Solved Trojan c-05 . please help me..

emanmorga · Dec 7, 2010

OTL Extras logfile created on: 08/12/2010 6:04:22 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\JAHMEKA\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: | Country: | Language: | Date Format:

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,98 Gb Total Space | 127,05 Gb Free Space | 44,27% Space Free | Partition Type: NTFS
Drive J: | 3,50 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: JAHMEKA1 | User Name: JAHMEKA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D0EDBFB-20B9-464A-90B1-312C4C6996F0}" = lport=37676 | protocol=6 | dir=in | name=oovoo tcp port 37676 |
"{3B0EAEE7-46BF-413A-9048-34ACCCBA6FBB}" = lport=37676 | protocol=17 | dir=in | name=oovoo udp port 37676 |
"{45EE8D7F-A4B2-4568-A8BD-E82B78AB3FFA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6931317E-8B66-4AA8-BBBA-F108E44B996A}" = lport=37677 | protocol=17 | dir=in | name=oovoo udp port 37677 |
"{950671E7-5A16-468B-8DE4-BDE92C4BA1F2}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A95811-78D3-4CB8-8A45-2E4D8AC407EF}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{0D09F42D-E3E7-4A04-8333-60E8BD00FF6C}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{0F000E12-89A3-40DA-9707-CF93DB71CD81}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2010\3dsmax.exe |
"{1CD6C0AD-7706-4469-AF64-67486339AD06}" = protocol=17 | dir=in | app=c:\users\jahmeka\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1F01AFA0-634C-4CBF-8C5F-2915DD8533EF}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{25B931D3-5091-42C5-90AD-F4DF3D2FDCE2}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{270B0A48-73AF-469A-8BA3-CE462A9F47EE}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{2EB2D4FC-2CB9-4B24-90FE-C7B0B96E0577}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe |
"{378902D1-AF7D-4A07-AD01-7E79DD404B75}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{3D012B52-8206-4AF6-9C64-0473EF0B6686}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{3D45D267-DE1C-483D-B1E3-F13D48E014F2}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{3E6F54F4-B1ED-4F66-BDD2-79B4BA3DBB2A}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2010\3dsmax.exe |
"{3F2069CF-C954-43DD-A876-06C68A3F70D6}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{45852E75-0F4A-4F4F-8F22-306BB35F9D9C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4A604031-E3FB-45FE-940F-6EA04DCA9D84}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EB4621B-51D5-42B4-B158-18CE710458E7}" = protocol=6 | dir=in | app=c:\users\jahmeka\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{4F6193B9-EB17-4D64-ADC2-4D33019C7F91}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{5C2A6022-C78C-4EF0-8770-165840C3964D}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{67FD9CCE-884C-49C8-B97D-83F5FC96BA1B}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{6A2844EB-4C70-47B5-9AB6-D5C1DC51A9BD}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{6E5C089C-3AB3-44B7-AFE7-C3149CF3D39C}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{77D93482-F71C-4B30-92F0-C31D44F22BE0}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{7F401990-7F12-46A6-BEE0-C6F186D3B909}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{8642FE3D-5D74-413C-BA76-A0122BDE3753}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe |
"{9218A7E6-4758-4E53-B924-71D03AAC134C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{967CB0E5-98EC-40BE-AE1D-DD417CCB19BD}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9D6BFDE0-660E-47FD-AA22-4E90A24844C9}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{A0B80DA6-775E-4260-8FA5-2C5A5B227315}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A1D3440D-DE95-4274-86A5-E5E4FE64615F}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{A35DFE18-F24B-4006-A1F9-9101FE9B2C55}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{A7C71561-ECFC-43B2-A299-1F208F90D0D3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{AE084366-FC8A-45DB-9414-73373407DB1A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B20F9B48-3F60-408F-82BD-D2EC55B45DF5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3D5C08B-7B87-4A4E-AF8E-01AF4338763E}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{B4CF62C3-7112-4256-B7BD-D26C9EE34D0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B7C8692C-8F98-43A9-96A7-5DDFFDE92A92}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{C47A73C1-3A21-4F43-A5BF-285A287271F0}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{CA18D8A0-1E65-4F18-B769-3C39869CC825}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{D33401D8-3116-4A60-B3CE-C0CD8A15AE7A}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{D426D5AE-A589-40F5-A3D4-9500AE7B5BEC}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{DA421B5C-DC19-4670-815B-2C22C9E2F06A}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{E714B598-5143-43C6-A6E5-499925E1D7FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EF8EEFA6-FDBB-483E-8DE5-6A0FE8DC3544}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F104ED8E-227F-43C8-B82E-477581274647}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{F39A4E00-6E42-4949-8663-28D5D47B1670}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{FD1E2EDD-5843-4FCC-B176-D358AF50602D}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"TCP Query User{0A5C3DF6-2FB4-430A-B401-381FDF8D2D06}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{12336968-18F4-4BE4-86CB-FCA4607DD16D}C:\users\jahmeka\pictures\documents\games\server.exe" = protocol=6 | dir=in | app=c:\users\jahmeka\pictures\documents\games\server.exe |
