syneok Публикувано Октомври 10, 2012 Report Share Публикувано Октомври 10, 2012 Имах следния проблем на стария ми компютър: Когато търся нещо или напиша дадена дума прозорецът се затваря, естествено някаква защита на вируса. Понеже наскоро ми изтече "БитДефендера" на този, не съм инсталирал друга антивирусна, но след като открих че явно много се е задръстил изтеглих "Trojan Killer" откри около 3400 заразени файла от които 27 неможе да изтрие. Пробвах ръчно но в периода 10 сек- 1 мин. те се появяват обратно. Ето и ComboFix.txt-то.ComboFix.txt Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Октомври 10, 2012 Report Share Публикувано Октомври 10, 2012 Защо си използвал ComboFix, след като никой не те и казвал да го използваш? Това не е инструмент за профилактично сканиране. --- Изтегли OTL и го запази на работния плот:- стартирай инструмента;- постави отметка в горната част на Scan All Users;- в поле Standard Registry избери All;- от падащо меню File Age избери 90 Days;- постави отметки още на: Skip Microsoft Files, LOP Check и Purity Check;- в поле Custom Scans/Fixes (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V):netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\*.* %USERPROFILE%\*.* %USERPROFILE%\temp\*.exe %USERPROFILE%\AppData\Local\*.* %USERPROFILE%\AppData\Local\*. %USERPROFILE%\AppData\Local\temp\*.exe %USERPROFILE%\AppData\Roaming\*.* %USERPROFILE%\AppData\Roaming\*. %Public%\Documents\Softwrap\YOYOGAMESGM70FINAL\*.exe %Public%\Documents\Fonts\*.exe %Public%\Documents\Config\*.exe %Public%\Documents\*.* %ProgramData%\*.* %ProgramData%\*. %CommonProgramFiles%\*.* %CommonProgramFiles%\ComObjects*.exe %PROGRAMFILES%\*.* %PROGRAMFILES%\*. %ProgramFiles(x86)%\*.* %ProgramFiles(x86)%\*. %systemroot%\system32\config\systemprofile\AppData\Local\*.* %systemroot%\system32\config\systemprofile\AppData\Roaming\*.* %windir%\SysWOW64\config\systemprofile\AppData\Local\*.* %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.* %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb %windir%\temp\*.exe %windir%\minidump\*.* %windir%\*. %windir%\installer\*. %windir%\system32\*. %windir%\sysnative\*. %Temp%\smtmp\1\*.* %Temp%\smtmp\2\*.* %Temp%\smtmp\3\*.* %Temp%\smtmp\4\*.* %systemroot%\system32\*.dll /lockedfiles %systemroot%\syswow64\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /90 %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\syswow64\drivers\*.sys /90 %systemroot%\syswow64\drivers\*.sys /lockedfiles %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /rp /s %systemroot%\assembly\tmp\*.* /S /MD5 %systemroot%\assembly\temp\*.* /S /MD5 %systemroot%\assembly\GAC\*.ini %systemroot%\assembly\GAC_32\*.ini %systemroot%\assembly\GAC_64\*.ini %SystemRoot%\assembly\GAC_MSIL\*.ini HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s HKEY_CURRENT_USER\Software\MSOLoad /s bcdedit /enum all /v >C:\boot.txt /c >C:\commands.txt echo list vol /raw /hide /c /wait >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c /wait type c:\diskreport.txt /c /wait erase c:\commands.txt /hide /c /wait erase c:\diskreport.txt /hide /c /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll consrv.dll services.exe explorer.exe lsass.exe svchost.exe wininit.exe winlogon.exe userinit.exe atapi.sys iaStor.sys serial.sys volsnap.sys disk.sys redbook.sys i8042prt.sys afd.sys netbt.sys csc.sys tcpip.sys dfsc.sys hlp.dat str.sys crexv.ocx /md5stop- кликни бутон Run Scan;Изчакай сканирането да приключи. След края на сканирането автоматично ще се отворят двата новосъздадени на работния плот файла: OTL.txt и Extras.txt. Моля, прикачи тези два файла (поотделно или в архив) към следващия си коментар. Цитирай Link to comment Сподели другаде More sharing options...
syneok Публикувано Октомври 11, 2012 Report Share Публикувано Октомври 11, 2012 Идеята за "ComboFix" беше на бащата... Явно като е имал подобен проблем сте му препоръчали да използва нея.OTL.TxtExtras.Txt Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Октомври 11, 2012 Report Share Публикувано Октомври 11, 2012 Провери дали в папка c:\users\g62\Downloads\ все още се намира файлът ComboFix.exe. Ако се намира там, натисни клавиш Win+R, в новоотворилия се прозорец постави следния текст и кликни OK:"c:\users\g62\Downloads\ComboFix.exe" /uninstall Ако не се намира там, изтегли прясно копие от тук, запази го на работния плот, след което натисни клавиш Win+R, в новоотворилия се прозорец постави следния текст и кликни OK:"%userprofile%\Desktop\ComboFix.exe" /uninstall Това ще деинсталира ComboFix. --- След рестарта... Стартирай отново OTL. В празното поле "Custom Scans/Fixes" (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V): :Process killallprocesses :OTL MOD - [2012.10.11 07:08:37 | 000,593,920 | RHS- | M] () -- C:\Users\g62\AppData\Local\Temp\xkbufurgwjpszuov.exe MOD - [2012.10.10 21:17:18 | 000,708,608 | ---- | M] () -- C:\Users\g62\AppData\Local\Temp\aciqq.exe O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll File not found O2 - BHO: (TheBflix Class) - {162CE9F4-217B-4724-8DE1-7B9900BEFC7C} - C:\ProgramData\TheBflix\bhoclass.dll File not found O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll File not found O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll File not found O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [oymckwqcpzccg] C:\Users\g62\AppData\Local\Temp\asomcwysnfqykkjvyqmka.exe () O4 - HKLM..\Run: [yckuwcq] C:\Windows\SysWow64\yoieskkcvluakifpqga.exe () O4 - HKU\S-1-5-21-1860454994-2166889407-3407044522-1000..\Run: [xepchqhqah] C:\Windows\SysWow64\lcxujcdwqhryjigrtkfc.exe () O4 - HKU\S-1-5-21-1860454994-2166889407-3407044522-1000..\Run: [yckuwcq] C:\Users\g62\AppData\Local\Temp\ncvqdutkcrzenkgppe.exe () O4 - HKLM..\RunOnce: [nsbmpwls] C:\Windows\SysWow64\lcxujcdwqhryjigrtkfc.exe () O4 - HKLM..