш да кликнеш бутон OK и да я затвориш;

- ако са открити заплахи, кликни бутон OK и после Show results (Покажи резултатите);

- кликни бутон Remove Selected (Премахни избраните);

- ще се появи текстов файл (дневник/лог), копирай съдържанието му тук.

 

За SUPERAntiSpyware:

- стартирай програмата;

- кликни бутон Scan your Computer (Сканиране на компютъра);

- вляво избери само дял C:, а вдясно избери Perform Complete Scan (Извърши пълно сканиране);

- кликни Next и изчакай програмата да сканира;

- кликни OK на съобщението;

- ако има засечени заплахи, кликни Next, за да се премахнат гадинките, OK на потвърждението и накрая Finish;

- кликни бутон Preferences... (Настройки) и иди на подпрозорец Statistics/Logs (Дневници), маркирай последния лог по дата и кликни бутон View Log... (Покажи дневника);

- копирай съдържанието му тук.

 

Ако е нужен рестарт при някое от сканиранията, се съгласи и рестартирай веднага.

[axl_rose]

Аз също имам този проблем...все едно фейсбук не съществува...Никой не казва нищо и никой не може да помогне...

[Night_Raven]

Операционната система е?

[axl_rose]

windows 7

[Night_Raven]

Изтегли OTL и го запази на работния плот:

- стартирай инструмента;

- постави отметка в горната част на Scan All Users;

- в поле Standard Registry избери All;

- от падащо меню File Age избери 90 Days;

- постави отметки още на: Skip Microsoft Files, LOP Check и Purity Check;

- в поле Custom Scans/Fixes (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V):

netsvcs
netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Roaming\*.*
%ProgramData%\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
/md5start
hlp.dat
winlogon.exe
wininit.exe
userinit.exe
explorer.exe
volsnap.sys
/md5stop

- кликни бутон Run Scan;

Изчакай сканирането да приключи. След края на сканирането автоматично ще се отворят двата новосъздадени на работния плот файла: OTL.txt и Extras.txt.

 

Моля, прикачи тези два файла (поотделно или в архив) към следващия си коментар.

[axl_rose]

Тази програма ми излезе на немски...Мисля че направих това което ми казахте...Ето 2 текста:

 

 

 

OTL logfile created on: 28.7.2011 г. 15:56:38 - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\BG\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000402 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

 

1,87 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 59,85% Memory free

3,75 Gb Paging File | 2,67 Gb Available in Paging File | 71,33% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232,88 Gb Total Space | 54,99 Gb Free Space | 23,61% Space Free | Partition Type: NTFS

 

Computer Name: BG-PC | User Name: BG | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011.07.28 15:52:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\BG\Desktop\OTL.exe

PRC - [2011.06.05 01:31:47 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe

PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010.09.06 12:01:34 | 000,736,040 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

PRC - [2010.08.31 08:24:08 | 003,244,848 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\BitComet.exe

PRC - [2010.08.28 11:18:06 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe

PRC - [2010.05.14 18:10:28 | 000,080,384 | ---- | M] () -- C:\Windows\hffext\hffsrv.exe

PRC - [2010.05.06 13:35:14 | 000,557,056 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\Program Files\SiS VGA Utilities\SiSTray.exe

PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe

PRC - [2010.02.23 12:47:04 | 001,024,368 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

PRC - [2010.01.13 19:21:32 | 000,975,872 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\UIMain.exe

PRC - [2010.01.13 19:14:34 | 000,679,424 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\CMUpdater.exe

PRC - [2010.01.13 19:14:00 | 000,247,296 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe

PRC - [2010.01.13 19:13:20 | 000,133,120 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\UIExec.exe

PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

PRC - [2009.11.24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

PRC - [2009.09.08 13:40:48 | 000,240,256 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe

PRC - [2009.09.03 18:01:18 | 000,282,752 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\System32\FBAgent.exe

PRC - [2009.09.03 10:33:14 | 000,054,400 | ---- | M] () -- C:\Program Files\ASUS\ControlDeck\ControlDeckStartUp.exe

PRC - [2009.09.01 09:10:32 | 000,233,472 | ---- | M] (AlcorMicro Co., Ltd.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe

PRC - [2009.08.19 20:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe

PRC - [2009.08.17 09:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe

PRC - [2009.08.12 14:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe

PRC - [2009.07.30 12:44:10 | 000,497,024 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe

PRC - [2009.07.24 10:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files\ASUS\Wireless Console 3\wcourier.exe

PRC - [2009.07.23 10:30:06 | 000,544,768 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe

PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe

PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe

PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe

PRC - [2009.05.18 15:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe

PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe

PRC - [2008.08.13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe

PRC - [2007.11.30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe

PRC - [2007.11.20 13:50:36 | 001,145,400 | ---- | M] (ASUS) -- C:\Program Files\ASUS\Net4Switch\Net4Switch.exe

PRC - [2007.08.08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

PRC - [2007.08.03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

PRC - [2005.09.03 15:18:30 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2005.07.06 15:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011.07.28 15:52:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\BG\Desktop\OTL.exe

MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

MOD - [2009.07.14 03:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll

MOD - [2009.07.08 09:24:56 | 000,251,392 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDApix.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2010.09.06 12:01:34 | 000,736,040 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)

SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2010.01.13 19:14:00 | 000,247,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service)

SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - [2009.09.03 18:01:18 | 000,282,752 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\System32\FBAgent.exe -- (AFBAgent)

SRV - [2009.08.22 11:01:16 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)

SRV - [2009.08.22 11:01:16 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)

SRV - [2007.08.08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2007.08.03 12:24:54 | 000,125,496 | ---- | M] () [On_Demand | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011.06.21 06:09:00 | 000,200,976 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2011.01.28 13:44:29 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)

DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)

DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\WinUSB.sys -- (WinUsb)

DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010.07.30 19:29:10 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)

DRV - [2010.07.30 19:29:00 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)

DRV - [2010.07.30 19:06:08 | 001,331,512 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)

DRV - [2010.07.19 20:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)

DRV - [2010.07.19 20:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV - [2010.05.06 13:27:56 | 000,466,432 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)

DRV - [2010.03.31 00:00:00 | 000,027,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt -- (EverestDriver)

DRV - [2010.02.28 05:57:10 | 000,029,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\BG\AppData\Local\Temp\naecd.sys -- (naecd)

DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - [2009.10.29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)

DRV - [2009.10.05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009.08.22 11:38:34 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)

DRV - [2009.08.21 08:48:12 | 000,027,136 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)

DRV - [2009.08.01 16:10:10 | 000,058,400 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sisagpx.sys -- (uagp35)

DRV - [2009.07.20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)

DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)

DRV - [2009.06.23 03:47:52 | 000,598,016 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GUCI_AVS.sys -- (GUCI_AVS)

DRV - [2009.05.28 21:28:28 | 000,044,288 | ---- | M] (Silence of Troubles United Company Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FDCENT.SYS -- (FDCENT)

DRV - [2009.05.13 03:06:48 | 000,014,392 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)

DRV - [2008.05.23 17:25:42 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2007.08.03 06:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)

DRV - [2007.07.24 11:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - Reg Error: Key error. File not found

IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-897932348-2505844281-495917134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-897932348-2505844281-495917134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-897932348-2505844281-495917134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-897932348-2505844281-495917134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 14 16 F1 8C 43 CC 01 [binary data]

