s.feradov Публикувано Януари 3, 2012 Report Share Публикувано Януари 3, 2012 Изтеглете OTL Запазете файла на Вашия десктоп.Стартирайте инструмента.Уверете се, че процесът на сканиране няма да бъде прекъснат.В главния прозорец на програмата сложете отметка пред Scan All Users.В полето Output изберете Minimal Output.В полето Standart Registry изберете All.Сложете отметки пред LOP Check и Purity Check.От падащото меню File Age изберете 90 days.Уверете се, че има отметкa пред Skip Microsoft Files.В полето Custom Scans/Fixes поставете следния текст:netsvcs msconfig safebootminimal safebootnetwork %SYSTEMDRIVE%*.* %USERPROFILE%*.* %USERPROFILE%AppDataLocal*.* %USERPROFILE%AppDataRoaming*.* %ProgramData%*.* %CommonProgramFiles%*.* %PROGRAMFILES%*.* %systemroot%system32*.dll /lockedfiles %systemroot%Tasks*.job /lockedfiles %systemroot%system32drivers*.sys /90 %systemroot%system32drivers*.sys /lockedfiles %systemroot%system32Spoolprtprocsw32x86*.dll %systemroot%\*. /mp /s /md5start hlp.dat winlogon.exe wininit.exe userinit.exe explorer.exe volsnap.sys /md5stop Копирайте кода точно както е даден. Уверете се, че всяка от командите е на нов ред, както е в полето. Натиснете бутона Run Scan. Ще започне сканиране, което няма да продължи дълго.Когато сканирането приключи автоматично ще се отворят два Notepad лог-файла - OTL.txt и Extras.txt. Моля, прикачете тези два файла към следващия си коментар. Цитирай Link to comment Сподели другаде More sharing options...
bojko452 Публикувано Януари 3, 2012 Author Report Share Публикувано Януари 3, 2012 OTL: OTL logfile created on: 3.1.2012 г. 21:57:44 - Run 1OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\B-boy\DesktopUltimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 8.0.7601.17514)Locale: 00000402 | Country: България | Language: BGR | Date Format: d.M.yyyy 'г.' 2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,26% Memory free4,00 Gb Paging File | 2,90 Gb Available in Paging File | 72,57% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 48,83 Gb Total Space | 16,70 Gb Free Space | 34,20% Space Free | Partition Type: NTFSDrive D: | 416,92 Gb Total Space | 278,68 Gb Free Space | 66,84% Space Free | Partition Type: NTFSDrive F: | 6,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: B-BOY-PC | User Name: B-boy | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Processes (SafeList) ========== PRC - C:\Users\B-boy\Desktop\OTL.exe (OldTimer Tools)PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)PRC - C:\Program Files\Opera\opera.exe (Opera Software)PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)PRC - C:\Windows\explorer.exe (Microsoft Corporation)PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () ========== Win32 Services (SafeList) ========== SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (aswFW) -- C:\Windows\System32\drivers\aswFW.sys (AVAST Software)DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)DRV - (aswNdis2) -- C:\Windows\System32\drivers\aswNdis2.sys (AVAST Software)DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)DRV - (aswNdis) -- C:\Windows\system32\DRIVERS\aswNdis.sys (ALWIL Software)DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Almico Software)DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)DRV - (giveio) -- C:\Windows\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-932158286-1761716740-2224712450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =IE - HKU\S-1-5-21-932158286-1761716740-2224712450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bgIE - HKU\S-1-5-21-932158286-1761716740-2224712450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 04 31 B5 A4 7F CC 01 [binary data]IE - HKU\S-1-5-21-932158286-1761716740-2224712450-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-932158286-1761716740-2224712450-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =IE - HKU\S-1-5-21-932158286-1761716740-2224712450-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-932158286-1761716740-2224712450-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bgIE - HKU\S-1-5-21-932158286-1761716740-2224712450-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 04 31 B5 A4 7F CC 01 [binary data]IE - HKU\S-1-5-21-932158286-1761716740-2224712450-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.01.01 18:16:57 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.25 15:39:49 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.25 15:39:49 | 000,000,000 | ---D | M] [2011.09.30 21:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\B-boy\AppData\Roaming\mozilla\Extensions[2011.12.30 22:17:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\B-boy\AppData\Roaming\mozilla\Firefox\Profiles\bijwnhum.default\extensions[2011.12.28 15:46:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\B-boy\AppData\Roaming\mozilla\Firefox\Profiles\bijwnhum.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}[2011.09.30 21:20:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions[2012.01.01 18:16:57 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF[2011.03.18 19:55:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll[2011.11.03 08:59:20 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll[2010.01.01 10:00:00 | 000,001,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\911bg.xml[2010.01.01 10:00:00 | 000,002,442 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\diribg.xml[2010.01.01 10:00:00 | 000,001,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pe-bg.xml[2010.01.01 10:00:00 | 000,001,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml[2010.01.01 10:00:00 | 000,001,220 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bg.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)O4 - HKLM..\Run: [TaskTray] File not foundO4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1000..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray File not foundO4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1000..\Run: [bitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1003..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray File not foundO4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1003..