Неваляшка

След американската ракетна атака в западната провинция Хомс Русия преустановява действието на меморандума за предотвратяване на инциденти и гарантиране на сигурността на полетите на авиацията при изпълнение на операции в Сирия, сключен по-рано със САЩ. Това съобщават от Министерството на външните работи на Руската федерация, предава агенция „Фокус“, позовавайки се на TACC. „Руската страна преустановява действието на меморандума за предотвратяване на инциденти и гарантиране на сигурността на полетите на авиацията при изпълнение на операции в Сирия, сключен със САЩ“, се казва в съобщението от външнополитическото ведомство в Москва. Същевременно Москва призовава за свикването на извънредно заседание на Съвета за сигурност на ООН, за да бъде обсъдена ситуацията след американските удари в Сирия. „Призоваваме Съвета за сигурност на ООН да проведе извънредно заседание за обсъждане на ситуацията“, подчертаха от външното министерство. По-рано днес Путин определи атаката на САЩ срещу обекти в Сирия като агресия срещу суверенна държава, която ще навреди на руско-американските отношения и борбата срещу тероризма. Това обяви пред журналисти говорителят на Кремъл Дмитрий Песков, цитиран от световните агенции. „Президентът Путин счита американските удари в Сирия като агресия срещу суверенна държава в нарушение на международното право, при това под измислен предлог“, подчерта Песков, цитиран от ТАСС. Според него, руският държавен глава третира ракетната атака на САЩ като опит за отвличане на вниманието от многобройните жертви сред цивилното население в хода на операцията в Ирак. Песков напомни че сирийската армия не разполага с химическо оръжие, факт, който бе потвърден от специализирано подразделение на ООН след обстойни проверки. В същото време игнорирането на фактите за използване на химическо оръжие от терористите задълбочава проблема, отбеляза още Песков. Той посочи и главният акцент в позицията на Путин, че снощната атака „не ни приближава към крайната цел в борбата с международния тероризъм, а точно обратното – създава препятствия за сформирането на международна коалиция за борба с него и за ефикасно противодействие на това световно зло.“ http://www.blitz.bg/svyat/rusiya-s-ryazk-demarsh-sprya-deystvieto-na-memoranduma-ss-sashch-za-predotvratyavane-na-intsidenti-v-nebeto-na-siriya_news502771.html /Поглед.инфо/ Само преди 14 години Щатите пуснаха най-наглата лъжа, за да оправдаят агресията си в Ирак. Оперетният им президент Буш, без съгласие на ООН,сформира „група от желаещи“, включително и от нашите тъпанари, за да нападне суверенна държава. Тогава американците излъгаха, че Саддам Хюсеин притежава биологични оръжия. Те така и не бяха намерени, а САЩ срамежливо мълчат, след като разследвания на издания като „Вашингтон Поуст” и „Гардиън” и изтекли секретни документи разкриха, че американците са знаели много добре, че в Ирак няма биологични оръжия. Стана ясно, че те самите са съчинили този претекст, за да убедят света колко нужна е тази война. Нужен е петролът на Ирак. И така без скрупули и цинично, за да лапат от нефта на Ирак, американското олово уби над един милион иракчани, съсипа една стегната държава и отвори вратата към Ада. Сега на Щатите не им пука за Европа, защото пълчищата идват тук – режисирано насочени. Тази нощ пък САЩ атакува правителствените сили в Сирия. Защото – ах, все тези изтъркани мотиви, използвали химическо оръжие. Истината е, че при артилерийска канонада е ударен склад с химически оръжия на любимата американска формация – Ислямска държава! Истината е, че наскоро Сирийската Армия отблъсна терористичните формирования, финансирани и подкрепяни от САЩ и НАТО. Това особено притесни американците и сега за пореден път трябва да помогнат на своите брадясали, смърдящи и примитивни касапи от Ал-Кайда и сирийския й клон Ан-Нусра. Има и още нещо: не е тайна, че 80 на сто от така наречените опозиционни войски в Сирия са наемници -„борците за демокрация” всъщност в болшинството са наемници от чужди държави. Тогава що за „гражданска война” е това? Това си е чисто и просто конвенционална война, водена между чуждестранни наемници и правителствената армия на Сирия. Щатите са предупредили Русия за ударите – тук има нещо съмнително. Може пък, както е според някои версии, това да е номер на Тръмп, за да има основание да се саморазправи със службите, че са го подвели и вече заедно с Москва да пометат онази паплач, дето тероризира цяла Европа. Тръмп, ако е президент на място, а не поредният лицемер, трябва да пресече златният канал от Афганистан - към момента Афганистан залива целия свят и Европа, произвеждайки 98% от световния хероин (официални данни). По този въпрос Русия и ООН са единодушни – това е недопустимо да се случва „под носа” на САЩ и НАТО. Ще видим дали ще е допустимо за Тръмп! http://pogled.info/svetoven/sasht-lazheha-za-irak-sega-lazhat-i-za-siriya.84473