IE - HKU\S-1-5-21-897932348-2505844281-495917134-1000\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-897932348-2505844281-495917134-1000\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-897932348-2505844281-495917134-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

 

FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.25 16:56:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

 

[2011.07.25 16:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BG\AppData\Roaming\Mozilla\Extensions

[2011.07.25 16:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) --

[2011.07.08 09:27:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.01.01 10:00:00 | 000,001,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\911bg.xml

[2010.01.01 10:00:00 | 000,002,442 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\diribg.xml

[2010.01.01 10:00:00 | 000,001,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pe-bg.xml

[2010.01.01 10:00:00 | 000,001,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml

[2010.01.01 10:00:00 | 000,001,220 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bg.xml

 

O1 HOSTS File: ([2011.07.26 15:21:13 | 000,203,160 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 vkontakte.ru

O1 - Hosts: 127.0.0.1 www.vkontakte.ru

O1 - Hosts: 127.0.0.1 login.vk.com

O1 - Hosts: 127.0.0.1 vk.com

O1 - Hosts: 127.0.0.1 www.vk.com

O1 - Hosts: 127.0.0.1 odnoklassniki.ru

O1 - Hosts: 127.0.0.1 www.odnoklassniki.ru

O1 - Hosts: 127.0.0.1 facebook.com

O1 - Hosts: 127.0.0.1 www.facebook.com

O1 - Hosts: 127.0.0.1 af-za.facebook.com

O1 - Hosts: 127.0.0.1 az-az.facebook.com

O1 - Hosts: 127.0.0.1 id-id.facebook.com

O1 - Hosts: 127.0.0.1 ms-my.facebook.com

O1 - Hosts: 127.0.0.1 bs-ba.facebook.com

O1 - Hosts: 127.0.0.1 ca-es.facebook.com

O1 - Hosts: 127.0.0.1 cs-cz.facebook.com

O1 - Hosts: 127.0.0.1 cy-gb.facebook.com

O1 - Hosts: 127.0.0.1 da-dk.facebook.com

O1 - Hosts: 127.0.0.1 de-de.facebook.com

O1 - Hosts: 127.0.0.1 et-ee.facebook.com

O1 - Hosts: 127.0.0.1 en-gb.facebook.com

O1 - Hosts: 127.0.0.1 es-la.facebook.com

O1 - Hosts: 127.0.0.1 eo-eo.facebook.com

O1 - Hosts: 127.0.0.1 eu-es.facebook.com

O1 - Hosts: 50060 more lines...

O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll (BitComet)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - No CLSID value found.

O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKLM\..\Toolbar: (no name) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-897932348-2505844281-495917134-1000\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)

O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)

O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [hffsrv] c:\Windows\hffext\hffsrv.exe ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [siSTray] C:\Program Files\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [tray_ico] File not found

O4 - HKLM..\Run: [tray_ico0] File not found

O4 - HKLM..\Run: [tray_ico1] File not found

O4 - HKLM..\Run: [tray_ico2] File not found

O4 - HKLM..\Run: [tray_ico3] File not found

O4 - HKLM..\Run: [tray_ico4] File not found

O4 - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [uIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe ()

O4 - HKU\S-1-5-21-897932348-2505844281-495917134-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)

O4 - HKU\S-1-5-21-897932348-2505844281-495917134-1000..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0

O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll (BitComet)

O13 - gopher Prefix: missing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKU\S-1-5-21-897932348-2505844281-495917134-1000..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)

MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: FDCENT.SYS - C:\Windows\System32\drivers\FDCENT.SYS (Silence of Troubles United Company Ltd.)

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: HideFilesAndFolders_S - Reg Error: Value error.

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: FDCENT.SYS - C:\Windows\System32\drivers\FDCENT.SYS (Silence of Troubles United Company Ltd.)

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: HideFilesAndFolders_S - Reg Error: Value error.

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011.07.28 15:50:28 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\BG\Desktop\OTL.exe

[2011.07.27 22:10:52 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\Opera

[2011.07.27 22:10:52 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\Opera

[2011.07.27 22:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Opera

[2011.07.27 00:47:33 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\Malwarebytes

[2011.07.27 00:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.07.26 23:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2011.07.26 15:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2011.07.26 10:37:14 | 000,000,000 | ---D | C] -- C:\Windows\ufa

[2011.07.26 10:37:14 | 000,000,000 | ---D | C] -- C:\Windows\phoenix

[2011.07.25 18:48:55 | 000,000,000 | -H-D | C] -- C:\Windows\update.3

[2011.07.25 17:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec

[2011.07.25 17:58:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan

[2011.07.25 17:58:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS

[2011.07.25 17:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan

[2011.07.25 17:58:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0305010.006

[2011.07.25 17:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2011.07.25 17:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2011.07.25 17:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

[2011.07.25 16:56:25 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\Mozilla

[2011.07.25 16:56:25 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\Mozilla

[2011.07.25 16:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2011.07.22 23:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar

[2011.07.22 23:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\BabylonUpdater

[2011.07.22 23:06:00 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\Babylon

[2011.07.22 23:06:00 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\Babylon

[2011.07.22 23:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2011.07.22 23:03:10 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab FLV Player

[2011.07.22 21:04:55 | 000,000,000 | -H-D | C] -- C:\Windows\update.2

[2011.07.22 20:54:44 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0

[2011.07.22 20:43:07 | 000,000,000 | -H-D | C] -- C:\Windows\update.1

[2011.07.06 11:38:32 | 000,000,000 | ---D | C] -- C:\Users\BG\Desktop\burg,pirografy i dr

[2010.08.28 11:07:32 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

 

========== Files - Modified Within 30 Days ==========

 

[2011.07.28 15:52:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\BG\Desktop\OTL.exe

[2011.07.28 15:47:01 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.07.28 15:47:01 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.07.28 15:46:52 | 000,000,071 | ---- | M] () -- C:\Windows\System32\BootTime.ini

[2011.07.28 15:41:46 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.07.28 15:41:21 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2011.07.28 15:41:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.07.28 15:40:55 | 1509,425,152 | -HS- | M] () -- C:\hiberfil.sys

[2011.07.28 15:37:03 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.07.28 15:31:11 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2011.07.28 14:42:10 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for BG.job

[2011.07.27 22:10:45 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk

[2011.07.27 08:47:45 | 000,002,440 | ---- | M] () -- C:\Windows\System32\AutoRunFilter.ini

[2011.07.27 08:47:44 | 000,001,297 | ---- | M] () -- C:\Windows\System32\ServiceFilter.ini

[2011.07.26 18:24:32 | 000,000,080 | ---- | M] () -- C:\Windows\System32\Defrag.ini

[2011.07.26 15:21:13 | 000,203,160 | -H-- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011.07.26 15:21:13 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hоsts

[2011.07.26 10:37:13 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar

[2011.07.26 10:37:13 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar

[2011.07.26 10:37:13 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe

[2011.07.26 10:37:13 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar

[2011.07.26 01:33:05 | 000,000,200 | ---- | M] () -- C:\Windows\info1

[2011.07.25 17:58:53 | 000,001,297 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk

[2011.07.25 16:56:13 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011.07.25 15:16:11 | 000,000,036 | ---- | M] () -- C:\Users\BG\AppData\Local\housecall.guid.cache

[2011.07.25 15:12:55 | 000,267,799 | ---- | M] () -- C:\Users\BG\AppData\Local\census.cache

[2011.07.25 15:12:26 | 000,122,730 | ---- | M] () -- C:\Users\BG\AppData\Local\ars.cache