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-932158286-1761716740-2224712450-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-932158286-1761716740-2224712450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\S-1-5-21-932158286-1761716740-2224712450-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-932158286-1761716740-2224712450-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: &Експортиране към Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not foundO8 - Extra context menu item: &Изпрати към OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not foundO9 - Extra Button: Изпрати към OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : &Изпрати към OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: &Свързани бележки на OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : &Свързани бележки на OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E4C8561-28ED-4651-90A5-806F110D2E85}: NameServer = 192.168.111.1O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O32 - AutoRun File - [2010.09.10 23:33:59 | 000,000,000 | R--D | M] - F:\AutoRun -- [ UDF ]O32 - AutoRun File - [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - F:\AutoRun.exe -- [ UDF ]O32 - AutoRun File - [2010.09.10 23:34:02 | 007,864,832 | R--- | M] () - F:\autorun.dat -- [ UDF ]O32 - AutoRun File - [2010.09.10 23:33:38 | 000,000,141 | R--- | M] () - F:\autorun.inf -- [ UDF ]O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not foundNetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)NetSvcs: Nla - File not foundNetSvcs: Ntmssvc - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: SRService - File not foundNetSvcs: WmdmPmSp - File not foundNetSvcs: LogonHours - File not foundNetSvcs: PCAudit - File not foundNetSvcs: helpsvc - File not foundNetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)MsConfig - State: "startup" - 2 SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)SafeBootMin: Base - Driver GroupSafeBootMin: Boot Bus Extender - Driver GroupSafeBootMin: Boot file system - Driver GroupSafeBootMin: File system - Driver GroupSafeBootMin: Filter - Driver GroupSafeBootMin: HelpSvc - ServiceSafeBootMin: NTDS - File not foundSafeBootMin: PCI Configuration - Driver GroupSafeBootMin: PNP Filter - Driver GroupSafeBootMin: Primary disk - Driver GroupSafeBootMin: sacsvr - ServiceSafeBootMin: SCSI Class - Driver GroupSafeBootMin: System Bus Extender - Driver GroupSafeBootMin: vmms - ServiceSafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copySafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllersSafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesSafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 DevicesSafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)SafeBootNet: Base - Driver GroupSafeBootNet: Boot Bus Extender - Driver GroupSafeBootNet: Boot file system - Driver GroupSafeBootNet: File system - Driver GroupSafeBootNet: Filter - Driver GroupSafeBootNet: HelpSvc - ServiceSafeBootNet: Messenger - ServiceSafeBootNet: NDIS Wrapper - Driver GroupSafeBootNet: NetBIOSGroup - Driver GroupSafeBootNet: NetDDEGroup - Driver GroupSafeBootNet: Network - Driver GroupSafeBootNet: NetworkProvider - Driver GroupSafeBootNet: NTDS - File not foundSafeBootNet: PCI Configuration - Driver GroupSafeBootNet: PNP Filter - Driver GroupSafeBootNet: PNP_TDI - Driver GroupSafeBootNet: Primary disk - Driver GroupSafeBootNet: rdsessmgr - ServiceSafeBootNet: sacsvr - ServiceSafeBootNet: SCSI Class - Driver GroupSafeBootNet: Streams Drivers - Driver GroupSafeBootNet: System Bus Extender - Driver GroupSafeBootNet: TDI - Driver GroupSafeBootNet: vmms - ServiceSafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)SafeBootNet: WudfUsbccidDriver - DriverSafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - NetSafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClientSafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetServiceSafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTransSafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readersSafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copySafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllersSafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesSafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 DevicesSafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ========== Files/Folders - Created Within 90 Days ========== [2012.01.03 21:56:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\B-boy\Desktop\OTL.exe[2012.01.02 00:56:51 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live for Speed (5)[2012.01.02 00:55:44 | 000,000,000 | ---D | C] -- C:\LFS[2012.01.01 18:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security[2012.01.01 18:17:29 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys[2012.01.01 18:17:29 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys[2012.01.01 18:17:26 | 000,111,320 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys[2012.01.01 18:17:12 | 000,195,416 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys[2012.01.01 18:17:12 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys[2012.01.01 18:17:12 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys[2012.01.01 18:17:11 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys[2012.01.01 18:17:11 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys[2012.01.01 18:16:56 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe[2012.01.01 18:16:56 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr[2012.01.01 18:16:56 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys[2012.01.01 18:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software[2012.01.01 16:14:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime[2011.12.30 20:34:51 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\Leadertech[2011.12.30 01:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent[2011.12.30 01:15:02 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\BitTorrent[2011.12.30 01:14:56 | 006,053,744 | ---- | C] (BitTorrent, Inc.) -- C:\Users\B-boy\Documents\BitTorrent-7.6.exe[2011.12.29 09:55:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM[2011.12.29 09:55:05 | 003,319,400 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll[2011.12.29 09:55:05 | 002,359,400 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll[2011.12.29 09:55:05 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll[2011.12.29 09:55:05 | 001,497,704 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl[2011.12.29 09:55:05 | 001,378,920 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll[2011.12.29 09:55:05 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll[2011.12.29 