Без разрешение на Конгреса, незачитайки Конституцията на САЩ и без резолюция на ООН, днес американският президент Тръмп де факто обяви война на Сирия – обстрелването на сирийската военна база до Хомс с ракети Томахоук и поне четири жертви е акт на война. Русия като съюзник на сирийското правителство на терен е предупредена за ударите, но не достатъчно рано, за да няма и превенция на загубите. Поводът за въздушните удари: убийството на 86 цивилни през седмицата в малко сирийско градче, сред които и десетки деца, а оръжието е смъртоносният газ „зарин”. Какво предстои оттук насетне: отговорът на Сирия и Русия, както и ще има ли ескалация на военните действия от страна на САЩ. Истината обаче е, че светът вече няма да е същият… И най-важното – светът вече Е в Световна война. Русия е на терен в Сирия, подкрепяйки официалното правителство на Асад след негова покана, биейки се срещу ИДИЛ... През 2013г. след използване на химическо оръжие Сирия, Обама също щеше да атакува. Великобритания и Франция бяха против, но истината е, че имаше твърде много съмнения за това кой точно е използвал оръжието – Асад или „бунтовниците” - да разбираме радикалните ислямски главорези в огромната си част. Тогава беше поставена „червената линия”, която обаче явно за САЩ вече е пресечена. Само преди няколко дни Тръмп и външният министър на САЩ, Рекс Тилърсън, говореха, че ще оставят Сирия да определя сама съдбата си. Днес ставаме свидетели на този еднозначен ход, а американският президент твърди, че е гъвкав и виждайки какво става в страната – действа. Няколко въпроса. Цялата ситуация е меко казано странна: защо, печелейки войната с победи като тази в Алепо и силна политическа подкрепа, Асад би направил подобен кретенски и мракобесен ход, избивайки десетки деца и то точно по-този начин – с химическо оръжие, което веднага общественото мнение по света срещу него? На базата на какво се основава тази убеденост на Тръмп, че точно сирийската армия е направила атаката, въпреки яростно отричане от страна на администрацията на Асад – на разузнаване ли, на какво? Подобни съдбовни ходове изискват малко повече обосновка. Защото и за Ирак имаше много „сериозни” сведения за оръжия за масово поразяване. Оказа се лъжа, отнела живота на 4.5 хиляди американски войници, стотици хиляди невинни жертви и милиони бежанци, след появата там на ИДИЛ. Този акт сега бил с цел защита на националната сигурност на САЩ и прекратяване на разпространението на „химически оръжия”. Много книги са изписани за причините за почване на война – от гражданската война в САЩ, та през Първа и Втора световна война, Виетнам и т.н. „Фалшивият флаг” като прийом не е като да не е бил използван от политици, които искат война. Медиите по света: под всякаква критика. Вместо веднага да се опитат да покажат и другата гледна точка – те са в трескава радост и въртят едно и също. Анализите са това колко Тръмп бил решителен за разлика от Обама. Каква силна ръка показвал, заливат ни с кадри от атаките с газ – никакъв анализ на възможността именно главорезите, дето кълцат деца и снимат клипчета, да са причина за газовата атака, или хвърлена бомба от самолет да е взривила склад с подобни субстанции. Буквално посяват семената на безкритичното одобрение на всякакви едностранни действия, нито капчица критичност или мнителност. Двоен стандарт имаше и при отразяването на обсадата над Алепо от сирийско-руска страна спрямо това сега в Мосул, където иракско-американските части също демонстрират нагледно дребнотемието „човешки живот”. Нашите медии пък хептен изтрещяха – спец отряд Кобра бил заловил крадци на две хиляди лева и какво казал този и онзи за великия Парламент, това са темите. Най-малко е интересно: „остарялото” НАТО - по Тръмп - ще влиза ли във войната, ние ще пращаме ли хора? Истината е, че независимо от кампанията си срещу инвазия в Близкия Изток, Тръмп бе бързо омотан и от неоконсерваторите в собствената си партия си, и от все по-кръвожданите демократи. Разбра как се играе тази игра. Война и пак война – така работи системата. Този път залогът е много голям, защото зад Сирия са Русия и Иран и макар САЩ да има разходи за отбрана колкото следващите 7 държави заедно, то ядреният потенциал при Русия и негативите за всеки от нас при глобален конфликт са непоносими. Какво предстои? В най-лошия случай – нова Световна война. В най-добрия – поредната война на американски президент в Близкия изток (в Йемен САЩ и саудитите скоро няма да има какво да бомбардират), тъй като САЩ изглеждат решими да сменят и този режим. Тоест: Нов Ирак, нова Либия. Какво идва след диктатори тип Кадафи и Саддам? Идил и Ал-Кайда. Това е. Още милиони бежанци. Още самосиндикални терористични актове на родна земя. Къде сме ние? В мислите – бием корупция и мафията. В реалността – на няколко стотин километра от военните действия, а знаковите оттук насетне сблъсъци – дано само дипломатически – САЩ- НАТО- Русия-Турция, неминуемо ще са ни топ-тема, каквото и да си мислим.

http://pan.bg/view_article-4-345083-RUSKI-AD-V-KOTELA-V-ALEPO-UNIShtOZhIHA-ISLYAMISTITE-DO-KRAK.html За денонощие са отблъснати над 20 атаки на джихадистите - See more at: http://www.pan.bg/view_article-4-345083-RUSKI-AD-V-KOTELA-V-ALEPO-UNIShtOZhIHA-ISLYAMISTITE-DO-KRAK.html#sthash.GZD86EAE.dpuf

ДО ТОВА ВОДИ КАПИТАЛИЗМА И "ЖИВОТА НА КРЕДИТ"! КАПИТАЛИЗМА "УБИВА"! Насаждането публично мнение, че днес трябва трябва да си сцепиш задника от работа, повече от вчера, а утре-повече от днес, че ако нямаш кредит, значи не сe "развиваш, не растеш"- всичко това води до тотално прогресивно изтощаване и срив на индивида - физически, и психически! А от тук до самоубийството е един косъм разстояние! Призовавам всички: * Не се пренатягайте от работа, за да им пълните гушите * Не работете повече, отколкото ви плащат * ИСКАЙТЕ капиталиста да спазва точка по точка КТ * ПОМНЕТЕ, че капиталиста зависи от вас, НЕ вие от него! Без вас той няма печалба, ВИЕ му я създавате! * НЕ ТЕГЛЕТЕ КРЕДИТИ-не наливайте вода в мелницата на банките, ТЕ ВИ МАМЯТ!

Благодаря за отделеното време и помоща nologo! Има видимо подобрение на системата, но както препоръчваш, най-добре да се направи чиста инсталация. Лека вечер!