[2011.07.25 09:51:46 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.07.25 09:51:46 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.07.22 23:06:01 | 000,002,405 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk

[2011.07.22 20:53:05 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar

[2011.07.22 20:45:44 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok

[2011.07.17 03:24:20 | 004,636,907 | ---- | M] () -- C:\Windows\geoiplist

[2011.07.15 19:24:12 | 139,109,113 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.07.14 03:30:10 | 000,273,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.06.29 07:41:59 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0305010.006\isolate.ini

 

========== Files Created - No Company Name ==========

 

[2011.07.28 09:55:39 | 000,000,627 | ---- | C] () -- C:\NetworkCfg.xml

[2011.07.27 22:10:45 | 000,001,787 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

[2011.07.27 22:10:44 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk

[2011.07.26 10:37:13 | 005,589,370 | ---- | C] () -- C:\Windows\phoenix.rar

[2011.07.26 10:37:13 | 001,075,284 | ---- | C] () -- C:\Windows\rpcminer.rar

[2011.07.26 10:37:13 | 000,182,617 | ---- | C] () -- C:\Windows\ufa.rar

[2011.07.26 10:22:02 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2011.07.25 17:58:56 | 000,000,430 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for BG.job

[2011.07.25 17:58:52 | 000,001,297 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk

[2011.07.25 17:58:46 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0305010.006\isolate.ini

[2011.07.25 16:56:13 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011.07.25 16:56:13 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011.07.25 15:12:55 | 000,267,799 | ---- | C] () -- C:\Users\BG\AppData\Local\census.cache

[2011.07.25 15:12:26 | 000,122,730 | ---- | C] () -- C:\Users\BG\AppData\Local\ars.cache

[2011.07.25 13:32:05 | 000,000,036 | ---- | C] () -- C:\Users\BG\AppData\Local\housecall.guid.cache

[2011.07.22 23:06:01 | 000,002,405 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk

[2011.07.22 20:53:06 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist

[2011.07.22 20:53:05 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar

[2011.07.22 20:53:05 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe

[2011.07.22 20:46:51 | 000,000,200 | ---- | C] () -- C:\Windows\info1

[2011.07.22 20:44:38 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok

[2011.07.22 20:43:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl

[2011.06.09 14:29:42 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2011.06.09 14:26:54 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011.05.07 04:21:12 | 000,011,130 | -HS- | C] () -- C:\ProgramData\3816757659

[2011.05.06 11:39:27 | 000,011,256 | -HS- | C] () -- C:\Users\BG\AppData\Local\w65whr08ms7070y8h7wc

[2011.05.06 11:39:27 | 000,011,256 | -HS- | C] () -- C:\ProgramData\w65whr08ms7070y8h7wc

[2010.12.09 22:43:35 | 000,000,256 | ---- | C] () -- C:\Windows\_delis32.ini

[2010.11.22 15:15:23 | 000,008,192 | ---- | C] () -- C:\Users\BG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.11.17 14:22:58 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll

[2010.11.05 17:28:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\newdll.dll

[2010.08.29 14:28:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.08.28 11:16:13 | 000,219,776 | ---- | C] () -- C:\Windows\System32\GetBootTime.dll

[2010.08.28 11:16:13 | 000,002,440 | ---- | C] () -- C:\Windows\System32\AutoRunFilter.ini

[2010.08.28 11:16:13 | 000,001,297 | ---- | C] () -- C:\Windows\System32\ServiceFilter.ini

[2010.08.28 11:16:13 | 000,000,105 | ---- | C] () -- C:\Windows\System32\FastBoot.ini

[2010.08.28 11:16:13 | 000,000,080 | ---- | C] () -- C:\Windows\System32\Defrag.ini

[2010.08.28 11:16:13 | 000,000,071 | ---- | C] () -- C:\Windows\System32\BootTime.ini

[2010.08.28 11:16:13 | 000,000,052 | ---- | C] () -- C:\Windows\System32\RemoveFont.ini

[2010.08.28 11:16:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\LogonStart.dll

[2010.08.28 11:12:28 | 000,000,641 | ---- | C] () -- C:\Windows\Remover.ini

[2010.08.28 11:12:27 | 000,002,107 | ---- | C] () -- C:\Windows\System32\GUCI_AVS.ini

[2010.08.28 11:11:00 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat

[2010.08.28 11:10:03 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 06:33:53 | 000,273,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

 

========== LOP Check ==========

 

[2011.07.22 23:06:00 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Babylon

[2011.07.28 15:59:46 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\BitComet

[2011.02.23 15:01:23 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Boomzap

[2011.07.08 13:39:28 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\BSplayer

[2010.11.04 23:45:01 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\BSplayer Pro

[2010.09.26 22:22:59 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010.10.07 14:00:07 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Crystal Player

[2011.02.11 22:43:40 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\DivoGames

[2010.12.09 00:42:31 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\GetRightToGo

[2011.07.28 10:08:44 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\go

[2011.06.22 13:15:32 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\ImgBurn

[2011.07.27 22:10:52 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Opera

[2011.02.02 12:43:05 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\PlayFirst

[2010.08.31 13:49:45 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\SmartClose

[2011.03.18 18:28:33 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2010.11.20 14:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr

[2010.08.28 19:39:24 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2010.08.29 10:46:54 | 000,000,136 | ---- | M] () -- C:\GPEapSim.log

[2009.08.02 10:59:51 | 000,171,136 | RHS- | M] () -- C:\grldr

[2011.07.28 15:40:55 | 1509,425,152 | -HS- | M] () -- C:\hiberfil.sys

[2010.08.30 21:44:53 | 000,000,627 | ---- | M] () -- C:\NetworkCfg.xml

[2011.07.28 15:40:57 | 2012,569,600 | -HS- | M] () -- C:\pagefile.sys

[2010.08.28 11:11:22 | 000,002,924 | ---- | M] () -- C:\RHDSetup.log

[2010.08.28 11:19:31 | 000,000,166 | ---- | M] () -- C:\setup.log

 

< %USERPROFILE%\*.* >

[2011.07.28 16:02:51 | 004,194,304 | -HS- | M] () -- C:\Users\BG\NTUSER.DAT

[2011.07.28 16:02:51 | 000,262,144 | -HS- | M] () -- C:\Users\BG\ntuser.dat.LOG1

[2011.07.22 22:06:44 | 000,262,144 | -HS- | M] () -- C:\Users\BG\ntuser.dat.LOG2

[2010.08.28 09:49:52 | 000,065,536 | -HS- | M] () -- C:\Users\BG\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf

[2010.08.28 09:49:52 | 000,524,288 | -HS- | M] () -- C:\Users\BG\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms

[2010.08.28 09:49:52 | 000,524,288 | -HS- | M] () -- C:\Users\BG\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms

[2010.08.28 09:49:47 | 000,000,020 | -HS- | M] () -- C:\Users\BG\ntuser.ini

 

< %USERPROFILE%\AppData\Local\*.* >

[2011.07.25 15:12:26 | 000,122,730 | ---- | M] () -- C:\Users\BG\AppData\Local\ars.cache

[2011.07.25 15:12:55 | 000,267,799 | ---- | M] () -- C:\Users\BG\AppData\Local\census.cache

[2011.03.11 12:51:57 | 000,008,192 | ---- | M] () -- C:\Users\BG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.11.05 17:31:56 | 000,058,664 | ---- | M] () -- C:\Users\BG\AppData\Local\GDIPFONTCACHEV1.DAT