09:55:05 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll[2011.12.29 09:55:05 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll[2011.12.29 09:55:05 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll[2011.12.29 09:55:05 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll[2011.12.29 09:55:05 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll[2011.12.29 09:55:05 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll[2011.12.29 09:55:05 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll[2011.12.29 09:55:05 | 000,083,560 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll[2011.12.29 09:55:05 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll[2011.12.29 09:55:05 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll[2011.12.29 09:55:05 | 000,013,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoLDR.dll[2011.12.29 09:55:04 | 001,836,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll[2011.12.29 09:55:04 | 000,749,144 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBAPO32.dll[2011.12.29 09:55:04 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll[2011.12.29 09:55:04 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll[2011.12.29 09:55:04 | 000,053,848 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBppld32.dll[2011.12.29 09:55:04 | 000,050,776 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBPPCn32.dll[2011.12.29 09:55:03 | 001,740,352 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll[2011.12.29 09:55:03 | 000,175,200 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll[2011.12.29 09:55:03 | 000,096,160 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll[2011.12.29 00:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek[2011.12.29 00:41:48 | 000,070,232 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBWrp32.dll[2011.12.29 00:34:57 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Local\ElevatedDiagnostics[2011.12.29 00:34:33 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Local\ApplicationHistory[2011.12.29 00:30:41 | 000,000,000 | ---D | C] -- C:\Users\B-boy\Documents\DriverGenius[2011.12.29 00:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition[2011.12.29 00:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft[2011.12.29 00:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius[2011.12.29 00:09:33 | 000,427,864 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedZip.dll[2011.12.29 00:09:32 | 001,686,016 | ---- | C] (Clever Components) -- C:\Windows\System32\clinetsuitex6.ocx[2011.12.27 12:04:46 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex[2011.12.26 22:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Valve[2011.12.26 19:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Мастер Визиток[2011.12.26 17:36:33 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BusinessCards MX[2011.12.26 17:36:08 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\mojosoft[2011.12.26 17:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\mojosoft[2011.12.26 17:36:08 | 000,000,000 | ---D | C] -- C:\Users\B-boy\Documents\BusinessCardsMX templates[2011.12.26 17:33:48 | 092,000,504 | ---- | C] (mojosoft ) -- C:\Users\B-boy\Documents\BusinessCardsMX-setup.exe[2011.12.25 21:22:11 | 000,000,000 | ---D | C] -- C:\Downloads[2011.12.24 13:05:05 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Local\BitTorrent[2011.12.24 12:37:03 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\BitComet[2011.12.19 16:15:36 | 014,935,896 | ---- | C] (Foxit Corporation ) -- C:\Users\B-boy\Documents\FoxitReader513.1201_enu_Setup.exe[2011.12.03 22:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft[2011.12.03 22:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Aerosoft[2011.12.01 14:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD[2011.12.01 14:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP[2011.11.28 15:06:56 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Local\RadonLabs[2011.11.25 19:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield[2011.11.15 16:04:02 | 000,000,000 | ---D | C] -- C:\Users\B-boy\Documents\Any Video Converter[2011.11.15 16:03:56 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\AnvSoft[2011.11.15 16:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft[2011.11.15 16:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft[2011.11.10 17:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\Total Video Converter[2011.11.10 17:07:43 | 000,045,056 | ---- | C] (DGPDev) -- C:\Windows\System32\CxxProgressBar.ocx[2011.11.10 16:49:53 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\TeamViewer[2011.11.08 19:08:05 | 000,000,000 | ---D | C] -- C:\Users\B-boy\dwhelper[2011.11.08 13:01:51 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games[2011.11.02 21:56:13 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS[2011.10.22 13:21:38 | 000,065,536 | ---- | C] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll[2011.10.19 18:27:43 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Local\Diagnostics[2011.10.19 18:26:24 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\Thinstall[2011.10.18 13:52:55 | 000,000,000 | ---D | C] -- C:\Users\B-boy\Documents\Презентации[2011.10.16 17:54:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2011.10.16 17:44:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT[2011.10.16 14:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2011.10.16 14:38:07 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2011.10.16 14:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2011.10.16 14:35:07 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\SUPERAntiSpyware.com[2011.10.16 14:34:39 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware[2011.10.16 14:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com[2011.10.16 14:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware[2011.10.16 12:58:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx[2011.10.16 09:16:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump[2011.10.15 21:57:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS[2011.10.15 21:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters[2011.10.15 21:54:05 | 019,087,360 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\System32\mkl_blueripple.dll[2011.10.15 21:54:04 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll[2011.10.15 20:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL[2011.10.15 