Привет nologo! Доста се забавих, но нямах възможност да продължа с сканиранията. Ето двата лога. Надявам се че съм се справила с втората програма, защото много бързо приключи със сканирането. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/10/17 11:12 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xBAC79000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF8B15000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB87F1000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "<unknown>" at address 0xf8ccbb6e #: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0xf8ccbb64 #: 063 Function Name: NtDeleteKey Status: Hooked by "<unknown>" at address 0xf8ccbb73 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "<unknown>" at address 0xf8ccbb7d #: 098 Function Name: NtLoadKey Status: Hooked by "<unknown>" at address 0xf8ccbb82 #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0xf8ccbb50 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0xf8ccbb55 #: 193 Function Name: NtReplaceKey Status: Hooked by "<unknown>" at address 0xf8ccbb8c #: 204 Function Name: NtRestoreKey Status: Hooked by "<unknown>" at address 0xf8ccbb87 #: 247 Function Name: NtSetValueKey Status: Hooked by "<unknown>" at address 0xf8ccbb78 ==EOF====EOF== SIGVERIF.TXT

Привет nologo! Преинсталирах Сервис пак 3 и рестартирах има малко видимо подобрение на системата, но явно и интернета е бавен, защото е на Виваком и ползвам уйърлес адаптер. Тая сутрин при стартиране екрана и цветовете на монитора бяха размазани, това се случи и преди месец - явно и драйвърите на видеокартата ми трябва да се обновят?! Ако си приглидал логовете, според теб дали ще тръгне уйндоус 7 на тази система? Благодаря за отделеното време и внимание! Успешен ден!

Инсталирах нове версии на Адобе и Мозила, и поставих това коте си написл в Run, натиснах ОК за секунди се появи черен прозорец но файл в нотепад с име look.txt не се генерерира. Пробвах два пъти. Сега ще пусна Касперски онлайн скенера. За съжаление не разполагам с инсталационния диск на Уиндоус nologo. Не мога да инсталирам този Касперски онлайн скенер nologo. Не ми дава да натисна Accept. Първо иска да инсталирам някъква приставка на Java и аз започвам да я инсталирам, но някъде по средата винаги ми дава грешка и забива при инсталацията. Май ще се откажа и ще го занеса на преинсталация?! Незнам дали ще върви Уиндоус 7?

Привет nologo! Извинявам се за забавянето, нямах възможност да съм пред компютъра. Заповядай лога. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000003d Kernel Drivers (total 136): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806EE000 \WINDOWS\system32\hal.dll 0xF8B75000 \WINDOWS\system32\KDCOM.DLL 0xF8A85000 \WINDOWS\system32\BOOTVID.dll 0xF8626000 ACPI.sys 0xF8B77000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF8615000 pci.sys 0xF8675000 isapnp.sys 0xF8C3D000 pciide.sys 0xF88F5000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF8685000 MountMgr.sys 0xF85F6000 ftdisk.sys 0xF8B79000 dmload.sys 0xF85D0000 dmio.sys 0xF88FD000 PartMgr.sys 0xF8695000 VolSnap.sys 0xF85B8000 atapi.sys 0xF86A5000 disk.sys 0xF86B5000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF8598000 fltmgr.sys 0xF8586000 sr.sys 0xF86C5000 PxHelp20.sys 0xF856F000 KSecDD.sys 0xF84E2000 Ntfs.sys 0xF84B5000 NDIS.sys 0xF86D5000 sisagp.sys 0xF849B000 Mup.sys 0xF8905000 BTHidMgr.sys 0xF8B59000 \SystemRoot\system32\DRIVERS\tunmp.sys 0xF8755000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF7E97000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xF7E83000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF8765000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF8775000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF8785000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF7E60000 \SystemRoot\system32\DRIVERS\ks.sys 0xF7D99000 \SystemRoot\system32\drivers\cmuda.sys 0xF7D75000 \SystemRoot\system32\drivers\portcls.sys 0xF80AE000 \SystemRoot\system32\drivers\drmk.sys 0xF89A5000 \SystemRoot\system32\DRIVERS\usbohci.sys 0xF7D51000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF89AD000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF89B5000 \SystemRoot\system32\DRIVERS\sisnic.sys 0xF89BD000 \SystemRoot\system32\DRIVERS\DM9PCI5.SYS 0xF89C5000 \SystemRoot\system32\DRIVERS\fdc.sys 0xF809E000 \SystemRoot\system32\DRIVERS\serial.sys 0xF8B65000 \SystemRoot\system32\DRIVERS\serenum.sys 0xF7D3D000 \SystemRoot\system32\DRIVERS\parport.sys 0xF808E000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF89CD000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF807E000 \SystemRoot\System32\Drivers\VcommMgr.sys 0xF8B69000 \SystemRoot\system32\DRIVERS\vbtenum.sys 0xF89D5000 \SystemRoot\system32\DRIVERS\blueletaudio.sys 0xF8C8F000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF8B91000 \SystemRoot\System32\Drivers\RootMdm.sys 0xF89DD000 \SystemRoot\System32\Drivers\Modem.SYS 0xF7D2B000 \SystemRoot\system32\DRIVERS\bridge.sys 0xF89E5000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF806E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF8473000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF7D14000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF805E000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF804E000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF7D03000 \SystemRoot\system32\DRIVERS\psched.sys 0xF803E000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF89F5000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF89FD000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF8453000 \SystemRoot\system32\DRIVERS\btnetdrv.sys 0xF8A05000 \SystemRoot\system32\DRIVERS\VComm.sys 0xF7CAB000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF802E000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF8A0D000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF8B93000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF7C4D000 \SystemRoot\system32\DRIVERS\update.sys 0xF8B05000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF801E000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF87B5000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF8B9B000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF8A1D000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0xF8B9D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF8CC0000 \SystemRoot\System32\Drivers\Null.SYS 0xF8B9F000 \SystemRoot\System32\Drivers\Beep.SYS 0xF8A2D000 \SystemRoot\System32\drivers\vga.sys 0xF8BA1000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF8BA3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF8A35000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF8A3D000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF7CF7000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xBAFCD000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xBAF74000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xBAF4C000 \SystemRoot\system32\DRIVERS\netbt.sys 0xBAF14000 \SystemRoot\system32\DRIVERS\tcpip6.sys 0xBAEF2000 \SystemRoot\System32\drivers\afd.sys 0xF87D5000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF8A45000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xBAEC7000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xBAE2F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF87E5000 \SystemRoot\System32\Drivers\Fips.SYS 0xBAE09000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF87F5000 \SystemRoot\system32\drivers\ip6fw.sys 0xF8805000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF8B09000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xF8815000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF8A4D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF7C49000 \SystemRoot\system32\DRIVERS\usbscan.sys 0xBACDB000 \SystemRoot\system32\DRIVERS\rt2870.sys 0xF7C45000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xBACB9000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xF8BA9000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0xF8865000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xBACA1000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF8BAD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xBAEB7000 \SystemRoot\System32\drivers\Dxapi.sys 0xF8A5D000 \SystemRoot\System32\watchdog.sys 0xBF9C3000 \SystemRoot\System32\drivers\dxg.sys 0xF8CBF000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF9D5000 \SystemRoot\System32\ati2dvag.dll 0xBFA18000 \SystemRoot\System32\ati2cqag.dll 0xBFA5D000 \SystemRoot\System32\atikvmag.dll 0xBFA93000 \SystemRoot\System32\ati3duag.dll 0xBFD25000 \SystemRoot\System32\ativvaxx.dll 0xB8B74000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xF892D000 \SystemRoot\system32\DRIVERS\AegisP.sys 0xB8AE6000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys 0xB8C69000 \SystemRoot\system32\DRIVERS\nwlnknb.sys 0xB892E000 \SystemRoot\system32\DRIVERS\nwrdr.sys 0xB88D9000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xB8A46000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys 0xF8A65000 \SystemRoot\System32\Drivers\BrPar.sys 0xF8B8D000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xB8747000 \SystemRoot\system32\DRIVERS\srv.sys 0xB8436000 \SystemRoot\System32\Drivers\HTTP.sys 0xB8309000 \SystemRoot\system32\drivers\wdmaud.sys 0xB831E000 \SystemRoot\system32\drivers\sysaudio.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 38): 0 System Idle Process 4 System 1068 C:\WINDOWS\system32\smss.exe 1132 csrss.exe 1160 C:\WINDOWS\system32\winlogon.exe 1208 C:\WINDOWS\system32\services.exe 1220 C:\WINDOWS\system32\lsass.exe 1392 C:\WINDOWS\system32\ati2evxx.exe 1408 C:\WINDOWS\system32\svchost.exe 1464 svchost.exe 1608 C:\WINDOWS\system32\svchost.exe 1684 svchost.exe 1748 svchost.exe 1908 C:\WINDOWS\system32\spoolsv.exe 1956 C:\Program Files\Avira\AntiVir Desktop\sched.exe 832 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 288 C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe 312 svchost.exe 1000 C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe 1340 C:\WINDOWS\system32\svchost.exe 1548 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 776 alg.exe 624 C:\WINDOWS\system32\svchost.exe 728 C:\WINDOWS\system32\ati2evxx.exe 912 C:\WINDOWS\explorer.exe 1012 wmiprvse.exe 1628 C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe 2096 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 2104 C:\WINDOWS\system32\rundll32.exe 2196 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2204 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe 2212 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2220 C:\Program Files\DNA\btdna.exe 2716 C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe 2756 C:\Program Files\RALINK\Common\RaUI.exe 3532 C:\Program Files\Mozilla Firefox\firefox.exe 3284 C:\Program Files\Avira\AntiVir Desktop\avcenter.exe 3860 C:\Documents and Settings\flex\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`c45a5600 (NTFS) PhysicalDrive0 Model Number: ExcelStorTechnologyJ680, Rev: V32OA60A Size Device Name MBR Status -------------------------------------------- 76 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Done!