[2011.07.25 15:16:11 | 000,000,036 | ---- | M] () -- C:\Users\BG\AppData\Local\housecall.guid.cache

[2011.07.28 15:39:54 | 001,221,555 | -H-- | M] () -- C:\Users\BG\AppData\Local\IconCache.db

[2011.05.07 21:12:46 | 000,011,256 | -HS- | M] () -- C:\Users\BG\AppData\Local\w65whr08ms7070y8h7wc

 

< %USERPROFILE%\AppData\Roaming\*.* >

 

< %ProgramData%\*.* >

[2011.05.07 04:21:12 | 000,011,130 | -HS- | M] () -- C:\ProgramData\3816757659

[2010.08.29 14:28:47 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat

[2011.05.07 21:12:46 | 000,011,256 | -HS- | M] () -- C:\ProgramData\w65whr08ms7070y8h7wc

 

< %CommonProgramFiles%\*.* >

 

< %PROGRAMFILES%\*.* >

[2009.07.14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /90 >

[2011.06.21 06:09:00 | 000,200,976 | ---- | M] (Trend Micro Inc.) -- C:\Windows\system32\drivers\tmcomm.sys

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

[2011.01.28 13:44:29 | 000,436,792 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2009.07.14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll

[2010.11.20 14:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\winprint.dll

 

 

< MD5 for: EXPLORER.EXE >

[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe

[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe

[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe

[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

 

< MD5 for: USERINIT.EXE >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 

< MD5 for: VOLSNAP.SYS >

[2009.07.14 03:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys

[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys

[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys

[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

 

< MD5 for: WININIT.EXE >

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 

< MD5 for: WINLOGON.EXE >

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2AE74FF9

 

< End of report >

 

 

 

ето и другият:

OTL Extras logfile created on: 28.7.2011 г. 15:56:38 - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\BG\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000402 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

 

1,87 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 59,85% Memory free

3,75 Gb Paging File | 2,67 Gb Available in Paging File | 71,33% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232,88 Gb Total Space | 54,99 Gb Free Space | 23,61% Space Free | Partition Type: NTFS

 

Computer Name: BG-PC | User Name: BG | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

 

[HKEY_USERS\S-1-5-21-897932348-2505844281-495917134-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AutoUpdateDisableNotify" = 1

"FirewallOverride" = 1

"DisableThumbnailCache" = 1

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

========== Authorized Applications List ==========

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades

"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery

"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology

"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3

"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13

"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium

"{4B90FFC0-0F2C-4C9D-8DAB-A864E830C708}" = Jack of all Tribes

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)

"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck

"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe

"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security

"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10

"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic

"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash

"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10

"{95120000-003F-0402-0000-0000000FF1CE}" = Microsoft Office Excel Viewer

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid

"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)

"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security

"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager

"{AC76BA86-7AD7-1033-7B44-A90100000001}" = Adobe Reader 9.0.1

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media

"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service

"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update

"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera

"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader

"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"ASUS_Screensaver" = ASUS_Screensaver

"ASUSUSBDEVIC" = ASUS USB2.0 UVC VGA WebCam

"BabylonToolbar" = Babylon toolbar on IE

"Brothersoft Toolbar" = Brothersoft Toolbar

"BS_Player Toolbar" = BS_Player Toolbar

"BSPlayerf" = BS.Player FREE

"conduitEngine" = Conduit Engine

"Crystal Player" = Crystal Player Professional 1.98

"Dream Chronicles - The Book of Air 1.00" = Dream Chronicles - The Book of Air 1.00

"Elantech" = ETDWare PS/2-x86 7.0.5.7_WHQL

"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50

"FlexType 2K" = FlexType 2K

"GameSpy Arcade" = GameSpy Arcade

"Google Chrome" = Google Chrome

"Hide Files and Folders_is1" = Hide Files and Folders v3.5

"ImgBurn" = ImgBurn

"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 5.0.1 (x86 bg)" = Mozilla Firefox 5.0.1 (x86 bg)

"NSS" = Norton Security Scan

"Opera 11.50.1074" = Opera 11.50

"SiS VGA Utilities" = SiS VGA Utilities

"SmartClose.{7F22CBCB-92B5-4F5D-9A34-BB690215BEF2}_is1" = SmartClose 1.3

"SpellForce" = SpellForce

"Winamp" = Winamp

"Winamp Toolbar" = Winamp Toolbar

"WinRAR archiver" = WinRAR archiver

"Магическа Енциклопедия - Том I 1.01" = Магическа Енциклопедия - Том I 1.01

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-897932348-2505844281-495917134-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Game Organizer" = EasyBits GO

"Winamp Detect" = Winamp Detector Plug-in

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 26.7.2011 г. 10:00:58 | Computer Name = BG-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

Error - 26.7.2011 г. 10:00:59 | Computer Name = BG-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

Error - 26.7.2011 г. 10:00:59 | Computer Name = BG-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

Error - 26.7.2011 г. 10:00:59 | Computer Name = BG-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

Error - 26.7.2011 г. 10:13:46 | Computer Name = BG-PC | Source = .NET Runtime | ID = 0

Description =

 

Error - 26.7.2011 г. 12:14:47 | Computer Name = BG-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

Error - 26.7.2011 г. 12:14:48 | Computer Name = BG-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

Error - 26.7.2011 г. 12:14:54 | Computer Name = BG-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

Error - 27.7.2011 г. 08:49:28 | Computer Name = BG-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"

of attribute "version" in element "assemblyIdentity" is invalid.

 

Error - 28.7.2011 г. 08:04:33 | Computer Name = BG-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"

of attribute "version" in element "assemblyIdentity" is invalid.

 

[ Media Center Events ]

Error - 23.7.2011 г. 10:25:59 | Computer Name = BG-PC | Source = MCUpdate | ID = 0

Description = 4:25:50 PM - Error connecting to the internet. 4:25:50 PM - Unable

to contact server..

 

Error - 25.7.2011 г. 03:49:19 | Computer Name = BG-PC | Source = MCUpdate | ID = 0

Description = 9:49:10 AM - Error connecting to the internet. 9:49:10 AM - Unable

to contact server..

 

Error - 25.7.2011 г. 09:30:18 | Computer Name = BG-PC | Source = MCUpdate | ID = 0

Description = 3:30:18 PM - Error connecting to the internet. 3:30:18 PM - Unable

to contact server..

 

Error - 25.7.2011 г. 09:30:30 | Computer Name = BG-PC | Source = MCUpdate | ID = 0

Description = 3:30:23 PM - Error connecting to the internet. 3:30:23 PM - Unable

to contact server..

 

Error - 25.7.2011 г. 10:38:29 | Computer Name = BG-PC | Source = MCUpdate | ID = 0

Description = 4:36:24 PM - Error connecting to the internet. 4:36:24 PM - Unable

to contact server..

 

Error - 25.7.2011 г. 10:42:15 | Computer Name = BG-PC | Source = MCUpdate | ID = 0

Description = 4:40:17 PM - Error connecting to the internet. 4:40:27 PM - Unable

to contact server..

 

Error - 25.7.2011 г. 21:23:04 | Computer Name = BG-PC | Source = MCUpdate | ID = 0

Description = 3:22:42 AM - Error connecting to the internet. 3:22:42 AM - Unable

to contact server..