\RunOnce: [pylahslwirts] C:\Users\g62\AppData\Local\Temp\lcxujcdwqhryjigrtkfc.exe () O4 - HKU\S-1-5-21-1860454994-2166889407-3407044522-1000..\RunOnce: [nsbmpwls] C:\Users\g62\AppData\Local\Temp\ncvqdutkcrzenkgppe.exe () O4 - HKU\S-1-5-21-1860454994-2166889407-3407044522-1000..\RunOnce: [samagqisdlm] C:\Windows\SysWow64\eskeqgeulzgksojrq.exe () O4 - Startup: C:\Users\g62\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Startup.rar () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: ekugksiqz = ncvqdutkcrzenkgppe.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: lovefk = C:\Users\g62\AppData\Local\Temp\lcxujcdwqhryjigrtkfc.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1860454994-2166889407-3407044522-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1860454994-2166889407-3407044522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O7 - HKU\S-1-5-21-1860454994-2166889407-3407044522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1860454994-2166889407-3407044522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-1860454994-2166889407-3407044522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O7 - HKU\S-1-5-21-1860454994-2166889407-3407044522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O32 - AutoRun File - [2012.10.11 13:10:06 | 000,000,800 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] [2012.10.09 21:17:52 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{2491432E-19EC-4075-A5E8-70BA9DCB2524} [2012.10.06 07:22:04 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{C397DF09-5B8E-4D34-84EE-B9516983214B} [2012.10.04 22:08:30 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{D34BD4A6-216A-45B9-9D2C-3F072AB5D2FB} [2012.10.03 21:33:04 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{C9183799-9DBB-4A9B-A4BF-B9CA955C3FC8} [2012.09.28 13:38:24 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{342E3F0C-5C28-4432-980D-61478B6F8F72} [2012.09.16 10:55:21 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{DC377DC2-FE16-4837-9BC9-F5A69D0005F1} [2012.09.10 12:26:01 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{D1D6D620-F7C5-49B1-8006-B39D30104C98} [2012.09.09 10:40:03 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{F3A2520A-3BEA-4939-8AD1-D795216264A5} [2012.09.03 15:52:27 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{1BF5CC77-8E93-4970-B4F3-FB0E4C183988} [2012.09.01 12:33:34 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{E2CDA8E4-1448-4505-93C8-A7DD42D36108} [2012.08.27 13:54:38 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{0ABF7820-F416-4D61-843E-D38A68F03532} [2012.08.21 07:39:27 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{75CC5D13-ECF6-4BD7-9F86-6CECD99AD7EC} [2012.08.13 16:45:39 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{BB7A9C2F-BCD1-4432-8647-D536ED551F47} [2012.08.13 16:45:28 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{91CD0E26-39DB-4014-BBA6-D63011544FFE} [2012.08.12 11:30:24 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{FC953D04-5375-41AC-94DF-DCE801975FA9} [2012.08.12 11:30:12 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{A23F9F5E-0ABF-40E2-B415-90E491E5F0A6} [2012.08.09 08:42:42 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{C0FE8ED6-1110-47FA-B100-9321330EABCF} [2012.08.09 08:42:29 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{32F82878-E796-40D4-80F2-27E1B8A7ED61} [2012.08.09 06:44:24 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{84AD1128-432B-46F5-99CF-C070D2BCA7E7} [2012.08.09 06:44:07 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{91F137AC-56AC-4221-8F53-1808B6BE3FEF} [2012.08.06 19:14:50 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{D077C847-656E-4E98-A616-08572CBC2CFD} [2012.08.06 19:14:37 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{34C56A8A-8434-4A6F-BB0D-92244A4776D4} [2012.08.03 12:42:52 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{CD0A8870-FBF3-425B-834F-6CAE721A255B} [2012.08.03 12:42:36 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{3D06EB93-A8CB-499A-A992-B6CF3415D0C1} [2012.07.30 18:37:01 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{9A978B41-B2ED-4E58-82D9-224270B164F2} [2012.07.30 18:36:47 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{4CA72637-9997-4CB8-9A05-1B1C1D27724D} [2012.07.27 14:17:10 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{346C281E-234E-4A8C-9CF7-E4F0CB816CF9} [2012.07.26 17:02:02 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{EDC4FE3E-D0EF-4958-AF5F-7B8CE14D8AC0} [2012.07.23 21:51:35 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{C2A11D6C-3176-4BA3-9C40-F7024C8B62C4} [2012.07.23 21:45:46 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{56F69C05-589B-4136-9A26-8F81D791D5B7} [2012.07.22 12:31:04 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{7BA63C92-E311-441A-9731-0DF03A7E24B3} [2012.07.22 12:30:41 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{787350D8-906A-4FA6-9BA4-5851CF639193} [2012.07.21 22:41:20 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{D671004D-F486-409C-A23A-2CF0F6690720} [2012.07.21 22:41:02 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{C318011E-C4AB-428C-BE67-4BA0218F1ECA} [2012.07.21 21:32:02 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{79995E1A-B41A-4646-A7AF-91876F0D7FE5} [2012.07.21 21:31:49 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{E7ADE237-DBBD-4D8C-80BE-272577ACAE2C} [2012.07.21 17:54:30 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{291CCE01-8BFA-4AC6-8897-5BFC5C2C675E} [2012.07.21 17:54:15 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{E36CD0AA-7CE0-4C4D-B58B-3E2184A7B1FA} [2012.07.21 15:08:34 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{6CCF8E9C-DC3F-492F-B703-B23F82415ED2} [2012.07.21 