Благодаря за вниманието nologo!Разбира се че ще продължим, понеже искам поне малко да подобря работата на компютъра си, но ще продължим вероятно утре, защото в момента не съм в града.Лек ден!

Ето и другия лог.Ще продължим утре. --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.11, September 2010 Started On Sun Oct 03 14:53:10 2010 Extended Scan Results ---------------- ->Scan ERROR: resource process://pid:396 (code 0x00000057 (87)) ->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32)) ->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32)) No infection found as part of the extended scan Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Sun Oct 03 16:22:59 2010 Return code: 0 (0x0)

Деинсталирах SAS , сканирах с първата програма. Сега сканирам с вторрата, но става балвно - вече почти 50 минути. Ето лога от първата програма Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.6.0 ; Results at 03.10.2010 г. 14:46:21 for strings: ; 'legacy_fopn' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log...

Дори след всички сканирания които направих, компютъра все така бавно отваря страниците. Май ще се наложи преинсталация?!

Стартирах програмата ERUNT, и всичко мина добре.Лог не се създаде. После сканирах и с TDSSKiller ето лога. Сега продължавам с Combo fix.2010/10/03 13:20:41.0187 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54 2010/10/03 13:20:41.0187 ================================================================================ 2010/10/03 13:20:41.0187 SystemInfo: 2010/10/03 13:20:41.0187 2010/10/03 13:20:41.0187 OS Version: 5.1.2600 ServicePack: 3.0 2010/10/03 13:20:41.0187 Product type: Workstation 2010/10/03 13:20:41.0187 ComputerName: XEON-F9E84D4FFA 2010/10/03 13:20:41.0187 UserName: flex 2010/10/03 13:20:41.0187 Windows directory: C:\WINDOWS 2010/10/03 13:20:41.0187 System windows directory: C:\WINDOWS 2010/10/03 13:20:41.0187 Processor architecture: Intel x86 2010/10/03 13:20:41.0187 Number of processors: 1 2010/10/03 13:20:41.0187 Page size: 0x1000 2010/10/03 13:20:41.0187 Boot type: Normal boot 2010/10/03 13:20:41.0187 ================================================================================ 2010/10/03 13:20:41.0609 Initialize success 2010/10/03 13:21:13.0828 ================================================================================ 2010/10/03 13:21:13.0828 Scan started 2010/10/03 13:21:13.0828 Mode: Manual; 2010/10/03 13:21:13.0828 ================================================================================ 2010/10/03 13:21:14.0218 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/10/03 13:21:14.0375 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/10/03 13:21:14.0562 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/10/03 13:21:14.0718 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2010/10/03 13:21:14.0859 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys 2010/10/03 13:21:15.0328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/10/03 13:21:15.0468 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/10/03 13:21:15.0703 ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2010/10/03 13:21:15.0968 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/10/03 13:21:16.0109 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/10/03 13:21:16.0281 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/10/03 13:21:16.0437 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2010/10/03 13:21:16.0593 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2010/10/03 13:21:16.0781 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/10/03 13:21:16.0921 BlueletAudio (04e84c8049ee93614a2ff6d676d1e247) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys 2010/10/03 13:21:17.0093 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys 2010/10/03 13:21:17.0140 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys 2010/10/03 13:21:17.0328 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\system32\Drivers\BrPar.sys 2010/10/03 13:21:17.0468 BT (d1813668a0117ae05bc0b81c874f91d4) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys 2010/10/03 13:21:17.0609 Btcsrusb (7304acc25455746912de37d7ded387ed) C:\WINDOWS\system32\Drivers\btcusb.sys 2010/10/03 13:21:17.0765 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys 2010/10/03 13:21:17.0906 BTHidEnum (161969d2dd1d39cd2f1edbc60c61fa99) C:\WINDOWS\system32\DRIVERS\vbtenum.sys 2010/10/03 13:21:18.0046 BTHidMgr (a9164c2a39bd917b9f42ae087560ac3d) C:\WINDOWS\system32\Drivers\BTHidMgr.sys 2010/10/03 13:21:18.0218 BTHPORT (10b85171b90c449f8da71c2640b797e9) C:\WINDOWS\system32\Drivers\BTHport.sys 2010/10/03 13:21:18.0390 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys 2010/10/03 13:21:18.0500 BTNetFilter (6b05fdc0cfc3753b520d2d4176cc32d0) C:\WINDOWS\system32\drivers\BTNetFilter.sys 2010/10/03 13:21:18.0640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/10/03 13:21:18.0781 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2010/10/03 13:21:18.0953 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/10/03 13:21:19.0109 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/10/03 13:21:19.0250 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/10/03 13:21:19.0531 cmuda (ddcde8ced6e753f9ebbd07659f808d9d) C:\WINDOWS\system32\drivers\cmuda.sys 2010/10/03 13:21:19.0859 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/10/03 13:21:20.0015 DM9102 (51ef6ca3d57055fed6ab99021d562443) C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS 2010/10/03 13:21:20.0171 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/10/03 13:21:20.0375 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/10/03 13:21:20.0531 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/10/03 13:21:20.0703 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/10/03 13:21:20.0937 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/10/03 13:21:21.0140 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/10/03 13:21:21.0281 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/10/03 13:21:21.0453 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/10/03 13:21:21.0593 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/10/03 13:21:21.0718 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/10/03 13:21:21.0859 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/10/03 13:21:22.0062 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/10/03 13:21:22.0218 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/10/03 13:21:22.0375 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/10/03 13:21:22.0515 HPFXBULK (9e3944a558ab84853ef985988e23a8a4) C:\WINDOWS\system32\drivers\hpfxbulk.sys 2010/10/03 13:21:22.0703 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/10/03 13:21:22.0937 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/10/03 13:21:23.0140 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/10/03 13:21:23.0390 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/10/03 13:21:23.0531 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/10/03 13:21:23.0656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/10/03 13:21:23.0781 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/10/03 13:21:23.0937 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/10/03 13:21:24.0062 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/10/03 13:21:24.0203 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/10/03 13:21:24.0359 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/10/03 13:21:24.0500 k600bus (53d606019bb0f0c6b3e6ec9d2e0f7622) C:\WINDOWS\system32\DRIVERS\k600bus.sys 2010/10/03 13:21:24.0640 k600mdfl (c0d81f66557847bbb7f5b9980bc2ea2e) C:\WINDOWS\system32\DRIVERS\k600mdfl.sys 2010/10/03 13:21:24.0765 k600mdm (646900b2921bad4757b427d2d328ec96) C:\WINDOWS\system32\DRIVERS\k600mdm.sys 2010/10/03 13:21:24.0937 k600mgmt (3990320cfef38b038c012029257e2300) C:\WINDOWS\system32\DRIVERS\k600mgmt.sys 2010/10/03 13:21:25.0078 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/10/03 13:21:25.0218 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/10/03 13:21:25.0390 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/10/03 13:21:25.0625 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/10/03 13:21:25.0765 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/10/03 13:21:25.0906 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/10/03 13:21:26.0046 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/10/03 13:21:26.0203 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/10/03 13:21:26.0421 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/10/03 13:21:26.0593 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/10/03 13:21:26.0796 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/10/03 13:21:26.0921 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/10/03 13:21:27.0062 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/10/03 13:21:27.0203 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/10/03 13:21:27.0375 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/10/03 13:21:27.0484 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2010/10/03 13:21:27.0625 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/10/03 13:21:27.0781 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2010/10/03 13:21:27.0921 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/10/03 13:21:28.0093 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2010/10/03 13:21:28.0187 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/10/03 13:21:28.0312 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/10/03 13:21:28.0453 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/10/03 13:21:28.0609 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/10/03 13:21:28.0750 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/10/03 13:21:28.0890 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/10/03 13:21:29.0140 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/10/03 