rock n roll

"В" бе човек, "в", а не "във". Не е нужно да се мислиш за велик като пишеш грамотно. Лошото е да се мислиш за велик, когато не пишеш и не приемаш съвета. Купи си букварче. Не изпитваш ли поне малко срам от правописа си? Предполагам още не си стигнал до матурите, така че се стягай, защото с такъв правопис трудно ще ги вземеш. За да не е спам, ето едно видео: https://www.youtube.com/watch?v=hLPPE3_DVCw

Колега, нищо лично, ама научи кога се пише "в" и кога "във". Във всеки пост ти четем неграмотността. По темата: Земята не е плоска.

Последните 2 дена направо не може да се търпи не можеш да гледаш клип в youtube, vbox направо ужас - скоростта е толкова слаааааба не разбирам защо? каква е причината. нета ми по принцип си е тъп и бавен DL rate - 7-8 mb както и upload а сега ъплоуда си е пак висок а даунлоада не, къв е проблема, питах 5 човека на тоя доставчик всички имат нормален спийд само аз!? що? дори 1 от хората живее на 4 улици разстояние и му е нормален нета само на мен ? тва е необяснимо възможно ли е от интернет доставчика да е пък само на мен да е и кво да правя тряа ми нет а тва за мен не е нет само дето плащаам. :@:@

Браузвах си из разни гугъл сайтове, търсейки информация и в един сайт ме redirect-на някъде и NOD32 започна да отваря прозорци че блокира атаки - резулттат - 13 блокирани ето скрийн има ли причина за притеснение? и да ги изтрия ли тези от карантината? Ето DDS: . DDS (Ver_11-03-05.01) - NTFSx86 Run by Insaneboy at 22:11:06.18 on неделя 05/01/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.2047.1302 [GMT -7:00] . AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\WINDOWS\system32\ctfmon.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Documents and Settings\Insaneboy\Local Settings\Application Data\Google\Update\1.3.21.53\GoogleCrashHandler.exe C:\Program Files\Datecs\FlexType 2K\FType2K.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\BitComet\BitComet.exe C:\Documents and Settings\Insaneboy\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bigseekpro.com/hypercam/{DD2814B1-439C-4007-9DCC-07A75417A01E} uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = 64.8.190.49:3128 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll uRun: [bitComet] "c:\program files\bitcomet\BitComet.exe" /tray uRun: [Google Update] "c:\documents and settings\insaneboy\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice StartupFolder: c:\docume~1\insane~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\insane~1\startm~1\programs\startup\esetno~1.lnk - c:\program files\eset\eset nod32 antivirus\egui.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\esetno~1.lnk - c:\program files\eset\eset nod32 antivirus\egui.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flexty~1.lnk - c:\program files\datecs\flextype 2k\FType2K.exe IE: &С&валяне &с BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm IE: &С&валяне всички видео с BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm IE: &С&валяне всички с BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\insane~1\applic~1\mozilla\firefox\profiles\upnk4r34.default\ FF - prefs.js: browser.search.selectedEngine - BigSeekPro FF - prefs.js: browser.startup.homepage - hxxp://www.php-proxy.net/index.php?q=aHR0cDovL3phbXVuZGEubmV0L2Jyb3dzZS5waHA%3D FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\insaneboy\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-12 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-12 94360] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-12 731840] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 ATICDSDr;ATICDSDr;\??\e:\install pack\bin\atiicdxx.sys --> e:\install pack\bin\atiicdxx.sys [?] S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\insane~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\insane~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688] . =============== Created Last 30 ================ . 2011-04-23 03:13:17 -------- d-----w- c:\docume~1\insane~1\locals~1\applic~1\Thinstall 2011-04-17 07:22:16 -------- d-----w- c:\docume~1\insane~1\locals~1\applic~1\Temporary Projects 2011-04-13 17:15:19 -------- d-----w- C:\_OTL 2011-04-04 06:47:08 -------- d-----w- c:\docume~1\insane~1\applic~1\f-secure 2011-04-02 20:56:46 -------- d-----w- c:\program files\Video Spin Blaster . ==================== Find3M ==================== . 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll . ============= FINISH: 22:11:31.23 =============== и Attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 9/3/2010 9:34:51 AM System Uptime: 4/30/2011 11:38:49 PM (23 hours ago) . Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7388 Processor: AMD Athlon 64 X2 Dual Core Processor 5000+ | CPU 1 | 2600/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 134 GiB total, 0.495 GiB free. D: is FIXED (NTFS) - 462 GiB total, 318.741 GiB free. E: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Audio Device on High Definition Audio Bus Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&AC286C1&0&0001 Manufacturer: Name: Audio Device on High Definition Audio Bus PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&AC286C1&0&0001 Service: . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: SM Bus Controller Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_73881462&REV_14\3&267A616A&0&A0 Manufacturer: Name: SM Bus Controller PNP Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_73881462&REV_14\3&267A616A&0&A0 Service: . ==== System Restore Points =================== . RP20: 4/17/2011 6:24:40 PM - System Checkpoint RP21: 4/18/2011 6:54:04 PM - System Checkpoint RP22: 4/19/2011 8:51:34 PM - System Checkpoint RP23: 4/20/2011 11:35:14 PM - System Checkpoint RP24: 4/22/2011 12:24:55 AM - System Checkpoint RP25: 4/23/2011 7:59:26 AM - System Checkpoint RP26: 4/24/2011 8:05:09 AM - System Checkpoint RP27: 4/25/2011 11:30:24 AM - System Checkpoint RP28: 4/26/2011 12:05:06 PM - System Checkpoint RP29: 4/27/2011 1:05:06 PM - System Checkpoint RP30: 4/28/2011 1:14:03 PM - System Checkpoint RP31: 4/29/2011 3:00:14 AM - Software Distribution Service 3.0 RP32: 4/30/2011 3:27:12 AM - System Checkpoint RP33: 5/1/2011 3:43:19 AM - System Checkpoint . ==== Installed Programs ====================== . Adobe Bridge 1.0 Adobe Common File Installer Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Stock Photos 1.0 CPA Blaster ESET NOD32 Antivirus Google Chrome Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Mozilla Firefox (3.6.16) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Skype™ 3.8 Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Windows XP (KB971029) Video Spin Blaster . ==== Event Viewer Messages From Past Week ======== . 4/29/2011 8:19:14 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 4/29/2011 12:44:01 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0. . ==== End Of File ===========================

аре ве пичовя помагайте

Здравейте. Аз съм на 16 години и искам да почна да тренирам така за малко мускули, 1.78-1.80 някъде съм и съм 58 килограма. Трябва да кача мускулна маса (кажете какво да ям, че съм доста бос в тва). И искам да направя мускули - бицепс, трицепс и да стегна малко корем, гърди, не че имам некви сланини де, слаб съм, но нямам оформени мускули. Фитнес в града ми няма и не ми е много удобно да ходя до съседния град, разполагам с - гири 5-10 кг, 20 кг, 40 кг, наблизо има лостове и успоредки. Дали ще е възможно да направя що годе тяло с това

Макар и малко късно, пиша тук за да ти кажа и на всички други които искат да си взимат реплика, просто да не го правят. Това беше най-голямата ми грешка. Нищо общо с iPhone а и освен тва е пълно китайско менте - ужасен тъч (ако може да се нарече така), ужасен говорител, ужасни цветове на дисплея, дори и с ябълка не се пускаше а просто имаше лепната отзад откакто имам айфон не съжалявам и за миг, така че остави репликите и си вземи един айфон ако ще и втора ръка да е или от по-старите модели... ще си заслужава 100х повече от някое китайско менте.

Ами мисля, че не. Благодаря за съдействието!

Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6362 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/14/2011 6:09:53 AM mbam-log-2011-04-14 (06-09-53).txt Scan type: Quick scan Objects scanned: 147371 Time elapsed: 2 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