15:08:20 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{ECDCBAE8-83CD-4DF7-8A39-4B4B1E72B462} [2012.07.19 22:17:30 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{5B55EBBA-CFA4-4FCA-85D8-CAE18DC0DBE2} [2012.07.19 22:17:13 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{4D0255AE-8C5B-49AD-AD54-381AD8C16595} [2012.07.16 17:16:12 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{88B18D29-4B37-4D28-A93D-40614B559D6D} [2012.07.16 17:16:00 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{1F8C7FF5-391D-4061-BF3E-FC340FF7D93A} [2012.09.18 11:43:11 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{018F74D0-C365-4892-84C3-A80E888FB054} [2012.10.09 16:34:28 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{0461436A-6BAD-4A5C-A9AB-81D5C1A451DE} [2012.10.09 16:34:29 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{06C6314F-B92A-4393-A98A-A3B7F033F4A7} [2012.10.09 16:34:29 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{09F0C3D3-0C28-4BC5-B68F-278FBB7C1429} [2012.10.09 16:34:30 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{0B573F91-902C-4138-98E1-37C2078E882F} [2012.10.09 16:34:30 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{0B937526-85FB-4FBE-B542-8A6F7484B89D} [2012.10.09 16:34:30 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{0BE11962-6FD2-4651-A478-4F643CE0E03D} [2012.10.09 16:34:31 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{0C727CFB-799E-41A9-8CEC-153F0FD5B5D0} [2012.09.18 11:43:12 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{0E177EFF-310F-4C09-8E9A-9473BD8390C0} [2012.09.18 11:43:12 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{1150780A-2DD4-4947-B8B5-192908DD8580} [2012.10.09 16:34:31 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{12B954B9-16BF-492B-B75C-57F10BA04124} [2012.10.09 16:34:32 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{15FB45C7-43D3-4BB9-8059-38C79228BDA8} [2012.10.09 16:34:32 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{16D7B6E2-4657-4FAF-AC15-1ED928179183} [2012.09.18 11:43:14 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{17BDA1CA-2221-46DD-9D2C-CAFF2D0B27F8} [2012.10.09 16:34:33 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{17D73CAC-C2DA-48A9-9BA0-B138ED577F7F} [2012.09.18 11:43:14 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{183DAB65-AB99-44A5-8478-9CBE111ACFAE} [2012.10.09 16:34:33 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{186EB8D9-3064-4687-A149-DDE5F18193B1} [2012.09.18 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{1AD05322-3B5C-4807-920E-08FD11565140} [2012.09.18 11:43:14 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{1B7E32C5-4ED4-481C-A70A-AE070F754921} [2012.09.18 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{1FC69120-B271-441A-B8BD-F9826556F0FA} [2012.09.18 11:43:15 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{21195EDF-2C7B-4FB9-834B-A92FB821518D} [2012.10.09 16:34:34 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{22D816AC-9D3F-4CC6-AADD-F1FA2FFE974F} [2012.09.18 11:43:16 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{24D225DC-3068-4285-B30A-A00114C18C58} [2012.10.09 16:34:34 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{2736A656-7E44-484F-A405-E1897238ACBB} [2012.10.09 16:34:34 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{27AF6D04-1D0D-4A0B-AA66-87E610B91000} [2012.10.09 16:34:35 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{28243D8B-FCB8-4821-89E2-1C97C770C6BC} [2012.10.09 16:34:35 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{2862A90D-7DEE-488C-9E55-CE0C346FBAF8} [2012.10.09 16:34:35 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{289899E9-638C-4327-9A7C-79F027EA831B} [2012.10.09 16:34:36 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{2B9C91FD-DBD2-42CF-8D4B-E54F77D60889} [2012.09.18 11:43:17 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{2BBAFAE5-AEE9-48AD-8084-06B052E36E87} [2012.10.09 16:34:36 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{2BD0CF0A-8023-44E2-8B48-F384CD4F8C4F} [2012.09.18 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{2E6D522D-CAC1-43A0-9F4F-A2CF6919FAA5} [2012.10.09 16:34:36 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{30D4247E-95C7-4251-B4DF-5EA63D385900} [2012.09.18 11:43:18 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{3266936A-B9E6-4A03-8286-A3E42E3E7A81} [2012.10.09 16:34:38 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{36C6F2D9-5BD1-47AA-91D3-9C48785F826A} [2012.10.09 16:34:38 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{39DFABD4-D235-4DDF-9E2D-5F252EE0A792} [2012.09.18 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{39ED0121-5978-44B6-9B7E-23292EAB4C6E} [2012.09.18 11:43:19 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{3A0C6A27-4A99-4E7A-BC71-CC1DED313C94} [2012.09.18 11:43:19 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{3C76E8A9-8FE2-4DAC-B450-970B3A8F78FC} [2012.10.09 16:34:39 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{3FC93107-382F-4D5F-9D10-137C1BE252D0} [2012.10.09 16:34:40 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{42F4C286-233B-453F-86B3-6310809DFAB2} [2012.09.18 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{435D282D-1DC7-414B-A3B5-5A1E6E1579AF} [2012.10.09 16:34:40 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{435D4CC4-738B-4283-AAD0-A1BDD2A217B6} [2012.09.18 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{4A352636-6F16-450A-B421-D0578E86118D} [2012.10.09 16:34:40 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{4A67FA10-434E-4804-9F49-5689C70E2AF7} [2012.10.09 16:34:41 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{4C01FC85-0D51-48FD-9C19-2518F9549558} [2012.09.18 11:43:20 