Премини към съдържанието

nasko_blg

Потребител
  • Публикации

    23
  • Регистрация

  • Последно онлайн

Харесвания

3 Неутрална репутация

Всичко за nasko_blg

  • Титла
    Потребител
  1. Zone Alarm Free ... няма експерт настройки. Не можеш да си отвориш портове. Много съм разочарован. Startup Repair вече го пробвах: Не помага. Чудя се дали при премахването на Microsoft Security Essentials не се е затрило и нещо което да използва Windows Firewall. Или пък Network Shield на Avast да прави номера? Другият вариянт е все още да имаме някое backdoor-че което да се грижи за firewall-a. Все пак мисля да пробвам този метод: http://www.sevenforu...ir-install.html Но чак довечера.
  2. Пак същото. Пусках и sfc /SCANNOW но без резултат. Мисля да инсталирам Zone Alarm и ще видим какво ще стане. Все пак не е толко фатално, защото интернета ми минава през NAT рутер. Интересното е, че в момента всички портове са блокирани. Явно при Win 7 правилото по подразбиране е да се блокира всичко. Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-08-23 11:46 EEST Nmap scan report for nasko-pc (192.168.1.116) Host is up (0.00061s latency). Not shown: 985 closed ports PORT STATE SERVICE 80/tcp filtered http 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 443/tcp filtered https 445/tcp filtered microsoft-ds 554/tcp filtered rtsp 2869/tcp filtered icslap 3389/tcp filtered ms-term-serv 5357/tcp filtered wsdapi 10243/tcp filtered unknown 49152/tcp filtered unknown 49153/tcp filtered unknown 49155/tcp filtered unknown 49156/tcp filtered unknown 49157/tcp filtered unknown
  3. SystemLook 30.07.11 by jpshortstuff Log created at 06:22 on 23/08/2011 by Nasko Administrator - Elevation successful ========== reg ========== [HKEY_LOCAL_MACHINE\software\microsoft\security center] "cval"= 0x0000000001 (1) "FirewallOverride"= 0x0000000001 (1) "DisableThumbnailCache"="0" "FirewallDisableNotify"="0" "UpdatesDisableNotify"= 0x0000000000 (0) "AntiVirusDisableNotify"= 0x0000000000 (0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] (No values found) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp1"=19 0d da 5d 3f 04 ca 01 (REG_QWORD) "AntiVirusOverride"= 0x0000000000 (0) "AntiSpywareOverride"= 0x0000000000 (0) "FirewallOverride"= 0x0000000000 (0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\Vol] (No values found) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile] "DisableNotifications"= 0x0000000000 (0) "EnableFirewall"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging] "LogFileSize"= 0x0000001000 (4096) "LogFilePath"="%systemroot%\system32\LogFiles\Firewall\pfirewall.log" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile] "DisableNotifications"= 0x0000000000 (0) "EnableFirewall"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging] "LogFileSize"= 0x0000001000 (4096) "LogFilePath"="%systemroot%\system32\LogFiles\Firewall\pfirewall.log" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile] "DisableNotifications"= 0x0000000000 (0) "EnableFirewall"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging] "LogFileSize"= 0x0000001000 (4096) "LogFilePath"="%systemroot%\system32\LogFiles\Firewall\pfirewall.log" -= EOF =-
  4. Пълното сканиране на Avast не откри никакви заплахи. Но има друг проблем: Не може да се стартира Firewall-а на Windows. The Windows Firewall service terminated with service-specific error The data is invalid..
  5. Хмм. От Avira до сега не бяха чували нищо за това "животно". Вчера им пуснах Flash-Player.exe-то за анализ и днес са ми върнали писмо. Дали са му и име "BDS/Bafruz.B.3". Хубаво е, че са си обновили дефинициите и вече го засичат За съжаление не успях да открия подобна възможност за качаване на файл през интернет при производителите на други антивирусни програми. Ето и съдържанието на отговора от Avira: Message body Dear Sir or Madam, Thank you for your email to Avira's virus lab. Tracking number: INC00806478. A listing of files alongside their results can be found below: File ID Filename Size (Byte) Result 26261378 Flash-Player.exe 1.13 MB MALWARE Please find a detailed report concerning each individual sample below: Filename Result Flash-Player.exe MALWARE The file 'Flash-Player.exe' has been determined to be 'MALWARE'.Our analysts named the threat BDS/Bafruz.B.3.The term "BDS/" denotes a Backdoor-Server program. Backdoor-Server programs are used to spy out, modify or delete data.Detection is added to our virus definition file (VDF) starting with version 7.11.13.155. Alternatively you can see the analysis result here: http://analysis.avira.com/samples/details.php?uniqueid=1cIVEVGvJ7dBbvrbvvdPdN5rtjDvRcUR&incidentid=806478 An overview of all your submissions can be found here: http://analysis.avira.com/samples/details.php?uniqueid=1cIVEVGvJ7dBbvrbvvdPdN5rtjDvRcUR Please note: If you have specific questions please address them to support@avira.com Kind regards Avira Virus Lab --------------------------------------------- Avira GmbH Kaplaneiweg 1, 88069 Tettnang, Germany Phone: +49 (0) 7542-500 0 Fax: +49 (0) 7542-500 3000 Internet: http://www.avira.com CEO: Tjark Auerbach Headquarter: Tettnang Commercial register: AG Ulm HRB 630992 ---------------------------------------------
  6. Нямаше проблеми с Avast по-рано през деня, но пречеше на работата на OTL ина DSS и за това я премахнах докато тече работата по отстраняване на вирусите. Сега се инсталира на ново Avast. Ще ви уведомя за резултата.