13:21:29.0328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/10/03 13:21:29.0625 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/10/03 13:21:29.0734 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/10/03 13:21:29.0906 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/10/03 13:21:30.0046 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 2010/10/03 13:21:30.0187 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 2010/10/03 13:21:30.0390 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 2010/10/03 13:21:30.0531 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys 2010/10/03 13:21:30.0718 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/10/03 13:21:30.0859 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/10/03 13:21:31.0000 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/10/03 13:21:31.0140 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/10/03 13:21:31.0328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/10/03 13:21:31.0453 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/10/03 13:21:31.0953 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/10/03 13:21:32.0125 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/10/03 13:21:32.0250 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/10/03 13:21:32.0421 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/10/03 13:21:32.0843 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/10/03 13:21:32.0984 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/10/03 13:21:33.0218 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/10/03 13:21:33.0375 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/10/03 13:21:33.0500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/10/03 13:21:33.0656 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/10/03 13:21:33.0812 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/10/03 13:21:33.0968 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/10/03 13:21:34.0140 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/10/03 13:21:34.0296 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys 2010/10/03 13:21:34.0453 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 2010/10/03 13:21:34.0656 rt2870 (4f73e0a397a85392a4f7410f8b808311) C:\WINDOWS\system32\DRIVERS\rt2870.sys 2010/10/03 13:21:34.0796 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2010/10/03 13:21:34.0859 SASKUTIL (f81ea209a3e43c33f99ff89ebab82d93) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2010/10/03 13:21:34.0984 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/10/03 13:21:35.0140 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/10/03 13:21:35.0281 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/10/03 13:21:35.0421 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/10/03 13:21:35.0625 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2010/10/03 13:21:35.0781 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys 2010/10/03 13:21:35.0921 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2010/10/03 13:21:36.0125 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/10/03 13:21:36.0296 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/10/03 13:21:36.0484 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/10/03 13:21:36.0671 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2010/10/03 13:21:36.0796 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2010/10/03 13:21:36.0937 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/10/03 13:21:37.0078 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/10/03 13:21:37.0437 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/10/03 13:21:37.0609 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/10/03 13:21:37.0765 Tcpip6 (aa7a55536096d646dc7ab0ac5641e9e8) C:\WINDOWS\system32\DRIVERS\tcpip6.sys 2010/10/03 13:21:37.0921 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/10/03 13:21:38.0046 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/10/03 13:21:38.0218 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/10/03 13:21:38.0453 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 2010/10/03 13:21:38.0609 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/10/03 13:21:38.0796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/10/03 13:21:38.0984 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/10/03 13:21:39.0140 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/10/03 13:21:39.0265 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/10/03 13:21:39.0437 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2010/10/03 13:21:39.0562 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/10/03 13:21:39.0687 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/10/03 13:21:39.0812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/10/03 13:21:39.0968 VComm (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys 2010/10/03 13:21:40.0093 VcommMgr (630bbdbf5490f8f57abe650da63661a0) C:\WINDOWS\system32\Drivers\VcommMgr.sys 2010/10/03 13:21:40.0250 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/10/03 13:21:40.0437 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/10/03 13:21:40.0625 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/10/03 13:21:40.0828 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/10/03 13:21:41.0125 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2010/10/03 13:21:41.0312 ================================================================================ 2010/10/03 13:21:41.0312 Scan finished 2010/10/03 13:21:41.0312 ================================================================================ Приключих и с Комбо фикс. Ето го и лога. ComboFix 10-10-02.02 - flex 10.2010 г. 13:33:02.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.511.245 [GMT -7:00] Running from: c:\documents and settings\flex\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\flex\Application Data\Desktopicon C:\WA6P . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FOPN ((((((((((((((((((((((((( Files Created from 2010-09-03 to 2010-10-03 ))))))))))))))))))))))))))))))) . 2010-10-03 20:13 . 2010-10-03 20:13 -------- d-----w- c:\program files\ERUNT 2010-10-03 19:13 . 2010-10-03 19:13 -------- d-----w- C:\_OTL . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-03 20:41 . 2009-07-27 16:39 -------- d-----w- c:\program files\DNA 2010-10-03 20:41 . 2009-07-27 16:39 -------- d-----w- c:\documents and settings\flex\Application Data\DNA 2010-10-03 17:49 . 2009-08-25 22:39 -------- d-----w- c:\documents and settings\flex\Application Data\Orbit 2010-10-02 20:17 . 2010-07-24 08:22 63488 ----a-w- c:\documents and settings\flex\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-10-02 20:17 . 2010-05-01 08:39 117760 ----a-w- c:\documents and settings\flex\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-10-02 20:07 . 2010-05-01 08:38 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-10-01 04:50 . 2009-08-10 14:24 -------- d-----w- c:\documents and settings\flex\Application Data\Skype 2010-10-01 03:42 . 2009-07-06 13:13 -------- d-----w- c:\documents and settings\flex\Application Data\skypePM 2009-07-22 21:19 . 2009-07-22 21:17 7954744 ----a-w- c:\program files\Firefox Setup 3.5.1.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-06 39408] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-17 323392] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-28 2020592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] c:\documents and settings\flex\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-3-6 1183744] Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-10-29 1585152] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^flex^Start Menu^Programs^Startup^Corel Registration.lnk] path=c:\documents and settings\flex\Start Menu\Programs\Startup\Corel Registration.lnk backup=c:\windows\pss\Corel Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NovaLogic\\Delta Force Xtreme\\dfx.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/27/2010 5:30 PM 61440] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/14/2010 6:37 PM 135336] S2 gupdate1c9ff3167cf15f8;Google Update Service (gupdate1c9ff3167cf15f8);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 10:46 PM 135664] S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [5/11/2005 2:12 PM 52384] S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [5/11/2005 2:12 PM 6096] S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [5/11/2005 2:12 PM 87456] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [5/11/2005 2:12 PM 79248] . Contents of the 'Scheduled Tasks' folder 2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 05:45] 2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 05:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.bg/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Е&кспортирай в Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Закачать ВСЕ при помощи Download Master IE: Закачать при помощи Download Master IE: Передать на удаленную закачку DM TCP: {4B7AAC2C-FD37-4705-B59F-B7C5848AF2E5} = 10.10.1.1,91.139.226.1 FF - ProfilePath - c:\documents and settings\flex\Application Data\Mozilla\Firefox\Profiles\av1apdzf.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p= FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-10-03 13:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(956) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2472) c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe c:\program files\RALINK\Common\RalinkRegistryWriter.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\rundll32.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-10-03 13:49:21 - machine was rebooted ComboFix-quarantined-files.txt 2010-10-03 20:49 Pre-Run: 12 797 583 360 bytes free Post-Run: 12 686 041 088 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - C72D560BD1AC845292C6DF95D6046397