 

Error - 26.7.2011 г. 08:40:17 | Computer Name = BG-PC | Source = MCUpdate | ID = 0

Description = 2:40:17 PM - Error connecting to the internet. 2:40:17 PM - Unable

to contact server..

 

Error - 26.7.2011 г. 08:40:54 | Computer Name = BG-PC | Source = MCUpdate | ID = 0

Description = 2:40:46 PM - Error connecting to the internet. 2:40:46 PM - Unable

to contact server..

 

Error - 26.7.2011 г. 09:42:48 | Computer Name = BG-PC | Source = MCUpdate | ID = 0

Description = 3:42:48 PM - Failed to retrieve Directory (Error: The underlying connection

was closed: An unexpected error occurred on a receive.)

 

[ System Events ]

Error - 15.2.2011 г. 07:09:36 | Computer Name = BG-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 15.2.2011 г. 07:09:44 | Computer Name = BG-PC | Source = cdrom | ID = 262155

Description = The driver detected a controller error on \Device\CdRom0.

 

Error - 15.2.2011 г. 07:09:51 | Computer Name = BG-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 15.2.2011 г. 07:09:58 | Computer Name = BG-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 15.2.2011 г. 07:10:06 | Computer Name = BG-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 15.2.2011 г. 07:10:15 | Computer Name = BG-PC | Source = cdrom | ID = 262155

Description = The driver detected a controller error on \Device\CdRom0.

 

Error - 15.2.2011 г. 07:10:22 | Computer Name = BG-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 15.2.2011 г. 07:10:31 | Computer Name = BG-PC | Source = cdrom | ID = 262155

Description = The driver detected a controller error on \Device\CdRom0.

 

Error - 15.2.2011 г. 07:10:39 | Computer Name = BG-PC | Source = cdrom | ID = 262155

Description = The driver detected a controller error on \Device\CdRom0.

 

Error - 15.2.2011 г. 07:10:47 | Computer Name = BG-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

 

< End of report >

[Night_Raven]

Стартирай отново OTL. В празното поле "Custom Scans/Fixes" (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V):

 

:Processes
killallprocesses
:OTL
DRV - [2010.02.28 05:57:10 | 000,029,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\BG\AppData\Local\Temp\naecd.sys -- (naecd)
IE - HKLM\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-897932348-2505844281-495917134-1000\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - No CLSID value found.
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico0] File not found
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2011.07.26 10:37:14 | 000,000,000 | ---D | C] -- C:\Windows\ufa
[2011.07.26 10:37:14 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
[2011.07.25 18:48:55 | 000,000,000 | -H-D | C] -- C:\Windows\update.3
[2011.07.22 21:04:55 | 000,000,000 | -H-D | C] -- C:\Windows\update.2
[2011.07.22 20:54:44 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0
[2011.07.22 20:43:07 | 000,000,000 | -H-D | C] -- C:\Windows\update.1
[2011.07.26 10:37:13 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar
[2011.07.26 10:37:13 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar
[2011.07.26 10:37:13 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
[2011.07.26 10:37:13 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar
[2011.07.26 01:33:05 | 000,000,200 | ---- | M] () -- C:\Windows\info1
[2011.07.22 20:53:05 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
[2011.07.22 20:45:44 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok
[2011.07.17 03:24:20 | 004,636,907 | ---- | M] () -- C:\Windows\geoiplist
[2011.05.07 04:21:12 | 000,011,130 | -HS- | C] () -- C:\ProgramData\3816757659
[2011.05.06 11:39:27 | 000,011,256 | -HS- | C] () -- C:\Users\BG\AppData\Local\w65whr08ms7070y8h7wc
[2011.05.06 11:39:27 | 000,011,256 | -HS- | C] () -- C:\ProgramData\w65whr08ms7070y8h7wc
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2AE74FF9
:Commands
[emptytemp]
[resethosts]
[reboot]

Копирай текста точно както е в полето. Внимавай да не изтървеш началното двуеточие и всяка команда да е на отделен ред, както е в полето.

 

Кликни бутон Run Fix. Потвърди с OK на съобщението, че е нужен рестарт на системата.

 

След рестарта ще се появи текстов дневник/лог. Същият файл се намира в C:\_OTL\MovedFiles. Моля, прикачи го към следващия си коментар.

 

След това стартирай отново OTL, създай пресни дневници (както бях описал по-рано) и ги прикачи отново. Можеш да архивираш всичките файлове в един архив, а можеш и да ги прикачиш поотделно.

 

Докладвай и дали има подобрение - дали Facebook се отваря. Ако се отваря, моля, не бързай да се оттегляш от темата, защото е нужно да сме сигурни, че всичко е наред.

 

P.S.: OTL ти се стартира на немски, защото си с немски регионални настройки.

[axl_rose]

Ти си невероятен :-)фейсбука ми работи...но тази програма която преди това ми каза да използвам вече не мога...Свалих я отново и я стартирах...но ми показва това:

 

All processes killed

========== PROCESSES ==========

========== OTL ==========

Service naecd stopped successfully!

Service naecd deleted successfully!

C:\Users\BG\AppData\Local\Temp\naecd.sys moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e8de9422-3b2c-4243-bf6f-235da84d8ef8} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ not found.

Registry value HKEY_USERS\S-1-5-21-897932348-2505844281-495917134-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e8de9422-3b2c-4243-bf6f-235da84d8ef8} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e8de9422-3b2c-4243-bf6f-235da84d8ef8} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico0 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths deleted successfully.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\Windows\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

C:\Windows\ufa folder moved successfully.

C:\Windows\phoenix\kernels\poclbm folder moved successfully.

C:\Windows\phoenix\kernels\phatk folder moved successfully.

C:\Windows\phoenix\kernels folder moved successfully.

C:\Windows\phoenix folder moved successfully.

C:\Windows\update.3 folder moved successfully.

C:\Windows\update.2 folder moved successfully.

C:\Windows\update.5.0 folder moved successfully.

C:\Windows\update.1 folder moved successfully.

C:\Windows\phoenix.rar moved successfully.

C:\Windows\rpcminer.rar moved successfully.

C:\Windows\unrar.exe moved successfully.

C:\Windows\ufa.rar moved successfully.

C:\Windows\info1 moved successfully.

C:\Windows\geoiplist.rar moved successfully.

C:\Windows\loader2.exe_ok moved successfully.

C:\Windows\geoiplist moved successfully.

C:\ProgramData\3816757659 moved successfully.

C:\Users\BG\AppData\Local\w65whr08ms7070y8h7wc moved successfully.

C:\ProgramData\w65whr08ms7070y8h7wc moved successfully.

ADS C:\ProgramData\TEMP:2AE74FF9 deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: BG

->Temp folder emptied: 2646932508 bytes

->Temporary Internet Files folder emptied: 262827308 bytes

->FireFox cache emptied: 44788708 bytes

->Google Chrome cache emptied: 366572828 bytes

->Opera cache emptied: 469090 bytes

->Flash cache emptied: 187734 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 44563904 bytes

RecycleBin emptied: 460304 bytes

 

Total Files Cleaned = 3 211,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.26.1 log created on 07282011_173009

 

Files\Folders moved on Reboot...

File\Folder C:\Users\BG\AppData\Local\Temp\~DF12F1998D31A2BCD1.TMP not found!

File\Folder C:\Users\BG\AppData\Local\Temp\~DF1A545ABC0C35B0B4.TMP not found!