  7. All processes killed ========== OTL ========== Z:\AUTOEXEC.BAT moved successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk /p \??\V: deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully. C:\Windows\geoiplist moved successfully. C:\Windows\info1 moved successfully. ADS C:\ProgramData\TEMP:8FF81EB0 deleted successfully. ADS C:\ProgramData\TEMP:8927A071 deleted successfully. ADS C:\ProgramData\TEMP:6152D44C deleted successfully. ========== FILES ========== recycler not found in C:\ D:\RECYCLER\S-1-5-21-9008629162-1159038846-248914059-6680 folder moved successfully. D:\RECYCLER\S-1-5-21-1886847840-8115993136-071051760-8805 folder moved successfully. D:\RECYCLER\S-1-5-21-1229272821-1677128483-1606980848-1003 folder moved successfully. D:\RECYCLER folder moved successfully. recycler not found in I:\ recycler not found in X:\ Z:\RECYCLER\S-1-5-21-527237240-2147216713-1606980848-1003 folder moved successfully. Z:\RECYCLER\S-1-5-21-1659004503-2052111302-725345543-1000 folder moved successfully. Z:\RECYCLER\S-1-5-18 folder moved successfully. Z:\RECYCLER folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Nasko\Desktop\cmd.bat deleted successfully. C:\Users\Nasko\Desktop\cmd.txt deleted successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallDisableNotify" | 0 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"DisableThumbnailCache" | 0 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall" | 1 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\\"EnableFirewall" | 1 /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Nasko ->Temp folder emptied: 1067029 bytes ->Temporary Internet Files folder emptied: 10730903 bytes ->Java cache emptied: 43521473 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 917 bytes User: psp ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 456 bytes User: Public ->Temp folder emptied: 0 bytes User: rosi ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 330770 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 44084164 bytes ->Google Chrome cache emptied: 292502938 bytes ->Flash cache emptied: 127970 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 943752 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 375,00 mb [EMPTYFLASH] User: Administrator User: All Users User: Default User: Default User User: Nasko ->Flash cache emptied: 0 bytes User: psp ->Flash cache emptied: 0 bytes User: Public User: rosi ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.26.5 log created on 08222011_000625 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  8. Ето и резултата от OTL OTL.Txt
  9. Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\Windows\phoenix.rar" deleted successfully. File "C:\Windows\rpcminer.rar" deleted successfully. File "C:\Windows\ufa.rar" deleted successfully. File "C:\Windows\geoiplist.rar" deleted successfully. Error: file "C:\Windows\unrar.exe" not found! Deletion of file "C:\Windows\unrar.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\Windows\loader2.exe_ok" deleted successfully. Error: file "C:\Windows\sysdriver32.exe" not found! Deletion of file "C:\Windows\sysdriver32.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\services32.exe" not found! Deletion of file "C:\Windows\services32.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: "C:\Windows\info1" is not a folder! It may instead be a file. Deletion of folder "C:\Windows\info1" failed! Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY) --> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file Error: "C:\Windows\geoiplist" is not a folder! It may instead be a file. Deletion of folder "C:\Windows\geoiplist" failed! Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY) --> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file Completed script processing. ******************* Finished! Terminate. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Трябва да спомена, че преди това бях изпълнил .bat файла за изтриване на файловете, които са описани в него. Ето и резултатите от DDS.scr след рестартиране на машината. DDS.txt Attach.txt
  10. Пробвах OTL отново. Този път мина успешно. OTL.Txt Extras.Txt
  11. ComboFix 11-08-21.01 - Nasko 08.2011 г. 18:18:30.3.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1033.18.2038.1212 [GMT 3:00] Running from: c:\users\Nasko\Desktop\ComboFix.exe Command switches used :: c:\users\Nasko\Desktop\CFScript.txt AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\services32.exe" "c:\windows\sysdriver32.exe" "c:\windows\unrar.