"TCP Query User{12604589-3961-4A57-AF1B-58BB206CF5DD}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{18F4329C-C576-491A-AB94-A324732B59B2}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{25FD274E-8AC6-440A-95F0-01FB014B740E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2F631A06-3DE6-4622-9413-95940E0CE56F}C:\programdata\asgvis\drspawner\drspawner.exe" = protocol=6 | dir=in | app=c:\programdata\asgvis\drspawner\drspawner.exe |
"TCP Query User{34391514-8D9B-4F99-BA6E-81DC62A355B6}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{364A82B4-174E-4A7C-9735-3781887F0F95}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe |
"TCP Query User{45A77CF9-94DF-41C1-AC64-F799568C0A42}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{5A45CE71-4A18-44E1-B134-210FEA215B67}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe |
"TCP Query User{5B78354D-AE1A-41EA-9D3E-8EF1D1648F2F}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{67B0BCB4-76A1-4269-9FAB-544EF29D7A9C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8BD36667-4377-43DE-8049-98C19346829F}C:\program files\google\google sketchup 7\layout\layout.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 7\layout\layout.exe |
"TCP Query User{9103716C-415A-49FB-B8E2-C39C2108AF29}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B817C4E8-DF13-4C4D-9877-C34C9FB04C24}C:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"TCP Query User{B893CD4C-0B5A-42AD-B169-F8F88EF37786}C:\program files\autodesk\3ds max 2010\3dsmax.exe" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"TCP Query User{BE396E94-620C-4720-B3BC-17D1977D4D2A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C03870D6-AD70-43F9-BD9B-0716A569E79C}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{CE0E1C4B-2E62-40EF-8C60-CFADB3B760BF}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{CE625C44-3430-4EB7-9D2A-E9B1A8C9F343}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{D19E2015-6B1F-4967-8AAF-89BF59A30D17}C:\program files\google\google sketchup 7\layout\layout.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 7\layout\layout.exe |
"TCP Query User{E910769D-CF4A-4DD1-998E-64E0C1B5495E}C:\programdata\asgvis\drspawner\drspawner.exe" = protocol=6 | dir=in | app=c:\programdata\asgvis\drspawner\drspawner.exe |
"UDP Query User{0238A3F9-1D8F-4EA3-9F23-B5227BA22A9B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{15E80005-4AC6-4DFB-A2F9-37F5FD72F7A0}C:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"UDP Query User{1A50CA20-3B90-4FAA-A468-5197C5F66931}C:\programdata\asgvis\drspawner\drspawner.exe" = protocol=17 | dir=in | app=c:\programdata\asgvis\drspawner\drspawner.exe |
"UDP Query User{1F49AB3D-DA52-4B2B-8276-17D61C733602}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{365373B9-E7D3-4B28-85BA-FD9A05184588}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{368B338F-9B76-4A31-B734-BDFFA122CB85}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe |
"UDP Query User{69159D2B-8B6C-40C6-8B04-E9399ACB8DAD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{853A29A4-DC98-4FB8-A52A-36FC2C62894E}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{89868DE8-7D2B-43B0-9405-3330B26807CC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{9287F019-5EA7-48FA-8956-D3ECA8964053}C:\programdata\asgvis\drspawner\drspawner.exe" = protocol=17 | dir=in | app=c:\programdata\asgvis\drspawner\drspawner.exe |
"UDP Query User{A1BD1931-9BF6-4694-8493-3359310E0C4B}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe |
"UDP Query User{A59EFC66-27DE-4125-9897-819F178CDE80}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{BC037510-23CA-4218-89BC-4B2B930983DF}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{C55D9846-4884-42AF-B071-DACF891F6349}C:\users\jahmeka\pictures\documents\games\server.exe" = protocol=17 | dir=in | app=c:\users\jahmeka\pictures\documents\games\server.exe |
"UDP Query User{D8E3CEBF-33FB-42F0-9D70-ABAAB9D68331}C:\program files\autodesk\3ds max 2010\3dsmax.exe" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"UDP Query User{DF5C97C0-AE96-4AD6-820B-C5F9CE5851B5}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{E625749E-834F-4D2A-9832-EC3FC7E43773}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E678048B-CD5E-46E5-B2F5-B8010A84C899}C:\program files\google\google sketchup 7\layout\layout.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 7\layout\layout.exe |
"UDP Query User{E77D62CC-44AA-456B-B4E3-89D922BE36FC}C:\program files\google\google sketchup 7\layout\layout.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 7\layout\layout.exe |
"UDP Query User{F26FE56A-5AFF-4D8A-A44D-28A58A526388}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{F787A1DB-AD69-46FA-BC06-3880A62334E3}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{F80EF49A-3FF3-4B44-B27B-AB4EC8393614}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