Привет nologo! Успях да сканирам с третата програма. Ето лога. Сега ще сканирам пак с OTL. RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 3) Number of processors #1 ============================================== >Drivers ============================================== 0xBFA93000 C:\WINDOWS\System32\ati3duag.dll 2695168 bytes (ATI Technologies Inc. , ati3duag.dll) 0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2188928 bytes (Microsoft Corporation, NT Kernel & System) 0x804D7000 PnpManager 2188928 bytes 0x804D7000 RAW 2188928 bytes 0x804D7000 WMIxWDM 2188928 bytes 0xBF800000 Win32k 1847296 bytes 0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0xF82CC000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1601536 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver) 0xBFD25000 C:\WINDOWS\System32\ativvaxx.dll 1409024 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver) 0xF81CE000 C:\WINDOWS\system32\drivers\cmuda.sys 815104 bytes (C-Media Inc, C-Media Audio WDM Driver) 0xBACB9000 C:\WINDOWS\system32\DRIVERS\rt2870.sys 581632 bytes (Ralink Technology, Corp., Ralink 802.11 USB Wireless Adapter Driver) 0xF84E2000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver) 0xBAD47000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0xF7FA2000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver) 0xBAF74000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver) 0xB8288000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver) 0xBFA18000 C:\WINDOWS\System32\ati2cqag.dll 282624 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module) 0xBF9D5000 C:\WINDOWS\System32\ati2dvag.dll 274432 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver) 0xB7D6F000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack) 0xBAF14000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver) 0xBFA5D000 C:\WINDOWS\System32\atikvmag.dll 221184 bytes (ATI Technologies Inc., Virtual Command And Memory Manager) 0xF8000000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector) 0xF8626000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT) 0xB88B7000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0xF84B5000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver) 0xB7B64000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer) 0xBADB7000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0xBAF4C000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver) 0xB890C000 C:\WINDOWS\system32\DRIVERS\nwrdr.sys 163840 bytes (Microsoft Corporation, NetWare Redirector File System Driver) 0xF85D0000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver) 0xBAE82000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator) 0xF81AA000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0xF8186000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0xF8295000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library) 0xBAEF2000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0xBAC97000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 139264 bytes (Avira GmbH, Avira Driver for Security Enhancement) 0xBAED0000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS) 0x806EE000 ACPI_HAL 131840 bytes 0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0xF8598000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0xF85F6000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver) 0xF849B000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0xF85B8000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver) 0xBAC7F000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes 0xF856F000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0xF8149000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0xB8AC4000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver) 0xB8B52000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver) 0xB8852000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper) 0xF8172000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver) 0xF82B8000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver) 0xBAFCD000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver) 0xF8160000 C:\WINDOWS\system32\DRIVERS\bridge.sys 73728 bytes (Microsoft Corporation, MAC Bridge Driver) 0xBF9C3000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver) 0xF8586000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver) 0xF8615000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0xF8110000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler) 0xF8715000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver) 0xF8775000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0xB8C37000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver) 0xF87A5000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver) 0xF8795000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0xF8785000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver) 0xBAE72000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter) 0xF8855000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB) 0xB8A34000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver) 0xF86B5000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll) 0xF87B5000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver) 0xF87D5000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0xF8695000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0xF87F5000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0xF88B5000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver) 0xF8765000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver) 0xF8685000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager) 0xF87E5000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0xF8675000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver) 0xF8825000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy) 0xF86C5000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP) 0xF86D5000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter) 0xF8815000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver) 0xF87C5000 C:\WINDOWS\System32\Drivers\VcommMgr.sys 40960 bytes (IVT Corporation, Bluetooth VcommMgr driver) 0xF86A5000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver) 0xF88A5000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library) 0xF8755000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver) 0xF8885000 C:\WINDOWS\system32\drivers\ip6fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver) 0xF8805000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier) 0xF8875000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver) 0xB7C3F000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0xF8895000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0xF89BD000 C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS 32768 bytes (CNet Technology, Inc. , NDIS 5.0 driver ) 0xF89E5000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver) 0xF8A45000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver) 0xF89B5000 C:\WINDOWS\system32\DRIVERS\sisnic.sys 32768 bytes (SiS Corporation, SiS PCI Fast Ethernet Adapter Driver) 0xF89AD000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0xF8A0D000 C:\WINDOWS\system32\DRIVERS\VComm.sys 32768 bytes (IVT Corporation, Bluetooth Serial Port Driver) 0xF8905000 BTHidMgr.sys 28672 bytes (IVT Corporation, Bluetooth HID Manager driver) 0xF89C5000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver) 0xF8A55000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0xF88F5000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0xF89CD000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver) 