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MPKSL037B1F7E -------\Legacy_MPKSL157FB0E4 -------\Legacy_MPKSL1998C27E -------\Legacy_MPKSL1D02D4B2 -------\Legacy_MPKSL29D54CAE -------\Legacy_MPKSL30AC23F6 -------\Legacy_MPKSL5FC44CA1 -------\Legacy_MPKSL807B8340 -------\Legacy_MPKSL858A6F2E -------\Legacy_MPKSL938C0AE9 -------\Legacy_MPKSL96671C94 -------\Legacy_MPKSLA2A89178 -------\Legacy_MPKSLB5DEA9C4 -------\Legacy_MPKSLB68B4CEE -------\Legacy_MPKSLBEF7883C -------\Legacy_MPKSLCE2E4DAA -------\Legacy_MPKSLFBB50BE4 -------\Legacy_MPKSLFC24602D -------\Legacy_VFLT -------\Service_MpKsl037b1f7e -------\Service_MpKsl157fb0e4 -------\Service_MpKsl1998c27e -------\Service_MpKsl1d02d4b2 -------\Service_MpKsl29d54cae -------\Service_MpKsl30ac23f6 -------\Service_MpKsl5fc44ca1 -------\Service_MpKsl807b8340 -------\Service_MpKsl858a6f2e -------\Service_MpKsl938c0ae9 -------\Service_MpKsl96671c94 -------\Service_MpKsla2a89178 -------\Service_MpKslb5dea9c4 -------\Service_MpKslb68b4cee -------\Service_MpKslbef7883c -------\Service_MpKslce2e4daa -------\Service_MpKslfbb50be4 -------\Service_MpKslfc24602d -------\Service_vflt . . ((((((((((((((((((((((((( Files Created from 2011-07-21 to 2011-08-21 ))))))))))))))))))))))))))))))) . . 2011-08-21 15:32 . 2011-08-21 15:32 -------- d-----w- c:\users\rosi\AppData\Local\temp 2011-08-21 15:32 . 2011-08-21 15:32 -------- d-----w- c:\users\psp\AppData\Local\temp 2011-08-21 15:32 . 2011-08-21 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-21 15:32 . 2011-08-21 15:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-08-21 11:24 . 2011-08-21 14:34 -------- d-----w- c:\users\Nasko\AppData\Local\CrashDumps 2011-08-21 09:24 . 2011-08-21 09:25 -------- d-----w- c:\users\Nasko\.viget 2011-08-20 22:18 . 2011-08-20 22:32 -------- d-----w- c:\users\Nasko\AppData\Local\NPE 2011-08-20 21:48 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-08-20 21:48 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-08-20 21:48 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-08-20 21:47 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-08-20 21:47 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-08-20 21:47 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-08-20 21:47 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr 2011-08-20 21:46 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-08-20 21:46 . 2011-08-20 21:46 -------- d-----w- c:\programdata\AVAST Software 2011-08-20 21:46 . 2011-08-20 21:46 -------- d-----w- c:\program files\AVAST Software 2011-08-20 20:58 . 2011-08-20 20:58 -------- d-----w- c:\programdata\Kaspersky Lab 2011-08-20 20:42 . 2011-08-16 05:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61B73385-9CAF-4190-B4B1-56999CEC9F02}\mpengine.dll 2011-08-20 20:01 . 2011-08-21 15:35 -------- d-----w- c:\users\Nasko\AppData\Local\temp 2011-08-20 12:44 . 2011-08-20 12:44 -------- d-----w- c:\program files\Trend Micro 2011-08-20 11:37 . 2011-08-20 19:49 246272 ----a-w- c:\windows\unrar.exe 2011-08-20 10:55 . 2011-08-20 19:49 258048 ----a-w- c:\windows\sysdriver32.exe 2011-08-20 10:36 . 2011-08-20 19:49 1182208 ----a-w- c:\windows\services32.exe 2011-08-13 17:04 . 2011-08-13 17:04 -------- d-----w- c:\windows\system32\Macromed 2011-08-06 04:04 . 2011-08-06 04:05 -------- d-----w- c:\users\rosi\.viget . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-15 20:19 . 2011-07-15 20:18 126464 ----a-w- c:\windows\system32\Setup.dll 2011-07-06 16:52 . 2009-11-04 19:25 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 16:52 . 2009-11-04 19:25 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-11 02:29 . 2011-07-13 16:45 2334208 ----a-w- c:\windows\system32\win32k.sys 2011-05-24 16:14 . 2009-11-02 23:50 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-24 10:44 . 2011-06-29 10:51 293376 ----a-w- c:\windows\system32\umpnpmgr.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-07-11 126976] "Realtime Audio Engine"="mmrtkrnl.exe" [2010-06-29 70144] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720] . c:\users\rosi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableSecureUIAPaths"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /p \??\V:\0autocheck autochk * . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . R1 MpKsl4bb8f808;MpKsl4bb8f808;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32CEE24F-A098-4A73-99A2-D1A212243453}\MpKsl4bb8f808.sys [x] R1 MpKsl7fe7e10a;MpKsl7fe7e10a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE4A797D-3B19-469E-92B2-9710E1FD45E0}\MpKsl7fe7e10a.sys [x] R1 MpKsla8df038e;MpKsla8df038e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{802A5512-6279-4E37-8A73-B9081D4D91BF}\MpKsla8df038e.sys [x] R1 MpKslc020cc2e;MpKslc020cc2e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2885316A-AD21-43FF-B09A-BEA1261DBC00}\MpKslc020cc2e.sys [x] R1 MpKslc3df44e5;MpKslc3df44e5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0685ED3A-B8D6-4EE3-9F8C-5CE3B8D44A8C}\MpKslc3df44e5.sys [x] R1 MpKslcbe7b039;MpKslcbe7b039;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51B46C96-CB3A-4EE5-9CF8-CA7035B4B11D}\MpKslcbe7b039.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Услуга Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 135664] R3 CFcatchme;CFcatchme;c:\users\Nasko\AppData\Local\Temp\CFcatchme.sys [x] R3 gupdatem;Услуга на Google Актуализация (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 135664] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712] R3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272] R3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2010-04-17 12096] R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136] R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-25 13704] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 tvspd;Tibbo Virtual Serial Port Driver;c:\windows\system32\Drivers\tvspd.