Здравейте, ето за какво става въпрос: вчера сутринта приятелят ми е влезнал в профила си във ФБ, получил е съобщения в чата с някакъв текст от сорта на "леле, виж ква яка картинка!" последвано от линк. Нацъкал е линковете доволно и ето резултата... 1. Днес сутринта аз влезнах в моя профил във ФБ и с ужас видях как компютъра ми сам разпраща в чата на всички, които са онлайн същите линкове. 2. Компютърът ми стана адски бавен, сигурно заради вирусите. 3. Сканирах с антивирусната (NOD32), тя откри доста неща, които сложих под карантина. Само че при следващото стартиране на компютъра екрана започна да бълва съобщения за грешки и липсващи файлове. Нищо не бях трила, а само заключила под карантина, не знам дали тези съобщения са от вирусите или от действията на антивирусната програма. При по-следващо стартиране на компютъра такива съобщения не се появиха. 4. Има още нещо - антивирусната ми не се е ъпдейтвала от 20-ти август. Тогава ми изкара съобщения, че трябва да закупя програмата, явно й е изтекъл срока или нещо подобно. С НОД32 съм откакто съм купила компютъра, не е и преинсталиран от тогава, вече 2-3 години. Искам съвет с какво да започна и може ли изобщо да оправя нещата без преинсталация на операционната система? Да сложа ли друга антивирусна първо? Тези логове, които четох по другите теми как да ги генерирам? И не на последно място - да гръмна ли гаджето задето ми причинява такива главоболия?

Извинявам се на колегите, че ще се намеся, но да им спестя малко време.

Прочетете и изпълнете точките от: Системата ми е инфектирана - Какво да правя сега? Колегите ще имат нужда от тези логове, за да преценят как да се действа, с какво точно си имат работа и до къде се е разпространило най-общо казано. Пожелавам ви успех!

Благодаря, ще прочета и ще се постарая да го изпълня, че не съм много на "ти" с тия неща.