2011/04/14 03:14:45.0546 2248 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/14 03:14:46.0046 2248 ================================================================================ 2011/04/14 03:14:46.0046 2248 SystemInfo: 2011/04/14 03:14:46.0046 2248 2011/04/14 03:14:46.0046 2248 OS Version: 5.1.2600 ServicePack: 3.0 2011/04/14 03:14:46.0046 2248 Product type: Workstation 2011/04/14 03:14:46.0046 2248 ComputerName: INSANEBO-191771 2011/04/14 03:14:46.0046 2248 UserName: Insaneboy 2011/04/14 03:14:46.0046 2248 Windows directory: C:\WINDOWS 2011/04/14 03:14:46.0046 2248 System windows directory: C:\WINDOWS 2011/04/14 03:14:46.0046 2248 Processor architecture: Intel x86 2011/04/14 03:14:46.0046 2248 Number of processors: 2 2011/04/14 03:14:46.0046 2248 Page size: 0x1000 2011/04/14 03:14:46.0046 2248 Boot type: Normal boot 2011/04/14 03:14:46.0046 2248 ================================================================================ 2011/04/14 03:14:46.0390 2248 Initialize success 2011/04/14 03:14:53.0078 1236 ================================================================================ 2011/04/14 03:14:53.0078 1236 Scan started 2011/04/14 03:14:53.0078 1236 Mode: Manual; 2011/04/14 03:14:53.0078 1236 ================================================================================ 2011/04/14 03:14:53.0781 1236 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/04/14 03:14:53.0812 1236 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/04/14 03:14:53.0859 1236 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/04/14 03:14:53.0890 1236 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 2011/04/14 03:14:53.0968 1236 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 2011/04/14 03:14:54.0046 1236 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/04/14 03:14:54.0062 1236 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/04/14 03:14:54.0187 1236 ati2mtag (eb0531822aabcf843a0940d4ca8a90a9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/04/14 03:14:54.0250 1236 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys 2011/04/14 03:14:54.0265 1236 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/04/14 03:14:54.0296 1236 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/04/14 03:14:54.0328 1236 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/04/14 03:14:54.0343 1236 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys 2011/04/14 03:14:54.0375 1236 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys 2011/04/14 03:14:54.0390 1236 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys 2011/04/14 03:14:54.0421 1236 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys 2011/04/14 03:14:54.0468 1236 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys 2011/04/14 03:14:54.0500 1236 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/04/14 03:14:54.0531 1236 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/04/14 03:14:54.0546 1236 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/04/14 03:14:54.0562 1236 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/04/14 03:14:54.0656 1236 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/04/14 03:14:54.0703 1236 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/04/14 03:14:54.0718 1236 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/04/14 03:14:54.0718 1236 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/04/14 03:14:54.0765 1236 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/04/14 03:14:54.0812 1236 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/04/14 03:14:54.0843 1236 eamon (ba6c651acca50abbb27d463658fff01c) C:\WINDOWS\system32\DRIVERS\eamon.sys 2011/04/14 03:14:54.0875 1236 ehdrv (820c19b966c0e419e2e860128397060d) C:\WINDOWS\system32\DRIVERS\ehdrv.sys 2011/04/14 03:14:54.0906 1236 epfwtdir (a034d7390880924e6eff8d6a1d0edec4) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys 2011/04/14 03:14:55.0031 1236 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/04/14 03:14:55.0046 1236 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/04/14 03:14:55.0062 1236 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/04/14 03:14:55.0062 1236 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/04/14 03:14:55.0109 1236 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/04/14 03:14:55.0140 1236 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/04/14 03:14:55.0156 1236 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/04/14 03:14:55.0171 1236 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/04/14 03:14:55.0187 1236 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/04/14 03:14:55.0218 1236 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/04/14 03:14:55.0250 1236 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys 2011/04/14 03:14:55.0281 1236 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/04/14 03:14:55.0328 1236 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/04/14 03:14:55.0375 1236 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/04/14 03:14:55.0390 1236 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/04/14 03:14:55.0500 1236 IntcAzAudAddService (8f924588c272fdaa28cf31a9bbc21a72) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/04/14 03:14:55.0562 1236 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/04/14 03:14:55.0578 1236 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/04/14 03:14:55.0593 1236 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/04/14 03:14:55.0609 1236 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/04/14 03:14:55.0625 1236 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/04/14 03:14:55.0656 1236 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/04/14 03:14:55.0671 1236 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/04/14 03:14:55.0687 1236 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/04/14 03:14:55.0734 1236 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/04/14 03:14:55.0765 1236 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/04/14 03:14:55.0796 1236 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/04/14 03:14:55.0843 1236 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys 2011/04/14 03:14:55.0875 1236 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/04/14 03:14:55.0890 1236 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/04/14 03:14:55.0906 1236 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/04/14 03:14:55.0937 1236 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/04/14 03:14:55.0937 1236 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/04/14 03:14:55.0968 1236 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/04/14 03:14:56.0000 1236 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/04/14 03:14:56.0031 1236 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/04/14 03:14:56.0062 1236 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/04/14 03:14:56.0093 1236 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/04/14 03:14:56.0109 1236 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/04/14 03:14:56.0140 1236 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/04/14 03:14:56.0171 1236 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/04/14 03:14:56.0187 1236 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/04/14 03:14:56.0203 1236 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/04/14 03:14:56.0218 1236 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/04/14 03:14:56.0234 1236 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/04/14 03:14:56.0265 1236 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/04/14 03:14:56.0281 1236 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/04/14 03:14:56.0296 1236 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/04/14 03:14:56.0359 1236 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys 2011/04/14 03:14:56.0375 1236 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys 2011/04/14 03:14:56.0390 1236 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/04/14 03:14:56.0421 1236 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/04/14 03:14:56.0437 1236 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/04/14 03:14:56.0453 1236 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/04/14 03:14:56.0484 1236 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/04/14 03:14:56.0500 1236 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/04/14 03:14:56.0515 1236 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/04/14 03:14:56.0546 1236 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/04/14 03:14:56.0562 1236 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 2011/04/14 03:14:56.0593 1236 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/04/14 03:14:56.0625 1236 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/04/14 03:14:56.0656 1236 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/04/14 03:14:56.0765 1236 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/04/14 03:14:56.0781 1236 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/04/14 03:14:56.0796 1236 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/04/14 03:14:56.0828 1236 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/04/14 03:14:56.0906 1236 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/04/14 03:14:56.0921 1236 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/04/14 03:14:56.0937 1236 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/04/14 03:14:56.0937 1236 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/04/14 03:14:56.0968 1236 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/04/14 03:14:56.0984 1236 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/04/14 03:14:57.0000 1236 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/04/14 03:14:57.0015 1236 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/04/14 03:14:57.0031 1236 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/04/14 03:14:57.0062 1236 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys 2011/04/14 03:14:57.0109 1236 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys 2011/04/14 03:14:57.0125 1236 RTLE8023xp (3400495f5b219d5153c770a95499579c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 2011/04/14 03:14:57.0156 1236 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/04/14 03:14:57.0171 1236 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/04/14 03:14:57.0203 1236 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/04/14 03:14:57.0234 1236 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/04/14 03:14:57.0296 1236 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/04/14 03:14:57.0343 1236 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 2011/04/14 03:14:57.0343 1236 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/04/14 03:14:57.0343 1236 sptd - detected Locked file (1) 2011/04/14 03:14:57.0375 1236 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/04/14 03:14:57.0406 1236 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/04/14 03:14:57.0437 1236 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/04/14 03:14:57.0468 1236 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/04/14 03:14:57.0546 1236 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/04/14 03:14:57.0593 1236 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/04/14 03:14:57.0625 1236 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/04/14 03:14:57.0656 1236 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/04/14 03:14:57.0687 1236 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/04/14 03:14:57.0734 1236 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/04/14 03:14:57.0781 1236 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/04/14 03:14:57.0796 1236 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 2011/04/14 03:14:57.0843 1236 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/04/14 03:14:57.0843 1236 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/04/14 03:14:57.0859 1236 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/04/14 03:14:57.0875 1236 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/04/14 03:14:57.0906 1236 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/04/14 03:14:57.0921 1236 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys 2011/04/14 03:14:57.0937 1236 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 2011/04/14 03:14:57.0968 1236 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/04/14 03:14:57.0984 1236 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/04/14 03:14:58.0031 1236 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/04/14 03:14:58.0078 1236 w800bus (b8c182df79ac8938311ac8e193d52762) C:\WINDOWS\system32\DRIVERS\w800bus.sys 2011/04/14 03:14:58.0109 1236 w800mdfl (3af69f28c17e1e03bb894f00d905add8) C:\WINDOWS\system32\DRIVERS\w800mdfl.sys 2011/04/14 03:14:58.0140 1236 w800mdm (0d12afd1e1c95226b4268c1777625d05) C:\WINDOWS\system32\DRIVERS\w800mdm.sys 2011/04/14 03:14:58.0171 1236 w800mgmt (36ad2eb4a6376d08555864eb4cfd2508) C:\WINDOWS\system32\DRIVERS\w800mgmt.sys 2011/04/14 03:14:58.0187 1236 w800obex (7905915006febbf0f137af36a3fd6429) C:\WINDOWS\system32\DRIVERS\w800obex.sys 2011/04/14 03:14:58.0203 1236 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/04/14 03:14:58.0250 1236 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 2011/04/14 03:14:58.0296 1236 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/04/14 03:14:58.0343 1236 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/04/14 03:14:58.0500 1236 ================================================================================ 2011/04/14 03:14:58.0500 1236 Scan finished 2011/04/14 03:14:58.0500 1236 ================================================================================ 2011/04/14 03:14:58.0515 3612 Detected object count: 1 2011/04/14 03:15:31.0015 3612 Locked file(sptd) - User select action: Skip 2011/04/14 03:15:36.0437 1448 ================================================================================ 2011/04/14 03:15:36.0437 1448 Scan started 2011/04/14 03:15:36.0437 1448 Mode: Manual; 2011/04/14 03:15:36.0437 1448 ================================================================================ 2011/04/14 03:15:36.0765 1448 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/04/14 03:15:36.0796 1448 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/04/14 03:15:36.0843 1448 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/04/14 03:15:36.0875 1448 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 2011/04/14 03:15:36.0953 1448 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 2011/04/14 03:15:37.0031 1448 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/04/14 03:15:37.0046 1448 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/04/14 03:15:37.0156 1448 ati2mtag (eb0531822aabcf843a0940d4ca8a90a9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/04/14 03:15:37.0218 1448 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys 2011/04/14 03:15:37.0250 1448 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/04/14 03:15:37.0265 1448 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/04/14 03:15:37.0296 1448 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/04/14 03:15:37.0328 1448 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys 2011/04/14 03:15:37.0343 1448 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys 2011/04/14 03:15:37.0359 1448 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys 2011/04/14 03:15:37.0406 1448 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys 2011/04/14 03:15:37.0437 1448 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys 2011/04/14 03:15:37.0453 1448 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/04/14 03:15:37.0484 1448 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/04/14 03:15:37.0500 1448 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/04/14 03:15:37.0515 1448 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/04/14 03:15:37.0625 1448 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/04/14 03:15:37.0640 1448 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/04/14 03:15:37.0656 1448 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/04/14 03:15:37.0671 1448 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/04/14 03:15:37.0718 1448 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/04/14 03:15:37.0765 1448 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/04/14 03:15:37.0796 1448 eamon (ba6c651acca50abbb27d463658fff01c) C:\WINDOWS\system32\DRIVERS\eamon.sys 2011/04/14 03:15:37.0828 1448 ehdrv (820c19b966c0e419e2e860128397060d) C:\WINDOWS\system32\DRIVERS\ehdrv.sys 2011/04/14 03:15:37.0859 1448 epfwtdir (a034d7390880924e6eff8d6a1d0edec4) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys 2011/04/14 03:15:37.0968 1448 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/04/14 03:15:37.0984 1448 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/04/14 03:15:38.0000 1448 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/04/14 03:15:38.0015 1448 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/04/14 03:15:38.0046 1448 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/04/14 03:15:38.0078 1448 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/04/14 03:15:38.0078 1448 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/04/14 03:15:38.0109 1448 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/04/14 03:15:38.0125 1448 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/04/14 03:15:38.0156 1448 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/04/14 03:15:38.0187 1448 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys 2011/04/14 03:15:38.0218 1448 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/04/14 03:15:38.0265 1448 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/04/14 03:15:38.0328 1448 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/04/14 03:15:38.0343 1448 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/04/14 03:15:38.0453 1448 IntcAzAudAddService (8f924588c272fdaa28cf31a9bbc21a72) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/04/14 03:15:38.0515 1448 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/04/14 03:15:38.0546 1448 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/04/14 03:15:38.0562 1448 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/04/14 03:15:38.0578 1448 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/04/14 03:15:38.0593 1448 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/04/14 03:15:38.0625 1448 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/04/14 03:15:38.0640 1448 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/04/14 03:15:38.0656 1448 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/04/14 03:15:38.0703 1448 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/04/14 03:15:38.0734 1448 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/04/14 03:15:38.0765 1448 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/04/14 03:15:38.0812 1448 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys 2011/04/14 03:15:38.0843 1448 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/04/14 03:15:38.0859 1448 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/04/14 03:15:38.0875 1448 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/04/14 03:15:38.0890 1448 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/04/14 03:15:38.0906 1448 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/04/14 03:15:38.0937 1448 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/04/14 03:15:38.0968 1448 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/04/14 03:15:39.0000 1448 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/04/14 03:15:39.0031 1448 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/04/14 03:15:39.0062 1448 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/04/14 03:15:39.0062 1448 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/04/14 03:15:39.0093 1448 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/04/14 03:15:39.0125 1448 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/04/14 03:15:39.0156 1448 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/04/14 03:15:39.0156 1448 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/04/14 03:15:39.0171 1448 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/04/14 03:15:39.0187 1448 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/04/14 03:15:39.0218 1448 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/04/14 03:15:39.0234 1448 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/04/14 03:15:39.0250 1448 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/04/14 03:15:39.0296 1448 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys 2011/04/14 03:15:39.0328 1448 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys 2011/04/14 03:15:39.0343 1448 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/04/14 03:15:39.0359 1448 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/04/14 03:15:39.0406 1448 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/04/14 03:15:39.0406 1448 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/04/14 03:15:39.0437 1448 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/04/14 03:15:39.0468 1448 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/04/14 03:15:39.0468 1448 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/04/14 03:15:39.0500 1448 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/04/14 03:15:39.0531 1448 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 2011/04/14 03:15:39.0546 1448 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/04/14 03:15:39.0578 1448 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/04/14 03:15:39.0609 1448 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/04/14 03:15:39.0718 1448 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/04/14 03:15:39.0734 1448 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/04/14 03:15:39.0750 1448 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/04/14 03:15:39.0781 1448 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/04/14 03:15:39.0859 1448 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/04/14 03:15:39.0875 1448 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/04/14 03:15:39.0890 1448 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/04/14 03:15:39.0890 1448 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/04/14 03:15:39.0921 1448 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/04/14 03:15:39.0921 1448 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/04/14 03:15:39.0937 1448 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/04/14 03:15:39.0953 1448 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/04/14 03:15:39.0968 1448 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/04/14 03:15:40.0015 1448 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys 2011/04/14 03:15:40.0062 1448 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys 2011/04/14 03:15:40.0078 1448 RTLE8023xp (3400495f5b219d5153c770a95499579c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 2011/04/14 03:15:40.0125 1448 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/04/14 03:15:40.0140 1448 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/04/14 03:15:40.0156 1448 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/04/14 03:15:40.0203 1448 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/04/14 03:15:40.0265 1448 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/04/14 03:15:40.0312 1448 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 2011/04/14 03:15:40.0312 1448 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/04/14 03:15:40.0312 1448 sptd - detected Locked file (1) 2011/04/14 03:15:40.0343 1448 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/04/14 03:15:40.0390 1448 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/04/14 03:15:40.0406 1448 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/04/14 03:15:40.0453 1448 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/04/14 03:15:40.0531 1448 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/04/14 03:15:40.0562 1448 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/04/14 03:15:40.0593 1448 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/04/14 03:15:40.0625 1448 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/04/14 03:15:40.0656 1448 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/04/14 03:15:40.0718 1448 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/04/14 03:15:40.0750 1448 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/04/14 03:15:40.0781 1448 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 2011/04/14 03:15:40.0812 1448 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/04/14 03:15:40.0828 1448 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/04/14 03:15:40.0843 1448 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/04/14 03:15:40.0843 1448 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/04/14 03:15:40.0875 1448 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/04/14 03:15:40.0890 1448 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys 2011/04/14 03:15:40.0906 1448 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 2011/04/14 03:15:40.0937 1448 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/04/14 03:15:40.0968 1448 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/04/14 03:15:41.0000 1448 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/04/14 03:15:41.0046 1448 w800bus (b8c182df79ac8938311ac8e193d52762) C:\WINDOWS\system32\DRIVERS\w800bus.sys 2011/04/14 03:15:41.0062 1448 w800mdfl (3af69f28c17e1e03bb894f00d905add8) C:\WINDOWS\system32\DRIVERS\w800mdfl.sys 2011/04/14 03:15:41.0093 1448 w800mdm (0d12afd1e1c95226b4268c1777625d05) C:\WINDOWS\system32\DRIVERS\w800mdm.sys 2011/04/14 03:15:41.0109 1448 w800mgmt (36ad2eb4a6376d08555864eb4cfd2508) C:\WINDOWS\system32\DRIVERS\w800mgmt.sys 2011/04/14 03:15:41.0140 1448 w800obex (7905915006febbf0f137af36a3fd6429) C:\WINDOWS\system32\DRIVERS\w800obex.sys 2011/04/14 03:15:41.0156 1448 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/04/14 03:15:41.0171 1448 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 2011/04/14 03:15:41.0234 1448 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/04/14 03:15:41.0281 1448 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/04/14 03:15:41.0437 1448 ================================================================================ 2011/04/14 03:15:41.0437 1448 Scan finished 2011/04/14 03:15:41.0437 1448 ================================================================================ 2011/04/14 03:15:41.0453 1892 Detected object count: 1 2011/04/14 03:15:44.0265 1892 Locked file(sptd) - User select action: Skip

ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2011/04/13 10:26 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xA8E0F000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA5D0000 Size: 8192 File Visible: No Signed: - Status: - Name: PCI_PNP0738 Image Path: \Driver\PCI_PNP0738 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA53AC000 Size: 49152 File Visible: No Signed: - Status: - Name: speg.sys Image Path: speg.sys Address: 0xB9EB4000 Size: 995328 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\log\log_122.trc Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\log\log_125.trc Status: Allocation size mismatch (API: 4096, Raw: 0) SSDT ------------------- #: 019 Function Name: NtAssignProcessToJobObject Status: Hooked by "<unknown>" at address 0x891c4c90 #: 041 Function Name: NtCreateKey Status: Hooked by "speg.sys" at address 0xb9eb50e0 #: 057 Function Name: NtDebugActiveProcess Status: Hooked by "<unknown>" at address 0x891c5200 #: 068 Function Name: NtDuplicateObject Status: Hooked by "<unknown>" at address 0x891c52f0 #: 071 Function Name: NtEnumerateKey Status: Hooked by "speg.sys" at address 0xb9ecdda4 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "speg.sys" at address 0xb9ece132 #: 119 Function Name: NtOpenKey Status: Hooked by "speg.sys" at address 0xb9eb50c0 #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0x891c4590 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0x891c4800 #: 137 Function Name: NtProtectVirtualMemory Status: Hooked by "<unknown>" at address 0x891c4fd0 #: 160 Function Name: NtQueryKey Status: Hooked by "speg.sys" at address 0xb9ece20a #: 177 Function Name: NtQueryValueKey Status: Hooked by "speg.sys" at address 0xb9ece08a #: 180 Function Name: NtQueueApcThread Status: Hooked by "<unknown>" at address 0x891c50e0 #: 213 Function Name: NtSetContextThread Status: Hooked by "<unknown>" at address 0x891c4ec0 #: 229 Function Name: NtSetInformationThread Status: Hooked by "<unknown>" at address 0x891c4d90 #: 237 Function Name: NtSetSecurityObject Status: Hooked by "<unknown>" at address 0x891c1da0 #: 247 Function Name: NtSetValueKey Status: Hooked by "speg.sys" at address 0xb9ece29c #: 253 Function Name: NtSuspendProcess Status: Hooked by "<unknown>" at address 0x891c4b90 #: 254 Function Name: NtSuspendThread Status: Hooked by "<unknown>" at address 0x891c4a80 #: 257 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0x891c46e0 #: 258 Function Name: NtTerminateThread Status: Hooked by "<unknown>" at address 0x891c4a50 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "<unknown>" at address 0x891c56d0 Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_READ] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_POWER] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_PNP] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE] Process: System Address: 0x89a9e500 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE] Process: System Address: 0x89a9e500 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89a9e500 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89a9e500 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER] Process: System Address: 0x89a9e500 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89a9e500 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP] Process: System Address: 0x89a9e500 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x89a9b500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x89a9b500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89a9b500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89a9b500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x89a9b500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x89a9b500 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x89b59500 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x89b59500 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89b59500 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89b59500 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x89b59500 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89b59500 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x89b59500 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_CREATE] Process: System Address: 0x89a17500 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_CLOSE] Process: System Address: 0x89a17500 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89a17500 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89a17500 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_POWER] Process: System Address: 0x89a17500 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89a17500 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_PNP] Process: System Address: 0x89a17500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_CREATE] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_CLOSE] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_READ] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_SET_INFORMATION] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_SHUTDOWN] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_CLEANUP] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_PNP] Process: System Address: 0x89a5d500 Size: 121 ==EOF==