Broni · Dec 7, 2010

...and Extras.txt

emanmorga · Dec 7, 2010

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{38BB21D5-B0D1-41DA-A0B0-1EFB5EF4AAC2}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{547C9628-C490-48AB-94F4-7F2495562930}" = PDF to DWG Converter
"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update 5
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7021CBFE-9C50-4BE0-A299-8F173E751302}" = Autodesk 3ds Max Design 2010 Tutorials Files
"{7299052B-02A4-4627-81F2-1818DA5D550D}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0C0A-0000-0000000FF1CE}" = Paquete de compatibilidad para 2007 Office system
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Spanish)
"{9C67CBD7-631C-0409-B00B-98B5DEB67C27}" = Autodesk 3ds Max Design 2010 32-bit
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat 8 Standard - English, Français, Deutsch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE2625CB-15AF-40C3-0409-4677FC992910}" = Autodesk 3ds Max Design 2010 32-bit Components
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Paquete de controladores de Windows - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Paquete de controladores de Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Acrobat 8 Standard - English, Français, Deutsch" = Adobe Acrobat 8.2.5 Standard
"Adobe Acrobat 8 Standard - English, Français, Deutsch_825" = Adobe Acrobat 8.2.5 - CPSID_83708
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Autodesk FBX Plugin 2009.4 - 3ds Max Design 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max Design 2010
"avast5" = avast! Free Antivirus
"DivX Setup.divx.com" = Instalación de DivX
"DWG to PDF Converter MX v4.6_is1" = DWG to PDF Converter MX v4.6
"EEEE705096F837B7907659F100C9FE6DA001970F" = Paquete de controladores de Windows - Nokia Modem (06/09/2010 7.01.0.7)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Nokia PC Suite" = Nokia PC Suite
"RealPlayer 12.0" = RealPlayer
"Veetle TV" = Veetle TV 0.9.18

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/07/2010 5:10:35 | Computer Name = JAHMEKA1 | Source = WinMgmt | ID = 10
Description =

Error - 26/07/2010 5:11:22 | Computer Name = JAHMEKA1 | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 26/07/2010 6:39:04 | Computer Name = JAHMEKA1 | Source = EventSystem | ID = 4621
Description =

Error - 26/07/2010 9:42:47 | Computer Name = JAHMEKA1 | Source = WinMgmt | ID = 10
Description =

Error - 26/07/2010 9:43:20 | Computer Name = JAHMEKA1 | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 27/07/2010 5:15:25 | Computer Name = JAHMEKA1 | Source = WinMgmt | ID = 10
Description =

Error - 27/07/2010 5:16:11 | Computer Name = JAHMEKA1 | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 27/07/2010 11:34:47 | Computer Name = JAHMEKA1 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 28/07/2010 10:49:45 | Computer Name = JAHMEKA1 | Source = WinMgmt | ID = 10
Description =

Error - 28/07/2010 10:50:03 | Computer Name = JAHMEKA1 | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

[ OSession Events ]
Error - 15/04/2010 15:51:38 | Computer Name = JAHMEKA1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 34078
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/04/2010 15:51:39 | Computer Name = JAHMEKA1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 34094
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/04/2010 15:51:40 | Computer Name = JAHMEKA1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 34133
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 07/12/2010 12:52:14 | Computer Name = JAHMEKA1 | Source = Service Control Manager | ID = 7000
Description =

Error - 07/12/2010 14:47:50 | Computer Name = JAHMEKA1 | Source = EventLog | ID = 6008
Description = El cierre anterior del sistema a las 20:45:18 del 07/12/2010 resultó
inesperado.