Това е копираното от dds.txt: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26 Run by pc 2 at 16:22:13 on 2011-09-02 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2047.905 [GMT 3:00] . AV: ESET NOD32 antivirus system 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\Ati2evxx.exe svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\Common Files\Protexis\License Service\PSIService.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\CNAB3RPK.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Eset\UpdateReminder.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Advanced Woman Calendar\WomanCalendar.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\USB-Switch\USwitch.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\DOCUME~1\PC2~1\LOCALS~1\Temp\tmp70.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.qip.ru uInternet Settings,ProxyOverride = *.local mWinlogon: Taskman=c:\documents and settings\pc 2\application data\mrpky.exe BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: IeCatch2 Class: {a5366673-e8ca-11d3-9cd9-0090271d075b} - c:\progra~1\flashget\jccatch.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [Advanced Woman Calendar] "c:\program files\advanced woman calendar\WomanCalendar.exe" -m uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [<NO NAME>] mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [zzzHPSETUP] e:\setup.exe \RESET mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe" mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [<NO NAME>] mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup mRun: [Nokia FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [updateReminder] c:\program files\eset\UpdateReminder.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Windows Network Assistant] c:\windows\system32\wmpnkc32.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\pc2~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\usb20s~1.lnk - c:\program files\usb-switch\USwitch.exe IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm IE: Download using FlashGet - c:\program files\flashget\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL LSP: c:\windows\system32\imon.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{5A39E6B8-9937-42B5-B138-067E109B0263} : DhcpNameServer = 192.168.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\pc 2\application data\mozilla\firefox\profiles\6jrtw7py.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://uk.ask.com/ FF - component: c:\documents and settings\pc 2\application data\mozilla\firefox\profiles\6jrtw7py.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\pc 2\application data\mozilla\firefox\profiles\6jrtw7py.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll FF - plugin: c:\documents and settings\pc 2\application data\facebook\npfbplugin_1_0_0.dll FF - plugin: c:\documents and settings\pc 2\application data\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\documents and settings\pc 2\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-12-20 15424] R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\common files\abbyy\finereader\9.00\licensing\pe\NetworkLicenseServer.exe [2007-12-6 660768] R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2007-12-20 549256] R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2006-8-22 316992] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-12-20 38656] S2 gupdate1c9fd735fed3abe;Ус»уі° Google Update (gupdate1c9fd735fed3abe);c:\program files\google\update\GoogleUpdate.exe [2009-7-5 133104] S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-5 133104] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-9-8 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-9-8 8320] . =============== Created Last 30 ================ . 2011-09-01 04:42:13 155648 --sh--w- c:\windows\system32\wmpnkc32.exe 2011-08-12 11:01:20 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-12 11:01:11 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys . ==================== Find3M ==================== . 2011-08-29 16:58:25 2568 --sha-w- c:\windows\system32\KGyGaAvL.sys 2011-08-20 04:08:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll 2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-06-21 18:45:57 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-06-21 18:45:57 17408 ------w- c:\windows\system32\corpol.dll 2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: ST3320620AS rev.3.AAE -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe >>UNKNOWN [0x8A84F808]<< _asm { MOV EAX, 0x8a84f728; XCHG [ESP], EAX; PUSH EAX; PUSH 0x8a8060d4; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A7AAAB8] \Driver\Disk[0x8A764A08] -> IRP_MJ_CREATE -> 0x8A84F808 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: detected hooks: \Driver\Disk -> 0x8a84f808 user & kernel MBR OK Warning: possible MBR rootkit infection ! . ============= FINISH: 16:22:49,62 =============== Това е текста от attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 07.5.2005 г. 18:24:05 System Uptime: 02.9.2011 г. 08:07:04 (8 hours ago) . Motherboard: ASUSTeK Computer INC. | | P5KC Processor: Intel® Core2 Duo CPU E6550 @ 2.33GHz | LGA775 | 2337/333mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 49 GiB total, 18,527 GiB free. D: is FIXED (NTFS) - 249 GiB total, 24,634 GiB free. E: is CDROM () F: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP853: 17.6.2011 г. 00:03:25 - System Checkpoint RP854: 18.6.2011 г. 00:07:55 - System Checkpoint RP855: 19.6.2011 г. 00:21:26 - System Checkpoint RP856: 20.6.2011 г. 08:31:38 - System Checkpoint RP857: 21.6.2011 г. 09:48:49 - System Checkpoint RP858: 22.6.2011 г. 11:29:44 - System Checkpoint RP859: 23.6.2011 г. 12:14:24 - System Checkpoint RP860: 24.6.2011 г. 13:28:03 - System Checkpoint RP861: 26.6.2011 г. 14:30:06 - System Checkpoint RP862: 27.6.2011 г. 23:30:44 - System Checkpoint RP863: 29.6.2011 г. 08:53:55 - System Checkpoint RP864: 30.6.2011 г. 00:02:42 - Software Distribution Service 3.0 RP865: 01.7.2011 г. 10:23:43 - System Checkpoint RP866: 02.7.2011 г. 11:18:18 - System Checkpoint RP867: 03.7.2011 г. 11:55:36 - System Checkpoint RP868: 04.7.2011 г. 08:20:36 - Installed Java 6 Update 26 RP869: 05.7.2011 г. 19:33:25 - System Checkpoint RP870: 06.7.2011 г. 21:15:38 - System Checkpoint RP871: 07.7.2011 г. 22:00:05 - System Checkpoint RP872: 08.7.2011 г. 22:38:21 - System Checkpoint RP873: 12.7.2011 г. 08:11:52 - System Checkpoint RP874: 13.7.2011 г. 08:31:21 - System Checkpoint RP875: 14.7.2011 г. 08:16:17 - Software Distribution Service 3.0 RP876: 15.7.2011 г. 08:18:03 - System Checkpoint RP877: 16.7.2011 г. 09:11:07 - System Checkpoint RP878: 17.7.2011 г. 10:33:08 - System Checkpoint