18:38:30 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys[2011.10.15 18:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite[2011.10.15 18:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite[2011.10.11 14:40:25 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\HD Tune Pro[2011.10.11 14:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune Pro[2011.10.10 20:14:00 | 000,000,000 | ---D | C] -- C:\Fraps[2011.10.10 20:13:41 | 002,309,616 | ---- | C] (Beepa Pty Ltd) -- C:\Users\B-boy\Documents\setup.exe[2011.10.09 16:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA[2011.10.09 16:26:30 | 003,730,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll[2011.10.09 16:26:30 | 002,558,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll[2011.10.09 16:26:30 | 000,111,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll[2011.10.09 16:26:30 | 000,066,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll[2011.10.09 16:26:08 | 017,193,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll[2011.10.09 16:26:08 | 016,595,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll[2011.10.09 16:26:08 | 012,636,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll[2011.10.09 16:26:08 | 010,304,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys[2011.10.09 16:26:08 | 006,613,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll[2011.10.09 16:26:08 | 005,404,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll[2011.10.09 16:26:08 | 002,412,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll[2011.10.09 16:26:08 | 002,391,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll[2011.10.09 16:26:08 | 002,090,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll[2011.10.09 16:26:08 | 000,914,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll[2011.10.09 16:26:08 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll[2011.10.09 16:25:28 | 000,000,000 | ---D | C] -- C:\NVIDIA[2011.10.09 16:03:32 | 000,865,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322090.dll[2011.10.09 16:03:31 | 000,012,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd[2011.10.07 13:33:24 | 000,000,000 | ---D | C] -- C:\Users\B-boy\Documents\hack[2011.10.06 19:34:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt[2011.10.06 18:47:28 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Local\Google[2011.10.06 18:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Google[2011.10.06 18:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe[2011.10.06 18:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe[2011.10.06 18:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR[2011.10.06 18:45:38 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Local\Adobe[2011.10.06 14:11:00 | 000,000,000 | ---D | C] -- C:\Users\B-boy\AppData\Roaming\EiM2CD2[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2012.01.03 21:56:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\B-boy\Desktop\OTL.exe[2012.01.03 21:43:32 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012.01.03 21:43:32 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012.01.03 21:38:32 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job[2012.01.03 21:37:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012.01.03 21:37:26 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys[2012.01.03 10:36:52 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012.01.02 23:47:56 | 000,660,706 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2012.01.02 23:47:56 | 000,124,896 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2012.01.02 21:28:12 | 000,001,572 | ---- | M] () -- C:\Users\B-boy\Desktop\cstrike - Пряк път.lnk[2012.01.02 00:56:51 | 000,000,534 | ---- | M] () -- C:\Users\B-boy\Desktop\LFS.lnk[2012.01.01 18:17:30 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk[2012.01.01 18:17:11 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt[2012.01.01 16:22:16 | 000,004,608 | ---- | M] () -- C:\Users\B-boy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2012.01.01 16:11:54 | 039,138,304 | ---- | M] () -- C:\Users\B-boy\Documents\camtasia.msi[2011.12.30 01:15:23 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk[2011.12.30 01:14:56 | 006,053,744 | ---- | M] (BitTorrent, Inc.) -- C:\Users\B-boy\Documents\BitTorrent-7.6.exe[2011.12.29 00:34:33 | 000,000,093 | ---- | M] () -- C:\Users\B-boy\AppData\Local\fusioncache.dat[2011.12.29 00:29:39 | 000,001,165 | ---- | M] () -- C:\Users\B-boy\Desktop\Driver Genius Professional Edition.lnk[2011.12.26 17:36:33 | 000,001,180 | ---- | M] () -- C:\Users\B-boy\Desktop\BusinessCardsMX.lnk[2011.12.26 17:35:15 | 092,000,504 | ---- | M] (mojosoft ) -- C:\Users\B-boy\Documents\BusinessCardsMX-setup.exe[2011.12.19 16:15:41 | 014,935,896 | ---- | M] (Foxit Corporation ) -- C:\Users\B-boy\Documents\FoxitReader513.1201_enu_Setup.exe[2011.12.14 13:33:35 | 000,408,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT[2011.12.13 16:58:18 | 001,497,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl[2011.12.13 16:25:38 | 000,200,468 | ---- | M] () -- C:\Windows\System32\drivers\RTAIODAT.DAT[2011.12.13 11:01:00 | 001,698,408 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll[2011.12.12 17:20:18 | 000,083,560 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2011.12.09 20:17:55 | 004,102,653 | ---- | M] () -- C:\Users\B-boy\Desktop\100 Kila - Super Fresh.mp3[2011.12.08 17:28:12 | 001,378,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll[2011.12.08 16:27:38 | 003,319,400 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll[2011.11.28 20:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr[2011.11.28 20:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe[2011.11.28 19:54:38 | 000,111,320 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys[2011.11.28 19:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys[2011.11.28 19:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys[2011.11.28 19:53:22 | 000,195,416 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys[2011.11.28 19:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys[2011.11.28 19:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys[2011.11.28 19:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys[2011.11.28 19:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys[2011.11.28 19:26:19 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys[2011.11.22 22:08:28 | 004,386,540 | ---- | M] () -- C:\Users\B-boy\Desktop\Poli Genova - Na Inat [bulgaria] - Eurovision 2011.mp3[2011.11.22 16:28:58 | 000,013,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoLDR.dll[2011.11.22 11:36:06 | 002,359,400 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll[2011.11.15 16:03:52 | 000,001,194 | ---- | M] () -- C:\Users\B-boy\Desktop\Any Video Converter.lnk[2011.11.10 17:06:27 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl[2011.11.10 16:14:24 | 000,749,144 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\MBAPO32.dll[2011.10.22 13:21:38 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll[2011.10.16 14:34:39 | 000,001,961 | ---- | M] () -- C:\Users\B-boy\Desktop\SUPERAntiSpyware Free Edition.lnk[2011.10.15 18:38:30 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys[2011.10.10 20:13:50 | 002,309,616 | ---- | M] (Beepa Pty Ltd) -- C:\Users\B-boy\Documents\setup.exe[2011.10.08 10:38:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf[2011.10.06 18:43:54 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.03 10:36:52 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012.01.02 21:28:12 | 000,001,572 | ---- | C] () -- C:\Users\B-boy\Desktop\cstrike - Пряк път.lnk[2012.01.02 00:56:51 | 000,000,534 | ---- | C] () -- C:\Users\B-boy\Desktop\LFS.lnk[2012.01.01 18:17:30 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk[2012.01.01 16:21:26 | 000,004,608 | ---- | C] () -- C:\Users\B-boy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2012.01.01 16:11:18 | 039,138,304 | ---- | C] () -- C:\Users\B-boy\Documents\camtasia.msi[2011.12.30 01:15:23 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk[2011.12.29 09:55:05 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT[2011.12.29 00:34:33 | 000,000,093 | ---- | C] () -- C:\Users\B-boy\AppData\Local\fusioncache.dat[2011.12.29 00:29:39 | 000,001,165 | ---- | C] () -- C:\Users\B-boy\Desktop\Driver Genius Professional Edition.lnk[2011.12.26 17:36:33 | 000,001,180 | ---- | C] () -- C:\Users\B-boy\Desktop\BusinessCardsMX.lnk[2011.12.09 20:17:51 | 004,102,653 | ---- | C] () -- C:\Users\B-boy\Desktop\100 Kila - Super Fresh.mp3[2011.11.22 22:08:25 | 004,386,540 | ---- | C] () -- C:\Users\B-boy\Desktop\Poli Genova - Na Inat [bulgaria] - Eurovision 2011.mp3[2011.11.15 16:03:52 | 000,001,194 | ---- | C] () -- C:\Users\B-boy\Desktop\Any Video Converter.lnk[2011.11.02 21:56:13 | 000,000,266 | ---- | C] () -- C:\Windows\tasks\AutoKMS.job[2011.10.16 14:34:39 | 000,001,961 | ---- | C] () -- C:\Users\B-boy\Desktop\SUPERAntiSpyware Free Edition.lnk[2011.10.08 10:38:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf[2011.10.01 19:26:52 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin[2011.10.01 08:35:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe[2011.10.01 08:34:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe[2011.09.30 20:56:08 | 000,921,665 | ---- | C] () -- C:\Windows\System32\msvcrt-ruby18.dll[2011.09.30 20:56:08 | 000,271,264 | ---- | C] () -- C:\Windows\System32\vbrun100.dll[2011.09.30 20:56:08 | 000,210,944 | ---- | C] () -- C:\Windows\System32\msvcrt10.dll[2011.09.30 20:56:08 | 000,027,136 | ---- | C] () -- C:\Windows\System32\pythonw.exe[2011.09.30 20:56:08 | 000,026,624 | ---- | C] () -- C:\Windows\System32\python.exe[2011.09.30 20:56:08 | 000,020,537 | ---- | C] () -- C:\Windows\System32\rubyw.exe[2011.09.30 20:56:08 | 000,020,536 | ---- | C] () -- C:\Windows\System32\ruby.exe[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat[2009.07.14 06:33:53 | 000,408,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT[2009.07.14 04:05:48 | 000,660,706 | ---- | C] () -- C:\Windows\System32\perfh009.dat[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat[2009.07.14 04:05:48 | 000,124,896 | ---- | C] () -- C:\Windows\System32\perfc009.dat[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2011.11.15 16:03:56 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\AnvSoft[2011.12.30 01:08:15 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\BitComet[2012.01.03 21:38:27 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\BitTorrent[2011.12.30 20:27:48 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\DAEMON Tools Lite[2011.10.06 14:12:01 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\EiM2CD2[2011.10.11 14:40:25 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\HD Tune Pro[2011.12.30 20:34:51 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\Leadertech[2011.12.26 17:36:08 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\mojosoft[2011.10.04 06:58:48 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\Opera[2011.11.30 15:02:36 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\TeamViewer[2011.10.19 18:26:24 | 000,000,000 | ---D | M] -- C:\Users\B-boy\AppData\Roaming\Thinstall[2012.01.03 21:38:32 | 000,000,266 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job[2011.12.13 10:17:50 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%*.* >[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat[2010.11.20 14:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr[2011.10.01 07:45:12 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys[2012.01.03 21:37:26 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys[2011.10.01 12:11:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS[2011.10.01 12:11:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS[2012.01.03 21:37:26 | 2146,754,560 | -HS- | M] () -- C:\pagefile.sys[2011.09.30 21:26:10 | 000,000,000 | RHS- | M] () -- C:\pclv.ld[2011.09.30 21:26:10 | 000,288,001 | RHS- | M] () -- C:\SDYBO < %USERPROFILE%*.* >[2012.01.03 22:00:29 | 001,835,008 | -HS- | M] () -- C:\Users\B-boy\ntuser.dat[2012.01.03 22:00:28 | 000,262,144 | -HS- | M] () -- C:\Users\B-boy\ntuser.dat.LOG1[2011.09.30 20:58:19 | 000,000,000 | -HS- | M] () -- C:\Users\B-boy\ntuser.dat.LOG2[2011.11.09 14:51:59 | 000,065,536 | -HS- | M] () -- C:\Users\B-boy\ntuser.dat{6d419d3a-0abd-11e1-9d72-0019663e49cd}.TM.blf[2011.11.09 14:51:59 | 000,524,288 | -HS- | M] () -- C:\Users\B-boy\ntuser.dat{6d419d3a-0abd-11e1-9d72-0019663e49cd}.TMContainer00000000000000000001.regtrans-ms[2011.11.09 14:51:59 | 000,524,288 | -HS- | M] () -- C:\Users\B-boy\ntuser.dat{6d419d3a-0abd-11e1-9d72-0019663e49cd}.TMContainer00000000000000000002.regtrans-ms[2012.01.01 13:53:47 | 000,000,020 | -HS- | M] () -- C:\Users\B-boy\ntuser.ini < %USERPROFILE%AppDataLocal*.* > < %USERPROFILE%AppDataRoaming*.