File\Folder C:\Users\BG\AppData\Local\Temp\~DF228BDA6BD5E637DA.TMP not found!

File\Folder C:\Users\BG\AppData\Local\Temp\~DF33A00B6D02AA2C31.TMP not found!

File\Folder C:\Users\BG\AppData\Local\Temp\~DF3BF421F1BF661424.TMP not found!

File\Folder C:\Users\BG\AppData\Local\Temp\~DF44DF32FF39AF4977.TMP not found!

File\Folder C:\Users\BG\AppData\Local\Temp\~DF58DA293EF6A43B26.TMP not found!

File\Folder C:\Users\BG\AppData\Local\Temp\~DF740574711EC6437B.TMP not found!

File\Folder C:\Users\BG\AppData\Local\Temp\~DF7E2235E4CC9F65E5.TMP not found!

File\Folder C:\Users\BG\AppData\Local\Temp\~DF8FDA9460CB954885.TMP not found!

File\Folder C:\Users\BG\AppData\Local\Temp\~DF90A9840575256C8C.TMP not found!

File\Folder C:\Users\BG\AppData\Local\Temp\~DFA240A745D62007B9.TMP not found!

File\Folder C:\Users\BG\AppData\Local\Temp\~DFA85B31FB59F703CB.TMP not found!

File\Folder C:\Users\BG\AppData\Local\Temp\~DFB09FD5E056BFDA2A.TMP not found!

File\Folder C:\Users\BG\AppData\Local\Temp\~DFCD4B8866D56718EF.TMP not found!

File\Folder C:\Users\BG\AppData\Local\Temp\~DFE0B055A26A53CA4D.TMP not found!

File\Folder C:\Users\BG\AppData\Local\Temp\~DFE2AAED205735907E.TMP not found!

File\Folder C:\Users\BG\AppData\Local\Temp\~DFE6AFBCF04DB4B7D5.TMP not found!

File move failed. C:\Users\BG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat scheduled to be moved on reboot.

C:\Users\BG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCOP4HS2\home[1].htm moved successfully.

C:\Users\BG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWA2WMJ1\ads[1].htm moved successfully.

C:\Users\BG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWA2WMJ1\search[1].htm moved successfully.

C:\Users\BG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8NZ48CL\page__p__121300__hl__фейсбук__fromsearch__1[1].htm moved successfully.

C:\Users\BG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FWFTNHF1\afr[3].htm moved successfully.

C:\Users\BG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FWFTNHF1\banner_home[1].htm moved successfully.

C:\Users\BG\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

 

Registry entries deleted on Reboot...

 

 

 

Какво да правя?

[Night_Raven]

Не разбрах защо не стартира вече OTL.

[axl_rose]

Не знам защо но не ми тръгваше няколко пъти...сега пак пробвах и тръгна...

ето само това излезе:

 

 

OTL logfile created on: 28.7.2011 г. 19:08:57 - Run 2

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\BG\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000402 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

 

1,87 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 54,14% Memory free

3,75 Gb Paging File | 2,52 Gb Available in Paging File | 67,20% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232,88 Gb Total Space | 58,10 Gb Free Space | 24,95% Space Free | Partition Type: NTFS

 

Computer Name: BG-PC | User Name: BG | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011.07.28 18:07:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\BG\Desktop\OTL.exe

PRC - [2011.06.25 08:14:35 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe

PRC - [2011.06.05 01:31:47 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe

PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010.09.06 12:01:34 | 000,736,040 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

PRC - [2010.08.31 08:24:08 | 003,244,848 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\BitComet.exe

PRC - [2010.08.28 11:18:06 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe

PRC - [2010.05.14 18:10:28 | 000,080,384 | ---- | M] () -- C:\Windows\hffext\hffsrv.exe

PRC - [2010.05.06 13:35:14 | 000,557,056 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\Program Files\SiS VGA Utilities\SiSTray.exe

PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe

PRC - [2010.02.23 12:47:04 | 001,024,368 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

PRC - [2010.01.13 19:21:32 | 000,975,872 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\UIMain.exe

PRC - [2010.01.13 19:14:34 | 000,679,424 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\CMUpdater.exe

PRC - [2010.01.13 19:14:00 | 000,247,296 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe

PRC - [2010.01.13 19:13:20 | 000,133,120 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\UIExec.exe

PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

PRC - [2009.11.24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

PRC - [2009.09.08 13:40:48 | 000,240,256 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe

PRC - [2009.09.03 18:01:18 | 000,282,752 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\System32\FBAgent.exe

PRC - [2009.09.03 10:33:14 | 000,054,400 | ---- | M] () -- C:\Program Files\ASUS\ControlDeck\ControlDeckStartUp.exe

PRC - [2009.09.01 09:10:32 | 000,233,472 | ---- | M] (AlcorMicro Co., Ltd.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe

PRC - [2009.08.19 20:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe

PRC - [2009.08.17 09:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe

PRC - [2009.08.12 14:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe

PRC - [2009.07.30 12:44:10 | 000,497,024 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe

PRC - [2009.07.24 10:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files\ASUS\Wireless Console 3\wcourier.exe

PRC - [2009.07.23 10:30:06 | 000,544,768 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe

PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe

PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe

PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe

PRC - [2009.05.18 15:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe

PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe

PRC - [2008.08.13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe

PRC - [2007.11.30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe

PRC - [2007.11.20 13:50:36 | 001,145,400 | ---- | M] (ASUS) -- C:\Program Files\ASUS\Net4Switch\Net4Switch.exe

PRC - [2007.08.08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

PRC - [2007.08.03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

PRC - [2005.09.03 15:18:30 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2005.07.06 15:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011.07.28 18:07:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\BG\Desktop\OTL.exe

MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

MOD - [2009.07.08 09:24:56 | 000,251,392 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDApix.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2010.09.06 12:01:34 | 000,736,040 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)

SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2010.01.13 19:14:00 | 000,247,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service)

SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - [2009.09.03 18:01:18 | 000,282,752 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\System32\FBAgent.exe -- (AFBAgent)

SRV - [2009.08.22 11:01:16 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)

SRV - [2009.08.22 11:01:16 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)

SRV - [2007.08.08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2007.08.03 12:24:54 | 000,125,496 | ---- | M] () [On_Demand | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011.06.21 06:09:00 | 000,200,976 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2011.01.28 13:44:29 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)

DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)

DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\WinUSB.sys -- (WinUsb)

DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010.07.30 19:29:10 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)

DRV - [2010.07.30 19:29:00 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)

DRV - [2010.07.30 19:06:08 | 001,331,512 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)

DRV - [2010.07.19 20:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)

DRV - [2010.07.19 20:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV - [2010.05.06 13:27:56 | 000,466,432 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)

DRV - [2010.03.31 00:00:00 | 000,027,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt -- (EverestDriver)

DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - [2009.10.29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)

DRV - [2009.10.05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009.08.22 11:38:34 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)

DRV - [2009.08.21 08:48:12 | 000,027,136 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)

DRV - [2009.08.01 16:10:10 | 000,058,400 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sisagpx.sys -- (uagp35)

DRV - [2009.07.20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)

DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)

DRV - [2009.06.23 03:47:52 | 000,598,016 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GUCI_AVS.sys -- (GUCI_AVS)

DRV - [2009.05.28 21:28:28 | 000,044,288 | ---- | M] (Silence of Troubles United Company Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FDCENT.SYS -- (FDCENT)