RP879: 18.7.2011 г. 11:04:02 - System Checkpoint RP880: 19.7.2011 г. 11:10:36 - System Checkpoint RP881: 20.7.2011 г. 19:21:15 - System Checkpoint RP882: 21.7.2011 г. 20:13:32 - System Checkpoint RP883: 22.7.2011 г. 21:33:13 - System Checkpoint RP884: 23.7.2011 г. 23:28:41 - System Checkpoint RP885: 25.7.2011 г. 17:19:14 - System Checkpoint RP886: 26.7.2011 г. 17:35:27 - System Checkpoint RP887: 27.7.2011 г. 19:41:07 - System Checkpoint RP888: 28.7.2011 г. 20:01:21 - System Checkpoint RP889: 30.7.2011 г. 13:35:48 - System Checkpoint RP890: 31.7.2011 г. 15:04:07 - System Checkpoint RP891: 02.8.2011 г. 09:49:47 - System Checkpoint RP892: 03.8.2011 г. 20:21:07 - System Checkpoint RP893: 05.8.2011 г. 10:10:25 - System Checkpoint RP894: 06.8.2011 г. 11:04:10 - System Checkpoint RP895: 07.8.2011 г. 13:05:59 - System Checkpoint RP896: 08.8.2011 г. 13:46:51 - System Checkpoint RP897: 12.8.2011 г. 14:48:01 - System Checkpoint RP898: 13.8.2011 г. 08:58:14 - Software Distribution Service 3.0 RP899: 14.8.2011 г. 09:13:58 - System Checkpoint RP900: 15.8.2011 г. 19:04:14 - System Checkpoint RP901: 16.8.2011 г. 19:15:31 - System Checkpoint RP902: 17.8.2011 г. 19:17:10 - System Checkpoint RP903: 18.8.2011 г. 19:19:56 - System Checkpoint RP904: 19.8.2011 г. 23:44:22 - System Checkpoint RP905: 21.8.2011 г. 08:49:54 - System Checkpoint RP906: 22.8.2011 г. 08:51:56 - System Checkpoint RP907: 23.8.2011 г. 18:00:29 - System Checkpoint RP908: 24.8.2011 г. 22:47:12 - System Checkpoint RP909: 25.8.2011 г. 00:23:56 - Software Distribution Service 3.0 RP910: 26.8.2011 г. 09:40:29 - System Checkpoint RP911: 27.8.2011 г. 10:32:32 - System Checkpoint RP912: 28.8.2011 г. 17:10:15 - System Checkpoint RP913: 29.8.2011 г. 18:08:22 - System Checkpoint RP914: 30.8.2011 г. 22:15:30 - System Checkpoint RP915: 31.8.2011 г. 22:47:23 - System Checkpoint RP916: 02.9.2011 г. 09:00:24 - System Checkpoint . ==== Installed Programs ====================== . ABBYY FineReader 9.0 Professional Edition Ad-Aware Add or Remove Adobe Creative Suite 3 Master Collection Adobe Acrobat 5.0 Adobe Acrobat 8 Professional Adobe Acrobat 8.1.1 Professional Adobe After Effects CS3 Presets Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Audition 1.5 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Common File Installer Adobe Creative Suite 3 Master Collection Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe InDesign CS2 Adobe InDesign CS3 Adobe InDesign CS3 Icon Handler Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS2 Adobe Photoshop CS3 Adobe Reader 8.1.1 Adobe Setup Adobe SING CS3 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Video Profiles Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP DVA Panels CS3 Adobe XMP Panels CS3 Advanced Woman Calendar 2.0 AEnglish Dictionary XP 1.72 AHV content for Acrobat and Flash Apple Application Support Apple Software Update Artcut Software Ashampoo Burning Studio 7 ASUS VGA Driver ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver Attansic Ethernet Utility Attansic L1 Gigabit Ethernet Driver AVIVO BufferChm BulgarianPhonetic XP by G. Atanasov Canon LBP3000 CANYON CN-WCAM21 PC-Camera Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common ccc-core-preinstall ccc-core-static ccc-utility CCC Help English CCleaner CorelDRAW Graphics Suite X3 CP_AtenaShokunin1Config CP_CalendarTemplates1 CP_Package_Basic1 CP_Panorama1Config Critical Update for Windows Media Player 11 (KB959772) CueTour Cyrilla Destinations DeviceFunctionQFolder DeviceManagementQFolder DocProc EN eSupportQFolder Facebook Plug-In FLAC 1.1.4b (remove only) FlashGet(JetCar) FontNav foobar2000 v0.9.6.3 FullDPAppQFolder GOM Player Google Update Helper Google Updater Google чµјя High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Image Zone 5.3 HP Imaging Device Functions 5.3 HP Scanjet 4370 HP Software Update HP Solution Center & Imaging Support Tools 5.3 hpg4370 hpg4370QFolder HPProductAssistant ImagXpress InstantShareDevices IrfanView (remove only) Java Auto Updater Java 6 Update 26 Java 6 Update 7 K-Lite Codec Pack 2.73 Full Kyodai Mahjongg 2006 v1.42 Magic ISO Maker v5.4 (build 0245) MediaInfo 0.7.3.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.7 Microsoft Visual C++ 2005 Redistributable Monkey's Audio MOP Mozilla Firefox 6.0.1 (x86 bg) Mozilla Thunderbird (3.1.11) MSVC80_x86_v2 MSVC90_x86 MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB933579) Musicmatch® Jukebox neroxml Nikon FotoShare Nikon Message Center NOD32 antivirus system NOD32 FiX v2.1 Nokia Connectivity Cable Driver Nokia Music Nokia Ovi Suite Nokia Ovi Suite Software Updater Nokia Photos Nokia Software Updater Nokia_Multimedia_Common_Components_2_5 oggcodecs 0.71.0946 OpenAL OpenOffice.org Installer 1.0 Ovi Desktop Sync Engine OviMPlatform PanoStandAlone PC Connectivity Solution PDF Settings PhotoGallery PictureProject PowerDVD QuickTime RandMap Realtek High Definition Audio Driver Scan ScannerCopy Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2559049) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Sentinel Protection Installer 7.3.1 Skins SkinsHP1 Skype™ 3.8 SolutionCenter Sonic_PrimoSDK The KMPlayer (remove only) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update Manager USB 2.0 Switch Utility Software VBA WebFldrs XP WebReg Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver Wocarson Windows Genuine Advantage Validation v1.9.40.0 Cracked V2 XviD MPEG-4 Video Codec ч§фєНјїІ µTorrent . ==== Event Viewer Messages From Past Week ======== . 31.8.2011 і. 16:36:45, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 30.8.2011 і. 19:16:13, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 30.8.2011 і. 07:42:32, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 29.8.2011 і. 11:04:50, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 29.8.2011 і. 10:59:36, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 29.8.2011 і. 07:21:35, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 28.8.2011 і. 16:17:33, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 27.8.2011 і. 07:28:59, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 26.8.2011 і. 09:10:58, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 02.9.2011 і. 08:08:06, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 02.9.2011 і. 02:39:13, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 02.9.2011 і. 02:32:47, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 02.9.2011 і. 02:19:55, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 01.9.2011 і. 20:00:44, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 01.9.2011 і. 07:06:19, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. . ==== End Of File ===========================