Да. All processes killed ========== FILES ========== C:\autorun.inf folder moved successfully. autorun.inf not found in D:\ autorun.exe not found in C:\ autorun.exe not found in D:\ C:\RECYCLER\S-1-5-21-1078081533-926492609-682003330-1003 folder moved successfully. C:\RECYCLER folder moved successfully. D:\RECYCLER\S-1-5-21-1078081533-926492609-682003330-1003 folder moved successfully. D:\RECYCLER folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Insaneboy\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Insaneboy\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Insaneboy ->Temp folder emptied: 769868134 bytes ->Temporary Internet Files folder emptied: 5952378 bytes ->Java cache emptied: 179014 bytes ->FireFox cache emptied: 110580762 bytes ->Google Chrome cache emptied: 26336919 bytes ->Flash cache emptied: 120494 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Tonya %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 849563 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 2285546 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 874.00 mb [EMPTYFLASH] User: All Users User: Default User User: Insaneboy ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService User: Tonya Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04132011_101519 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

Ето ги между другото освен на тази снимка при мен има още едно място за тик тук No Company което беше маркирано и така го оставих... OTL.Txt Extras.Txt

Всеки ден сканирам с MBAM и днес с последния ъпдейт сканирах и откри - Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6352 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/13/2011 8:18:46 AM mbam-log-2011-04-13 (08-18-46).txt Scan type: Quick scan Objects scanned: 151647 Time elapsed: 3 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\vb2008source.exe (Trojan.Agent) -> Quarantined and deleted successfully. Ето и DDS . DDS (Ver_11-03-05.01) - NTFSx86 Run by Insaneboy at 8:24:20.06 on ±°ї¤ 04/13/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.2047.1242 [GMT -7:00] . AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Insaneboy\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\Program Files\Datecs\FlexType 2K\FType2K.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Insaneboy\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bigseekpro.com/hypercam/{DD2814B1-439C-4007-9DCC-07A75417A01E} uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = 64.8.190.49:3128 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll uRun: [bitComet] "c:\program files\bitcomet\BitComet.exe" /tray uRun: [Google Update] "c:\documents and settings\insaneboy\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice StartupFolder: c:\docume~1\insane~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\insane~1\startm~1\programs\startup\esetno~1.lnk - c:\program files\eset\eset nod32 antivirus\egui.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\esetno~1.lnk - c:\program files\eset\eset nod32 antivirus\egui.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flexty~1.lnk - c:\program files\datecs\flextype 2k\FType2K.exe IE: &С&валяне &с BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm IE: &С&валяне всички видео с BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm IE: &С&валяне всички с BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\insane~1\applic~1\mozilla\firefox\profiles\upnk4r34.default\ FF - prefs.js: browser.search.selectedEngine - BigSeekPro FF - prefs.js: browser.startup.homepage - hxxp://www.php-proxy.net/index.php?q=aHR0cDovL3phbXVuZGEubmV0L2Jyb3dzZS5waHA%3D FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\insaneboy\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-12 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-12 94360] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-12 731840] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 ATICDSDr;ATICDSDr;\??\e:\install pack\bin\atiicdxx.sys --> e:\install pack\bin\atiicdxx.sys [?] S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\docume~1\insane~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [2011-4-3 70144] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688] . =============== Created Last 30 ================ . 2011-04-05 04:03:07 -------- d-----w- c:\docume~1\insane~1\locals~1\applic~1\Temporary Projects 2011-04-04 06:47:08 -------- d-----w- c:\docume~1\insane~1\applic~1\f-secure 2011-04-02 20:56:46 -------- d-----w- c:\program files\Video Spin Blaster 2011-03-27 15:00:29 -------- d-----w- c:\program files\CPA Blaster . ==================== Find3M ==================== . 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll . ============= FINISH: 8:24:47.85 =============== Attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 9/3/2010 9:34:51 AM System Uptime: 4/13/2011 8:19:33 AM (0 hours ago) . Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7388 Processor: AMD Athlon 64 X2 Dual Core Processor 5000+ | CPU 1 | 2600/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 134 GiB total, 2.068 GiB free. D: is FIXED (NTFS) - 462 GiB total, 347.577 GiB free. E: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Audio Device on High Definition Audio Bus Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&AC286C1&0&0001 Manufacturer: Name: Audio Device on High Definition Audio Bus PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&AC286C1&0&0001 Service: . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: SM Bus Controller Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_73881462&REV_14\3&267A616A&0&A0 Manufacturer: Name: SM Bus Controller PNP Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_73881462&REV_14\3&267A616A&0&A0 Service: . ==== System Restore Points =================== . RP1: 3/29/2011 7:04:46 PM - System Checkpoint RP2: 3/30/2011 11:55:49 PM - System Checkpoint RP3: 4/2/2011 1:56:45 PM - Installed Video Spin Blaster RP4: 4/3/2011 4:09:06 PM - System Checkpoint RP5: 4/3/2011 10:48:09 PM - Software Distribution Service 3.0 RP6: 4/4/2011 11:45:13 PM - System Checkpoint RP7: 4/5/2011 11:48:42 PM - System Checkpoint RP8: 4/7/2011 12:37:32 AM - System Checkpoint RP9: 4/8/2011 1:14:07 AM - System Checkpoint RP10: 4/9/2011 1:43:42 AM - System Checkpoint RP11: 4/10/2011 6:49:44 PM - System Checkpoint RP12: 4/12/2011 12:10:52 AM - System Checkpoint RP13: 4/13/2011 3:26:04 AM - System Checkpoint . ==== Installed Programs ====================== . Adobe Bridge 1.0 Adobe Common File Installer Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Stock Photos 1.0 CPA Blaster ESET NOD32 Antivirus Google Chrome Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Mozilla Firefox (3.6.16) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2524375) Skype™ 3.8 Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Windows XP (KB971029) Video Spin Blaster . ==== Event Viewer Messages From Past Week ======== . 4/13/2011 8:20:16 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 4/12/2011 3:52:30 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001D9284B5A5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). . ==== End Of File ===========================

По-добре се държи. Благодаря много за помощта!

ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=3138ca46ba3c234c975f972a1f6854de # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-04-10 11:34:43 # local_time=2011-04-10 02:34:43 (+0200, FLE Daylight Time) # country="Bulgaria" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=8199 39157077 100 100 48951 60327737 0 0 # scanned=119330 # found=2 # cleaned=0 # scan_time=8443 # nod_component=V3 Build:0x30000000 D:\Downloads\details.zip Win32/TrojanDownloader.Stohil.M trojan (unable to clean) 00000000000000000000000000000000 I D:\Warcraft\Warcraft III - The Frozen Throne\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I

Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Версия на базата от данни: 6320 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 09.4.2011 г. 23:27:52 mbam-log-2011-04-09 (23-27-52).txt Тип сканиране: Бързо сканиране Сканирани обекти: 142323 Изминало време: 16 минута(и), 4 секунда(и) Заразени процеси в паметта: 0 Заразени модули в паметта: 0 Заразени ключове в регистратурата: 0 Заразени стойности в регистратурата: 0 Заразени информационни обекти в регистратурата: 0 Заразени папки: 0 Заразени файлове: 0 Заразени процеси в паметта: (Не бяха открити зловредни обекти) Заразени модули в паметта: (Не бяха открити зловредни обекти) Заразени ключове в регистратурата: (Не бяха открити зловредни обекти) Заразени стойности в регистратурата: (Не бяха открити зловредни обекти) Заразени информационни обекти в регистратурата: (Не бяха открити зловредни обекти) Заразени папки: (Не бяха открити зловредни обекти) Заразени файлове: (Не бяха открити зловредни обекти)

Преди да те поеме някой от HJT екипа, те съветвам да изпълниш всичко от тази тема - http://www.kaldata.com/forums/index.php?showtopic=132819 съответно да сканираш с DDS

ComboFix 11-04-08.02 - abc 04.2011 г. 16:34:24.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.511.196 [GMT 3:00] Running from: c:\documents and settings\abc\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\abc\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . file zipped: c:\windows\system32\yowindow.scr file zipped: d:\yowindow\yowindow.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\_000008_.tmp.dll c:\windows\system32\yowindow.scr d:\yowindow\yowindow.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_FHJQGVM -------\Legacy_IDSVC -------\Service_fhjqgvm -------\Service_idsvc . . ((((((((((((((((((((((((( Files Created from 2011-03-09 to 2011-04-09 ))))))))))))))))))))))))))))))) . . 2011-04-08 17:29 . 2011-04-08 17:29 -------- d-----w- c:\windows\system32\KB905474 2011-04-08 17:02 . 2011-04-08 17:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-04-08 15:38 . 2011-04-08 15:38 -------- d-sh--w- c:\documents and settings\abc\PrivacIE 2011-04-08 15:35 . 2011-04-08 15:35 -------- d-sh--w- c:\documents and settings\abc\IETldCache 2011-04-08 15:30 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll 2011-04-08 15:29 . 2010-12-20 23:59 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2011-04-08 15:29 . 2010-12-20 23:59 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll 2011-04-08 15:29 . 2010-12-20 23:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2011-04-08 15:29 . 2010-12-20 23:59 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2011-04-08 15:29 . 2010-12-20 23:59 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll 2011-04-08 15:29 . 2010-12-21 02:29 11080704 ------w- c:\windows\system32\dllcache\ieframe.dll 2011-04-08 15:29 . 2010-12-20 23:59 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2011-04-08 15:27 . 2011-04-08 15:29 -------- dc-h--w- c:\windows\ie8 2011-04-08 15:27 . 2011-04-08 15:28 -------- d-----w- c:\windows\system32\bg-BG 2011-04-08 15:01 . 2011-04-08 15:01 -------- d-----w- c:\program files\MSXML 4.0 2011-04-08 12:19 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys 2011-04-08 12:19 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys 2011-04-08 12:19 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-04-08 12:19 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-04-08 12:19 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-04-08 12:19 . 2010-08-26 13:39 357248 ------w- c:\windows\system32\dllcache\srv.sys 2011-04-08 12:18 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-04-08 12:18 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2011-04-08 12:17 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-04-08 12:15 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-04-08 12:15 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-04-08 12:14 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-04-08 12:14 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-04-08 12:13 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2011-04-08 12:13 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2011-04-08 12:13 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2011-04-08 12:13 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe 2011-04-08 12:13 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe 2011-04-08 12:13 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2011-04-08 12:13 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2011-04-08 12:13 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2011-04-08 12:12 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-04-08 12:11 . 2010-06-14 07:41 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll 2011-04-08 12:11 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys 2011-04-08 12:11 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2011-04-08 12:11 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll 2011-04-08 12:08 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-04-08 12:07 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll 2011-04-08 12:02 . 2010-12-09 15:15 718336 ------w- c:\windows\system32\dllcache\ntdll.dll 2011-04-08 12:02 . 2010-12-09 13:42 2148864 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe 2011-04-08 12:02 . 2010-12-09 13:38 2192768 ------w- c:\windows\system32\dllcache\ntoskrnl.exe 2011-04-08 12:02 . 2010-12-09 13:07 2027008 ------w- c:\windows\system32\dllcache\ntkrpamp.exe 2011-04-08 12:02 . 2010-12-09 13:07 2069376 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe 2011-04-08 12:01 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-04-08 12:01 . 2009-12-09 05:53 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll 2011-04-08 12:01 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-04-08 12:01 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-04-08 12:01 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-04-08 12:00 . 2011-04-09 08:36 -------- d--h--w- c:\windows\$hf_mig$ 2011-04-08 11:30 . 2009-08-06 16:24 21728 ----a-w- c:\windows\system32\wucltui.dll.mui 2011-04-08 11:30 . 2009-08-06 16:24 44768 ----a-w- c:\windows\system32\wups2.dll 2011-04-08 11:30 . 2009-08-06 16:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui 2011-04-08 11:30 . 2009-08-06 16:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2011-04-08 11:30 . 2009-08-06 16:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-04-08 11:28 . 2011-04-08 11:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2011-04-08 11:00 . 2011-04-08 11:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2011-04-08 10:53 . 2011-04-08 10:53 -------- d-----w- c:\windows\system32\xircom 2011-04-08 10:53 . 2011-04-08 10:53 -------- d-----w- c:\windows\system32\wbem\snmp 2011-04-08 10:53 . 2011-04-08 10:53 -------- d-----w- c:\program files\microsoft frontpage 2011-04-08 09:54 . 2011-04-08 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2011-04-07 18:37 . 2011-04-07 18:37 -------- d-----w- c:\documents and settings\abc\Application Data\TeamViewer 2011-04-07 18:31 . 2011-04-07 18:31 -------- d-----w- c:\documents and settings\abc\Application Data\Malwarebytes 2011-04-07 18:31 . 2010-12-20 15:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-07 18:31 . 2011-04-07 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-04-07 18:31 . 2010-12-20 15:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-07 18:31 . 2011-04-07 18:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-01 12:45 . 2011-04-01 12:45 -------- d-----w- c:\documents and settings\abc\Application Data\Unity 2011-04-01 12:40 . 2011-04-01 12:40 -------- d-----w- c:\documents and settings\abc\Local Settings\Application Data\Unity 2011-03-14 21:06 . 2011-03-14 21:06 -------- d--h--w- c:\windows\system32\GroupPolicy . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:53 . 2008-04-14 08:42 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2008-04-14 08:41 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58 . 2010-03-29 16:56 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2010-03-29 16:56 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2008-04-14 08:42 439296 ----a-w- c:\windows\system32\shimgvw.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="d:\demon tools\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056] "RocketDock"="d:\wallpapers\OTH Wallpapers\RocketDock\RocketDock.exe" [2007-09-02 495616] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "nwiz"="nwiz.exe" [2008-05-16 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "tsnp325"="c:\windows\tsnp325.exe" [2006-10-10 270336] "snp325"="c:\windows\vsnp325.exe" [2006-10-10 827392] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-12 2029640] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\abc\Start Menu\Programs\Startup\ Registration Prince of Persia T2T.LNK - d:\films\Prince Of Percia The Two Thrones\Support\Register\RegistrationReminder.exe [N/A] ubisoft register.lnk - d:\films\Rayman 3 [Request] {Pi4agata2}\Register\schedule.exe [N/A] YoWindow.lnk - d:\yowindow\yowindow.exe [N/A] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2010-3-29 151552] . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "d:\\Volley\\Blobby\\volley.exe"= "d:\\Utorrent\\utorrent.exe"= "d:\\Headoff\\Garena\\Garena.exe"= "d:\\Warcraft\\hostbot\\GarenaHostBot.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02.6.2010 г. 14:13 717296] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12.5.2009 г. 06:33 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12.5.2009 г. 06:34 94360] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.5.2009 г. 06:33 731840] R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [31.3.2010 г. 21:14 26624] R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [02.4.2010 г. 16:56 10251904] S2 gupdate;Услуга Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30.3.2010 г. 18:07 135664] S3 BULKUSB;SiGma Chip SG851 IO driver;c:\windows\system32\drivers\BULKUSB.sys [03.10.2010 г. 15:31 17664] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\abc\LOCALS~1\Temp\LDV8B5.tmp --> c:\docume~1\abc\LOCALS~1\Temp\LDV8B5.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\d:\headoff\Garena\safedrv.sys --> d:\headoff\Garena\safedrv.sys [?] . Contents of the 'Scheduled Tasks' folder . 2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 15:07] . 2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 15:07] . 2011-04-09 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2011-04-08 19:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.bg/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to AMV Converter... - d:\city\AMVConverter\grab.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: MediaManager tool grab multimedia file - d:\city\MediaManager\grab.html FF - ProfilePath - c:\documents and settings\abc\Application Data\Mozilla\Firefox\Profiles\6qf9t5z7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/ FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60002&qkw= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Autofill Forms: [email protected] - %profile%\extensions\[email protected] FF - Ext: FastestFox: [email protected] - %profile%\extensions\[email protected] FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} FF - Ext: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - %profile%\extensions\{097d3191-e6fa-4728-9826-b533d755359d} FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF - Ext: MinimizeToTrayPlus: {de1b245c-de57-11da-ba2d-0050c2490048} - %profile%\extensions\{de1b245c-de57-11da-ba2d-0050c2490048} FF - Ext: Destroy the Web: {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532} - %profile%\extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532} FF - Ext: Play drums!: [email protected] - %profile%\extensions\[email protected] FF - Ext: Xultris: {bed1bcec-57d3-47e1-a32b-b4e5f3003019} - %profile%\extensions\{bed1bcec-57d3-47e1-a32b-b4e5f3003019} FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} . - - - - ORPHANS REMOVED - - - - . HKLM-Run-FixCamera - c:\windows\FixCamera.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-09 16:43 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\abc\LOCALS~1\Temp\LDV8B5.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2700) c:\windows\system32\WININET.dll d:\wallpapers\OTH Wallpapers\RocketDock\RocketDock.dll c:\windows\system32\newdll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\webcheck.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2011-04-09 16:52:04 - machine was rebooted ComboFix-quarantined-files.txt 2011-04-09 13:51 ComboFix2.txt 2011-04-08 10:37 . Pre-Run: 9 841 065 984 bytes free Post-Run: 9 834 201 088 bytes free . - - End Of File - - DE10ED19777066EA3D29B40B8EEB47C0 Upload was successful