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{4D393357-E495-4566-B823-07CA154073D2} [2012.09.18 11:43:20 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{4EAD2184-5498-4ECF-B997-67CA67D40139} [2012.10.09 16:34:42 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{5176BFB3-EF78-4BD7-AC9D-8B8C16D2188E} [2012.10.09 16:34:42 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{530C87BB-1A52-48D9-936B-C3CE3DFF7C58} [2012.09.18 11:43:21 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{533ABB73-A48D-430F-8750-9530294D424A} [2012.10.09 16:34:42 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{5459D7E2-9B5C-4EF4-A944-6B9E2FDDD6DF} [2012.10.09 16:34:43 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{551AC776-4D92-4337-B424-61CA8875F3E4} [2012.10.09 16:34:43 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{55638470-0510-48BF-9948-EAC10AB42FE8} [2012.09.18 11:43:22 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{5AB9050D-C29D-4D0D-9DAF-279B48264E9B} [2012.10.09 16:34:44 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{5D463BBB-33B6-45C0-AD53-5CDD5959B5D5} [2012.10.09 16:34:45 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{5DF233CB-2B4D-4BF6-BCD3-80B3A1CF8842} [2012.09.18 11:43:23 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{6054D4DE-1599-4B00-8F14-9C2BF4B0E787} [2012.09.18 12:22:29 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{60642DA4-5A49-4136-8B48-4497897A1DDC} [2012.10.09 16:34:45 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{62086F92-E3B5-44EF-B1AD-42392F51E562} [2012.10.09 16:34:45 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{64379244-280C-49A7-9052-82E76FA453E8} [2012.09.18 12:22:29 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{653A0B08-6445-4971-ACCE-E311211CF436} [2012.09.18 11:43:23 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{67114C06-C374-45A6-9144-0A84B30CFE8C} [2012.10.09 16:34:46 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{691E3A43-B5FF-4582-A22D-D2809B59DEFD} [2012.10.09 16:34:46 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{6B2C6845-F66D-4182-B887-024B4D2E0DA9} [2012.10.09 16:34:46 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{6BED6F78-5BC5-4E0A-9CA6-FEC9109E8DB7} [2012.10.09 16:34:47 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{6CD3DD61-8D3B-4F83-AD67-2CE5B0B0A417} [2012.09.18 12:22:29 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{71D70891-EB0A-4FC3-B922-665E5F434119} [2012.10.09 16:34:47 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{76E716A7-857A-4614-AAC5-2C7041AAE6D0} [2012.10.09 16:34:47 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{7781BF2F-1D44-4F8C-A008-0385FC9DB1B2} [2012.09.18 11:43:25 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{781C945C-39FF-4AFC-983F-980C29CA7AE0} [2012.09.18 11:43:25 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{783F7E78-16AD-4D5D-ACC4-5C111BDE4BF5} [2012.09.18 11:43:25 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{7C417A5D-791F-4D13-B061-F51DD057FE28} [2012.09.18 11:43:25 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{7DB9429D-DCF9-4706-BA0A-1E690DEB965C} [2012.09.18 11:43:25 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{81127BFE-D3B4-4A6D-8A66-3B3A846EC6DC} [2012.09.18 12:22:30 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{83CB05CB-05F5-4443-866D-7AE113399FC9} [2012.09.18 11:43:26 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{83E884E8-4CDA-449B-918E-97293524CBD2} [2012.10.09 16:34:49 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{871B8ACF-1EB9-457B-AFC8-193E09835E4F} [2012.09.18 12:22:30 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{8726B9A3-90E3-44B2-8066-3709FDBA9773} [2012.09.18 11:43:26 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{8FA737F1-9F90-499D-9707-8A12A760CA2A} [2012.10.09 16:34:49 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{8FDE45A0-F0A0-4B9A-BE8E-623A1F0C7E4F} [2012.09.18 11:43:27 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{9045E907-C69C-40E9-AEE3-A15E585CB1A4} [2012.10.09 16:34:50 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{914F0979-C0DE-499B-98C0-DFFB45673248} [2012.10.09 16:34:51 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{940884BA-ED74-4F9F-9B0D-042D24D7B11A} [2012.10.09 16:34:52 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{948B4C06-63B0-488E-BBA5-C58AFDA503C1} [2012.10.09 16:34:52 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{96AF8F77-F18B-418D-AA44-1DB363F8D80A} [2012.10.09 16:34:52 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{9829268D-6E61-497F-96A9-E66ABCE29B8F} [2012.10.09 16:34:53 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{98AA9798-1FCE-4F4A-A8D6-0F760FCDA101} [2012.09.18 12:22:31 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{9A89AC22-35D6-469B-A0B9-CE01B54B5A5F} [2012.09.18 11:43:28 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{9B073157-B8C1-4AE8-BA27-BFDB58808AC4} [2012.09.18 12:22:31 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{9B7801CF-CDCE-42C3-85D6-B412A45916C2} [2012.09.18 12:22:31 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{9BDDA1C0-6976-4E42-B1EC-6D1A9DEE4FA5} [2012.10.09 16:34:53 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{9C664B73-A39D-478C-8D54-F1B9DF2708BC} [2012.09.18 11:43:28 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{9D5DDB87-3659-4822-8693-72BD8E23DB9A} [2012.09.18 11:43:29 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{9DA7263C-36CE-4041-B8CA-0D5024DE6D63} [2012.09.18 11:43:29 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{A36BBC7D-7584-44EB-9607-875E55C28EBB} [2012.09.18 11:43:30 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{A51E01F7-D4EB-4010-BB95-47BFD2B12B02} [2012.09.18 12:22:31 