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-01 100560] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-12-01 31888] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 vmcam325av;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\Drivers\vmcam323av.sys [2007-03-27 232448] R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2009-11-19 9728] R3 vvftav323;vvftav323;c:\windows\system32\drivers\vvftav323.sys [2007-03-27 475136] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144] S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640] S2 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2011-05-18 2016504] . . Contents of the 'Scheduled Tasks' folder . 2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 01:40] . 2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 01:40] . 2011-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4027951549-3234357919-638018379-1001Core.job - c:\users\Nasko\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-04 19:08] . 2011-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4027951549-3234357919-638018379-1001UA.job - c:\users\Nasko\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-04 19:08] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.bg/ IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-4027951549-3234357919-638018379-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-4027951549-3234357919-638018379-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(2288) c:\program files\WinSCP\DragExt.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\TeamViewer\Version6\TeamViewer.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2011-08-21 18:50:33 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-21 15:50 . Pre-Run: 8 202 354 688 bytes free Post-Run: 8 493 182 976 bytes free . - - End Of File - - 5EF93B88D813FCB181C8DA0404102B6D
  12. . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Nasko at 14:27:29 on 2011-08-21 Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1033.18.2038.1200 [GMT 3:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\UltraVNC\WinVNC.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\UltraVNC\WinVNC.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\TeamViewer\Version6\TeamViewer.exe C:\Windows\Explorer.EXE C:\Windows\PixArt\Pac207\Monitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\mmrtkrnl.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\ooVoo\ooVoo.exe C:\Users\Nasko\Documents\Downloads\putty.exe C:\Windows\explorer.exe C:\Program Files\dts2acr\AudioConverter.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.bg/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Realtime Audio Engine] "mmrtkrnl.exe" /i mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableSecureUIAPaths = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{4BB85A85-33DD-48F1-B880-0469CD18B9C2} : DhcpNameServer = 10.250.238.3 10.250.238.4 TCP: Interfaces\{A9D6B265-2182-43FF-BCA5-B2A6735C125A} : DhcpNameServer = 192.168.1.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\nasko\appdata\roaming\mozilla\firefox\profiles\05g90w3f.default\ FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties FF - component: c:\users\nasko\appdata\roaming\mozilla\firefox\profiles\05g90w3f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\users\nasko\appdata\roaming\mozilla\firefox\profiles\05g90w3f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll FF - component: c:\users\nasko\appdata\roaming\mozilla\firefox\profiles\05g90w3f.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll FF - component: c:\users\nasko\appdata\roaming\mozilla\firefox\profiles\05g90w3f.default\extensions\{7c06ce0a-3d88-4085-ac25-207009a86bf1}\components\RadioWMPCoreGecko19.dll FF - component: c:\users\nasko\appdata\roaming\mozilla\firefox\profiles\05g90w3f.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\nasko\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-21 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-21 309848] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-7-18 218688] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-21 19544] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-8-21 54104] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-21 42184] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-20 366640] R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-1 2337144] R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640] R2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2011-8-3 2016504] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-4 22712] S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\drivers\vfilter.sys [2009-11-19 17408] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Услуга Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-17 