* > < %ProgramData%*.* > < %CommonProgramFiles%*.* > < %PROGRAMFILES%*.* >[2009.07.14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %systemroot%system32*.dll /lockedfiles > < %systemroot%Tasks*.job /lockedfiles > < %systemroot%system32drivers*.sys /90 > < %systemroot%system32drivers*.sys /lockedfiles > < %systemroot%system32Spoolprtprocsw32x86*.dll > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE >[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe[2010.07.14 03:22:50 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe[2010.07.14 03:21:06 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe[2010.07.14 03:21:06 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe[2010.07.14 03:22:50 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: USERINIT.EXE >[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: VOLSNAP.SYS >[2009.07.14 03:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys < MD5 for: WININIT.EXE >[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE >[2010.07.14 03:22:50 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe[2010.07.14 03:22:50 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < End of report > Extras: OTL Extras logfile created on: 3.1.2012 г. 21:57:44 - Run 1OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\B-boy\DesktopUltimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 8.0.7601.17514)Locale: 00000402 | Country: България | Language: BGR | Date Format: d.M.yyyy 'г.' 2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,26% Memory free4,00 Gb Paging File | 2,90 Gb Available in Paging File | 72,57% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 48,83 Gb Total Space | 16,70 Gb Free Space | 34,20% Space Free | Partition Type: NTFSDrive D: | 416,92 Gb Total Space | 278,68 Gb Free Space | 66,84% Space Free | Partition Type: NTFSDrive F: | 6,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: B-BOY-PC | User Name: B-boy | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation).hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)htmlfile [edit] -- Reg Error: Key error.https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = Reg Error: Unknown registry data type -- File not found"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended"{0D5B5ED2-3E38-4585-B1F3-64B2A9EA95D6}_is1" = BusinessCards MX"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729"{5C9DA6A8-6479-47FE-B67E-F3953E2FCD7A}_is1" = Мастер Визиток 4.61"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0015-0402-0000-0000000FF1CE}" = Microsoft Office Access MUI (Bulgarian) 2010"{90140000-0015-0402-0000-0000000FF1CE}_Office14.PROPLUS_{59A0F32E-76D1-4BD1-BE32-554DD2F05DB4}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0016-0402-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Bulgarian) 2010"{90140000-0016-0402-0000-0000000FF1CE}_Office14.PROPLUS_{59A0F32E-76D1-4BD1-BE32-554DD2F05DB4}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0018-0402-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Bulgarian) 2010"{90140000-0018-0402-0000-0000000FF1CE}_Office14.PROPLUS_{59A0F32E-76D1-4BD1-BE32-554DD2F05DB4}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0019-0402-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Bulgarian) 2010"{90140000-0019-0402-0000-0000000FF1CE}_Office14.PROPLUS_{59A0F32E-76D1-4BD1-BE32-554DD2F05DB4}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001A-0402-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Bulgarian) 2010"{90140000-001A-0402-0000-0000000FF1CE}_Office14.PROPLUS_{59A0F32E-76D1-4BD1-BE32-554DD2F05DB4}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001B-0402-0000-0000000FF1CE}" = Microsoft Office Word MUI (Bulgarian) 2010"{90140000-001B-0402-0000-0000000FF1CE}_Office14.PROPLUS_{59A0F32E-76D1-4BD1-BE32-554DD2F05DB4}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0402-0000-0000000FF1CE}" = Microsoft Office Proof (Bulgarian) 2010"{90140000-001F-0402-0000-0000000FF1CE}_Office14.PROPLUS_{0709C35F-CF3B-4B05-8A2D-6FFD8F9A5F67}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010"{90140000-001F-0419-0000-0000000FF1CE}_Office14.PROPLUS_{DD6E7CDF-BDFF-43CF-8CCE-84FBEC5ABB77}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002C-0402-0000-0000000FF1CE}" = Microsoft Office Proofing (Bulgarian) 2010"{90140000-002C-0402-0000-0000000FF1CE}_Office14.PROPLUS_{C8054E0D-931E-4977-873A-017236B74357}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0044-0402-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Bulgarian) 2010"{90140000-0044-0402-0000-0000000FF1CE}_Office14.PROPLUS_{59A0F32E-76D1-4BD1-BE32-554DD2F05DB4}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-006E-0402-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Bulgarian) 2010"{90140000-006E-0402-0000-0000000FF1CE}_Office14.PROPLUS_{2800BF0D-D21D-49F8-988D-6F521900953C}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00A1-0402-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Bulgarian) 2010"{90140000-00A1-0402-0000-0000000FF1CE}_Office14.PROPLUS_{59A0F32E-76D1-4BD1-BE32-554DD2F05DB4}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00BA-0402-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Bulgarian) 2010"{90140000-00BA-0402-0000-0000000FF1CE}_Office14.PROPLUS_{59A0F32E-76D1-4BD1-BE32-554DD2F05DB4}" = Microsoft Office 2010 Service Pack 1 (SP1)"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"AIDA64 Business Edition_is1" = AIDA64 Business Edition v1.85"Any Video Converter_is1" = Any Video Converter 3.3.0"avast" = avast! Internet Security"BitTorrent" = BitTorrent"CCleaner" = CCleaner"DAEMON Tools Lite" = DAEMON Tools Lite"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware, версия 1.60.0.1800"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended"Mozilla Firefox 4.0 (x86 bg)" = Mozilla Firefox 4.0 (x86 bg)"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver"Office14.PROPLUS" = Microsoft Office Professional Plus 2010"Opera 11.01.1190" = Opera 11.01"SpeedFan" = SpeedFan (remove only)"The KMPlayer" = The KMPlayer (remove only)"WinRAR archiver" = WinRAR 4.01 (32-битова версия) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-932158286-1761716740-2224712450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Counter-Strike 1.6: New Era" = Counter-Strike 1.6: New Era ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Цитирай Link to comment Сподели другаде More sharing options...