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{A63C00B6-B1E0-4FD4-A176-FAD01CEBA254} [2012.10.09 16:34:54 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{AA712A76-DF8F-4728-BEDE-A4A6DE61648E} [2012.10.09 16:34:55 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{AEF5CBD4-CF82-4424-9D49-C18D7A15E9D3} [2012.09.18 11:43:30 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{B276C6ED-9283-480C-870D-4737ECC798A4} [2012.09.18 12:22:32 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{B3999D09-C48D-4206-BD53-C701CC007627} [2012.10.09 16:34:56 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{B54D58F1-8C68-4590-9249-DD51742735E9} [2012.10.09 16:34:57 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{B60FE798-BB92-4D3D-9EF1-EB32AFEB5144} [2012.09.18 11:43:31 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{BB5D83D4-E3DA-480A-B631-6E2494FD25E5} [2012.10.09 16:34:57 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{BB785255-5DF6-4813-AA56-13ACAD6F9434} [2012.10.09 16:34:57 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{BC10E520-262E-4DA4-8245-9F9C3D3523CC} [2012.10.09 16:34:58 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{BF2FEF93-C443-472F-BCF5-12303C2E92B5} [2012.10.09 16:34:58 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{BF6140F5-DF99-4C52-B63E-DDFAED0602C0} [2012.09.18 11:43:32 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{C0000297-EC29-453F-BC0C-B551DAE423D7} [2012.09.18 11:43:32 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{C04538B4-FDB7-41A9-AD87-FD2EDD33C887} [2012.10.09 16:34:59 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{C1820AB9-4B7A-405B-AEB7-CA3675E18680} [2012.09.18 12:22:32 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{C1D9BECB-5DE5-4DA1-8B68-B19BCB413D88} [2012.10.09 16:34:59 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{C2097BE8-03C0-4709-8452-9FDEF9A26825} [2012.09.18 12:22:32 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{C26C4BC3-8405-4A87-95E8-593A1136356F} [2012.10.09 16:35:00 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{C270EA96-66AC-4CB3-8EEC-2E977E29AE10} [2012.09.18 12:22:32 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{C4227CE7-9F23-4BA0-97F8-09BA81A98E8D} [2012.09.18 11:43:33 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{CC988758-DF97-425E-9962-CD10013E2FFF} [2012.10.09 16:35:01 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{CC999858-EB05-49AA-9863-66076BBDCEC4} [2012.09.18 11:43:33 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{CD3E9F63-F049-4B39-A012-C1A9F2A2EDA5} [2012.09.18 11:43:33 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{CFC54088-22BB-40ED-953C-6D3335C497BD} [2012.10.09 16:35:02 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{D3FF2898-673F-4E92-A6D3-9BCB5932916A} [2012.09.18 11:43:34 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{D44D3134-A588-48AA-A4C7-8ABC1579C78C} [2012.10.09 16:35:02 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{D4D26782-979A-4D3A-A131-B22CB930D7B2} [2012.09.18 12:22:41 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{D6E3A833-49FD-4AED-9F67-2915495D7CB4} [2012.10.09 16:35:03 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{D731B080-8DB8-44AA-895D-ACDD30CAC5FC} [2012.09.18 11:43:34 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{D86EB051-3C7B-4C8F-8BEC-CF8ADD14AB38} [2012.10.09 16:35:03 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{DA397A28-A1DB-4498-BD6D-DD89E1F6E802} [2012.10.09 16:35:04 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{E049D347-4FCA-4561-B2B1-492EE4BF15F2} [2012.10.09 16:35:05 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{E4378E48-7F29-46BC-A00E-C874E28DA858} [2012.10.09 16:35:05 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{EA24B3B9-0BA9-4383-9DFD-CC705436CAFC} [2012.10.09 16:35:05 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{EA6B1625-B423-42D6-B673-75FA9D7C3C58} [2012.10.09 16:35:06 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{EC8D98E1-E0DA-4FBC-8425-8CA15B12A29F} [2012.09.18 11:43:36 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{EDE697BD-D2DA-4A3F-BBDD-6F42FB5BE882} [2012.10.09 16:35:07 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{EFFD8161-F5AD-4535-A05D-F6BFE8906ECF} [2012.10.09 16:35:07 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{F133E6B1-B5C3-4E1B-9067-F90A43240B9E} [2012.10.09 16:35:08 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{F1A1B0BA-216A-4F94-BC40-BC5AFE6BA252} [2012.09.18 11:43:36 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{F231CC69-3434-48EB-AA3B-E91E87013CCE} [2012.10.09 16:35:08 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{F39A1B12-96DD-4B19-AF03-CA545F2EB435} [2012.09.18 11:43:36 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{F468B919-7490-4480-B677-B5DFED1413F5} [2012.10.09 16:35:09 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{F48884A7-CA47-4B5F-9E5E-4FA9828A2FD9} [2012.10.09 16:35:09 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{F5E72FAB-411A-469A-B894-5C8F4D482D5B} [2012.10.09 16:35:09 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{F70E0AC4-0A7D-4F82-A66A-3C1EB2F4D27A} [2012.09.18 11:43:37 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{F8476C01-70B6-4752-8523-7C42054AECB1} [2012.09.18 11:43:37 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{FA644D06-ABB3-442D-A394-F10B807AFAD1} [2012.10.09 16:35:10 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{FBE78155-8CF3-49B1-AB2A-FFAD01F8E060} [2012.10.09 16:35:11 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{FCF10D69-7F62-4049-8D8D-800D75BE0F44} [2012.10.09 16:35:11 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{FD6A840E-E2B5-4802-9785-056AF530F19D} [2012.10.09 16:35:11 