0xF8A15000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver) 0xF8A5D000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS) 0xF8A4D000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver) 0xF8A35000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0xF8935000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Cisco Systems, Inc., IEEE 802.1X Protocol Driver) 0xF89D5000 C:\WINDOWS\system32\DRIVERS\blueletaudio.sys 20480 bytes (IVT Corporation, Bluelet Audio Driver) 0xF8925000 C:\WINDOWS\System32\Drivers\BrPar.sys 20480 bytes (Brother Industries Ltd., Brother Parallel class Driver version 1.01) 0xF8A25000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver) 0xF8A3D000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver) 0xF88FD000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager) 0xF89FD000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library) 0xF8A05000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver) 0xF89ED000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper) 0xF89A5000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver) 0xF8A75000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver) 0xF8457000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver) 0xF8B55000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator) 0xF8B71000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver) 0xF8A85000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver) 0xF845F000 C:\WINDOWS\system32\DRIVERS\btnetdrv.sys 12288 bytes (IVT Corporation, Bluetooth PAN Network Adapter Driver) 0xBAEB0000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver) 0xF8121000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices) 0xF8467000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver) 0xF8B69000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0xF813D000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0xF8B49000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver) 0xF8B59000 C:\WINDOWS\system32\DRIVERS\vbtenum.sys 12288 bytes 0xF8BA9000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter) 0xF8B9D000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver) 0xF8B79000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver) 0xF8BB3000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes 0xF8B9B000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver) 0xF8B75000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0xF8B9F000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator) 0xF8BBD000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver) 0xF8BA1000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport) 0xF8B91000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver) 0xF8B97000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0xF8B99000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0xF8B77000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0xF8D3F000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver) 0xF8C4C000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk) 0xF8C7E000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver) 0xF8C3D000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver) ============================================== >Stealth ============================================== ============================================== >Files ============================================== ============================================== >Hooks ============================================== ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe] ntoskrnl.exe+0x0000B74C, Type: Inline - RelativeJump 0x804E274C-->804E2722 [ntoskrnl.exe] ntoskrnl.exe+0x0000B7AC, Type: Inline - RelativeJump 0x804E27AC-->804E2783 [ntoskrnl.exe] ntoskrnl.exe+0x0000B830, Type: Inline - RelativeJump 0x804E2830-->804E2807 [ntoskrnl.exe] ntoskrnl.exe+0x0000B9AC, Type: Inline - RelativeJump 0x804E29AC-->804E2983 [ntoskrnl.exe] ntoskrnl.exe+0x0000B9D8, Type: Inline - RelativeJump 0x804E29D8-->804E29AF [ntoskrnl.exe] ntoskrnl.exe+0x0000BA84, Type: Inline - RelativeJump 0x804E2A84-->804E2A5B [ntoskrnl.exe] [940]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll] [940]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll] [940]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll] [940]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll] [940]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll] [940]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x771B124C-->00000000 [shimeng.dll] [940]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll] !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =) Стартирах отново OTL, копирах и поставих скрипта, натинах Run Fix , след сканирането компютъра се рестартира и при стартирене се създаде този лог-файл. All processes killed ========== OTL ========== Service HidServ stopped successfully! Service HidServ deleted successfully! File C:\WINDOWS\System32\hidserv.dll File not found not found. Service InCDRm stopped successfully! Service InCDRm deleted successfully! File C:\WINDOWS\System32\drivers\InCDRm.sys File not found not found. Service InCDPass stopped successfully! Service InCDPass deleted successfully! File C:\WINDOWS\System32\drivers\InCDPass.sys File not found not found. Service InCDFs stopped successfully! Service InCDFs deleted successfully! File C:\WINDOWS\System32\drivers\InCDFs.sys File not found not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully. C:\Documents and Settings\flex\Start Menu\Programs\Startup\Xfire.lnk moved successfully. Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71} C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bce0020-4487-11dc-918f-0008a190b0d1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bce0020-4487-11dc-918f-0008a190b0d1}\ not found. File G:\setupSNK.exe not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:stera deleted successfully. ========== FILES ========== C:\RECYCLER\S-1-5-21-790525478-920026266-1801674531-1003 folder moved successfully. C:\RECYCLER\S-1-5-18 folder moved successfully. C:\RECYCLER folder moved successfully. D:\RECYCLER\S-1-5-21-790525478-920026266-1801674531-1003 folder moved successfully. D:\RECYCLER\S-1-5-21-329068152-2111687655-682003330-1003 folder moved successfully. D:\RECYCLER folder moved successfully. recycler not found in E:\ < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\flex\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\flex\Desktop\cmd.txt deleted successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\GameTop.com\Extreme Racers\Extreme Racers.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\GameSpy Arcade\Aphex.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\The.Duke.Nukem.3D.High.Resolution.Version\Duke3D\eduke32.exe deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: flex ->Temp folder emptied: 1437025238 bytes ->Temporary Internet Files folder emptied: 98304 bytes ->FireFox cache emptied: 41673734 bytes ->Flash cache emptied: 1919231 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 2853263 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2162283 bytes %systemroot%\System32 .tmp files removed: 18961 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 36927084 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1 452,00 mb [EMPTYFLASH] User: All Users User: Default User User: flex ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.14.1 log created on 10032010_121342 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

