pelegrinu

Members
  • Content count

    19
  • Joined

  • Last visited

About pelegrinu

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. you can close it .......thank you very very very much
  2. foarte tare .........ce sanse erau?
  3. VirusTotal says nothing about it esti romanca? ) whith the other files in quarantine... What should I do?
  4. update...delete the tools...very happy now please if you can help me get back this files F:\unix_net\TL_LOCAL\TL4_NET.EXE (Trojan.Banker) -> Quarantined and deleted successfully. F:\unix_net\TL_MODEM\_IN_BOX\UPDATE\tl_local\TL4_NET.EXE (Trojan.Banker) -> Quarantined and deleted successfully
  5. F:\unix_net\TL_LOCAL\TL4_NET.EXE (Trojan.Banker) I needed that
  6. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5184 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 11/25/2010 9:41:37 PM mbam-log-2010-11-25 (21-41-37).txt Scan type: Full scan (C:\|D:\|F:\|) Objects scanned: 230965 Time elapsed: 29 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: F:\System Volume Information\_restore{A8742B6C-C5D5-45FE-9E00-D67121697DE4}\RP254\A0098999.dll (Trojan.Agent) -> Quarantined and deleted successfully. F:\System Volume Information\_restore{A8742B6C-C5D5-45FE-9E00-D67121697DE4}\RP255\A0099335.dll (Trojan.Agent) -> Quarantined and deleted successfully. F:\System Volume Information\_restore{A8742B6C-C5D5-45FE-9E00-D67121697DE4}\RP256\A0100662.dll (Trojan.Agent) -> Quarantined and deleted successfully. F:\unix_net\TL_LOCAL\TL4_NET.EXE (Trojan.Banker) -> Quarantined and deleted successfully. F:\unix_net\TL_MODEM\_IN_BOX\UPDATE\tl_local\TL4_NET.EXE (Trojan.Banker) -> Quarantined and deleted successfully.
  7. what to do with those programs that I have installed?
  8. i'm ok for now .... i think .... three days I was struggling whit this problem Thank you for your help and you are a goddess to me
  9. ComboFix 10-11-24.04 - Pelegrin 11/25/2010 20:13:29.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1918.1360 [GMT 2:00] Running from: c:\documents and settings\Pelegrin\Desktop\ComboFix.exe AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} . ((((((((((((((((((((((((( Files Created from 2010-10-25 to 2010-11-25 ))))))))))))))))))))))))))))))) . 2010-11-24 19:00 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-24 19:00 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-24 19:00 . 2010-11-24 19:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-23 17:27 . 2010-11-23 17:27 -------- d-----w- c:\documents and settings\Pelegrin\Application Data\Malwarebytes 2010-11-23 17:27 . 2010-11-23 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-11-23 16:27 . 2010-11-23 16:27 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-11-23 16:26 . 2010-11-23 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-11-21 10:51 . 2010-11-21 10:51 -------- d-----w- c:\program files\MSBuild 2010-11-21 10:32 . 2010-11-21 10:32 -------- d-----w- c:\documents and settings\Pelegrin\Local Settings\Application Data\Help 2010-11-21 09:59 . 2010-11-21 09:59 -------- d-----w- c:\documents and settings\Pelegrin\Local Settings\Application Data\Recovery Toolbox for Excel 2010-11-20 10:38 . 2010-11-20 10:38 -------- d-----w- c:\windows\system32\wbem\Repository 2010-11-20 10:37 . 2010-11-20 10:37 -------- d--h--w- c:\windows\PIF 2010-11-20 09:28 . 2010-11-20 10:32 -------- d-----w- c:\documents and settings\Pelegrin\Local Settings\Application Data\ConduitEngine 2010-11-20 09:28 . 2010-11-20 10:37 -------- d-----w- c:\program files\ConduitEngine 2010-11-20 09:28 . 2010-11-20 09:28 0 ----a-w- c:\windows\system32\ConduitEngine.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-15 02:50 . 2010-05-11 17:39 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-15 00:29 . 2009-07-08 07:35 73728 ----a-w- c:\windows\system32\javacpl.cpl . ------- Sigcheck ------- [-] 2010-01-07 . 27A5959C94EE173A063CA06BD14F021A . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\TCPIP.SYS [-] 2010-01-07 . 27A5959C94EE173A063CA06BD14F021A . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\TCPIP.SYS . ((((((((((((((((((((((((((((( SnapShot@2010-11-25_17.49.16 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-25 18:08 . 2010-11-25 18:08 16384 c:\windows\Temp\Perflib_Perfdata_29c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{a2e40772-4e84-4066-b8f1-f96c4eedbd93}"= "c:\program files\Seve_Tv\tbSev2.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{a2e40772-4e84-4066-b8f1-f96c4eedbd93}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a2e40772-4e84-4066-b8f1-f96c4eedbd93}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\Seve_Tv\tbSev2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{a2e40772-4e84-4066-b8f1-f96c4eedbd93}"= "c:\program files\Seve_Tv\tbSev2.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{a2e40772-4e84-4066-b8f1-f96c4eedbd93}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{A2E40772-4E84-4066-B8F1-F96C4EEDBD93}"= "c:\program files\Seve_Tv\tbSev2.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{a2e40772-4e84-4066-b8f1-f96c4eedbd93}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-25 328056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2007-10-11 1826816] "RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="f:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "nwiz"="nwiz.exe" [2006-10-31 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "B