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{FD8857C9-D5C5-4AE3-8141-7F67A49C107B} [2012.09.18 12:22:42 | 000,000,000 | ---D | M] -- C:\Users\g62\AppData\Local\{FD99B65D-A7D8-438D-B22B-05C599382955} [2012.10.11 13:17:58 | 000,001,154 | -H-- | M] () -- C:\Windows\pylahslwirtsvmcfzivkrcvgsbdcfwmpjs.ubm [2012.10.11 13:17:58 | 000,001,154 | -H-- | M] () -- C:\Users\g62\AppData\Local\pylahslwirtsvmcfzivkrcvgsbdcfwmpjs.ubm [2012.10.11 13:17:58 | 000,001,154 | -H-- | M] () -- C:\Program Files (x86)\pylahslwirtsvmcfzivkrcvgsbdcfwmpjs.ubm [2012.10.11 13:17:58 | 000,000,280 | -H-- | M] () -- C:\Windows\fehmjktuwvncvciblknspqza.bti [2012.10.11 13:17:58 | 000,000,280 | -H-- | M] () -- C:\Program Files (x86)\fehmjktuwvncvciblknspqza.bti [2012.10.11 13:17:36 | 000,000,316 | -H-- | M] () -- C:\Windows\SysWow64\seumwkgujvacicvbykascqmapbgioibheqgyi.sgv [2012.10.11 13:17:36 | 000,000,316 | -H-- | M] () -- C:\Windows\seumwkgujvacicvbykascqmapbgioibheqgyi.sgv [2012.10.11 13:17:36 | 000,000,316 | -H-- | M] () -- C:\Users\g62\AppData\Local\seumwkgujvacicvbykascqmapbgioibheqgyi.sgv [2012.10.11 13:17:36 | 000,000,316 | -H-- | M] () -- C:\Program Files (x86)\seumwkgujvacicvbykascqmapbgioibheqgyi.sgv [2012.10.11 13:17:34 | 000,001,154 | -H-- | M] () -- C:\Windows\SysWow64\pylahslwirtsvmcfzivkrcvgsbdcfwmpjs.ubm [2012.10.11 13:17:34 | 000,000,280 | -H-- | M] () -- C:\Windows\SysWow64\fehmjktuwvncvciblknspqza.bti [2012.10.11 13:17:10 | 000,593,920 | RHS- | M] () -- C:\Windows\yoieskkcvluakifpqga.exe [2012.10.11 13:17:10 | 000,593,920 | RHS- | M] () -- C:\Windows\xkbufurgwjpszuov.exe [2012.10.11 13:17:10 | 000,593,920 | RHS- | M] () -- C:\Windows\rkhgxsvqmfranoobfyvulg.exe [2012.10.11 13:17:10 | 000,593,920 | RHS- | M] () -- C:\Windows\ncvqdutkcrzenkgppe.exe [2012.10.11 13:17:10 | 000,593,920 | RHS- | M] () -- C:\Windows\lcxujcdwqhryjigrtkfc.exe [2012.10.11 13:17:10 | 000,593,920 | RHS- | M] () -- C:\Windows\eskeqgeulzgksojrq.exe [2012.10.11 13:17:10 | 000,593,920 | RHS- | M] () -- C:\Windows\asomcwysnfqykkjvyqmka.exe [2012.10.11 13:10:06 | 000,000,800 | RHS- | M] () -- C:\autorun.inf [2012.10.11 07:08:37 | 000,593,920 | RHS- | M] () -- C:\Windows\SysWow64\yoieskkcvluakifpqga.exe [2012.10.11 07:08:37 | 000,593,920 | RHS- | M] () -- C:\Windows\SysWow64\xkbufurgwjpszuov.exe [2012.10.11 07:08:37 | 000,593,920 | RHS- | M] () -- C:\Windows\SysWow64\rkhgxsvqmfranoobfyvulg.exe [2012.10.11 07:08:37 | 000,593,920 | RHS- | M] () -- C:\Windows\SysWow64\ncvqdutkcrzenkgppe.exe [2012.10.11 07:08:37 | 000,593,920 | RHS- | M] () -- C:\Windows\SysWow64\lcxujcdwqhryjigrtkfc.exe [2012.10.11 07:08:37 | 000,593,920 | RHS- | M] () -- C:\Windows\SysWow64\eskeqgeulzgksojrq.exe [2012.10.10 21:17:12 | 000,593,920 | RHS- | M] () -- C:\Windows\SysWow64\asomcwysnfqykkjvyqmka.exe [2012.09.18 12:24:16 | 001,014,503 | ---- | M] () -- C:\Users\g62\AppData\Local\Settings.rar [2012.09.18 12:24:10 | 001,014,503 | ---- | M] () -- C:\Users\g62\Desktop\Desktop.rar [2012.09.18 12:24:09 | 001,014,503 | ---- | M] () -- C:\Users\g62\AppData\Roaming\Application Data.rar [2012.09.18 12:23:52 | 001,014,503 | ---- | M] () -- C:\Users\g62\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch.rar [2012.09.18 12:20:05 | 001,014,503 | ---- | M] () -- C:\Users\g62\AppData\Local\Application Data.rar [2012.09.18 12:19:32 | 001,014,503 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Startup.rar [2012.09.18 11:47:06 | 001,014,503 | ---- | M] () -- C:\Users\Public\Desktop\Desktop.rar [2012.09.18 11:46:49 | 001,014,503 | ---- | M] () -- C:\Users\g62\Documents\Documents.rar [2012.09.18 11:46:01 | 001,014,503 | ---- | M] () -- C:\Users\g62\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Startup.rar [2012.09.18 11:45:18 | 001,014,503 | ---- | M] () -- C:\Users\g62\AppData\Roaming\Roaming.rar [2012.09.09 21:36:20 | 000,081,984 | ---- | M] () -- C:\Windows\SysNative\bdod.bin [2012.09.09 19:04:18 | 000,000,073 | -H-- | M] () -- C:\Windows\SysWow64\xkbufurgwjpszuovtgxqbqncsflovqkrpctmxm.yob [2012.09.09 19:04:18 | 000,000,073 | -H-- | M] () -- C:\Users\g62\AppData\Local\xkbufurgwjpszuovtgxqbqncsflovqkrpctmxm.yob [2012.09.09 19:04:18 | 000,000,073 | -H-- | M] () -- C:\Program Files (x86)\xkbufurgwjpszuovtgxqbqncsflovqkrpctmxm.yob [2012.09.18 12:19:23 | 000,843,776 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programs.pif [2012.09.18 11:46:47 | 000,843,776 | ---- | C] () -- C:\Users\g62\Desktop\Desktop.pif [2012.09.18 11:46:00 | 000,843,776 | ---- | C] () -- C:\Users\g62\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programs.pif [2012.09.18 11:39:55 | 000,587,300 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programs.rar [2009.06.19 11:04:48 | 000,483,328 | RHS- | M] () -- C:\papgpcxkyjnotm.bat [2009.06.19 11:04:48 | 000,483,328 | RHS- | M] () -- C:\pylahslwirts.bat [2009.06.19 11:04:48 | 000,483,328 | RHS- | M] () -- C:\xepchqhqah.bat [2012.10.11 13:24:58 | 000,000,280 | -H-- | M] () -- C:\Users\g62\AppData\Local\fehmjktuwvncvciblknspqza.bti [2012.09.18 11:40:29 | 000,587,300 | ---- | M] () -- C:\Users\g62\AppData\Local\Local.rar [2012.09.09 18:22:22 | 000,004,248 | -H-- | M] () -- C:\Users\g62\AppData\Local\oymckwqcpzccgyptoymckwqcpzccgyptoym.kwq [2012.10.10 21:17:18 | 000,708,608 | ---- | M] () -- C:\Users\g62\AppData\Local\temp\aciqq.exe [2012.10.11 07:08:37 | 000,593,920 | RHS- | M] () -- C:\Users\g62\AppData\Local\temp\asomcwysnfqykkjvyqmka.exe [2012.10.11 07:08:37 | 000,593,920 | RHS- | M] () -- C:\Users\g62\AppData\Local\temp\eskeqgeulzgksojrq.exe [2012.10.10 21:25:23 | 000,327,680 | ---- | M] () -- C:\Users\g62\AppData\Local\temp\gegwlnusukz.exe [2012.10.11 07:09:49 | 000,027,411 | ---- | M] () -- C:\Users\g62\AppData\Local\temp\i4jdel0.exe [2012.10.11 07:08:37 | 000,593,920 | RHS- | M] () -- C:\Users\g62\AppData\Local\temp\lcxujcdwqhryjigrtkfc.exe [2012.10.11 07:08:37 | 000,593,920 | RHS- | M] () -- C:\Users\g62\AppData\Local\temp\ncvqdutkcrzenkgppe.exe [2012.10.11 07:08:37 | 000,593,920 | RHS- | M] () -- C:\Users\g62\AppData\Local\temp\rkhgxsvqmfranoobfyvulg.exe [2012.10.11 07:08:37 | 000,593,920 | RHS- | M] () -- C:\Users\g62\AppData\Local\temp\xkbufurgwjpszuov.exe [2012.10.11 07:08:37 | 000,593,920 | RHS- | M] () -- C:\Users\g62\AppData\Local\temp\yoieskkcvluakifpqga.exe [2012.05.15 12:22:53 | 000,593,920 | ---- | M] () -- C:\Users\Public\Documents\Documents.exe [2012.06.18 10:56:15 | 000,392,996 | ---- | M] () -- C:\Users\Public\Documents\Documents.rar [2012.09.18 11:40:27 | 000,000,000 | ---D | M] -- C:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66} [2012.10.11 13:24:58 | 000,000,280 | -H-- | M] () -- C:\Program Files (x86)\fehmjktuwvncvciblknspqza.bti [2012.10.11 13:24:57 | 000,001,190 | -H-- | M] () -- C:\Program Files (x86)\pylahslwirtsvmcfzivkrcvgsbdcfwmpjs.ubm [2012.10.11 13:24:41 | 000,000,316 | -H-- | M] () -- C:\Program Files (x86)\seumwkgujvacicvbykascqmapbgioibheqgyi.sgv [2012.09.09 19:04:18 | 000,000,073 | -H-- | M] () -- C:\Program Files (x86)\xkbufurgwjpszuovtgxqbqncsflovqkrpctmxm.yob @Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:8927A071 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1 :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "ConsentPromptBehaviorAdmin"=dword:00000005 "ConsentPromptBehaviorUser"=dword:00000003 "EnableInstallerDetection"=dword:00000001 "EnableLUA"=dword:00000001 "EnableSecureUIAPaths"=dword:00000001 "EnableVirtualization"=dword:00000001 "PromptOnSecureDesktop"=dword:00000001 :Commands [emptytemp] [reboot]Копирай текста точно както е в полето. Внимавай да не изтървеш началното двуеточие и всяка команда да е на отделен ред, както е в полето. Кликни бутон Run Fix. Потвърди с OK на съобщението, че е нужен рестарт на системата. След рестарта ще се появи текстов дневник/лог. Същият файл се намира в C:\_OTL\MovedFiles. Моля, прикачи го към следващия си коментар. След това стартирай отново OTL, създай пресни дневници (както бях описал по-рано) и ги прикачи отново. Можеш да архивираш всичките файлове в един архив, а можеш и да ги прикачиш поотделно. Цитирай Link to comment Сподели другаде More sharing options...
syneok Публикувано Октомври 11, 2012 Report Share Публикувано Октомври 11, 2012 Ето лога от фикса и от скана, но не ми изкара нов "Extras" лог... Така ли трябва да е или да сканирам пак?OTL.rar Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Октомври 11, 2012 Report Share Публикувано Октомври 11, 2012 Стартирай отново OTL. В празното поле "Custom Scans/Fixes" (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V): :OTL [2012.10.11 16:20:30 | 000,000,000 | --SD | C] -- C:\ComboFix [2012.10.11 14:06:43 | 000,000,000 | ---D | C] -- C:\Users\g62\AppData\Local\{5EC352B7-9FA7-4A5C-AB97-F3398F44E3CF} [2012.10.10 20:56:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.10 20:56:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.09.18 12:24:18 | 000,843,776 | ---- | M] () -- C:\Users\Public\Desktop\Desktop.pif [2012.10.10 21:24:52 | 000,070,889 | ---- | M] () -- C:\ComboFix.txt :Commands [emptytemp]Копирай текста точно както е в полето. Внимавай да не изтървеш началното двуеточие и всяка команда да е на отделен ред, както е в полето. Кликни бутон Run Fix. Трябва да се появи нов дневник. Прикачи го към темата. --- Изтегли AdwCleaner и го запази на работния плот. Стартирай го и кликни бутон Delete. Системата ще се рестартира и след това ще се отвори автоматично текстов файл. Копирай му съдържанието в следващия си коментар или го прикачи. Ако случайно го затвориш, можеш да го намериш в C:\AdwCleaner[s1].txt. Цитирай Link to comment Сподели другаде More sharing options...
syneok Публикувано Октомври 11, 2012 Report Share Публикувано Октомври 11, 2012 Ето ги и двете. MovedFiles.rar Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Октомври 11, 2012 Report Share Публикувано Октомври 11, 2012 Дотук - добре. Можеш да изтриеш OTL и папката _OTL в дял C:. След това... Сканирай с Malwarebytes Anti-Malware. Ако тепърва инсталираш програмата, в края инсталацията ще има отметка за автоматична актуализация, не я премахвай. В противен случай обнови дефинициите й ръчно. Ако вече имаш програмата, провери дали имаш последната версия и ако нямаш, премахни твоята и инсталирай най-новата, като в края на инсталацията остави отметката за актуализация на дефинициите. Инструкции за сканиране:- стартирай програмата;- избери Perform quick scan (Бързо сканиране) и кликни бутон Scan (Сканиране);- след като приключи сканирането, ако не са открити заплахи, ще се отвори автоматично текстов файл (който можеш да затвориш) и програмата ще те уведоми, че не е открила нищо, след което можеш да кликнеш бутон OK и да я затвориш;- ако са открити заплахи, кликни бутон OK и после Show Results (Покажи резултатите);- кликни бутон Remove Selected (Премахни избраните);Ако е нужен рестарт, се съгласи и рестартирай веднага. След рестарта стартирай отново програмата, иди на подпорозиорец Logs (Дневници), маркирай последния дневник, кликни бутон Open (Отвори) и му копирай съдържанието тук. Ако не е бил нужен рестарт, трябва да се появи текстов файл - копирай му съдържанието тук. Цитирай Link to comment Сподели другаде More sharing options...
syneok Публикувано Октомври 12, 2012 Report Share Публикувано Октомври 12, 2012 Ето лога: protection-log-2012-10-12.rtf Нещо немога да копирам текста само двойката са копирва... затова качвам целия файл. Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Октомври 12, 2012 Report Share Публикувано Октомври 12, 2012 Това не е правилният дневник. Цитирай Link to comment Сподели другаде More sharing options...