Ползвам интернет на Виваком и пише че сигнала е много добър - 54 мегабита.

Привет nologo!Преди да изпълня скрипта с OTL необходимо ли е пак да правя същите настройки на програмата?Защото при стартирането и забелязах, че отметките не са там където бяха при първото сканиране с OTL. Преди това изпълних стъпка 1 но ми даде грешка - C: Windows system32> is not acceble The filename,directory name, or volume label syntax is incorrect Ето файла от OTL без настройките на програмата. А програмата от стъпка 3 след като натисна Report за да маркирам последните четири отметки, въобще не се появават въпросните отметки. Стои празен екран Дали компютъра отваря бавно страниците в интернет, понеже е на уайърлес а е настолен компютър и LAN картата му е слаба? Или пък антивирусните които ползвам в комбинация - Avira, SAS и МВАМ си пречат и го бавят?! OTL.Txt

Nologo благодаря за вниманието! Утре в 11:00 ще мога да пиша от компютъра си и ще публикувам логовете от сканиранията. Лека вечер!

Здравей nologo! По време на сканирането с Секюрити чек, Авира опита да се ъпдейтне, но я спрях, сканирането продължи и Авира ми изписа някъква грешка, натиснах Dont Send и продълхих. После сканирах и с OTL. По време на сканирането с GMER компютъра се рестартира. Публикувам тези логове за де не се загувят и ще опитам пак с GMER.Results of screen317's Security Check version 0.99.5 Windows XP Service Pack 3 Internet Explorer 6 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Avira AntiVir Personal - Free Antivirus WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Adobe Flash Player 10.1.85.3 Adobe Reader 7.0.5 Out of date Adobe Reader installed! Mozilla Firefox (3.5.11) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Avira Antivir avgnt.exe Avira Antivir avguard.exe ```````````````````````````````` DNS Vulnerability Check: Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?) ``````````End of Log```````````` И при втория опит за скан с GMER компютъра се рестартира. Явно няма да стане да сканирам с тази програма. OTL.Txt Extras.Txt

Здравейте! От около месец компютъра ми стана много бавен. В интернет много бавно отваря сайтовете и страниците. Сканирах с Авира но не откри вируси. Преди месец - два компютъра беше много по-бърз. Прикачвам логове от МБАМ и DDS. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Версия на базата от данни: 4733 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 02.10.2010 г. 13:48:48 mbam-log-2010-10-02 (13-48-48).txt Тип сканиране: Бързо сканиране Сканирани обекти: 137571 Изминало време: 13 минута(и), 58 секунда(и) Заразени процеси в паметта: 0 Заразени модули в паметта: 0 Заразени ключове в регистратурата: 0 Заразени стойности в регистратурата: 0 Заразени информационни обекти в регистратурата: 0 Заразени папки: 0 Заразени файлове: 0 Заразени процеси в паметта: (Не бяха открити зловредни обекти) Заразени модули в паметта: (Не бяха открити зловредни обекти) Заразени ключове в регистратурата: (Не бяха открити зловредни обекти) Заразени стойности в регистратурата: (Не бяха открити зловредни обекти) Заразени информационни обекти в регистратурата: (Не бяха открити зловредни обекти) Заразени папки: (Не бяха открити зловредни обекти) Заразени файлове: (Не бяха открити зловредни обекти) Attach.txt DDS.txt