• Изтеглете TDSSKiller и го разархивирайте на десктопa.
• Стартирайте TDSSKiller.exe, след това натиснете бутона Start Scan.

  

• Ако бъде открит зловреден (malicious) файл, проверете дали е избрана опцията Cure (по подразбиране). Ако е избрана Cure - натиснете Continue

  

• Ако бъде открит подозрителен (suspicious) файл, проверете дали е избрана опцията Skip (по подразбиране). Ако е избрана Skip - натиснете Continue.
• Изберете skip и за sptd услугата:

  

• Възможно е програмата да изиска рестарт. Ако е така - потвърдете с Reboot Now.

  

  -Ако няма рестартиране, отидете на Report. Ще се появи лог файл. Копирайте и поставете съдържанието му в следващия си коментар.

  -Ако има рестартиране, отидете на в основаната директория на дял C:. Там трябва да има файл с формат: TDSSKiller.[Version]_[Date]_[Time]_log.txt. Отворете го, копирайте и поставете съдържанието му в следващия си коментар.

Ами нищо не намери. Ето текста от репорта: 2011/09/02 17:45:01.0421 1692 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57 2011/09/02 17:45:01.0609 1692 ================================================================================ 2011/09/02 17:45:01.0609 1692 SystemInfo: 2011/09/02 17:45:01.0609 1692 2011/09/02 17:45:01.0609 1692 OS Version: 5.1.2600 ServicePack: 3.0 2011/09/02 17:45:01.0609 1692 Product type: Workstation 2011/09/02 17:45:01.0609 1692 ComputerName: PC 2011/09/02 17:45:01.0609 1692 UserName: pc 2 2011/09/02 17:45:01.0609 1692 Windows directory: C:\WINDOWS 2011/09/02 17:45:01.0609 1692 System windows directory: C:\WINDOWS 2011/09/02 17:45:01.0609 1692 Processor architecture: Intel x86 2011/09/02 17:45:01.0609 1692 Number of processors: 2 2011/09/02 17:45:01.0609 1692 Page size: 0x1000 2011/09/02 17:45:01.0609 1692 Boot type: Normal boot 2011/09/02 17:45:01.0609 1692 ================================================================================ 2011/09/02 17:45:02.0125 1692 Initialize success 2011/09/02 17:47:14.0921 0804 ================================================================================ 2011/09/02 17:47:14.0921 0804 Scan started 2011/09/02 17:47:14.0921 0804 Mode: Manual; 2011/09/02 17:47:14.0921 0804 ================================================================================ 2011/09/02 17:47:15.0187 0804 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/09/02 17:47:15.0234 0804 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/09/02 17:47:15.0265 0804 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/09/02 17:47:15.0296 0804 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/09/02 17:47:15.0406 0804 AMON (515c9cf8a21a62861d5058135f852d6a) C:\WINDOWS\system32\drivers\amon.sys 2011/09/02 17:47:15.0453 0804 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/09/02 17:47:15.0546 0804 asusgsb (d320732bcf5ff856120bd06855c66867) C:\WINDOWS\system32\drivers\asusgsb.sys 2011/09/02 17:47:15.0562 0804 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/09/02 17:47:15.0578 0804 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/09/02 17:47:15.0593 0804 AtcL001 (19f277bc4ce5689f20f347a6b8aa8c42) C:\WINDOWS\system32\DRIVERS\atl01_xp.sys 2011/09/02 17:47:15.0703 0804 ati2mtag (ec2743bf722d4356375a0a01b69a81e0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/09/02 17:47:15.0796 0804 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys 2011/09/02 17:47:15.0812 0804 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/09/02 17:47:15.0859 0804 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/09/02 17:47:15.0890 0804 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/09/02 17:47:15.0953 0804 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/09/02 17:47:16.0000 0804 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/09/02 17:47:16.0062 0804 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/09/02 17:47:16.0125 0804 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/09/02 17:47:16.0140 0804 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/09/02 17:47:16.0296 0804 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/09/02 17:47:16.0343 0804 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/09/02 17:47:16.0375 0804 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/09/02 17:47:16.0390 0804 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/09/02 17:47:16.0437 0804 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/09/02 17:47:16.0453 0804 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/09/02 17:47:16.0500 0804 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys 2011/09/02 17:47:16.0500 0804 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 12aca694b50ea53563c1e7c99e7bb27d 2011/09/02 17:47:16.0500 0804 dtscsi - detected LockedFile.Multi.Generic (1) 2011/09/02 17:47:16.0515 0804 EIO (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO.sys 2011/09/02 17:47:16.0562 0804 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/09/02 17:47:16.0578 0804 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/09/02 17:47:16.0593 0804 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/09/02 17:47:16.0609 0804 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/09/02 17:47:16.0671 0804 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/09/02 17:47:16.0687 0804 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/09/02 17:47:16.0703 0804 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/09/02 17:47:16.0718 0804 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/09/02 17:47:16.0781 0804 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys 2011/09/02 17:47:16.0812 0804 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys 2011/09/02 17:47:16.0843 0804 HdAudAddService (56bf27d7a539f9e6bbc1de201aba0edf) C:\WINDOWS\system32\drivers\AtiHdAud.sys 2011/09/02 17:47:16.0890 0804 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/09/02 17:47:16.0921 0804 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/09/02 17:47:16.0984 0804 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/09/02 17:47:17.0031 0804 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/09/02 17:47:17.0062 0804 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/09/02 17:47:17.0187 0804 IntcAzAudAddService (cbddab14249b2f05407fc09ab8fffb88) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/09/02 17:47:17.0312 0804 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/09/02 17:47:17.0328 0804 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/09/02 17:47:17.0359 0804 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/09/02 17:47:17.0375 0804 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/09/02 17:47:17.0406 0804 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/09/02 17:47:17.0421 0804 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/09/02 17:47:17.0453 0804 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/09/02 17:47:17.0484 0804 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/09/02 17:47:17.0500 0804 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/09/02 17:47:17.0531 0804 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/09/02 17:47:17.0546 0804 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/09/02 17:47:17.0593 0804 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/09/02 17:47:17.0625 0804 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/09/02 17:47:17.0640 0804 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/09/02 17:47:17.0671 0804 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/09/02 17:47:17.0687 0804 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/09/02 17:47:17.0734 0804 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/09/02 17:47:17.0765 0804 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/09/02 17:47:17.0796 0804 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/09/02 17:47:17.0812 0804 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/09/02 17:47:17.0843 0804 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/09/02 17:47:17.0859 0804 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/09/02 17:47:17.0906 0804 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/09/02 17:47:17.0921 0804 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/09/02 17:47:17.0953 0804 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 2011/09/02 17:47:18.0000 0804 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/09/02 17:47:18.0015 0804 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/09/02 17:47:18.0031 0804 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/09/02 17:47:18.0062 0804 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/09/02 17:47:18.0078 0804 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/09/02 17:47:18.0109 0804 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/09/02 17:47:18.0140 0804 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/09/02 17:47:18.0187 0804 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/09/02 17:47:18.0203 0804 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/09/02 17:47:18.0218 0804 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/09/02 17:47:18.0250 0804 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/09/02 17:47:18.0265 0804 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys 2011/09/02 17:47:18.0312 0804 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys 2011/09/02 17:47:18.0359 0804 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys 2011/09/02 17:47:18.0375 0804 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys 2011/09/02 17:47:18.0421 0804 nod32drv (e4dd307d959f80b2c0869046d34baa36) C:\WINDOWS\system32\drivers\nod32drv.sys 2011/09/02 17:47:18.0437 0804 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/09/02 17:47:18.0468 0804 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/09/02 17:47:18.0500 0804 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/09/02 17:47:18.0531 0804 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/09/02 17:47:18.0562 0804 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/09/02 17:47:18.0593 0804 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/09/02 17:47:18.0687 0804 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/09/02 17:47:18.0703 0804 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/09/02 17:47:18.0734 0804 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/09/02 17:47:18.0765 0804 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 2011/09/02 17:47:18.0796 0804 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/09/02 17:47:18.0843 0804 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/09/02 17:47:18.0875 0804 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/09/02 17:47:19.0015 0804 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys 2011/09/02 17:47:19.0031 0804 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/09/02 17:47:19.0062 0804 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/09/02 17:47:19.0078 0804 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/09/02 17:47:19.0125 0804 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/09/02 17:47:19.0218 0804 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/09/02 17:47:19.0265 0804 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/09/02 17:47:19.0281 0804 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/09/02 17:47:19.0296 0804 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/09/02 17:47:19.0328 0804 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/09/02 17:47:19.0343 0804 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/09/02 17:47:19.0375 0804 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/09/02 17:47:19.0406 0804 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/09/02 17:47:19.0437 0804 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/09/02 17:47:19.0468 0804 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2011/09/02 17:47:19.0515 0804 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/09/02 17:47:19.0562 0804 Sentinel (82e878fd036c98a4555b1b15aa132494) C:\WINDOWS\System32\Drivers\SENTINEL.SYS 2011/09/02 17:47:19.0609 0804 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys 2011/09/02 17:47:19.0640 0804 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/09/02 17:47:19.0671 0804 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/09/02 17:47:19.0703 0804 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/09/02 17:47:19.0765 0804 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/09/02 17:47:19.0812 0804 SoC PC-Camera Service (105531f39b6f85bb0a025182d8d8c37b) C:\WINDOWS\system32\DRIVERS\pfc027.sys 2011/09/02 17:47:19.0843 0804 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/09/02 17:47:19.0906 0804 sptd (9f25b29f75d384303e1b50a362cc02a1) C:\WINDOWS\system32\Drivers\sptd.sys 2011/09/02 17:47:19.0906 0804 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 9f25b29f75d384303e1b50a362cc02a1 2011/09/02 17:47:19.0906 0804 sptd - detected LockedFile.Multi.Generic (1) 2011/09/02 17:47:19.0953 0804 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/09/02 17:47:19.0984 0804 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/09/02 17:47:20.0015 0804 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/09/02 17:47:20.0046 0804 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/09/02 17:47:20.0062 0804 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/09/02 17:47:20.0125 0804 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/09/02 17:47:20.0171 0804 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/09/02 17:47:20.0187 0804 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/09/02 17:47:20.0218 0804 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/09/02 17:47:20.0250 0804 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/09/02 17:47:20.0296 0804 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/09/02 17:47:20.0343 0804 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/09/02 17:47:20.0390 0804 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 2011/09/02 17:47:20.0406 0804 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/09/02 17:47:20.0421 0804 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/09/02 17:47:20.0453 0804 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/09/02 17:47:20.0468 0804 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/09/02 17:47:20.0515 0804 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys 2011/09/02 17:47:20.0562 0804 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 2011/09/02 17:47:20.0578 0804 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/09/02 17:47:20.0609 0804 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/09/02 17:47:20.0625 0804 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/09/02 17:47:20.0687 0804 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/09/02 17:47:20.0703 0804 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/09/02 17:47:20.0750 0804 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/09/02 17:47:20.0796 0804 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/09/02 17:47:20.0843 0804 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/09/02 17:47:20.0859 0804 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/09/02 17:47:20.0890 0804 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/09/02 17:47:20.0937 0804 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/09/02 17:47:20.0968 0804 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/09/02 17:47:20.0984 0804 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 2011/09/02 17:47:21.0078 0804 Boot (0x1200) (943db3f2924e0e4ef8bc0d74c6e32f84) \Device\Harddisk0\DR0\Partition0 2011/09/02 17:47:21.0093 0804 Boot (0x1200) (5922256ff5216a1b7e05038e12015380) \Device\Harddisk0\DR0\Partition1 2011/09/02 17:47:21.0093 0804 ================================================================================ 2011/09/02 17:47:21.0093 0804 Scan finished 2011/09/02 17:47:21.0093 0804 ================================================================================ 2011/09/02 17:47:21.0109 2972 Detected object count: 2 2011/09/02 17:47:21.0109 2972 Actual detected object count: 2 2011/09/02 17:48:17.0375 2972 LockedFile.Multi.Generic(dtscsi) - User select action: Skip 2011/09/02 17:48:17.0375 2972 LockedFile.Multi.Generic(sptd) - User select action: Skip