syneok Публикувано Октомври 12, 2012 Report Share Публикувано Октомври 12, 2012 Надявам се да е това. Понеже пишеше последния и изпратих другия. Malwarebytes Anti-Malware (Trial) 1.65.0.1400www.malwarebytes.org Database version: v2012.10.12.01 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421g62 :: G62-PC [administrator] Protection: Enabled 12/10/2012 09:21:33mbam-log-2012-10-12 (09-21-33).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 208720Time elapsed: 5 minute(s), 47 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 1HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{162CE9F4-217B-4724-8DE1-7B9900BEFC7C} (PUP.BFlix) -> No action taken. Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 75C:\Windows\System32\protector.dll (PUP.BProtector) -> No action taken.C:\ProgramData\Adobe\Adobe PDF\Adobe PDF.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Adobe\CIT\CIT.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Adobe\Extension Manager CS5.5\Manager CS5.5.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Adobe\Reader\Reader.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Adobe\SLStore\SLStore.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\ATI\ACE\ACE.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\BitDefender\BitDefender.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\BitDefender\DTrace\DTrace.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Electronic Arts\Electronic Arts.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Electronic Arts\EA Core\EA Core.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Firefly Studios\Stronghold 2\Stronghold 2.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\HeidiSQL\Snippets\Snippets.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Hewlett-Packard\HP Ceement\Ceement.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Hewlett-Packard\HP Setup\Setup.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Hewlett-Packard\System Default Settings - TDC\Default Settings - TDC.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\HP Photo Creations\rlroot\rlroot.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Microsoft\eHome\eHome.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Microsoft\Search Enhancement Pack\Enhancement Pack.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Microsoft\Windows\Windows.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Microsoft\Windows Defender\Defender.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Microsoft\Windows NT\Windows NT.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Microsoft\WLSetup\WLSetup.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\{086A63F0-6B13-4F29-9695-134E7A01E963}.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Origin\Telemetry\Telemetry.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\PassMark\KeyboardTest\KeyboardTest.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Real\Update\Update.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Skype\{D103C4BA-F905-437A-8049-DB24763BBE36}\{D103C4BA-F905-437A-8049-DB24763BBE36}.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\Skype\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\ProgramData\WildTangent\WildTangent.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Adobe\Adobe PDF\Adobe PDF.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Adobe\Adobe QT32 Server\QT32 Server.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Adobe\Color\Color.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Adobe\Extension Manager CS5.5\Manager CS5.5.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Ahead\NeroVision\NeroVision.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\ATI\ACE\ACE.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\BitComet\BitComet.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\BitDefender\BitDefender.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Clones\Clones.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Command & Conquer 3 Tiberium Wars\& Conquer 3 Tiberium Wars.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Hamachi\Hamachi.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\LolClient\LolClient.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\LolClient2\Local Store\Store.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Macromedia\Macromedia.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Media Center Programs\Center Programs.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Microsoft\Document Building Blocks\Building Blocks.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Microsoft\Excel\Excel.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Microsoft\HTML Help\HTML Help.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Microsoft\Network\Network.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Microsoft\Windows\Windows.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Mozilla\Firefox\Firefox.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Registry Mechanic\Mechanic.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Registry Mechanic\CleanReports\CleanReports.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Skype\evaveselinova\evaveselinova.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Skype\eveveselinova\eveveselinova.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Skype\pacito95.#\pacito95.#.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Skype\shared_dynco\shared_dynco.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\SPORE\SPORE.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\SPORE\Preferences\Preferences.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1\StageManager.BD092818F67280F4B42B04877600987F0111B594.1.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\Thinstall\{87A6B43E-0F8F-467B-95A9-84011816C95A}\{87A6B43E-0F8F-467B-95A9-84011816C95A}.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\AppData\Roaming\YourFileDownloader\YourFileDownloader.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\Users.exe (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\Public\Downloads\Downloads.exe (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\MODIFIED\@PROGRAMFILES@\Nero\Nero.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\MODIFIED\@PROGRAMFILES@\Nero\Nero 10\Nero 10.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\MODIFIED\@PROGRAMFILESCOMMON@\Nero\Nero.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\STUBEXE\8.0.1135\8.0.1135.pif (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\STUBEXE\8.0.1135\@PROGRAMFILES@\Nero\Nero.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\SXS\SXS.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\SXS\Microsoft.VC80.ATL@8.0.50727.4053\Microsoft.VC80.ATL@8.0.50727.4053.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\SXS\Microsoft.VC80.CRT@8.0.50727.4053\Microsoft.VC80.CRT@8.0.50727.4053.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\SXS\Microsoft.VC80.MFC@8.0.50727.4053\Microsoft.VC80.MFC@8.0.50727.4053.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\SXS\Microsoft.VC80.MFCLOC@8.0.50727.4053\Microsoft.VC80.MFCLOC@8.0.50727.4053.bat (Worm.AutoRun) -> Quarantined and deleted successfully.C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\SXS\Microsoft.VC80.OpenMP@8.0.50727.4053\Microsoft.VC80.OpenMP@8.0.50727.4053.bat (Worm.AutoRun) -> Quarantined and deleted successfully. (end) Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Октомври 12, 2012 Report Share Публикувано Октомври 12, 2012 Моля, рестартирай и изготви отново дневник с OTL (както първия път), за да видя дали наистина всичко се е задържало както трябва, за да продължим към финала. Цитирай Link to comment Сподели другаде More sharing options...
syneok Публикувано Октомври 12, 2012 Report Share Публикувано Октомври 12, 2012 Ето го: OTL.Txt Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Октомври 12, 2012 Report Share Публикувано Октомври 12, 2012 Изтегли Security Check и го запази на работния плот. Стартирай го и натисни Enter. След като се извърши проверката, ще се отвори текстов файл. Моля, копирай съдържанието му в следващия си коментар. Цитирай Link to comment Сподели другаде More sharing options...
syneok Публикувано Октомври 12, 2012 Report Share Публикувано Октомври 12, 2012 Извинявам се за забавянията, но изниква това онова вкъщи... Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 JavaFX 2.1.1 Java 6 Update 35 Java 7 Update 7 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.1.102.55 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome 12.0.742.100 Google Chrome 13.0.782.112 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log`````````````````````` Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.