  10. 2010/11/25 20:05:18.0765 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12 2010/11/25 20:05:18.0765 ================================================================================ 2010/11/25 20:05:18.0765 SystemInfo: 2010/11/25 20:05:18.0765 2010/11/25 20:05:18.0765 OS Version: 5.1.2600 ServicePack: 2.0 2010/11/25 20:05:18.0765 Product type: Workstation 2010/11/25 20:05:18.0765 ComputerName: PELEGRIN-3602FE 2010/11/25 20:05:18.0765 UserName: Pelegrin 2010/11/25 20:05:18.0765 Windows directory: C:\WINDOWS 2010/11/25 20:05:18.0765 System windows directory: C:\WINDOWS 2010/11/25 20:05:18.0765 Processor architecture: Intel x86 2010/11/25 20:05:18.0765 Number of processors: 1 2010/11/25 20:05:18.0765 Page size: 0x1000 2010/11/25 20:05:18.0765 Boot type: Normal boot 2010/11/25 20:05:18.0765 ================================================================================ 2010/11/25 20:05:19.0015 Initialize success 2010/11/25 20:05:42.0062 ================================================================================ 2010/11/25 20:05:42.0062 Scan started 2010/11/25 20:05:42.0062 Mode: Manual; 2010/11/25 20:05:42.0062 ================================================================================ 2010/11/25 20:05:42.0281 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/11/25 20:05:42.0328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/11/25 20:05:42.0406 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys 2010/11/25 20:05:42.0453 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys 2010/11/25 20:05:42.0687 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/11/25 20:05:42.0718 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/11/25 20:05:42.0828 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/11/25 20:05:42.0906 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/11/25 20:05:42.0953 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/11/25 20:05:42.0984 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys 2010/11/25 20:05:43.0031 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/11/25 20:05:43.0062 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/11/25 20:05:43.0140 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/11/25 20:05:43.0203 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/11/25 20:05:43.0468 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/11/25 20:05:43.0562 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 2010/11/25 20:05:43.0640 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 2010/11/25 20:05:43.0671 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/11/25 20:05:43.0734 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2010/11/25 20:05:43.0796 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/11/25 20:05:43.0890 eamon (9307bb1b5c3ed19517056e1f122d8c77) C:\WINDOWS\system32\DRIVERS\eamon.sys 2010/11/25 20:05:43.0937 easdrv (df91159321c0991a2e2eb97c84dc4110) C:\WINDOWS\system32\DRIVERS\easdrv.sys 2010/11/25 20:05:43.0984 epfw (e5fd8f94ea5e8be3e5aefbcadfdec2cf) C:\WINDOWS\system32\DRIVERS\epfw.sys 2010/11/25 20:05:44.0078 Epfwndis (e0b251dc16c6df74bd6b2b8f5aad7abb) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys 2010/11/25 20:05:44.0093 epfwtdi (269adc224b5946ad75d8368ce91f5ed7) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys 2010/11/25 20:05:44.0140 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/11/25 20:05:44.0203 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/11/25 20:05:44.0281 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 2010/11/25 20:05:44.0328 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys 2010/11/25 20:05:44.0375 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2010/11/25 20:05:44.0421 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/11/25 20:05:44.0468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/11/25 20:05:44.0515 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/11/25 20:05:44.0562 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys 2010/11/25 20:05:44.0671 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/11/25 20:05:44.0781 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/11/25 20:05:44.0890 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/11/25 20:05:44.0921 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/11/25 20:05:45.0125 IntcAzAudAddService (c464cf7a58c011a70188602b55c64e99) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2010/11/25 20:05:45.0296 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2010/11/25 20:05:45.0375 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/11/25 20:05:45.0421 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/11/25 20:05:45.0468 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/11/25 20:05:45.0515 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/11/25 20:05:45.0562 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/11/25 20:05:45.0609 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/11/25 20:05:45.0640 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/11/25 20:05:45.0671 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys 2010/11/25 20:05:45.0718 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/11/25 20:05:45.0828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/11/25 20:05:45.0875 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 2010/11/25 20:05:45.0937 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/11/25 20:05:46.0015 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/11/25 20:05:46.0062 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/11/25 