Следвайте следната инструкция за работа с OTM:

• Изтеглете OTМ.exe или OTМ.scr го запазете на десктопа.
• Стартирайте ОТМ с двукратен клик на мишката.
• Маркирайте следната текстова информация (само това, което е поставено в карето) и я копирайте с десен клик - Copy (Копирай). Може да използвате Ctrl+C:

  :Processes
  tmp70.exe
  :files
  c:\documents and settings\pc 2\local settings\Temp\tmp70.exe
  c:\documents and settings\pc 2\application data\mrpky.exe
  c:\windows\system32\wmpnkc32.exe
  :Reg
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
  "Taskman"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Windows Network Assistant"=-
  :Commands
  [emptytemp]
  [resethosts]
  [Reboot]
  

• Отидете отново на стартирания OTM и с десен клик в Paste Instructions for Items to be Moved (под жълтата лента) и изберете Paste (Постави).
• Натиснете маркираният в червено бутон Moveit!.
• Изчакайте програмата да завърши работата си. Маркирайте и копирайте с десен клик Copy (Копирай или Ctrl+С) изцяло текста, който ще се появи под сивата лента.
• Публикувайте копирания текст с Paste (постави) в следващия си коментар.
• Затворете OTM.

Забележка: Ако OTM изисква рестарт, изберете Yes. След рестарта отворете Notepad (Start-> All Programs -> Accessories -> Notepad) изберете File->Open, после в File Name въведете *.log и отидете в папка C:\_OTM\MovedFiles и отворете последния генериран файл с разширение log (mmddyyyy_hhmmss.log - тук mm е месец, dd - ден, yyyy - година, hh - час, mm - минута и ss - секунда). Маркирайте и копирайте с десен клик Copy (Копирай или Ctrl+С) изцяло текста, който се съдържа в този файл. Публикувайте копирания текст с Paste (Постави) в следващия си коментар.

All processes killed ========== PROCESSES ========== No active process named tmp70.exe was found! ========== FILES ========== c:\documents and settings\pc 2\local settings\Temp\tmp70.exe moved successfully. File/Folder c:\documents and settings\pc 2\application data\mrpky.exe not found. File move failed. c:\windows\system32\wmpnkc32.exe scheduled to be moved on reboot. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\\Taskman deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Windows Network Assistant deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49200079 bytes User: pc 2 ->Temp folder emptied: 3228942876 bytes ->Temporary Internet Files folder emptied: 329051225 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 76582420 bytes ->Google Chrome cache emptied: 6299263 bytes ->Flash cache emptied: 1926091 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2162283 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 189017651 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 237613103 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 2048276328 bytes Total Files Cleaned = 5 883,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTM by OldTimer - Version 3.1.18.0 log created on 09022011_224707 Files moved on Reboot... c:\windows\system32\wmpnkc32.exe moved successfully. Registry entries deleted on Reboot...

Архивирайте папката C:\_OTM\MovedFiles и я качете някъде по-избор.

Публикувайте линк за да я изтеглим и след това я изтрийте (папката) от компютъра си (както и архива).

След това:

• Изтеглете Malwarebytes' Anti-Malware оттук и я инсталирайте.
• Стартирайте Malwarebytes' Anti-Malware и отидете на UPDATE и натиснете Check for updates.
• След това се върнете на Scanner изберете Perform QUICK Scan, след това кликнете на Scan.
• Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
• Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
• Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
• Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.

Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

http://dox.bg/files/dw?a=fee4c3051e - това е архива. Останалото утре. Благодаря за бързата реакция и лека нощ от мен, до утре!

За нищо. Благодаря за точното спазване на инструкциите. До утре (живот и здраве).

Eто лога, но нищо не намери: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7640 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 03.9.2011 г. 11:00:09 mbam-log-2011-09-03 (11-00-09).txt Scan type: Quick scan Objects scanned: 170490 Time elapsed: 2 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Супер. Сега искам да проверим какво се случва с MBR записа, защото само там имам притеснения.

Сега:

Моля, изтеглете aswMBR и го запазете на вашия десктоп.

• Кликнете с двоен клин на мишката върху файла aswMBR.exe за да го стартирате.
• Изчакайте да изтегли дефинициите на avast!
• От падащото меню посочете дял C:\ както е на снимката:

• Изберете Scan бутона, за да започне проверката.
• Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му в следващия си коментар.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software Run date: 2011-09-03 16:39:23 ----------------------------- 16:39:23.984 OS Version: Windows 5.1.2600 Service Pack 3 16:39:23.984 Number of processors: 2 586 0xF0B 16:39:23.984 ComputerName: PC UserName: 16:39:24.234 Initialize success 16:40:07.718 AVAST engine defs: 11090201 16:40:41.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 16:40:41.687 Disk 0 Vendor: ST3320620AS 3.AAE Size: 305245MB BusType: 3 16:40:43.718 Disk 0 MBR read successfully 16:40:43.718 Disk 0 MBR scan 16:40:43.781 Disk 0 Windows XP default MBR code 16:40:43.781 Disk 0 scanning sectors +625137345 16:40:43.843 Disk 0 scanning C:\WINDOWS\system32\drivers 16:40:53.937 Service scanning 16:40:54.171 Service dtscsi C:\WINDOWS\System32\Drivers\dtscsi.sys **LOCKED** 32 16:40:54.328 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32 16:40:54.859 Modules scanning 16:40:59.953 Disk 0 trace - called modules: 16:40:59.968 ntkrnlpa.exe >>UNKNOWN [0x8a84f808]<< 16:40:59.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7baab8] 16:40:59.968 \Driver\Disk[0x8a7bb968] -> IRP_MJ_CREATE -> 0x8a84f808 16:41:00.437 AVAST engine scan C:\ 17:09:39.296 File: C:\Program Files\Advanced Woman Calendar\WomanCalendar.exe **INFECTED** Win32:Trojan-gen 18:15:09.593 File: C:\RECYCLER\S-1-5-21-1078081533-926492609-682003330-1003\Dc1\MovedFiles\09022011_224707\c_documents and settings\pc 2\local settings\Temp\tmp70.exe **INFECTED** Win32:Kolab-KN [Trj] 18:15:10.015 File: C:\RECYCLER\S-1-5-21-1078081533-926492609-682003330-1003\Dc1\MovedFiles\09022011_224707\c_windows\system32\wmpnkc32.exe **INFECTED** Win32:Kolab-KN [Trj] 19:04:29.093 Scan finished successfully 19:57:52.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\pc 2\Desktop\MBR.dat" 19:57:52.062 The log file has been saved successfully to "C:\Documents and Settings\pc 2\Desktop\aswMBR.txt"

СТЪПКА 1

Отворете virustotal и с бутона Browse намерете файла:

C:\Program Files\Advanced Woman Calendar\WomanCalendar.exe

Натиснете бутона SEND.