s.feradov Публикувано Януари 4, 2012 Report Share Публикувано Януари 4, 2012 Стартирайте отново OTL.В полето Custom Scans/Fixes поставете следния текст::OTL FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found O4 - HKLM..\Run: [TaskTray] File not found O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1000..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray File not found O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1003..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray File not found O8 - Extra context menu item: &Експортиране към Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Изпрати към OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found :Commands [emptytemp] [reboot] Копирайте кода точно както е даден. Уверете се, че не изтървате някое от двуеточията в началото. Уверете се също така, че всяка от командите е на нов ред, както е в полето.След въвеждане на кода в полето Custom Scans/Fixes, натиснете бутона Run Fix. Потвърдете съобщението за рестартиране на системата.След рестартирането на системата, ще се появи лог-файл, намиращ се в C:\_OTL\Moved Files. Моля, прикачете съответния лог -файл към следващия Ви коментар. Като цяло това са "козметични" промени по системата. Не намерих следи от зловреден код, настанил се на Вашата система. Ще Ви посъветвам да промените настройката на UAC (User Account Control), като за текуща стойност зададете най-оптималната такава. Също така препоръчвам изключването на Autoplay функцията за преносимите устройства. Виждам, че използвате SuperAntiSpyware. Спрете работата на въпросното приложение в реално време. Проверете дали проблемът е налице. Стартирайте системата в Safe Mode with Networking. Проверете дали има забавяне при тези условия на работа със системата. Цитирай Link to comment Сподели другаде More sharing options...
bojko452 Публикувано Януари 4, 2012 Author Report Share Публикувано Януари 4, 2012 Стартирайте отново OTL.В полето Custom Scans/Fixes поставете следния текст::OTL FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found O4 - HKLM..\Run: [TaskTray] File not found O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1000..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray File not found O4 - HKU\S-1-5-21-932158286-1761716740-2224712450-1003..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray File not found O8 - Extra context menu item: &Експортиране към Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Изпрати към OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found :Commands [emptytemp] [reboot] Копирайте кода точно както е даден. Уверете се, че не изтървате някое от двуеточията в началото. Уверете се също така, че всяка от командите е на нов ред, както е в полето.След въвеждане на кода в полето Custom Scans/Fixes, натиснете бутона Run Fix. Потвърдете съобщението за рестартиране на системата.След рестартирането на системата, ще се появи лог-файл, намиращ се в C:\_OTL\Moved Files. Моля, прикачете съответния лог -файл към следващия Ви коментар. Като цяло това са "козметични" промени по системата. Не намерих следи от зловреден код, настанил се на Вашата система. Ще Ви посъветвам да промените настройката на UAC (User Account Control), като за текуща стойност зададете най-оптималната такава. Също така препоръчвам изключването на Autoplay функцията за преносимите устройства. Виждам, че използвате SuperAntiSpyware. Спрете работата на въпросното приложение в реално време. Проверете дали проблемът е налице. Стартирайте системата в Safe Mode with Networking. Проверете дали има забавяне при тези условия на работа със системата. Как се стартира това нещо? : Safe Mode with Networking Цитирай Link to comment Сподели другаде More sharing options...
bojko452 Публикувано Януари 4, 2012 Author Report Share Публикувано Януари 4, 2012 Е ако нямам вирус на какво се дължи проблема? Цитирай Link to comment Сподели другаде More sharing options...
bestman Публикувано Януари 4, 2012 Report Share Публикувано Януари 4, 2012 Пробваи с друг браузар Цитирай Link to comment Сподели другаде More sharing options...
s.feradov Публикувано Януари 4, 2012 Report Share Публикувано Януари 4, 2012 Как се стартира това нещо? : Safe Mode with NetworkingРестартирайте системата.След появата на началните надписи, след стартиране на системата (Power-On Self Test - POST), започнете да натискатe клавиша F8. По този начин ще стартирате Windows Advanced Options Menu.Изберете Safe Mode with Networking и натиснете Enter.Е ако нямам вирус на какво се дължи проблема? Точно това се опитваме да разберем. Моля, не бъдете припряни. Цитирай Link to comment Сподели другаде More sharing options...
liver Публикувано Януари 16, 2012 Report Share Публикувано Януари 16, 2012 Докато браузвах, изведнъж се появи прозореца на NOD Antivirus V5 с предупреждение за открита зараза. Това фалшива тревога ли е? Сканирах с MABM и SAS - нищо не откриват. Няколко пъти поред зададох изтриване и прозореца пак изскачаше. С нещо друго да сканирам ли и какъв е този файл,който е проблемен, според NOD? Благодаря. п.п сега забелязах, че Nod скапва адблока в мозила. Явно трие филтъра, защото рекламите се появиха и когато се опитах да добавя bulgarian+easy list в адблока, нода полудя. Смятам че е фалшива тревога, но какво ще препоръчате? Цитирай Link to comment Сподели другаде More sharing options...