20:05:46.0125 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/11/25 20:05:46.0171 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2010/11/25 20:05:46.0218 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/11/25 20:05:46.0250 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/11/25 20:05:46.0281 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/11/25 20:05:46.0328 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/11/25 20:05:46.0390 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2010/11/25 20:05:46.0406 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2010/11/25 20:05:46.0453 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/11/25 20:05:46.0515 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/11/25 20:05:46.0546 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/11/25 20:05:46.0578 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/11/25 20:05:46.0625 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/11/25 20:05:46.0687 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/11/25 20:05:46.0750 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2010/11/25 20:05:46.0796 NSHE (f8e396f5e703d7a8f37d90f59c776268) C:\WINDOWS\system32\Drivers\NSHE.SYS 2010/11/25 20:05:46.0843 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/11/25 20:05:46.0906 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/11/25 20:05:47.0046 nv (eb2858f920b8135b807b5ccaa3ed73dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2010/11/25 20:05:47.0234 nvata (ef9941593b2e9b436f64a87ddb570d1a) C:\WINDOWS\system32\DRIVERS\nvata.sys 2010/11/25 20:05:47.0281 NVENETFD (0ae6258709d58fb53638e8d28f4480d4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 2010/11/25 20:05:47.0359 nvnetbus (1296b33c223a58485d5eaa779752216a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 2010/11/25 20:05:47.0406 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/11/25 20:05:47.0468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/11/25 20:05:47.0515 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/11/25 20:05:47.0593 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/11/25 20:05:47.0609 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/11/25 20:05:47.0656 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/11/25 20:05:47.0718 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/11/25 20:05:47.0765 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/11/25 20:05:47.0984 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/11/25 20:05:48.0031 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys 2010/11/25 20:05:48.0125 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/11/25 20:05:48.0156 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/11/25 20:05:48.0203 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/11/25 20:05:48.0421 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/11/25 20:05:48.0500 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/11/25 20:05:48.0531 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/11/25 20:05:48.0562 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/11/25 20:05:48.0609 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/11/25 20:05:48.0656 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/11/25 20:05:48.0718 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/11/25 20:05:48.0781 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/11/25 20:05:48.0812 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/11/25 20:05:48.0937 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/11/25 20:05:49.0000 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/11/25 20:05:49.0046 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/11/25 20:05:49.0078 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/11/25 20:05:49.0218 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys 2010/11/25 20:05:49.0281 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys 2010/11/25 20:05:49.0281 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b 2010/11/25 20:05:49.0281 sptd - detected Locked file (1) 2010/11/25 20:05:49.0328 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/11/25 20:05:49.0390 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/11/25 20:05:49.0453 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/11/25 20:05:49.0484 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2010/11/25 20:05:49.0625 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/11/25 20:05:49.0718 Tcpip (27a5959c94ee173a063ca06bd14f021a) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/11/25 20:05:49.0765 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/11/25 20:05:49.0796 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/11/25 20:05:49.0828 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/11/25 20:05:49.0921 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2010/11/25 20:05:50.0000 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 2010/11/25 20:05:50.0046 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/11/25 20:05:50.0125 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/11/25 20:05:50.0171 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/11/25 20:05:50.0218 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2010/11/25 20:05:50.0250 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/11/25 20:05:50.0296 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/11/25 20:05:50.0328 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/11/25 20:05:50.0375 