Ако файла вече е анализирам, моля натиснете re-analyse.

Публикувайте резултатите от проверката за този файл в следващяи си коментар.

Повторете процедурата и за останалите файлове в папката...

СТЪПКА 2

Изтеглете прикачения файл и го разархивирайте. del.zip

Стартирайте del.bat и натиснете ок след като видите съобщението Deleted Successfully.

Файла ще се самоизтрие след като приключи работа.

СТЪПКА 3

Искам да проверя още нещо...стартирайте отново TDSSKiller.

След като скенера намери двата драйвъра, от падащото меню изберете DELETE и за двата драйвъра.

Натиснете Continue. Рестартирайте системата.

СТЪПКА 4

Направете свежа проверка с DDS (както направихте в началото на темата) и публикувайте лог файловете.

Имате ли все още проблеми с компютъра ?

Стъпка 1 за първия файл: Antivirus Version Last Update Result AhnLab-V3 2011.09.03.00 2011.09.03 Downloader/Win32.Adload AntiVir 7.11.14.90 2011.09.02 BDS/Bot.4334 Antiy-AVL 2.0.3.7 2011.09.04 - Avast 4.8.1351.0 2011.09.02 Win32:Trojan-gen Avast5 5.0.677.0 2011.09.02 Win32:Trojan-gen AVG 10.0.0.1190 2011.09.04 Downloader.Generic9.EJA BitDefender 7.2 2011.09.04 Backdoor.Bot.4334 ByteHero 1.0.0.1 2011.09.01 - CAT-QuickHeal 11.00 2011.09.03 Trojan.Agent.ATV ClamAV 0.97.0.0 2011.09.04 PUA.Packed.UPack-2 Commtouch 5.3.2.6 2011.09.03 W32/Heuristic-210!Eldorado Comodo 9987 2011.09.04 Packed.Win32.MUPACK.~KW DrWeb 5.0.2.03300 2011.09.04 Trojan.DownLoader1.32230 Emsisoft 5.1.0.11 2011.09.04 Trojan-Downloader.Win32.Adload!IK eSafe 7.0.17.0 2011.09.01 Win32.BDSBot eTrust-Vet 36.1.8537 2011.09.02 - F-Prot 4.6.2.117 2011.09.03 W32/Heuristic-210!Eldorado F-Secure 9.0.16440.0 2011.09.03 Backdoor.Bot.4334 Fortinet 4.3.370.0 2011.09.04 W32/Adload.LNG!tr.dldr GData 22 2011.09.04 Backdoor.Bot.4334 Ikarus T3.1.1.107.0 2011.09.04 Trojan-Downloader.Win32.Adload Jiangmin 13.0.900 2011.09.03 Backdoor/RBot.woz K7AntiVirus 9.111.5083 2011.09.02 - Kaspersky 9.0.0.837 2011.09.04 Trojan-Downloader.Win32.Adload.lng McAfee-GW-Edition 2010.1D 2011.09.03 Heuristic.LooksLike.Win32.Suspicious.C Microsoft 1.7604 2011.09.04 Backdoor:Win32/Ursap!rts NOD32 6434 2011.09.04 probably a variant of Win32/Agent.ERDWVRV Norman 6.07.11 2011.09.03 W32/Packed_Upack.A nProtect 2011-09-03.01 2011.09.03 - Panda 10.0.3.5 2011.09.03 Trj/Pupack.A PCTools 8.0.0.5 2011.09.04 - Prevx 3.0 2011.09.04 - Rising 23.73.01.03 2011.08.30 Trojan.Win32.Generic.11F1F5D3 Sophos 4.69.0 2011.09.04 Mal/FakeAV-JO SUPERAntiSpyware 4.40.0.1006 2011.09.03 - Symantec 20111.2.0.82 2011.09.04 Suspicious.MH690.A TheHacker 6.7.0.1.290 2011.09.03 W32/Behav-Heuristic-060 TrendMicro 9.500.0.1008 2011.09.03 Cryp_Xed-12 TrendMicro-HouseCall 9.500.0.1008 2011.09.04 Cryp_Xed-12 VBA32 3.12.16.4 2011.09.02 Trojan-Downloader.Win32.Adload.lng VIPRE 10365 2011.09.04 Trojan.Win32.Packer.Upack0.3.9 (ep) ViRobot 2011.9.3.4655 2011.09.03 - VirusBuster 14.0.200.0 2011.09.03 Trojan.Genome!FZoe4b7hzl0 Additional information MD5 : b0dae9105f8da682b4031937176a3966 SHA1 : 927c7355fcd2d240b74a6f6b468c47e10b27588a SHA256: 90c3d6a7cdf61e0154c66ab553005baba8385cb23df9b6f231b734d2d72bfd33 П.П. Не, още от вчера нямам проблеми с компютъра. А може ли да попитам защо проверяваме женския календар? П.П.2: Това нещо се скапа... Ще започна от начало.

Редактирано 4 септември 201114 г. от tory_ (преглед на промените)

Проверяваме го, защото както изглежда и от резултатите във VirusTotal май е заразен...и е добре да бъде деинсталирана/изтрита цялата програма. По точка 2, не сте изтеглили прикачения файл...