[b]http://www.kaldata.com/forums/index.php?showtopic=175499[/b] KILLALL:: Driver:: fhjqgvm IDSVC Collect:: c:\windows\system32\yowindow.scr c:\Windows\system32\drivers\idsvc.sys c:\windows\system32\czjfoc.dll d:\yowindow\yowindow.exe Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6519:TCP"=- NetSvc:: fhjqgvm Ама да копирам дори линка към темата ли...

Какво следва?

ComboFix 11-04-07.08 - abc 04.2011 г. 13:28:30.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.511.152 [GMT 3:00] Running from: c:\documents and settings\abc\Desktop\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\abc\Local Settings\Application Data\rqdo14bohag8267px7x7s78dhims4lnw1 c:\documents and settings\abc\Templates\rqdo14bohag8267px7x7s78dhims4lnw1 c:\documents and settings\All Users\Application Data\rqdo14bohag8267px7x7s78dhims4lnw1 C:\Install.exe . . ((((((((((((((((((((((((( Files Created from 2011-03-08 to 2011-04-08 ))))))))))))))))))))))))))))))) . . 2011-04-08 09:54 . 2011-04-08 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2011-04-07 18:37 . 2011-04-07 18:37 -------- d-----w- c:\documents and settings\abc\Application Data\TeamViewer 2011-04-07 18:31 . 2011-04-07 18:31 -------- d-----w- c:\documents and settings\abc\Application Data\Malwarebytes 2011-04-07 18:31 . 2010-12-20 15:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-07 18:31 . 2011-04-07 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-04-07 18:31 . 2010-12-20 15:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-07 18:31 . 2011-04-07 18:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-01 12:45 . 2011-04-01 12:45 -------- d-----w- c:\documents and settings\abc\Application Data\Unity 2011-04-01 12:40 . 2011-04-01 12:40 -------- d-----w- c:\documents and settings\abc\Local Settings\Application Data\Unity 2011-03-14 21:06 . 2011-03-14 21:06 -------- d--h--w- c:\windows\system32\GroupPolicy . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-04 07:26 . 2011-02-04 07:26 684544 ----a-w- c:\windows\system32\yowindow.scr . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="d:\demon tools\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056] "RocketDock"="d:\wallpapers\OTH Wallpapers\RocketDock\RocketDock.exe" [2007-09-02 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-03-29 950664] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "nwiz"="nwiz.exe" [2008-05-16 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480] "tsnp325"="c:\windows\tsnp325.exe" [2006-10-10 270336] "snp325"="c:\windows\vsnp325.exe" [2006-10-10 827392] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2010-11-03 413696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2008-04-14 99840] . c:\documents and settings\abc\Start Menu\Programs\Startup\ Registration Prince of Persia T2T.LNK - d:\films\Prince Of Percia The Two Thrones\Support\Register\RegistrationReminder.exe [N/A] ubisoft register.lnk - d:\films\Rayman 3 [Request] {Pi4agata2}\Register\schedule.exe [N/A] YoWindow.lnk - d:\yowindow\yowindow.exe [2011-2-2 740352] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2010-3-29 151552] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "d:\\Volley\\Blobby\\volley.exe"= "d:\\Utorrent\\utorrent.exe"= "d:\\Headoff\\Garena\\Garena.exe"= "d:\\Warcraft\\hostbot\\GarenaHostBot.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6519:TCP"= 6519:TCP:qxotpctf . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02.6.2010 г. 14:13 717296] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [29.3.2010 г. 21:36 15424] R3 GGSAFERDriver;GGSAFER Driver;\??\d:\headoff\Garena\safedrv.sys --> d:\headoff\Garena\safedrv.sys [?] R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [31.3.2010 г. 21:14 26624] R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [02.4.2010 г. 16:56 10251904] S2 fhjqgvm;Network Helper;c:\windows\system32\svchost.exe -k netsvcs [14.4.2008 г. 11:42 14336] S2 gupdate;Услуга Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30.3.2010 г. 18:07 135664] S3 BULKUSB;SiGma Chip SG851 IO driver;c:\windows\system32\drivers\BULKUSB.sys [03.10.2010 г. 15:31 17664] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\abc\LOCALS~1\Temp\LDV8B5.tmp --> c:\docume~1\abc\LOCALS~1\Temp\LDV8B5.tmp [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 г. 15:49 227232] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - IDSVC . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs fhjqgvm . Contents of the 'Scheduled Tasks' folder . 2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 15:07] . 2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 15:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.bg/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to AMV Converter... - d:\city\AMVConverter\grab.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: MediaManager tool grab multimedia file - d:\city\MediaManager\grab.html LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\abc\Application Data\Mozilla\Firefox\Profiles\6qf9t5z7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/ FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60002&qkw= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Autofill Forms: [email protected] - %profile%\extensions\[email protected] FF - Ext: FastestFox: [email protected] - %profile%\extensions\[email protected] FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} FF - Ext: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - %profile%\extensions\{097d3191-e6fa-4728-9826-b533d755359d} FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF - Ext: MinimizeToTrayPlus: {de1b245c-de57-11da-ba2d-0050c2490048} - %profile%\extensions\{de1b245c-de57-11da-ba2d-0050c2490048} FF - Ext: Destroy the Web: {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532} - %profile%\extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532} FF - Ext: Play drums!: [email protected] - %profile%\extensions\[email protected] FF - Ext: Xultris: {bed1bcec-57d3-47e1-a32b-b4e5f3003019} - %profile%\extensions\{bed1bcec-57d3-47e1-a32b-b4e5f3003019} FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-Graphic Converter 2003 - d:\progra~1\GRAPHI~1\UNWISE.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-08 13:34 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\abc\LOCALS~1\Temp\LDV8B5.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fhjqgvm] "ServiceDll"="c:\windows\system32\czjfoc.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(592) c:\windows\system32\imon.dll . Completion time: 2011-04-08 13:37:07 ComboFix-quarantined-files.txt 2011-04-08 10:36 . Pre-Run: 10 860 204 032 bytes free Post-Run: 11 709 902 848 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 35231DECC173E9D891DDA048C560501A

Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Версия на базата от данни: 6304 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 07.4.2011 г. 21:56:19 mbam-log-2011-04-07 (21-56-19).txt Тип сканиране: Бързо сканиране Сканирани обекти: 149260 Изминало време: 13 минута(и), 1 секунда(и) Заразени процеси в паметта: 0 Заразени модули в паметта: 0 Заразени ключове в регистратурата: 0 Заразени стойности в регистратурата: 2 Заразени информационни обекти в регистратурата: 7 Заразени папки: 0 Заразени файлове: 3 Заразени процеси в паметта: (Не бяха открити зловредни обекти) Заразени модули в паметта: (Не бяха открити зловредни обекти) Заразени ключове в регистратурата: (Не бяха открити зловредни обекти) Заразени стойности в регистратурата: HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully. Заразени информационни обекти в регистратурата: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\abc\Local Settings\Application Data\kon.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\abc\Local Settings\Application Data\kon.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\abc\Local Settings\Application Data\kon.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\abc\Local Settings\Application Data\kon.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully. Заразени папки: (Не бяха открити зловредни обекти) Заразени файлове: c:\WINDOWS\system32\czjfoc.dll (Worm.Conficker) -> Quarantined and deleted successfully. c:\documents and settings\abc\local settings\Temp\pusk.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\U92FSXEB\mwaxsqns[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully. . DDS (Ver_11-03-05.01) - NTFSx86 Run by abc at 22:13:03,45 on 07.04.2011 Ј. Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.511.105 [GMT 3:00] . AV: ESET NOD32 antivirus system 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnp325.exe C:\WINDOWS\vsnp325.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe -k imgsvc D:\Demon tools\DAEMON Tools Lite\daemon.exe C:\Program Files\Skype\Phone\Skype.exe D:\wallpapers\OTH Wallpapers\RocketDock\RocketDock.exe C:\WINDOWS\Datecs\Flex2K.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe D:\YoWindow\yowindow.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe D:\Version5\TeamViewer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\abc\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.bg/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60002 mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60002 mWinlogon: SfcDisable=-99 (0xffffff9d) BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DAEMON Tools Lite] "d:\demon tools\daemon tools lite\daemon.exe" -autorun uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [RocketDock] "d:\wallpapers\oth wallpapers\rocketdock\RocketDock.exe" mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [FixCamera] c:\windows\FixCamera.exe mRun: [tsnp325] c:\windows\tsnp325.exe mRun: [snp325] c:\windows\vsnp325.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [updateReminder] c:\program files\eset\UpdateReminder.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\abc\startm~1\programs\startup\regist~1.lnk - d:\films\prince of percia the two thrones\support\register\RegistrationReminder.exe StartupFolder: c:\docume~1\abc\startm~1\programs\startup\ubisof~1.lnk - d:\films\rayman 3 [request] {pi4agata2}\register\schedule.exe StartupFolder: c:\docume~1\abc\startm~1\programs\startup\yowindow.lnk - d:\yowindow\yowindow.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flexty~1.lnk - c:\windows\datecs\Flex2K.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe dPolicies-explorer: ForceClassicControlPanel = 1 (0x1) IE: Add to AMV Converter... - d:\city\amvconverter\grab.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: MediaManager tool grab multimedia file - d:\city\mediamanager\grab.html IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL LSP: c:\windows\system32\imon.dll DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\abc\applic~1\mozilla\firefox\profiles\6qf9t5z7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/ FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60002&qkw= FF - component: c:\documents and settings\abc\application data\mozilla\firefox\profiles\6qf9t5z7.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}\library\winnt-32\MinimizeToTrayPlus.dll FF - plugin: c:\documents and settings\abc\local settings\application data\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Autofill Forms: [email protected] - %profile%\extensions\[email protected] FF - Ext: FastestFox: [email protected] - %profile%\extensions\[email protected] FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} FF - Ext: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - %profile%\extensions\{097d3191-e6fa-4728-9826-b533d755359d} FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF - Ext: MinimizeToTrayPlus: {de1b245c-de57-11da-ba2d-0050c2490048} - %profile%\extensions\{de1b245c-de57-11da-ba2d-0050c2490048} FF - Ext: Destroy the Web: {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532} - %profile%\extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532} FF - Ext: Play drums!: [email protected] - %profile%\extensions\[email protected] FF - Ext: Xultris: {bed1bcec-57d3-47e1-a32b-b4e5f3003019} - %profile%\extensions\{bed1bcec-57d3-47e1-a32b-b4e5f3003019} FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} . ============= SERVICES / DRIVERS =============== . R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2010-3-29 15424] R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2010-3-29 549256] R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2010-3-31 26624] R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [2010-4-2 10251904] S2 fhjqgvm;Network Helper;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336] S2 gupdate;Услуга Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-30 135664] S3 BULKUSB;SiGma Chip SG851 IO driver;c:\windows\system32\drivers\BULKUSB.sys [2010-10-3 17664] S3 GarenaPEngine;GarenaPEngine;c:\docume~1\abc\locals~1\temp\LDV8B5.tmp [2010-10-31 25616] S3 GGSAFERDriver;GGSAFER Driver;\??\d:\headoff\garena\safedrv.sys --> d:\headoff\garena\safedrv.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] . =============== Created Last 30 ================ . 2011-04-07 18:37:42 -------- d-----w- c:\docume~1\abc\applic~1\TeamViewer 2011-04-07 18:31:41 -------- d-----w- c:\docume~1\abc\applic~1\Malwarebytes 2011-04-07 18:31:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-07 18:31:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-04-07 18:31:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-07 18:31:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-01 12:45:34 -------- d-----w- c:\docume~1\abc\applic~1\Unity 2011-04-01 12:40:17 -------- d-----w- c:\docume~1\abc\locals~1\applic~1\Unity 2011-03-14 21:06:17 -------- d--h--w- c:\windows\system32\GroupPolicy . ==================== Find3M ==================== . 2011-02-04 07:26:50 684544 ----a-w- c:\windows\system32\yowindow.scr . ============= FINISH: 22:14:00,82 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 29.3.2010 г. 20:09:17 System Uptime: 07.4.2011 г. 22:00:46 (0 hours ago) . Motherboard: | | SiS-748 Processor: AMD Sempron 2400+ | Socket A | 1659/166mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 19 GiB total, 0,063 GiB free. D: is FIXED (NTFS) - 58 GiB total, 6,901 GiB free. E: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . µTorrent 2007 Microsoft Office Suite Service Pack 2 (SP2) 325 USB PC Camera Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader 8.2.4 Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Allok MPEG4 Converter 6.2.0603 BS.Player FREE CorelDRAW Graphics Suite 12 FlexType 2K GameSpy Arcade Google Земя Google Update Helper Graphic Converter 2003 Hotfix for Windows Media Player 11 (KB944110) Hotfix for Windows Media Player 11 (KB944882) Hotfix for Windows Media Player 11 (KB946665) K-Lite Codec Pack 5.4.4 (Full) Macromedia Flash Player 8 Malwarebytes' Anti-Malware McAfee Security Scan Plus Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 Service Pack 1 Microsoft .NET Framework 3.5 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Software Update for Web Folders (English) 12 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Mozilla Firefox (3.6.16) MP Manager MSXML4 Parser NOD32 antivirus system NOD32 FiX v1.7 NVIDIA Drivers PDF Settings PokerStars Prince of Persia T2T Readon TV Movie Radio Player 6.3.1.0 RocketDock 1.3.5 Security Update for Windows XP (KB941569) Skype™ 5.1 Unity Web Player WebFldrs XP Winamp Windows Bulgarian Interface Pack WinRAR archiver XML Paper Specification Shared Components Pack 1.0 YoWindow . ==== Event Viewer Messages From Past Week ======== . 31.3.2011 г. 16:36:30, error: Service Control Manager [7023] - The Network Helper service terminated with the following error: Access is denied. 31.3.2011 г. 16:36:16, error: NetBT [4321] - The name "COMPUTERS :20" could not be registered on the Interface with IP address 94.156.70.118. The machine with the IP address 94.156.70.74 did not allow the name to be claimed by this machine. 31.3.2011 г. 16:36:16, error: NetBT [4321] - The name "COMPUTERS :0" could not be registered on the Interface with IP address 94.156.70.118. The machine with the IP address 94.156.70.74 did not allow the name to be claimed by this machine. 31.3.2011 г. 16:36:11, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 31.3.2011 г. 16:36:09, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6B29B067-9340-4E09-B9B2-6A80C589AE70} because another computer on the network has the same name. The server could not start. 31.3.2011 г. 16:36:05, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 31.3.2011 г. 16:36:04, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 31.3.2011 г. 16:36:03, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 22:01:42, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: gagp30kx 07.4.2011 г. 22:01:42, error: Service Control Manager [7023] - The Network Helper service terminated with the following error: The specified module could not be found. 07.4.2011 г. 22:01:35, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 22:01:23, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 22:01:22, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 22:01:19, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 22:01:18, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6B29B067-9340-4E09-B9B2-6A80C589AE70} because another computer on the network has the same name. The server could not start. 07.4.2011 г. 22:01:18, error: NetBT [4321] - The name "COMPUTERS :20" could not be registered on the Interface with IP address 94.156.70.118. The machine with the IP address 94.156.70.108 did not allow the name to be claimed by this machine. 07.4.2011 г. 22:01:13, error: NetBT [4321] - The name "COMPUTERS :0" could not be registered on the Interface with IP address 94.156.70.118. The machine with the IP address 94.156.70.108 did not allow the name to be claimed by this machine. 07.4.2011 г. 17:55:36, error: Service Control Manager [7023] - The Network Helper service terminated with the following error: Access is denied. 07.4.2011 г. 17:55:29, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 17:55:27, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6B29B067-9340-4E09-B9B2-6A80C589AE70} because another computer on the network has the same name. The server could not start. 07.4.2011 г. 17:55:26, error: NetBT [4321] - The name "COMPUTERS :20" could not be registered on the Interface with IP address 94.156.70.118. The machine with the IP address 94.156.70.108 did not allow the name to be claimed by this machine. 07.4.2011 г. 17:55:26, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 17:55:23, error: NetBT [4321] - The name "COMPUTERS :0" could not be registered on the Interface with IP address 94.156.70.118. The machine with the IP address 94.156.70.108 did not allow the name to be claimed by this machine. 