135664] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-4 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-17 135664] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-4 41272] S3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2010-4-17 12096] S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136] S3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2011-6-7 13704] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-2 15872] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-2 52224] S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2010-12-1 31888] S3 vmcam325av;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\vmcam323av.sys [2009-11-4 232448] S3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\drivers\virtualnet.sys [2009-11-19 9728] S3 vvftav323;vvftav323;c:\windows\system32\drivers\vvftav323.sys [2009-12-12 475136] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-24 1343400] . =============== Created Last 30 ================ . 2011-08-21 11:24:05 -------- d-----w- c:\users\nasko\appdata\local\CrashDumps 2011-08-21 09:24:07 -------- d-----w- c:\users\nasko\.viget 2011-08-20 22:18:42 -------- d-----w- c:\users\nasko\appdata\local\NPE 2011-08-20 21:47:57 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-08-20 21:47:52 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-08-20 21:47:00 40112 ----a-w- c:\windows\avastSS.scr 2011-08-20 21:46:49 -------- d-----w- c:\programdata\AVAST Software 2011-08-20 21:46:49 -------- d-----w- c:\program files\AVAST Software 2011-08-20 20:58:35 -------- d-----w- c:\programdata\Kaspersky Lab 2011-08-20 20:42:34 5516608 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll 2011-08-20 20:42:29 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{61b73385-9caf-4190-b4b1-56999cec9f02}\mpengine.dll 2011-08-20 20:10:15 -------- d-sh--w- C:\$RECYCLE.BIN 2011-08-20 20:01:53 -------- d-----w- c:\users\nasko\appdata\local\temp 2011-08-20 12:44:33 -------- d-----w- c:\program files\Trend Micro 2011-08-20 11:37:41 246272 ----a-w- c:\windows\unrar.exe 2011-08-20 10:55:17 258048 ----a-w- c:\windows\sysdriver32.exe 2011-08-20 10:36:31 1182208 ----a-w- c:\windows\services32.exe 2011-08-13 17:24:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ==================== Find3M ==================== . 2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-18 10:56:20 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll 2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-07-15 20:19:42 126464 ----a-w- c:\windows\system32\Setup.dll 2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-07-06 16:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 16:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll 2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe 2011-06-23 04:33:57 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-06-23 04:33:57 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-06-21 05:34:23 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-15 08:55:19 86016 ----a-w- c:\windows\system32\odbccu32.dll 2011-06-15 08:55:19 81920 ----a-w- c:\windows\system32\odbccr32.dll 2011-06-15 08:55:19 319488 ----a-w- c:\windows\system32\odbcjt32.dll 2011-06-15 08:55:19 163840 ----a-w- c:\windows\system32\odbctrac.dll 2011-06-15 08:55:19 122880 ----a-w- c:\windows\system32\odbccp32.dll 2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys 2011-05-24 16:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll . ============= FINISH: 14:33:23,52 =============== @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-23.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 3.11.2009 г. 01:33:17 System Uptime: 21.8.2011 г. 06:18:21 (8 hours ago) . Motherboard: Dell Inc. | | 0H8164 Processor: Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3192/800mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 213 GiB total, 7,007 GiB free. D: is FIXED (NTFS) - 20 GiB total, 0,999 GiB free. E: is CDROM () F: is CDROM () G: is CDROM () I: is FIXED (NTFS) - 160 GiB total, 128,821 GiB free. T: is FIXED (NTFS) - 466 GiB total, 30,025 GiB free. X: is FIXED (NTFS) - 202 GiB total, 4,285 GiB free. Z: is FIXED (NTFS) - 96 GiB total, 0,881 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKslfbb50be4 Device ID: ROOT\LEGACY_MPKSLFBB50BE4\0000 Manufacturer: Name: MpKslfbb50be4 PNP Device ID: ROOT\LEGACY_MPKSLFBB50BE4\0000 Service: MpKslfbb50be4 . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKslbef7883c Device ID: ROOT\LEGACY_MPKSLBEF7883C\0000 Manufacturer: Name: MpKslbef7883c PNP Device ID: ROOT\LEGACY_MPKSLBEF7883C\0000 Service: MpKslbef7883c . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKslfc24602d Device ID: ROOT\LEGACY_MPKSLFC24602D\0000 Manufacturer: Name: MpKslfc24602d PNP Device ID: ROOT\LEGACY_MPKSLFC24602D\0000 Service: MpKslfc24602d . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKsl29d54cae Device ID: ROOT\LEGACY_MPKSL29D54CAE\0000 Manufacturer: Name: MpKsl29d54cae PNP Device ID: ROOT\LEGACY_MPKSL29D54CAE\0000 Service: MpKsl29d54cae . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKslce2e4daa Device ID: ROOT\LEGACY_MPKSLCE2E4DAA\0000 Manufacturer: Name: MpKslce2e4daa PNP Device ID: ROOT\LEGACY_MPKSLCE2E4DAA\0000 Service: MpKslce2e4daa . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKsl807b8340 Device ID: ROOT\LEGACY_MPKSL807B8340\0000 Manufacturer: Name: MpKsl807b8340 PNP Device ID: ROOT\LEGACY_MPKSL807B8340\0000 Service: MpKsl807b8340 . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKsl30ac23f6 Device ID: ROOT\LEGACY_MPKSL30AC23F6\0000 Manufacturer: Name: MpKsl30ac23f6 PNP Device ID: ROOT\LEGACY_MPKSL30AC23F6\0000 Service: MpKsl30ac23f6 . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKsl858a6f2e Device ID: ROOT\LEGACY_MPKSL858A6F2E\0000 Manufacturer: Name: MpKsl858a6f2e PNP Device ID: ROOT\LEGACY_MPKSL858A6F2E\0000 Service: MpKsl858a6f2e . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Shrew Soft Lightweight Filter Device ID: ROOT\LEGACY_VFLT\0000 Manufacturer: Name: Shrew Soft Lightweight Filter PNP Device ID: ROOT\LEGACY_VFLT\0000 Service: vflt . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKsl938c0ae9 Device ID: ROOT\LEGACY_MPKSL938C0AE9\0000 Manufacturer: Name: MpKsl938c0ae9 PNP Device ID: ROOT\LEGACY_MPKSL938C0AE9\0000 Service: MpKsl938c0ae9 . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKsl96671c94 Device ID: ROOT\LEGACY_MPKSL96671C94\0000 Manufacturer: Name: MpKsl96671c94 PNP Device ID: ROOT\LEGACY_MPKSL96671C94\0000 Service: MpKsl96671c94 . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKsl037b1f7e Device ID: ROOT\LEGACY_MPKSL037B1F7E\0000 Manufacturer: Name: MpKsl037b1f7e PNP Device ID: ROOT\LEGACY_MPKSL037B1F7E\0000 Service: MpKsl037b1f7e . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKsl157fb0e4 Device ID: ROOT\LEGACY_MPKSL157FB0E4\0000 Manufacturer: Name: MpKsl157fb0e4 PNP Device ID: ROOT\LEGACY_MPKSL157FB0E4\0000 Service: MpKsl157fb0e4 . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKsla2a89178 Device ID: ROOT\LEGACY_MPKSLA2A89178\0000 Manufacturer: Name: MpKsla2a89178 PNP Device ID: ROOT\LEGACY_MPKSLA2A89178\0000 Service: MpKsla2a89178 . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKsl5fc44ca1 Device ID: ROOT\LEGACY_MPKSL5FC44CA1\0000 Manufacturer: Name: MpKsl5fc44ca1 PNP Device ID: ROOT\LEGACY_MPKSL5FC44CA1\0000 Service: MpKsl5fc44ca1 . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKsl1998c27e Device ID: ROOT\LEGACY_MPKSL1998C27E\0000 Manufacturer: Name: MpKsl1998c27e PNP Device ID: ROOT\LEGACY_MPKSL1998C27E\0000 Service: MpKsl1998c27e . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKsl1d02d4b2 Device ID: ROOT\LEGACY_MPKSL1D02D4B2\0000 Manufacturer: Name: MpKsl1d02d4b2 PNP Device ID: ROOT\LEGACY_MPKSL1D02D4B2\0000 Service: MpKsl1d02d4b2 . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKslb5dea9c4 Device ID: ROOT\LEGACY_MPKSLB5DEA9C4\0000 Manufacturer: Name: MpKslb5dea9c4 PNP Device ID: ROOT\LEGACY_MPKSLB5DEA9C4\0000 Service: MpKslb5dea9c4 . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKslb68b4cee Device ID: ROOT\LEGACY_MPKSLB68B4CEE\0000 Manufacturer: Name: MpKslb68b4cee PNP Device ID: ROOT\LEGACY_MPKSLB68B4CEE\0000 Service: MpKslb68b4cee . ==== System Restore Points =================== . RP1083: 21.8.2011 г. 07:31:47 - Removed Java 6 Update 18 . ==== Installed Programs ====================== . µTorrent 7-Zip 9.20 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.4.5 avast! Free Antivirus CCleaner Cheat Engine 6.1 D3DX10 DAEMON Tools Lite EASEUS Partition Recovery 5.0.1 ffdshow v1.1.3326 [2010-03-19] GetDataBack for NTFS GnuWin32: Grep-2.5.4 Google Chrome Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper HandBrake 0.9.5 IrfanView (remove only) Java Auto Updater Java 6 Update 26 Java SE Development Kit 6 Update 23 Junk Mail filter update Malwarebytes' Anti-Malware version 1.51.1.1800 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MKV2AC3 - 1.02.02 Mozilla Firefox 6.0 (x86 en-US) MSVCRT MyPhoneExplorer ooVoo OpenOffice.org 3.2 OpenVPN 2.2.0 Python 2.7.1 SA Dictionary 2008 Beta 4 Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Simple Sudoku 4.2 Skype™ 5.5 TeamViewer 6 TeraCopy 2.01 UltraISO Premium V9.36 UltraVnc viDrop VLC media player 1.1.11 Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WinRAR archiver WinSCP 4.2.9 Wisdom-soft Set up ASR 3.1 Pro Yahoo! Messenger . ==== Event Viewer Messages From Past Week ======== . 21.8.2011 г. 06:21:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vflt 21.8.2011 г. 01:24:07, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer6 service. 21.8.2011 г. 01:23:23, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vflt 21.8.2011 г. 01:18:17, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer6 service. 21.8.2011 г. 01:17:39, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vflt 20.8.2011 г. 23:28:50, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vflt 20.8.2011 г. 23:28:40, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The system cannot find the file specified. 