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2010/11/25 20:05:50.0453 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/11/25 20:05:50.0484 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/11/25 20:05:50.0546 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/11/25 20:05:50.0656 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2010/11/25 20:05:50.0656 ================================================================================ 2010/11/25 20:05:50.0656 Scan finished 2010/11/25 20:05:50.0656 ================================================================================ 2010/11/25 20:05:50.0687 Detected object count: 2 2010/11/25 20:06:38.0796 Locked file(sptd) - User select action: Skip 2010/11/25 20:06:38.0828 \HardDisk0 - will be cured after reboot 2010/11/25 20:06:38.0828 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2010/11/25 20:06:56.0687 Deinitialize success
  11. ComboFix 10-11-24.04 - Pelegrin 11/25/2010 19:44:04.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1918.1095 [GMT 2:00] Running from: c:\documents and settings\Pelegrin\Desktop\ComboFix.exe AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Pelegrin\Application Data\completescan c:\documents and settings\Pelegrin\Application Data\install c:\documents and settings\Pelegrin\Recent\Thumbs.db c:\program files\driver c:\windows\system32\UNWISE.EXE c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS ((((((((((((((((((((((((( Files Created from 2010-10-25 to 2010-11-25 ))))))))))))))))))))))))))))))) . 2010-11-24 19:00 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-24 19:00 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-24 19:00 . 2010-11-24 19:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-23 17:27 . 2010-11-23 17:27 -------- d-----w- c:\documents and settings\Pelegrin\Application Data\Malwarebytes 2010-11-23 17:27 . 2010-11-23 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-11-23 16:27 . 2010-11-23 16:27 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-11-23 16:26 . 2010-11-23 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-11-21 10:51 . 2010-11-21 10:51 -------- d-----w- c:\program files\MSBuild 2010-11-21 10:32 . 2010-11-21 10:32 -------- d-----w- c:\documents and settings\Pelegrin\Local Settings\Application Data\Help 2010-11-21 09:59 . 2010-11-21 09:59 -------- d-----w- c:\documents and settings\Pelegrin\Local Settings\Application Data\Recovery Toolbox for Excel 2010-11-20 10:38 . 2010-11-20 10:38 -------- d-----w- c:\windows\system32\wbem\Repository 2010-11-20 10:37 . 2010-11-20 10:37 -------- d--h--w- c:\windows\PIF 2010-11-20 09:28 . 2010-11-20 10:32 -------- d-----w- c:\documents and settings\Pelegrin\Local Settings\Application Data\ConduitEngine 2010-11-20 09:28 . 2010-11-20 10:37 -------- d-----w- c:\program files\ConduitEngine 2010-11-20 09:28 . 2010-11-20 09:28 0 ----a-w- c:\windows\system32\ConduitEngine.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-15 02:50 . 2010-05-11 17:39 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-15 00:29 . 2009-07-08 07:35 73728 ----a-w- c:\windows\system32\javacpl.cpl . ------- Sigcheck ------- [-] 2010-01-07 . 27A5959C94EE173A063CA06BD14F021A . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\TCPIP.SYS [-] 2010-01-07 . 27A5959C94EE173A063CA06BD14F021A . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\TCPIP.SYS . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{a2e40772-4e84-4066-b8f1-f96c4eedbd93}"= "c:\program files\Seve_Tv\tbSev2.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{a2e40772-4e84-4066-b8f1-f96c4eedbd93}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a2e40772-4e84-4066-b8f1-f96c4eedbd93}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\Seve_Tv\tbSev2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{a2e40772-4e84-4066-b8f1-f96c4eedbd93}"= "c:\program files\Seve_Tv\tbSev2.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{a2e40772-4e84-4066-b8f1-f96c4eedbd93}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{A2E40772-4E84-4066-B8F1-F96C4EEDBD93}"= "c:\program files\Seve_Tv\tbSev2.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{a2e40772-4e84-4066-b8f1-f96c4eedbd93}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-25 328056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2007-10-11 1826816] "RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="f:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "nwiz"="nwiz.exe" [2006-10-31 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "B
  12. RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 2) Number of processors #1 ============================================== >Drivers ============================================== 0xACCDE000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4792320 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver) 0xBF9D3000 C:\WINDOWS\System32\nv4_disp.dll 4497408 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 91.63 ) 0xB93A8000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3964928 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 91.63 ) 0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2056832 bytes (Microsoft Corporation, NT Kernel & System) 0x804D7000 PnpManager 2056832 bytes 0x804D7000 RAW 2056832 bytes 0x804D7000 WMIxWDM 2056832 bytes 0xBF800000 Win32k 1839104 bytes 0xBF800000 C:\WINDOWS\System32\win32k.sys 1839104 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0xBA6A7000 PCI_PNP5652 1048576 bytes 0xBA6A7000 spde.sys 1048576 bytes 0xBA6A7000 sptd 1048576 bytes 0xB9770000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 897024 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.) 