Error - 07/12/2010 14:48:57 | Computer Name = JAHMEKA1 | Source = Service Control Manager | ID = 7000
Description =

Error - 07/12/2010 21:14:41 | Computer Name = JAHMEKA1 | Source = Service Control Manager | ID = 7034
Description =

Error - 07/12/2010 21:17:42 | Computer Name = JAHMEKA1 | Source = Service Control Manager | ID = 7000
Description =

Error - 07/12/2010 21:40:46 | Computer Name = JAHMEKA1 | Source = Service Control Manager | ID = 7000
Description =

Error - 07/12/2010 23:33:31 | Computer Name = JAHMEKA1 | Source = Service Control Manager | ID = 7034
Description =

Error - 07/12/2010 23:33:49 | Computer Name = JAHMEKA1 | Source = Service Control Manager | ID = 7034
Description =

Error - 07/12/2010 23:33:50 | Computer Name = JAHMEKA1 | Source = Service Control Manager | ID = 7030
Description =

Error - 07/12/2010 23:43:04 | Computer Name = JAHMEKA1 | Source = Service Control Manager | ID = 7030
Description =

< End of report >

emanmorga · Dec 7, 2010

i just send. say me in the dialog- visible until a moderator has approved it for posting.
u must recieve it soon

Broni · Dec 7, 2010

Approved. Hold on there...

Broni · Dec 7, 2010

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

========================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

emanmorga · Dec 7, 2010

sorry Broni,

but dont let me to make the download of the JAVARA.
I Made already all the uninstall of the old JAVA... and when i clic to open the window to download
JAVARA show me a dialog-
@Could not save C: \ Windows \ TEMP \ _lN7F7wv.zip.part because you can not modify the contents of that folder.

Edit the folder properties and try again, or try saving in a different place.@

This happen cause maybe im using the Firefox?

Broni · Dec 7, 2010

Try here: http://www.filedropper.com/javara

emanmorga · Dec 7, 2010

Broni...is all ok....i download it by internet explorer and it worked.
i post it soon again with all .

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Dec 08 06:53:36 2010

Found and removed: C:\Users\JAHMEKA\AppData\LocalLow\Sun\Java\jre1.6.0_15

Found and removed: C:\Users\JAHMEKA\AppData\LocalLow\Sun\Java\jre1.6.0_17

Found and removed: C:\Users\JAHMEKA\AppData\LocalLow\Sun\Java\jre1.6.0_18

Found and removed: C:\Users\JAHMEKA\AppData\LocalLow\Sun\Java\jre1.6.0_21

Found and removed: Software\Classes\JavaPlugin.142_04

------------------------------------

Finished reporting.

Broni · Dec 7, 2010

Cool

...........

emanmorga · Dec 8, 2010

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\ProgramData\TEMP

FC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
-> No Temporary Internet Files cache folder defined!

User: All Users
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: Default
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: JAHMEKA
-> No Temporary Internet Files cache folder defined!

User: Public
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 216685 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: JAHMEKA

User: Public

Total Flash Files Cleaned = 0,00 mb

Error: Unable to interpret <[Reboot]:OTL> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
Error: Unable to interpret <O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP

FC5A2B2> in the current context!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
-> No Temporary Internet Files cache folder defined!

User: All Users
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: Default
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: JAHMEKA
-> No Temporary Internet Files cache folder defined!

User: Public
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: JAHMEKA

User: Public

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12082010_065551

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

emanmorga · Dec 8, 2010

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Adobe Flash Player 10.1.102.64
Mozilla Firefox (3.6.12) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Spybot Teatimer.exe is disabled!
Alwil Software Avast5 AvastSvc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log```````````` v

Broni · Dec 8, 2010

Looks good

Go on....

emanmorga · Dec 8, 2010

the ESET Online Scanner is not working.
i Disable the antivirus i open the ESET....YES....START....and nothing....all small white screen/.

what i do?