Имах предвид, че поста ми се скапа след побликуването. Не излезна подреден текста, както беше. Както и да е, сега сканирам ддс-то и после ще побликувам пак. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26 Run by pc 2 at 16:27:30 on 2011-09-04 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2047.1189 [GMT 3:00] . AV: ESET NOD32 antivirus system 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Eset\UpdateReminder.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Advanced Woman Calendar\WomanCalendar.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\USB-Switch\USwitch.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Mozilla Firefox\firefox.exe svchost.exe C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CNAB3RPK.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\Common Files\Protexis\License Service\PSIService.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.qip.ru uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: IeCatch2 Class: {a5366673-e8ca-11d3-9cd9-0090271d075b} - c:\progra~1\flashget\jccatch.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [Advanced Woman Calendar] "c:\program files\advanced woman calendar\WomanCalendar.exe" -m uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [<NO NAME>] mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [zzzHPSETUP] e:\setup.exe \RESET mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe" mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [<NO NAME>] mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup mRun: [Nokia FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [updateReminder] c:\program files\eset\UpdateReminder.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\pc2~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\usb20s~1.lnk - c:\program files\usb-switch\USwitch.exe IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm IE: Download using FlashGet - c:\program files\flashget\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL LSP: c:\windows\system32\imon.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{5A39E6B8-9937-42B5-B138-067E109B0263} : DhcpNameServer = 192.168.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\pc 2\application data\mozilla\firefox\profiles\6jrtw7py.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://uk.ask.com/ FF - component: c:\documents and settings\pc 2\application data\mozilla\firefox\profiles\6jrtw7py.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\pc 2\application data\mozilla\firefox\profiles\6jrtw7py.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll FF - plugin: c:\documents and settings\pc 2\application data\facebook\npfbplugin_1_0_0.dll FF - plugin: c:\documents and settings\pc 2\application data\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\documents and settings\pc 2\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-12-20 15424] R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\common files\abbyy\finereader\9.00\licensing\pe\NetworkLicenseServer.exe [2007-12-6 660768] R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2007-12-20 549256] R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2006-8-22 316992] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-12-20 38656] S2 gupdate1c9fd735fed3abe;Ус»уі° Google Update (gupdate1c9fd735fed3abe);c:\program files\google\update\GoogleUpdate.exe [2009-7-5 133104] S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-5 133104] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-9-8 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-9-8 8320] . =============== Created Last 30 ================ . 2011-09-03 07:56:20 -------- d-----w- c:\documents and settings\pc 2\application data\Malwarebytes 2011-09-03 07:55:56 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-09-03 07:55:56 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-09-03 07:55:53 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-03 07:55:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-12 11:01:20 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-12 11:01:11 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys . ==================== Find3M ==================== . 2011-09-04 07:00:19 2568 --sha-w- c:\windows\system32\KGyGaAvL.sys 2011-08-20 04:08:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll 2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-06-21 18:45:57 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-06-21 18:45:57 17408 ------w- c:\windows\system32\corpol.dll 2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll . ============= FINISH: 16:33:12,90 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 07.5.2005 г. 18:24:05 System Uptime: 04.9.2011 г. 16:25:22 (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | P5KC Processor: Intel® Core2 Duo CPU E6550 @ 2.33GHz | LGA775 | 2337/333mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 49 GiB total, 23,374 GiB free. D: is FIXED (NTFS) - 249 GiB total, 51,793 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP853: 17.6.2011 г. 00:03:25 - System Checkpoint RP854: 18.6.2011 г. 00:07:55 - System Checkpoint RP855: 19.6.2011 г. 00:21:26 - System Checkpoint RP856: 20.6.2011 г. 08:31:38 - System Checkpoint RP857: 21.6.2011 г. 09:48:49 - System Checkpoint RP858: 22.6.2011 г. 11:29:44 - System Checkpoint RP859: 23.6.2011 г. 12:14:24 - System Checkpoint RP860: 24.6.2011 г. 13:28:03 - System Checkpoint RP861: 26.6.2011 г. 14:30:06 - System Checkpoint RP862: 27.6.2011 г. 23:30:44 - System Checkpoint RP863: 29.6.2011 г. 08:53:55 - System Checkpoint RP864: 30.6.2011 г. 00:02:42 - Software Distribution Service 3.0 RP865: 01.7.2011 г. 10:23:43 - System Checkpoint RP866: 02.7.2011 г. 11:18:18 - System Checkpoint RP867: 03.7.2011 г. 11:55:36 - System Checkpoint RP868: 04.7.2011 г. 08:20:36 - Installed Java 6 Update 26 RP869: 05.7.2011 г. 19:33:25 - System Checkpoint RP870: 06.7.2011 г. 21:15:38 - System Checkpoint RP871: 07.7.2011 г. 22:00:05 - System Checkpoint RP872: 08.7.2011 г. 22:38:21 - System Checkpoint RP873: 12.7.2011 г. 08:11:52 - System Checkpoint RP874: 13.7.2011 г. 08:31:21 - System Checkpoint RP875: 14.7.2011 г. 08:16:17 - Software Distribution Service 3.0 RP876: 15.7.2011 г. 08:18:03 - System Checkpoint RP877: 16.7.2011 г. 09:11:07 - System Checkpoint RP878: 17.7.2011 г. 10:33:08 - System Checkpoint RP879: 18.7.2011 г. 11:04:02 - System Checkpoint RP880: 19.7.2011 г. 11:10:36 - System Checkpoint RP881: 20.7.2011 г. 19:21:15 - System Checkpoint RP882: 21.7.2011 г. 20:13:32 - System Checkpoint RP883: 22.7.2011 г. 21:33:13 - System Checkpoint RP884: 23.7.2011 г. 23:28:41 - System Checkpoint RP885: 25.7.2011 г. 17:19:14 - System Checkpoint RP886: 26.7.2011 г. 17:35:27 - System Checkpoint RP887: 27.7.2011 г. 19:41:07 - System Checkpoint RP888: 28.7.2011 г. 20:01:21 - System Checkpoint RP889: 30.7.2011 г. 13:35:48 - System Checkpoint RP890: 31.7.2011 г. 15:04:07 - System Checkpoint RP891: 02.8.2011 г. 09:49:47 - System Checkpoint RP892: 03.8.2011 г. 20:21:07 - System Checkpoint RP893: 05.8.2011 г. 10:10:25 - System Checkpoint RP894: 06.8.2011 г. 11:04:10 - System Checkpoint RP895: 07.8.2011 г. 13:05:59 - System Checkpoint RP896: 08.8.2011 г. 13:46:51 - System Checkpoint RP897: 12.8.2011 г. 14:48:01 - System Checkpoint RP898: 13.8.2011 г. 08:58:14 - Software Distribution Service 3.0 RP899: 14.8.2011 г. 09:13:58 - System Checkpoint RP900: 15.8.2011 г. 19:04:14 - System Checkpoint RP901: 16.8.2011 г. 19:15:31 - System Checkpoint RP902: 17.8.2011 г. 19:17:10 - System Checkpoint RP903: 18.8.2011 г. 19:19:56 - System Checkpoint RP904: 19.8.2011 г. 23:44:22 - System Checkpoint RP905: 21.8.2011 г. 08:49:54 - System Checkpoint RP906: 22.8.2011 г. 08:51:56 - System Checkpoint RP907: 23.8.2011 г. 