0xA2B90000 C:\WINDOWS\system32\drivers\hardlock.sys 696320 bytes (Aladdin Knowledge Systems Ltd., Hardlock Device Driver for Windows NT) 0xBA504000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver) 0xA941F000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0xA9516000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver) 0xA2AD3000 C:\WINDOWS\system32\DRIVERS\srv.sys 339968 bytes (Microsoft Corporation, Server driver) 0xA2C62000 C:\WINDOWS\system32\DRIVERS\eamon.sys 315392 bytes (ESET, Amon monitor) 0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0xB92F3000 C:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver) 0xB9327000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector) 0xBA661000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT) 0xA2CAF000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0xBA4D7000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver) 0xA948E000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 180224 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0xA94DC000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver) 0xBA60B000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver) 0xB986E000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a) 0xA2B6D000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver) 0xB984B000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library) 0xB9893000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0xA94BA000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0xACCBC000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0xA93FE000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator) 0x806CE000 ACPI_HAL 131968 bytes 0x806CE000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0xBA5BA000 fltMgr.sys 126976 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0xBA631000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver) 0xA2B26000 C:\WINDOWS\system32\Drivers\NSHE.SYS 126976 bytes (T0r0 2008, DongleEmulator for HASP, Sentinel, etc) 0xBA4BC000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0xA41C1000 C:\WINDOWS\System32\Drivers\dump_nvata.sys 106496 bytes 0xBA5D9000 nvata.sys 106496 bytes (NVIDIA Corporation, NVIDIA
  13. OTL logfile created on: 11/25/2010 7:15:30 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Pelegrin\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19.53 Gb Total Space | 8.99 Gb Free Space | 46.02% Space Free | Partition Type: NTFS Drive D: | 154.75 Gb Total Space | 61.09 Gb Free Space | 39.48% Space Free | Partition Type: NTFS Drive F: | 58.59 Gb Total Space | 43.18 Gb Free Space | 73.70% Space Free | Partition Type: NTFS Computer Name: PELEGRIN-3602FE | User Name: Pelegrin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010/11/25 19:14:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pelegrin\Desktop\OTL.exe PRC - [2010/10/28 16:30:57 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/10/12 08:50:52 | 002,346,496 | ---- | M] () -- D:\BARDIWIN\bainfoc.exe PRC - [2010/09/25 16:45:22 | 000,328,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe PRC - [2010/08/18 18:34:23 | 006,628,864 | ---- | M] (Sybase, Inc.) -- D:\TECDOC_CD\4_2010\pb\tof.exe PRC - [2010/06/30 22:19:10 | 000,356,352 | ---- | M] (Transaction Software, D 81829 Munich) -- D:\TECDOC_CD\4_2010\db\tbmux32.exe PRC - [2010/06/30 22:19:08 | 002,457,600 | ---- | M] (Transaction Software, D 81829 Munich) -- D:\TECDOC_CD\4_2010\db\tbkern32.exe PRC - [2009/10/20 13:59:18 | 000,111,928 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe PRC - [2008/07/01 08:01:04 | 001,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe PRC - [2007/12/21 07:21:16 | 000,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe PRC - [2007/04/03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2007/02/04 11:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- F:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe PRC - [2006/11/27 15:44:48 | 000,135,221 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe PRC - [2006/11/27 15:44:26 | 000,065,593 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe PRC - [2006/04/13 14:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe PRC - [2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010/11/25 19:14:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pelegrin\Desktop\OTL.exe MOD - [2009/10/20 13:59:02 | 000,023,864 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll MOD - [2007/02/05 08:29:04 | 000,139,264 | ---- | M] (Nuance Communications, Inc.) -- F:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll MOD - [2006/07/11 18:35:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\SweetIM\Messenger\msvcr71.dll MOD - [2004/08/03 23:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010/06/30 22:19:10 | 000,356,352 | ---- | M] (Transaction Software, D 81829 Munich) [Auto | Running] -- D:\TECDOC_CD\4_2010\db\tbmux32.exe -- (Transbase TECDOC CD 4_2010 Service) SRV - [2008/07/01 08:08:00 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV - [2007/12/21 07:21:16 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn) SRV - [2006/11/27 15:44:48 | 000,135,221 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp) SRV - [2006/11/27 15:44:26 | 000,065,593 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog) SRV - [2006/04/13 14:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface) ========== Driver Services (SafeList) ========== DRV - [2010/05/01 12:32:18 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2008/11/23 11:23:04 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NSHE.SYS -- (NSHE) DRV - [2008/07/01 08:04:38 | 000,054,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi) DRV - [2008/07/01 08:04:36 | 000,030,728 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis) DRV - [2008/07/01 08:04:34 | 000,071,688 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw) DRV - [2008/07/01 07:57:14 | 000,053,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv) DRV - [2008/07/01 07:56:22 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2007/10/16 17:38:30 | 004,615,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006/11/27 10:33:54 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006/11/27 10:33:50 | 000,058,368 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006/11/22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2006/10/31 08:35:00 | 003,964,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2006/10/18 10:31:38 | 000,105,472 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2005/03/16 08:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS) DRV - [2005/01/07 16:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1409082233-113007714-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1409082233-113007714-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKU\S-1-5-21-1409082233-113007714-1801674531-1003\..\URLSearchHook: {a2e40772-4e84-4066-b8f1-f96c4eedbd93} - C:\Program Files\Seve_Tv\tbSev2.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1409082233-113007714-1801674531-1003\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1409082233-113007714-1801674531-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-1409082233-113007714-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.ro/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 08:42:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 16:31:00 | 000,000,000 | ---D | M] [2010/02/13 15:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pelegrin\Application Data\Mozilla\Extensions [2010/11/25 12:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pelegrin\Application Data\Mozilla\Firefox\Profiles\ddbd1e6q.default\extensions [2010/07/31 07:26:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Pelegrin\Application Data\Mozilla\Firefox\Profiles\ddbd1e6q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010/11/25 12:44:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/05/11 19:39:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/08/07 07:12:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/11/07 13:01:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/01/16 03:24:43 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipediaro.xml O1 HOSTS File: ([2001/08/23 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Seve Tv Toolbar) - {a2e40772-4e84-4066-b8f1-f96c4eedbd93} - C:\Program Files\Seve_Tv\tbSev2.dll (Conduit Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Seve Tv Toolbar) - {a2e40772-4e84-4066-b8f1-f96c4eedbd93} - C:\Program Files\Seve_Tv\tbSev2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-1409082233-113007714-1801674531-1003\..\Toolbar\ShellBrowser: (Seve Tv Toolbar) - {A2E40772-4E84-4066-B8F1-F96C4EEDBD93} - C:\Program Files\Seve_Tv\tbSev2.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1409082233-113007714-1801674531-1003\..\Toolbar\WebBrowser: (Seve Tv Toolbar) - {A2E40772-4E84-4066-B8F1-F96C4EEDBD93} - C:\Program Files\Seve_Tv\tbSev2.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1409082233-113007714-1801674531-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [b
  14. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versiunea bazei de date: 5176 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 11/23/2010 7:39:48 PM mbam-log-2010-11-23 (19-39-48).txt Modul de scanare: Scanare rapida Obiecte scanate: 144403 Timp trecut: 6 minute, 11 secunde Procese din Memorie Infectate: 0 Module de Memorie Infectate: 0 Chei de Registru Infectate: 16 Valori de Registru Infectate: 3 Date din Registru Infectate: 3 Foldere Infectate: 0 Fisiere Infectate: 5 Procese din Memorie Infectate: (Nu au fost detectate obiecte malicioase) Module de Memorie Infectate: (Nu au fost detectate obiecte malicioase) Chei de Registru Infectate: HKEY_CLASSES_ROOT\funwebproductsinstaller.start (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproductsinstaller.start.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1d4db7d1-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{1d4db7d0-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\C8H1KKCTZV (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Nvchost (Trojan.Goldun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\HJRUDZ5DT2 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valori de Registru Infectate: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hjrudz5dt2 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Date din Registru Infectate: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Foldere Infectate: (Nu au fost detectate obiecte malicioase) Fisiere Infectate: C:\Documents and Settings\Pelegrin\Local Settings\Temp\Jkv.exe (Trojan.FraudPack) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Pelegrin\Application Data\scgdfgasfbh.bat (Malware.Trace) -> Quarantined and deleted successfully.