20.8.2011 г. 23:03:52, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vflt 20.8.2011 г. 23:03:35, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The system cannot find the file specified. 20.8.2011 г. 22:56:19, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 20.8.2011 г. 22:48:47, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 20.8.2011 г. 22:20:51, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 20.8.2011 г. 22:16:34, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 20.8.2011 г. 22:09:50, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 20.8.2011 г. 22:02:05, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 20.8.2011 г. 22:02:01, Error: Service Control Manager [7034] - The ddservice service terminated unexpectedly. It has done this 1 time(s). 20.8.2011 г. 21:46:13, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vflt 20.8.2011 г. 21:45:59, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The system cannot find the file specified. 20.8.2011 г. 20:55:03, Error: Service Control Manager [7034] - The wxpdrivers service terminated unexpectedly. It has done this 1 time(s). 20.8.2011 г. 20:55:03, Error: Service Control Manager [7034] - The srvsysdriver32 service terminated unexpectedly. It has done this 1 time(s). 20.8.2011 г. 20:55:03, Error: Service Control Manager [7034] - The srviecheck service terminated unexpectedly. It has done this 1 time(s). 20.8.2011 г. 20:55:03, Error: Service Control Manager [7034] - The srvbtcclient service terminated unexpectedly. It has done this 1 time(s). 20.8.2011 г. 16:17:48, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vflt 20.8.2011 г. 16:17:27, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The system cannot find the file specified. 20.8.2011 г. 14:47:00, Error: Service Control Manager [7031] - The TeamViewer 6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 20.8.2011 г. 14:34:01, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vflt 20.8.2011 г. 14:33:45, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The system cannot find the file specified. 20.8.2011 г. 14:05:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 20.8.2011 г. 14:05:36, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 14:05:36, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 14:05:36, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 14:05:36, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 14:05:36, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 14:05:35, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 14:05:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 20.8.2011 г. 14:05:34, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 14:05:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 20.8.2011 г. 14:05:33, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 14:05:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 20.8.2011 г. 14:05:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 20.8.2011 г. 14:05:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 20.8.2011 г. 14:05:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 20.8.2011 г. 14:05:17, Error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%-2147017840 20.8.2011 г. 14:05:16, Error: Microsoft Antimalware [5101] - 20.8.2011 г. 14:05:06, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vflt vpcnfltr vpcvmm Wanarpv6 WfpLwf 20.8.2011 г. 14:05:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 20.8.2011 г. 14:04:58, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 14:04:58, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 20.8.2011 г. 14:04:58, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 20.8.2011 г. 14:04:58, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 14:04:58, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 14:04:58, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 20.8.2011 г. 14:04:58, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 14:04:58, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 14:04:58, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 20.8.2011 г. 14:04:58, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 20.8.2011 г. 14:03:58, Error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%-2147017840 20.8.2011 г. 14:03:58, Error: Microsoft Antimalware [5101] - 20.8.2011 г. 14:03:51, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vflt vpcnfltr vpcvmm Wanarpv6 WfpLwf 20.8.2011 г. 14:03:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 20.8.2011 г. 14:03:43, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 14:03:43, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 20.8.2011 г. 14:03:43, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 20.8.2011 г. 14:03:43, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 14:03:43, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 14:03:43, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 20.8.2011 г. 14:03:43, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 14:03:43, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 14:03:43, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 20.8.2011 г. 14:03:43, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 20.8.2011 г. 13:52:29, Error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%-2147017840 20.8.2011 г. 13:52:12, Error: Microsoft Antimalware [5101] - 20.8.2011 г. 13:52:11, Error: Service Control Manager [7000] - The Microsoft Network Inspection service failed to start due to the following error: The system cannot find the file specified. 