Broni · Dec 8, 2010

Please run a BitDefender Online Scan

Disable your antivirus program.
Click Start Scanner button.
Click Start scan button
Allow browser plug-in to be installed when prompted.
Click I Agree to agree to the EULA.
Please refrain from using the computer until the scan is finished.
When the scan is finished, click on View log.
Notepad will open with scan results.
Save the report to your desktop and post its content in your next reply.

emanmorga · Dec 8, 2010

Sorry Broni.

dont let me to plug-in.
internet explorer just dont run it....and firefox let me to go till the plug-in and
reject me.
@Firefox could not install the file

http://releases.mozilla.org/pub/mozilla.org/addons/161837/bitdefender_quickscan-0.9.9.52-fx-win.xpi

because: Download error
-228@

what to do?

Broni · Dec 8, 2010

Please click HERE to download Kaspersky Virus Removal Tool.

Double click on the file you just downloaded and let it install.
It will install to your desktop.
After that leave what is selected and put a check next to My Computer.
Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.
Then click on Start Scan.
Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
When the scan is done no log will be produced.
Click on the bottom where it says Report to open the report.
Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
You can save this on the desktop.
Post the contents of the document in your next reply.

emanmorga · Dec 8, 2010

thanks ... hope to work good this one.

i post again in a while with the contents

emanmorga · Dec 8, 2010

i must disable my antivirus first?
or is not necessary?