DRV - [2009.05.13 03:06:48 | 000,014,392 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)

DRV - [2008.05.23 17:25:42 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2007.08.03 06:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)

DRV - [2007.07.24 11:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-897932348-2505844281-495917134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-897932348-2505844281-495917134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-897932348-2505844281-495917134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-897932348-2505844281-495917134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 14 16 F1 8C 43 CC 01 [binary data]

IE - HKU\S-1-5-21-897932348-2505844281-495917134-1000\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-897932348-2505844281-495917134-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

 

FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.25 16:56:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

 

[2011.07.25 16:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BG\AppData\Roaming\Mozilla\Extensions

[2011.07.25 16:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) --

[2011.07.08 09:27:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.01.01 10:00:00 | 000,001,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\911bg.xml

[2010.01.01 10:00:00 | 000,002,442 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\diribg.xml

[2010.01.01 10:00:00 | 000,001,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pe-bg.xml

[2010.01.01 10:00:00 | 000,001,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml

[2010.01.01 10:00:00 | 000,001,220 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bg.xml

 

O1 HOSTS File: ([2011.07.28 17:35:52 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll (BitComet)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-897932348-2505844281-495917134-1000\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)

O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)

O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [hffsrv] c:\Windows\hffext\hffsrv.exe ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [siSTray] C:\Program Files\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [uIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe ()

O4 - HKU\S-1-5-21-897932348-2505844281-495917134-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)

O4 - HKU\S-1-5-21-897932348-2505844281-495917134-1000..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll (BitComet)

O13 - gopher Prefix: missing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKU\S-1-5-21-897932348-2505844281-495917134-1000..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)

MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: FDCENT.SYS - C:\Windows\System32\drivers\FDCENT.SYS (Silence of Troubles United Company Ltd.)

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: HideFilesAndFolders_S - Reg Error: Value error.

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: FDCENT.SYS - C:\Windows\System32\drivers\FDCENT.SYS (Silence of Troubles United Company Ltd.)

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: HideFilesAndFolders_S - Reg Error: Value error.

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011.07.28 18:05:38 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\BG\Desktop\OTL.exe

[2011.07.28 18:02:57 | 000,000,000 | ---D | C] -- C:\Users\BG\Desktop\star doklad

[2011.07.28 17:30:09 | 000,000,000 | ---D | C] -- C:\_OTL

[2011.07.27 22:10:52 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\Opera

[2011.07.27 22:10:52 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\Opera

[2011.07.27 22:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Opera

[2011.07.27 00:47:33 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\Malwarebytes

[2011.07.27 00:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.07.26 23:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2011.07.26 15:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2011.07.25 17:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec

[2011.07.25 17:58:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan

[2011.07.25 17:58:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS

[2011.07.25 17:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan

[2011.07.25 17:58:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0305010.006

[2011.07.25 17:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2011.07.25 17:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2011.07.25 17:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

[2011.07.25 16:56:25 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\Mozilla

[2011.07.25 16:56:25 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\Mozilla

[2011.07.25 16:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2011.07.22 23:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar

[2011.07.22 23:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\BabylonUpdater

[2011.07.22 23:06:00 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\Babylon

[2011.07.22 23:06:00 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\Babylon

[2011.07.22 23:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2011.07.22 23:03:10 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab FLV Player

[2011.07.06 11:38:32 | 000,000,000 | ---D | C] -- C:\Users\BG\Desktop\burg,pirografy i dr

[2010.08.28 11:07:32 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

 

========== Files - Modified Within 30 Days ==========

 

[2011.07.28 18:37:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.07.28 18:07:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\BG\Desktop\OTL.exe

[2011.07.28 17:51:16 | 000,000,078 | ---- | M] () -- C:\Windows\System32\BootTime.ini

[2011.07.28 17:42:50 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.07.28 17:42:50 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.07.28 17:37:28 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.07.28 17:37:06 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2011.07.28 17:36:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.07.28 17:36:50 | 1509,425,152 | -HS- | M] () -- C:\hiberfil.sys

[2011.07.28 17:35:52 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2011.07.28 15:31:11 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2011.07.28 14:42:10 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for BG.job

[2011.07.27 22:10:45 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk

[2011.07.27 08:47:45 | 000,002,440 | ---- | M] () -- C:\Windows\System32\AutoRunFilter.ini

[2011.07.27 08:47:44 | 000,001,297 | ---- | M] () -- C:\Windows\System32\ServiceFilter.ini

[2011.07.26 18:24:32 | 000,000,080 | ---- | M] () -- C:\Windows\System32\Defrag.ini

[2011.07.26 15:21:13 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hоsts

[2011.07.25 17:58:53 | 000,001,297 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk

[2011.07.25 16:56:13 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011.07.25 15:16:11 | 000,000,036 | ---- | M] () -- C:\Users\BG\AppData\Local\housecall.guid.cache

[2011.07.25 15:12:55 | 000,267,799 | ---- | M] () -- C:\Users\BG\AppData\Local\census.cache

[2011.07.25 15:12:26 | 000,122,730 | ---- | M] () -- C:\Users\BG\AppData\Local\ars.cache

[2011.07.25 09:51:46 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.07.25 09:51:46 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.07.22 23:06:01 | 000,002,405 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk

[2011.07.15 19:24:12 | 139,109,113 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.07.14 03:30:10 | 000,273,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.06.29 07:41:59 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0305010.006\isolate.ini

 

========== Files Created - No Company Name ==========

 

[2011.07.28 09:55:39 | 000,000,627 | ---- | C] () -- C:\NetworkCfg.xml

[2011.07.27 22:10:45 | 000,001,787 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

[2011.07.27 22:10:44 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk

[2011.07.26 10:22:02 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2011.07.25 17:58:56 | 000,000,430 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for BG.job

[2011.07.25 17:58:52 | 000,001,297 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk

[2011.07.25 17:58:46 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0305010.006\isolate.ini

[2011.07.25 16:56:13 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011.07.25 16:56:13 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011.07.25 15:12:55 | 000,267,799 | ---- | C] () -- C:\Users\BG\AppData\Local\census.cache

[2011.07.25 15:12:26 | 000,122,730 | ---- | C] () -- C:\Users\BG\AppData\Local\ars.cache

[2011.07.25 13:32:05 | 000,000,036 | ---- | C] () -- C:\Users\BG\AppData\Local\housecall.guid.cache

[2011.07.22 23:06:01 | 000,002,405 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk

[2011.07.22 20:43:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl

[2011.06.09 14:29:42 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2011.06.09 14:26:54 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2010.12.09 22:43:35 | 000,000,256 | ---- | C] () -- C:\Windows\_delis32.ini

[2010.11.22 15:15:23 | 000,008,192 | ---- | C] () -- C:\Users\BG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.11.17 14:22:58 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll

[2010.11.05 17:28:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\newdll.dll

[2010.08.29 14:28:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.08.28 11:16:13 | 000,219,776 | ---- | C] () -- C:\Windows\System32\GetBootTime.dll

[2010.08.28 11:16:13 | 000,002,440 | ---- | C] () -- C:\Windows\System32\AutoRunFilter.ini

[2010.08.28 11:16:13 | 000,001,297 | ---- | C] () -- C:\Windows\System32\ServiceFilter.ini

[2010.08.28 11:16:13 | 000,000,105 | ---- | C] () -- C:\Windows\System32\FastBoot.ini

[2010.08.28 11:16:13 | 000,000,080 | ---- | C] () -- C:\Windows\System32\Defrag.ini