B-boy/StyLe/ Публикувано Януари 16, 2012 Report Share Публикувано Януари 16, 2012 Пробвай да ги сложиш в изключенията или ги прати за анализ на лабораторията им да си оправят дефинициите... (ако вече не са го сторили).Това е доста използван плъгин и сигурно вече се е разчула ситуацията. Цитирай Link to comment Сподели другаде More sharing options...
liver Публикувано Януари 16, 2012 Report Share Публикувано Януари 16, 2012 Пратих ги за анализ. NOD вече не засича заплаха при добавяне на филтъра. Последното oбновяване на антивируса е от 18:12 часа, а малко преди това пратих файловете за анализ. Явно бързо действат. Благодаря b-boy. Цитирай Link to comment Сподели другаде More sharing options...
zygi123 Публикувано Април 7, 2012 Report Share Публикувано Април 7, 2012 Здравейте,за да не пускам нова тема питам тук-имам следния проблем ;Явно с някоя програма ми се е инсталирал "Яндекс",аз го изтрих от мозилата като добавка,и от контрол панела,търсих и с кучето и изтрих всичко,обаче явно пак е останал някъде и сега ми блокирва един сайт и не само него- какво трябва да направя да го махна това чудо напълно?Аз съм с Windows XPhttp://store.picbg.net/pubpic/E3/15/6c13667aa31ee315.JPG http://store.picbg.net/pubpic/DB/F6/49061ed1efccdbf6.JPG Цитирай Link to comment Сподели другаде More sharing options...
Гост newnickname Публикувано Април 7, 2012 Report Share Публикувано Април 7, 2012 Здравейте,за да не пускам нова тема питам тук-имам следния проблем ;Явно с някоя програма ми се е инсталирал "Яндекс",аз го изтрих от мозилата като добавка,и от контрол панела,търсих и с кучето и изтрих всичко,обаче явно пак е останал някъде и сега ми блокирва един сайт и не само него- какво трябва да направя да го махна това чудо напълно?Аз съм с Windows XPhttp://store.picbg.n...67aa31ee315.JPG http://store.picbg.n...ed1efccdbf6.JPG От лентата с менютата на Firefox, избираш Инструменти - Настройки - Сигурност, махаш отметките на:Блокиране на сайтовете, докладвани като "атакуващи"Блокиране на сайтовете, докладвани като "измамнически" Потвърждаваш с бутона "Добре" и рестартираш Firefox. Цитирай Link to comment Сподели другаде More sharing options...
B-boy/StyLe/ Публикувано Април 7, 2012 Report Share Публикувано Април 7, 2012 И защо да маха тези отметки ? А и така ще ги премахне за всички сайтове, не само за yandex. @zygi123 Изтеглете OTL.exe и го запазете на десктопа.Стартирайте OTL.exeНаправете следните настройки:Сложете отметка пред Scan All Users http://img408.imageshack.us/img408/1442/46625204.pngПод менюто File Age изберете 90 daysПод менюто Standard Registry променете на ALLСложете отметки пред LOP и Purity CheckПод http://store.picbg.net/pubpic/0A/C1/c814d031472c0ac1.png с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):netsvcs msconfig safebootminimal safebootnetwork %SYSTEMDRIVE%\*.* %USERPROFILE%\*.* %USERPROFILE%\Application Data\*.* %USERPROFILE%\Local Settings\Application Data\*.* %AllUsersProfile%\*.* %AllUsersProfile%\Application Data\*.* %USERPROFILE%\My Documents\*.* %CommonProgramFiles%\*.* %PROGRAMFILES%\*.* %systemroot%\system32\config\systemprofile\*.* %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* %windir%\temp*.* %windir%\system32\*. %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /90 %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /rp /s %systemroot%\assembly\tmp\*.* /S /MD5 %systemroot%\assembly\temp\*.* /S /MD5 %systemroot%\assembly\GAC_32\*.* /S /MD5 %systemroot%\assembly\GAC_MSIL\*.* /S /MD5 /md5start explorer.exe lsass.exe svchost.exe wininit.exe winlogon.exe userinit.exe hlp.dat /md5stopНатиснете маркираният в синьо бутон: Run Scan.Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение). Цитирай Link to comment Сподели другаде More sharing options...
Гост newnickname Публикувано Април 7, 2012 Report Share Публикувано Април 7, 2012 И защо да маха тези отметки ? А и така ще ги премахне за всички сайтове, не само за yandex. Защото е практически безполезна опция. Веднъж на 1000 - грубо казано, можеш да получиш такова съобщение и нищо чудно да е фалшива тревога. Предпочитам да разчитам на антивирусния софтуер, като ESET или avast!, които си проверяват дали страницата е опасна и съответно те махат оттам, прекратявайки връзката към нея. Все пак последните постоянно се актуализират и със сигурност защитават по-надежно от тази вградена опция на Firefox. П.П. Добре е да си обнови avast!-a до последна версия - avast! и да го регистрира Цитирай Link to comment Сподели другаде More sharing options...
zygi123 Публикувано Април 7, 2012 Report Share Публикувано Април 7, 2012 знам за отметките.но не исках да ги махам,иначе с друг браузър го отваря без да ми дава че е вреден сайт.Сега ще изтегля това и ще пробвам! Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.