emanmorga · Dec 8, 2010

Autoscan: completed 1 hour ago (events: 29, objects: 987105, time: 04:09:14)
08/12/2010 7:54:08 Task started
08/12/2010 8:29:57 Detected: Trojan-Downloader.Java.Agent.au C:\Documents and Settings\JAHMEKA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\117c8e3-7f6c83ee/Inicio.class
08/12/2010 8:29:58 Deleted: Trojan-Downloader.Java.Agent.au C:\Documents and Settings\JAHMEKA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\117c8e3-7f6c83ee/Inicio.class
08/12/2010 8:29:59 Detected: Trojan-Downloader.Java.Agent.t C:\Documents and Settings\JAHMEKA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6e49cf76-7b4afdea
08/12/2010 8:30:00 Deleted: Trojan-Downloader.Java.Agent.t C:\Documents and Settings\JAHMEKA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6e49cf76-7b4afdea
08/12/2010 8:33:34 Detected: Trojan-Dropper.Win32.Agent.crgy C:\Documents and Settings\JAHMEKA\Desktop\ARQUITECTES\Reparacion de Word y Excel.rar/Reparacion de Word y Excel/AER/AER.EXE
08/12/2010 8:33:34 Untreated: Trojan-Dropper.Win32.Agent.crgy C:\Documents and Settings\JAHMEKA\Desktop\ARQUITECTES\Reparacion de Word y Excel.rar/Reparacion de Word y Excel/AER/AER.EXE Write not supported
08/12/2010 8:33:44 Detected: Trojan-Dropper.Win32.Agent.crgy C:\Documents and Settings\JAHMEKA\Desktop\ARQUITECTES\Reparacion de Word y Excel\AER\AER.EXE
08/12/2010 8:33:58 Deleted: Trojan-Dropper.Win32.Agent.crgy C:\Documents and Settings\JAHMEKA\Desktop\ARQUITECTES\Reparacion de Word y Excel\AER\AER.EXE
08/12/2010 8:44:26 Detected: Trojan.Win32.Inject.evc C:\Documents and Settings\JAHMEKA\Desktop\VARIOS\DWG 2 PDF 2 DWG\DWGTool.DWG.to.PDF.Converter.MX.v4.6\DWGTool.DWG.to.PDF.Converter.MX.v4.6.WinALL.Incl.Keygen-BRD.rar/dwg2pdfmx.exe/data0000.cab/ADVANC~2.EXE/data0000.cab/AUTOCR~1.EXE
08/12/2010 8:44:26 Untreated: Trojan.Win32.Inject.evc C:\Documents and Settings\JAHMEKA\Desktop\VARIOS\DWG 2 PDF 2 DWG\DWGTool.DWG.to.PDF.Converter.MX.v4.6\DWGTool.DWG.to.PDF.Converter.MX.v4.6.WinALL.Incl.Keygen-BRD.rar/dwg2pdfmx.exe/data0000.cab/ADVANC~2.EXE/data0000.cab/AUTOCR~1.EXE Write not supported
08/12/2010 8:44:28 Detected: Trojan.Win32.Agent.fkvr C:\Documents and Settings\JAHMEKA\Desktop\VARIOS\DWG 2 PDF 2 DWG\dwg-to-pdf-converter-mx-2010-5.1.exe/data0004
08/12/2010 8:44:28 Detected: Trojan.Win32.Agent.tvy C:\Documents and Settings\JAHMEKA\Desktop\VARIOS\DWG 2 PDF 2 DWG\DWGTool.DWG.to.PDF.Converter.MX.v4.6\DWGTool.DWG.to.PDF.Converter.MX.v4.6.WinALL.Incl.Keygen-BRD.rar/dwg2pdfmx.exe/data0000.cab/ADVANC~2.EXE/data0000.cab/SERIAL~1.EXE/UPX
08/12/2010 8:44:28 Untreated: Trojan.Win32.Agent.tvy C:\Documents and Settings\JAHMEKA\Desktop\VARIOS\DWG 2 PDF 2 DWG\DWGTool.DWG.to.PDF.Converter.MX.v4.6\DWGTool.DWG.to.PDF.Converter.MX.v4.6.WinALL.Incl.Keygen-BRD.rar/dwg2pdfmx.exe/data0000.cab/ADVANC~2.EXE/data0000.cab/SERIAL~1.EXE/UPX Write not supported
08/12/2010 8:44:31 Deleted: Trojan.Win32.Agent.fkvr C:\Documents and Settings\JAHMEKA\Desktop\VARIOS\DWG 2 PDF 2 DWG\dwg-to-pdf-converter-mx-2010-5.1.exe
08/12/2010 8:44:31 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\JAHMEKA\Desktop\VARIOS\DWG 2 PDF 2 DWG\dwg-to-pdf-converter-mx-5.2.exe/data0004
08/12/2010 9:02:46 Detected: Trojan.Win32.Rabbit.avy C:\Documents and Settings\JAHMEKA\Pictures\Documents\GAMES\Assassins Creed II\Assassins.Creed.2-Razor1911+Crack\Server_Emulator_V0.41.Values.1851.rar.part/Server Emulator V0.41 + Values 1851/AC2 Launcher.exe
08/12/2010 9:02:46 Untreated: Trojan.Win32.Rabbit.avy C:\Documents and Settings\JAHMEKA\Pictures\Documents\GAMES\Assassins Creed II\Assassins.Creed.2-Razor1911+Crack\Server_Emulator_V0.41.Values.1851.rar.part/Server Emulator V0.41 + Values 1851/AC2 Launcher.exe Write not supported
08/12/2010 9:02:47 Detected: Trojan.Win32.Rabbit.avy C:\Documents and Settings\JAHMEKA\Pictures\Documents\GAMES\Assassins Creed II\Assassins.Creed.2-Razor1911+Crack\Server_Emulator_V0.41.Values.1851.rar/Server Emulator V0.41 + Values 1851/AC2 Launcher.exe
08/12/2010 9:02:47 Untreated: Trojan.Win32.Rabbit.avy C:\Documents and Settings\JAHMEKA\Pictures\Documents\GAMES\Assassins Creed II\Assassins.Creed.2-Razor1911+Crack\Server_Emulator_V0.41.Values.1851.rar/Server Emulator V0.41 + Values 1851/AC2 Launcher.exe Write not supported
08/12/2010 9:34:04 Detected: Packed.Win32.Hrup.a C:\Qoobox\Quarantine\C\Users\JAHMEKA\AppData\Local\ggoahih.exe.vir
08/12/2010 9:34:08 Deleted: Packed.Win32.Hrup.a C:\Qoobox\Quarantine\C\Users\JAHMEKA\AppData\Local\ggoahih.exe.vir
08/12/2010 10:15:11 Detected: Trojan-Dropper.Win32.Agent.crgy C:\Users\JAHMEKA\Desktop\ARQUITECTES\Reparacion de Word y Excel.rar/Reparacion de Word y Excel/AER/AER.EXE
08/12/2010 10:15:11 Untreated: Trojan-Dropper.Win32.Agent.crgy C:\Users\JAHMEKA\Desktop\ARQUITECTES\Reparacion de Word y Excel.rar/Reparacion de Word y Excel/AER/AER.EXE Write not supported
08/12/2010 10:37:05 Detected: Trojan.Win32.Rabbit.avy C:\Users\JAHMEKA\Pictures\Documents\GAMES\Assassins Creed II\Assassins.Creed.2-Razor1911+Crack\Server_Emulator_V0.41.Values.1851.rar.part/Server Emulator V0.41 + Values 1851/AC2 Launcher.exe
08/12/2010 10:37:05 Untreated: Trojan.Win32.Rabbit.avy C:\Users\JAHMEKA\Pictures\Documents\GAMES\Assassins Creed II\Assassins.Creed.2-Razor1911+Crack\Server_Emulator_V0.41.Values.1851.rar.part/Server Emulator V0.41 + Values 1851/AC2 Launcher.exe Write not supported
08/12/2010 10:37:06 Detected: Trojan.Win32.Rabbit.avy C:\Users\JAHMEKA\Pictures\Documents\GAMES\Assassins Creed II\Assassins.Creed.2-Razor1911+Crack\Server_Emulator_V0.41.Values.1851.rar/Server Emulator V0.41 + Values 1851/AC2 Launcher.exe
08/12/2010 10:37:06 Untreated: Trojan.Win32.Rabbit.avy C:\Users\JAHMEKA\Pictures\Documents\GAMES\Assassins Creed II\Assassins.Creed.2-Razor1911+Crack\Server_Emulator_V0.41.Values.1851.rar/Server Emulator V0.41 + Values 1851/AC2 Launcher.exe Write not supported
08/12/2010 12:03:22 Task completed