18:00:29 - System Checkpoint RP908: 24.8.2011 г. 22:47:12 - System Checkpoint RP909: 25.8.2011 г. 00:23:56 - Software Distribution Service 3.0 RP910: 26.8.2011 г. 09:40:29 - System Checkpoint RP911: 27.8.2011 г. 10:32:32 - System Checkpoint RP912: 28.8.2011 г. 17:10:15 - System Checkpoint RP913: 29.8.2011 г. 18:08:22 - System Checkpoint RP914: 30.8.2011 г. 22:15:30 - System Checkpoint RP915: 31.8.2011 г. 22:47:23 - System Checkpoint RP916: 02.9.2011 г. 09:00:24 - System Checkpoint RP917: 03.9.2011 г. 09:52:37 - System Checkpoint RP918: 04.9.2011 г. 10:35:05 - System Checkpoint . ==== Installed Programs ====================== . ABBYY FineReader 9.0 Professional Edition Ad-Aware Add or Remove Adobe Creative Suite 3 Master Collection Adobe Acrobat 5.0 Adobe Acrobat 8 Professional Adobe Acrobat 8.1.1 Professional Adobe After Effects CS3 Presets Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Audition 1.5 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Common File Installer Adobe Creative Suite 3 Master Collection Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe InDesign CS2 Adobe InDesign CS3 Adobe InDesign CS3 Icon Handler Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS2 Adobe Photoshop CS3 Adobe Reader 8.1.1 Adobe Setup Adobe SING CS3 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Video Profiles Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP DVA Panels CS3 Adobe XMP Panels CS3 Advanced Woman Calendar 2.0 AEnglish Dictionary XP 1.72 AHV content for Acrobat and Flash Apple Application Support Apple Software Update Artcut Software Ashampoo Burning Studio 7 ASUS VGA Driver ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver Attansic Ethernet Utility Attansic L1 Gigabit Ethernet Driver AVIVO BufferChm BulgarianPhonetic XP by G. Atanasov Canon LBP3000 CANYON CN-WCAM21 PC-Camera Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common ccc-core-preinstall ccc-core-static ccc-utility CCC Help English CCleaner CorelDRAW Graphics Suite X3 CP_AtenaShokunin1Config CP_CalendarTemplates1 CP_Package_Basic1 CP_Panorama1Config Critical Update for Windows Media Player 11 (KB959772) CueTour Cyrilla Destinations DeviceFunctionQFolder DeviceManagementQFolder DocProc EN eSupportQFolder Facebook Plug-In FLAC 1.1.4b (remove only) FlashGet(JetCar) FontNav foobar2000 v0.9.6.3 FullDPAppQFolder GOM Player Google Update Helper Google Updater Google чµјя High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Image Zone 5.3 HP Imaging Device Functions 5.3 HP Scanjet 4370 HP Software Update HP Solution Center & Imaging Support Tools 5.3 hpg4370 hpg4370QFolder HPProductAssistant ImagXpress InstantShareDevices IrfanView (remove only) Java Auto Updater Java 6 Update 26 Java 6 Update 7 K-Lite Codec Pack 2.73 Full Kyodai Mahjongg 2006 v1.42 Magic ISO Maker v5.4 (build 0245) Malwarebytes' Anti-Malware version 1.51.1.1800 MediaInfo 0.7.3.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.7 Microsoft Visual C++ 2005 Redistributable Monkey's Audio MOP Mozilla Firefox 6.0.1 (x86 bg) Mozilla Thunderbird (3.1.11) MSVC80_x86_v2 MSVC90_x86 MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB933579) Musicmatch® Jukebox neroxml Nikon FotoShare Nikon Message Center NOD32 antivirus system NOD32 FiX v2.1 Nokia Connectivity Cable Driver Nokia Music Nokia Ovi Suite Nokia Ovi Suite Software Updater Nokia Photos Nokia Software Updater Nokia_Multimedia_Common_Components_2_5 oggcodecs 0.71.0946 OpenAL OpenOffice.org Installer 1.0 Ovi Desktop Sync Engine OviMPlatform PanoStandAlone PC Connectivity Solution PDF Settings PhotoGallery PictureProject PowerDVD QuickTime RandMap Realtek High Definition Audio Driver Scan ScannerCopy Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2559049) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Sentinel Protection Installer 7.3.1 Skins SkinsHP1 Skype™ 3.8 SolutionCenter Sonic_PrimoSDK The KMPlayer (remove only) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update Manager USB 2.0 Switch Utility Software VBA WebFldrs XP WebReg Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver Wocarson Windows Genuine Advantage Validation v1.9.40.0 Cracked V2 XviD MPEG-4 Video Codec ч§фєНјїІ µTorrent . ==== Event Viewer Messages From Past Week ======== . 31.8.2011 і. 16:36:45, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 30.8.2011 і. 19:16:13, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 30.8.2011 і. 07:42:32, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 29.8.2011 і. 11:04:50, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 29.8.2011 і. 10:59:36, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 29.8.2011 і. 07:21:35, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 28.8.2011 і. 16:17:33, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 04.9.2011 і. 16:26:22, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 04.9.2011 і. 16:25:55, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 04.9.2011 і. 08:00:27, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 03.9.2011 і. 07:49:05, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 02.9.2011 і. 22:50:28, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 02.9.2011 і. 22:47:09, error: Service Control Manager [7034] - The ServiceLayer service terminated unexpectedly. It has done this 1 time(s). 02.9.2011 і. 22:47:09, error: Service Control Manager [7034] - The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s). 02.9.2011 і. 22:47:08, error: Service Control Manager [7034] - The Sentinel Protection Server service terminated unexpectedly. It has done this 1 time(s). 02.9.2011 і. 22:47:08, error: Service Control Manager [7034] - The Sentinel Keys Server service terminated unexpectedly. It has done this 1 time(s). 02.9.2011 і. 22:47:08, error: Service Control Manager [7034] - The ProtexisLicensing service terminated unexpectedly. It has done this 1 time(s). 02.9.2011 і. 22:47:07, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s). 02.9.2011 і. 22:47:07, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 02.9.2011 і. 22:47:07, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s). 02.9.2011 і. 22:47:07, error: Service Control Manager [7034] - The ABBYY FineReader 9.0 PE Licensing Service service terminated unexpectedly. It has done this 1 time(s). 02.9.2011 і. 22:47:07, error: Service Control Manager [7034] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s). 02.9.2011 і. 22:47:07, error: Service Control Manager [7031] - The NOD32 Kernel Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 02.9.2011 і. 22:47:07, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 02.9.2011 і. 08:08:06, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 02.9.2011 і. 02:39:13, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 02.9.2011 і. 02:32:47, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 02.9.2011 і. 02:19:55, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 01.9.2011 і. 20:00:44, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. 01.9.2011 і. 07:06:19, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the file specified. . ==== End Of File ===========================

Чудесно. Лог файловете са чисти.

Изтеглете OTCleanIt, стартирайте OTC.exe и натиснете Clean Up.

Ако има програми от тези които сме използвали и не са се изтрили след горната процедура ги изтрийте ръчно.

Обновете Adobe Reader до последната му версия:

Adobe Reader 10.1.0

Направете същото и с Java

jre-6u27-windows-i586.exe

Съветвам ви да деинсталирате кракнатия и стар NOD32....от Add or remove Programs от Control Panel-a

NOD32 antivirus system

NOD32 FiX v2.1

Добър избор от безплатните програми са avast! 6 или Avira 10

Поздрави и безопасно сърфиране !

Много благодаря. Хубави и весели празници!!!