20.8.2011 г. 13:52:11, Error: Microsoft Antimalware [3002] - 20.8.2011 г. 13:52:10, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vflt 20.8.2011 г. 13:50:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 20.8.2011 г. 13:50:09, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vflt vpcnfltr vpcvmm Wanarpv6 WfpLwf 20.8.2011 г. 13:50:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 20.8.2011 г. 13:50:02, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 13:50:02, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 20.8.2011 г. 13:50:02, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 20.8.2011 г. 13:50:02, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 13:50:02, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 13:50:02, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 20.8.2011 г. 13:50:02, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 13:50:02, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 20.8.2011 г. 13:50:02, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 20.8.2011 г. 13:50:02, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 20.8.2011 г. 10:39:27, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vflt 19.8.2011 г. 23:31:26, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 19.8.2011 г. 22:48:40, Error: TermDD [50] - The RDP protocol component "DATA ENCRYPTION" detected an error in the protocol stream and has disconnected the client. 19.8.2011 г. 14:47:27, Error: TermDD [56] - The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 15.195.179.254. 18.8.2011 г. 23:15:35, Error: Service Control Manager [7034] - The TeamViewer 6 service terminated unexpectedly. It has done this 3 time(s). 18.8.2011 г. 23:11:30, Error: Service Control Manager [7031] - The TeamViewer 6 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 18.8.2011 г. 19:15:48, Error: TermDD [50] - The RDP protocol component "DATA ENCRYPTION" detected an error in the protocol stream and has disconnected the client. 18.8.2011 г. 12:52:09, Error: Service Control Manager [7031] - The TeamViewer 6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 17.8.2011 г. 14:56:32, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 17.8.2011 г. 14:07:18, Error: TermDD [50] - The RDP protocol component "DATA ENCRYPTION" detected an error in the protocol stream and has disconnected the client. 15.8.2011 г. 19:19:27, Error: TermDD [56] - The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 15.195.179.254. 15.8.2011 г. 14:48:31, Error: TermDD [50] - The RDP protocol component "DATA ENCRYPTION" detected an error in the protocol stream and has disconnected the client. 15.8.2011 г. 11:54:20, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver hp LaserJet 1000 required for printer !!COMP09!hp LaserJet 1000 is unknown. Contact the administrator to install the driver before you log in again. 15.8.2011 г. 03:13:29, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 14.8.2011 г. 17:40:35, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver hp LaserJet 1000 required for printer !!COMP09!hp LaserJet 1000 is unknown. Contact the administrator to install the driver before you log in again. 14.8.2011 г. 16:53:22, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver hp LaserJet 1000 required for printer !!COMP09!hp LaserJet 1000 is unknown. Contact the administrator to install the driver before you log in again. 14.8.2011 г. 13:19:29, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver hp LaserJet 1000 required for printer !!COMP09!hp LaserJet 1000 is unknown. Contact the administrator to install the driver before you log in again. 14.8.2011 г. 05:13:00, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver hp LaserJet 1000 required for printer !!COMP09!hp LaserJet 1000 is unknown. Contact the administrator to install the driver before you log in again. 14.8.2011 г. 05:03:35, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver hp LaserJet 1000 required for printer !!COMP09!hp LaserJet 1000 is unknown. Contact the administrator to install the driver before you log in again. . ==== End Of File ===========================
  13. След пълно сканиране с Аваст нямаше нищо обезпокоително.
  14. В момента чакам да приключи full scan-a на mbam. След това възнамерявам да пусна Kaspersky Virus Removal Tool. За сега компютърът работи нормално (След рестартирането от mbam насам).
  15. Имаше само 3 открити резултата. Mbam поиска рестарт. За съжаление не мога да открия генерирания от него лог файл след рестарта.
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.