emanmorga · Dec 8, 2010

This is all that came after the san with the Kaspersky Virus Removal Tool.

When you are online again we can proceed ....
i will be here...say me something here please.

Salute and many thanks

Broni · Dec 8, 2010

I assume, that after seeing AVP log you understand better how dangerous illegal/cracked downloads are.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

emanmorga · Dec 9, 2010

1.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
-> No Temporary Internet Files cache folder defined!

User: All Users
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: Default
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: JAHMEKA
-> No Temporary Internet Files cache folder defined!

User: Public
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1439566 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: JAHMEKA

User: Public

Total Flash Files Cleaned = 0,00 mb

emanmorga · Dec 9, 2010

2. Done

3. Done

4. Done

5. Dont let me to install

6. Malwarebytes' Anti-Malware 1:50
www.malwarebytes.org

Database Version: 5264

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

09/12/2010 10:41:28
mbam-log-2010-12-09 (10-41-28). txt

Search Type: Quick
Objects scanned: 173266
Time elapsed: 4 minute (s), 19 second (s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Infected files: 0

Memory processes infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Infected files:
(No malicious items detected)

7. Done

8. Done

9. Done

10. Done

11. i' ll read all

12. First, i want to thank u very very much!!!! you are the best mate....Many thanks!!!
The pc is running very good....and i know that i see that is nothing infected i feel much better!!!!
I run the Malwarebytes and for what i see was general information>No malicious items detected.....So i think is all ok now!!!!

One thing that ocurred in my pc was that my keyboard changed from my original set... interogation,exclamation, dots...this kind of things chaged position....How i put it correct again?

Many thanks for all!!!!

emanmorga · Dec 9, 2010

Hey Broni...all ok?

Is posible after all this.......to be some of the functions of the windows like the (photo galery of windows)?
i cant open any image......say all time @Photo Gallery can not open this file because it has no access permissions to the location of this file@

Solved Trojan c-05 . please help me..

Posts: 44 +0

Posts: 56,041 +516

Posts: 44 +0

Posts: 44 +0

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 44 +0

Posts: 56,041 +516

Posts: 44 +0

Posts: 56,041 +516

Posts: 44 +0

Posts: 44 +0

Posts: 56,041 +516

Posts: 44 +0

Posts: 56,041 +516

Posts: 44 +0

Posts: 56,041 +516

Posts: 44 +0

Posts: 44 +0

Posts: 44 +0

Posts: 44 +0

Posts: 56,041 +516

Posts: 44 +0

Posts: 44 +0

Posts: 44 +0

Similar threads