07.4.2011 г. 17:00:05, error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. 07.4.2011 г. 16:12:58, error: Service Control Manager [7023] - The Network Helper service terminated with the following error: Access is denied. 07.4.2011 г. 16:12:54, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 16:12:44, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 15:55:27, error: Service Control Manager [7023] - The Network Helper service terminated with the following error: Access is denied. 07.4.2011 г. 15:55:19, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 15:55:11, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 15:42:07, error: Service Control Manager [7023] - The Network Helper service terminated with the following error: Access is denied. 07.4.2011 г. 15:41:50, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 15:41:49, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 15:41:39, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 15:41:38, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 15:32:39, error: Service Control Manager [7023] - The Network Helper service terminated with the following error: Access is denied. 07.4.2011 г. 15:32:27, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 15:32:19, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 15:32:11, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 15:32:10, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 14:33:08, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 10:33:18, error: Service Control Manager [7023] - The Network Helper service terminated with the following error: Access is denied. 07.4.2011 г. 10:33:16, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 10:33:02, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 10:32:44, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 10:32:42, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 09:22:16, error: Service Control Manager [7023] - The Network Helper service terminated with the following error: Access is denied. 07.4.2011 г. 09:22:10, error: NetBT [4321] - The name "COMPUTERS :20" could not be registered on the Interface with IP address 94.156.70.118. The machine with the IP address 94.156.70.74 did not allow the name to be claimed by this machine. 07.4.2011 г. 09:22:10, error: NetBT [4321] - The name "COMPUTERS :0" could not be registered on the Interface with IP address 94.156.70.118. The machine with the IP address 94.156.70.74 did not allow the name to be claimed by this machine. 07.4.2011 г. 09:21:58, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 09:21:57, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 09:21:54, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6B29B067-9340-4E09-B9B2-6A80C589AE70} because another computer on the network has the same name. The server could not start. 07.4.2011 г. 09:21:53, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 07.4.2011 г. 09:21:47, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 06.4.2011 г. 21:05:07, error: Service Control Manager [7023] - The Network Helper service terminated with the following error: Access is denied. 06.4.2011 г. 21:05:02, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 06.4.2011 г. 21:04:50, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 06.4.2011 г. 21:04:46, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6B29B067-9340-4E09-B9B2-6A80C589AE70} because another computer on the network has the same name. The server could not start. 06.4.2011 г. 21:04:46, error: NetBT [4321] - The name "COMPUTERS :20" could not be registered on the Interface with IP address 94.156.70.118. The machine with the IP address 94.156.70.108 did not allow the name to be claimed by this machine. 06.4.2011 г. 21:04:42, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 06.4.2011 г. 21:04:35, error: NetBT [4321] - The name "COMPUTERS :0" could not be registered on the Interface with IP address 94.156.70.118. The machine with the IP address 94.156.70.108 did not allow the name to be claimed by this machine. 06.4.2011 г. 21:04:35, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 06.4.2011 г. 18:21:39, error: Service Control Manager [7023] - The Network Helper service terminated with the following error: Access is denied. 06.4.2011 г. 18:21:35, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 06.4.2011 г. 18:21:19, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 06.4.2011 г. 18:21:12, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6B29B067-9340-4E09-B9B2-6A80C589AE70} because another computer on the network has the same name. The server could not start. 06.4.2011 г. 18:21:12, error: NetBT [4321] - The name "COMPUTERS :20" could not be registered on the Interface with IP address 94.156.70.118. The machine with the IP address 94.156.70.108 did not allow the name to be claimed by this machine. 06.4.2011 г. 18:21:10, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 06.4.2011 г. 18:21:07, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 06.4.2011 г. 18:21:03, error: NetBT [4321] - The name "COMPUTERS :0" could not be registered on the Interface with IP address 94.156.70.118. The machine with the IP address 94.156.70.108 did not allow the name to be claimed by this machine. 06.4.2011 г. 14:33:01, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 06.4.2011 г. 13:51:55, error: Service Control Manager [7023] - The Network Helper service terminated with the following error: Access is denied. 06.4.2011 г. 13:51:46, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 06.4.2011 г. 13:51:28, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 06.4.2011 г. 13:51:25, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 06.4.2011 г. 13:51:13, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 06.4.2011 г. 11:00:44, error: Service Control Manager [7023] - The Network Helper service terminated with the following error: Access is denied. 06.4.2011 г. 11:00:33, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 06.4.2011 г. 11:00:22, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 06.4.2011 г. 11:00:15, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 06.4.2011 г. 11:00:15, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 05.4.2011 г. 22:59:54, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period. 05.4.2011 г. 18:19:09, error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified. 05.4.2011 г. 18:19:05, error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified. 05.4.2011 г. 18:19:02, error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified. 05.4.2011 г. 18:18:37, error: Service Control Manager [7023] - The Network Helper service terminated with the following error: A dynamic link library (DLL) initialization routine failed. 05.4.2011 г. 18:18:37, error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified. 05.4.2011 г. 18:18:15, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6B29B067-9340-4E09-B9B2-6A80C589AE70} because another computer on the network has the same name. The server could not start. 05.4.2011 г. 18:18:15, error: NetBT [4321] - The name "COMPUTERS :20" could not be registered on the Interface with IP address 94.156.70.118. The machine with the IP address 94.156.70.108 did not allow the name to be claimed by this machine. 05.4.2011 г. 18:18:14, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 05.4.2011 г. 18:18:07, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 05.4.2011 г. 18:18:07, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 05.4.2011 г. 18:18:06, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 05.4.2011 г. 18:17:57, error: NetBT [4321] - The name "COMPUTERS :0" could not be registered on the Interface with IP address 94.156.70.118. The machine with the IP address 94.156.70.108 did not allow the name to be claimed by this machine. 05.4.2011 г. 16:28:35, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 05.4.2011 г. 16:28:34, error: Service Control Manager [7023] - The Network Helper service terminated with the following error: A dynamic link library (DLL) initialization routine failed. 05.4.2011 г. 16:28:34, error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified. 05.4.2011 г. 16:27:59, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 05.4.2011 г. 16:27:56, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 05.4.2011 г. 16:27:56, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 05.4.2011 г. 14:33:03, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 05.4.2011 г. 13:50:14, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 05.4.2011 г. 13:50:11, error: Service Control Manager [7023] - The Network Helper service terminated with the following error: A dynamic link library (DLL) initialization routine failed. 05.4.2011 г. 13:50:11, error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified. 05.4.2011 г. 13:49:35, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 05.4.2011 г. 13:49:33, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 05.4.2011 г. 13:49:32, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 05.4.2011 г. 11:25:49, error: Service Control Manager [7023] - The Network Helper service terminated with the following error: Access is denied. 05.4.2011 г. 11:25:42, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 05.4.2011 г. 11:25:34, error: NetBT [4321] - The name "COMPUTERS :20" could not be registered on the Interface with IP address 94.156.70.118. The machine with the IP address 94.156.70.74 did not allow the name to be claimed by this machine. 05.4.2011 г. 11:25:34, error: NetBT [4321] - The name "COMPUTERS :0" could not be registered on the Interface with IP address 94.156.70.118. The machine with the IP address 94.156.70.74 did not allow the name to be claimed by this machine. 05.4.2011 г. 11:25:28, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 05.4.2011 г. 11:25:21, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6B29B067-9340-4E09-B9B2-6A80C589AE70} because another computer on the network has the same name. The server could not start. 05.4.2011 г. 11:25:20, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 05.4.2011 г. 11:25:20, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 04.4.2011 г. 15:25:11, error: Service Control Manager [7023] - The Network Helper service terminated with the following error: Access is denied. 04.4.2011 г. 15:25:08, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 04.4.2011 г. 15:24:54, error: NetBT [4321] - The name "COMPUTERS :20" could not be registered on the Interface with IP address 94.156.70.118. The machine with the IP address 94.156.70.74 did not allow the name to be claimed by this machine. 04.4.2011 г. 15:24:54, error: NetBT [4321] - The name "COMPUTERS :0" could not be registered on the Interface with IP address 94.156.70.118. The machine with the IP address 94.156.70.74 did not allow the name to be claimed by this machine. 04.4.2011 г. 15:24:52, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 04.4.2011 г. 15:24:42, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6B29B067-9340-4E09-B9B2-6A80C589AE70} because another computer on the network has the same name. The server could not start. 04.4.2011 г. 15:24:41, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 04.4.2011 г. 15:24:41, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 03.4.2011 г. 21:16:30, error: Service Control Manager [7023] - The Network Helper service terminated with the following error: Access is denied. 03.4.2011 г. 21:16:27, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 03.4.2011 г. 21:16:15, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with..

Благодаря за отделеното време!

Не, няма. Просто един ми беше откраднал паролите с keylogger но го намерих и го убедих да ми ги върне. Всичко е наред, просто искам да знам, че няма да може да ми ги открадне пак и че keylogger-а е изчистен.