[2010.08.28 11:16:13 | 000,000,078 | ---- | C] () -- C:\Windows\System32\BootTime.ini

[2010.08.28 11:16:13 | 000,000,052 | ---- | C] () -- C:\Windows\System32\RemoveFont.ini

[2010.08.28 11:16:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\LogonStart.dll

[2010.08.28 11:12:28 | 000,000,641 | ---- | C] () -- C:\Windows\Remover.ini

[2010.08.28 11:12:27 | 000,002,107 | ---- | C] () -- C:\Windows\System32\GUCI_AVS.ini

[2010.08.28 11:11:00 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat

[2010.08.28 11:10:03 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 06:33:53 | 000,273,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

 

========== LOP Check ==========

 

[2011.07.22 23:06:00 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Babylon

[2011.07.28 19:12:30 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\BitComet

[2011.02.23 15:01:23 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Boomzap

[2011.07.08 13:39:28 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\BSplayer

[2010.11.04 23:45:01 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\BSplayer Pro

[2010.09.26 22:22:59 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010.10.07 14:00:07 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Crystal Player

[2011.02.11 22:43:40 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\DivoGames

[2010.12.09 00:42:31 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\GetRightToGo

[2011.07.28 10:08:44 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\go

[2011.06.22 13:15:32 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\ImgBurn

[2011.07.27 22:10:52 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Opera

[2011.02.02 12:43:05 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\PlayFirst

[2010.08.31 13:49:45 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\SmartClose

[2011.03.18 18:28:33 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2010.11.20 14:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr

[2010.08.28 19:39:24 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2010.08.29 10:46:54 | 000,000,136 | ---- | M] () -- C:\GPEapSim.log

[2009.08.02 10:59:51 | 000,171,136 | RHS- | M] () -- C:\grldr

[2011.07.28 17:36:50 | 1509,425,152 | -HS- | M] () -- C:\hiberfil.sys

[2010.08.30 21:44:53 | 000,000,627 | ---- | M] () -- C:\NetworkCfg.xml

[2011.07.28 17:36:52 | 2012,569,600 | -HS- | M] () -- C:\pagefile.sys

[2010.08.28 11:11:22 | 000,002,924 | ---- | M] () -- C:\RHDSetup.log

[2010.08.28 11:19:31 | 000,000,166 | ---- | M] () -- C:\setup.log

 

< %USERPROFILE%\*.* >

[2011.07.28 19:14:39 | 004,194,304 | -HS- | M] () -- C:\Users\BG\NTUSER.DAT

[2011.07.28 19:14:39 | 000,262,144 | -HS- | M] () -- C:\Users\BG\ntuser.dat.LOG1

[2011.07.22 22:06:44 | 000,262,144 | -HS- | M] () -- C:\Users\BG\ntuser.dat.LOG2

[2010.08.28 09:49:52 | 000,065,536 | -HS- | M] () -- C:\Users\BG\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf

[2010.08.28 09:49:52 | 000,524,288 | -HS- | M] () -- C:\Users\BG\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms

[2010.08.28 09:49:52 | 000,524,288 | -HS- | M] () -- C:\Users\BG\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms

[2010.08.28 09:49:47 | 000,000,020 | -HS- | M] () -- C:\Users\BG\ntuser.ini

 

< %USERPROFILE%\AppData\Local\*.* >

[2011.07.25 15:12:26 | 000,122,730 | ---- | M] () -- C:\Users\BG\AppData\Local\ars.cache

[2011.07.25 15:12:55 | 000,267,799 | ---- | M] () -- C:\Users\BG\AppData\Local\census.cache

[2011.03.11 12:51:57 | 000,008,192 | ---- | M] () -- C:\Users\BG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.11.05 17:31:56 | 000,058,664 | ---- | M] () -- C:\Users\BG\AppData\Local\GDIPFONTCACHEV1.DAT

[2011.07.25 15:16:11 | 000,000,036 | ---- | M] () -- C:\Users\BG\AppData\Local\housecall.guid.cache

[2011.07.28 15:39:54 | 001,221,555 | -H-- | M] () -- C:\Users\BG\AppData\Local\IconCache.db

 

< %USERPROFILE%\AppData\Roaming\*.* >

 

< %ProgramData%\*.* >

[2010.08.29 14:28:47 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat

 

< %CommonProgramFiles%\*.* >

 

< %PROGRAMFILES%\*.* >

[2009.07.14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /90 >

[2011.06.21 06:09:00 | 000,200,976 | ---- | M] (Trend Micro Inc.) -- C:\Windows\system32\drivers\tmcomm.sys

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

[2011.01.28 13:44:29 | 000,436,792 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2009.07.14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll

[2010.11.20 14:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\winprint.dll

 

 

< MD5 for: EXPLORER.EXE >

[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe

[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe

[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe

[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

 

< MD5 for: USERINIT.EXE >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 

< MD5 for: VOLSNAP.SYS >

[2009.07.14 03:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys

[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys

[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys

[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

 

< MD5 for: WININIT.EXE >

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 

< MD5 for: WINLOGON.EXE >

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 

< End of report >

[Night_Raven]

Дневникът вече изглежда чист. И все пак искам да съм сигурен, че няма нищо скрито.

 

Изтегли aswMBR и го запази на работния плот.

Стартирай го, потвърди с Yes на въпроса за изтегляне на дефинициите на avast! и ги изчакай да се свалят.

В долната част ще се появи малко падащо меню. От него избери C:\, кликни бутон Scan и изчакай да приключи сканирането.

Накрая кликни бутон Save log, запази файла на удобно място и копирай съдържанието му в следващия коментар или го прикачи към него.

[axl_rose]

Не знам дали точно това ти трябва...не ми излезе никакво падащо меню...или аз не сам го видяла...Пуснах сканиране и това е резултата...:

 

aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software

Run date: 2011-07-28 21:34:47

-----------------------------

21:34:47.145 OS Version: Windows 6.1.7601 Service Pack 1

21:34:47.145 Number of processors: 1 586 0x1601

21:34:47.148 ComputerName: BG-PC UserName: BG

21:34:48.704 Initialize success

22:37:19.710 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1

22:37:19.725 Disk 0 Vendor: ST9250827AS 3.AAA Size: 238475MB BusType: 3

22:37:19.744 Disk 0 MBR read successfully

22:37:19.750 Disk 0 MBR scan

22:37:19.761 Disk 0 Windows 7 default MBR code

22:37:19.788 Disk 0 scanning sectors +488392065

22:37:19.857 Disk 0 scanning C:\Windows\system32\drivers

22:37:33.556 Service scanning

22:37:35.535 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

22:37:36.767 Modules scanning

22:38:23.048 Disk 0 trace - called modules:

22:38:23.115 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84d851f8]<<

22:38:23.116 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b76778]

22:38:23.116 3 CLASSPNP.SYS[88dcd59e] -> nt!IofCallDriver -> [0x856a5918]

22:38:23.119 5 ACPI.sys[8339e3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85ab1908]

22:38:23.122 \Driver\atapi[0x85aa6758] -> IRP_MJ_CREATE -> 0x84d851f8

22:38:23.123 Scan finished successfully

22:41:22.395 Disk 0 MBR has been saved successfully to "C:\Users\BG\Desktop\MBR.dat"

22:41:22.413 The log file has been saved successfully to "C:\Users\BG\Desktop\aswMBR.txt"