Премини към съдържанието

danmin

Потребител
  • Публикации

    17
  • Регистрация

  • Последно онлайн

Харесвания

2 Неутрална репутация

Всичко за danmin

  • Титла
    Потребител
  1. Scan "Whole computer scan" completed. No infection was found during this scan Folders selected for scanning:;"Whole computer scan" Scan started:;"23 Октомври 2011 г., 12:07:02" Scan finished:;"23 Октомври 2011 г., 12:19:44 (12 minute(s) 41 second(s))" Total object scanned:;"1331071" User who launched the scan:;"D" 12:01:56.0812 1380 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48 12:01:56.0953 1380 ============================================================ 12:01:56.0953 1380 Current date / time: 2011/10/23 12:01:56.0953 12:01:56.0953 1380 SystemInfo: 12:01:56.0953 1380 12:01:56.0953 1380 OS Version: 5.2.3790 ServicePack: 2.0 12:01:56.0953 1380 Product type: Workstation 12:01:56.0953 1380 ComputerName: ETAJ2 12:01:56.0953 1380 UserName: D 12:01:56.0953 1380 Windows directory: C:\WINDOWS 12:01:56.0953 1380 System windows directory: C:\WINDOWS 12:01:56.0953 1380 Running under WOW64 12:01:56.0953 1380 Processor architecture: Intel x64 12:01:56.0953 1380 Number of processors: 2 12:01:56.0953 1380 Page size: 0x1000 12:01:56.0953 1380 Boot type: Normal boot 12:01:56.0953 1380 ============================================================ 12:01:57.0781 1380 Initialize success 12:01:58.0750 2320 ============================================================ 12:01:58.0750 2320 Scan started 12:01:58.0750 2320 Mode: Manual; 12:01:58.0765 2320 ============================================================ 12:01:59.0625 2320 Abiosdsk - ok 12:01:59.0656 2320 ACPI (0cc42d1fb637112de6f6196ddaf83dec) C:\WINDOWS\system32\DRIVERS\ACPI.sys 12:01:59.0656 2320 ACPI - ok 12:01:59.0687 2320 ACPIEC (a4d4f508bc6613442b0c32cde443e382) C:\WINDOWS\system32\drivers\ACPIEC.sys 12:01:59.0687 2320 ACPIEC - ok 12:01:59.0703 2320 adpu160m - ok 12:01:59.0703 2320 adpu320 - ok 12:01:59.0734 2320 aec (92500bc3a6e241bbc357f532dd500a75) C:\WINDOWS\system32\drivers\aec.sys 12:01:59.0734 2320 aec - ok 12:01:59.0750 2320 AFD (f0e008ac59faa5ecd22c8891b3300378) C:\WINDOWS\System32\drivers\afd.sys 12:01:59.0765 2320 AFD - ok 12:01:59.0765 2320 aic78u2 - ok 12:01:59.0781 2320 aic78xx - ok 12:01:59.0781 2320 AliIde - ok 12:01:59.0796 2320 AmdIde - ok 12:01:59.0812 2320 arc - ok 12:01:59.0843 2320 AsyncMac (7380acdd2d8e6621392e56d9a0467fe4) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 12:01:59.0843 2320 AsyncMac - ok 12:01:59.0859 2320 atapi (7a1814d0d112f50f828e25557a1ed29f) C:\WINDOWS\system32\DRIVERS\atapi.sys 12:01:59.0859 2320 atapi - ok 12:01:59.0859 2320 Atdisk - ok 12:01:59.0984 2320 ati2mtag (32f763987fefeb5b920ebeae41753137) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 12:02:00.0015 2320 ati2mtag - ok 12:02:00.0046 2320 AtiHdmiService (23aaf25bf2c70978f6214a196124032c) C:\WINDOWS\system32\drivers\AtiHdmi.sys 12:02:00.0046 2320 AtiHdmiService - ok 12:02:00.0078 2320 Atmarpc (62d65fce5695b53a2ddf92e83111ea06) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 12:02:00.0093 2320 Atmarpc - ok 12:02:00.0109 2320 audstub (1437089f59dba75fee4ed959077a938e) C:\WINDOWS\system32\DRIVERS\audstub.sys 12:02:00.0109 2320 audstub - ok 12:02:00.0140 2320 AVGIDSEH (70bfa1fbb47b1c95f2a316d874149a1f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 12:02:00.0140 2320 AVGIDSEH - ok 12:02:00.0171 2320 Avgldx64 (dadfccfb036da99fa83e7e1d29290a6c) C:\WINDOWS\system32\DRIVERS\avgldx64.sys 12:02:00.0171 2320 Avgldx64 - ok 12:02:00.0187 2320 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\WINDOWS\system32\DRIVERS\avgmfx64.sys 12:02:00.0187 2320 Avgmfx64 - ok 12:02:00.0203 2320 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\WINDOWS\system32\DRIVERS\avgrkx64.sys 12:02:00.0218 2320 Avgrkx64 - ok 12:02:00.0218 2320 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\WINDOWS\system32\DRIVERS\avgtdia.sys 12:02:00.0234 2320 Avgtdia - ok 12:02:00.0250 2320 Beep (8ba2e5cdfde406dc4646afb894804844) C:\WINDOWS\system32\drivers\Beep.sys 12:02:00.0250 2320 Beep - ok 12:02:00.0281 2320 CCDECODE (2367a4dda10960624fe696bcedfc995a) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 12:02:00.0296 2320 CCDECODE - ok 12:02:00.0312 2320 CdaC15BA (982563cf02cd6d4e5d8e0f4b5cbb9b6a) C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys 12:02:00.0312 2320 CdaC15BA - ok 12:02:00.0328 2320 CdaD10BA (9067d96899d98ca4535a76e8c8b2e3a5) C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys 12:02:00.0328 2320 CdaD10BA - ok 12:02:00.0343 2320 Cdfs (4d99e36322fb51a8d1b2b6d6b69d9889) C:\WINDOWS\system32\drivers\Cdfs.sys 12:02:00.0343 2320 Cdfs - ok 12:02:00.0359 2320 cdrbsdrv (9edd76d0800a022ae10b9243d0224e72) C:\WINDOWS\system32\drivers\cdrbsdrv.sys 12:02:00.0359 2320 cdrbsdrv - ok 12:02:00.0375 2320 Cdrom (11663fe50e499ffee77979542b285f38) C:\WINDOWS\system32\DRIVERS\cdrom.sys 12:02:00.0375 2320 Cdrom - ok 12:02:00.0390 2320 Changer - ok 12:02:00.0406 2320 CmdIde - ok 12:02:00.0468 2320 cpuz128 - ok 12:02:00.0484 2320 crcdisk (423f7a6e3af4c2a73c8c8ad945f72cba) C:\WINDOWS\system32\DRIVERS\crcdisk.sys 12:02:00.0484 2320 crcdisk - ok 12:02:00.0515 2320 Disk (417d7b9c6f36685a417e54690f8bd7b2) C:\WINDOWS\system32\DRIVERS\disk.sys 12:02:00.0515 2320 Disk - ok 12:02:00.0546 2320 dmboot (19d704c92c2e2bd4dc99db18a3523918) C:\WINDOWS\system32\drivers\dmboot.sys 12:02:00.0546 2320 dmboot - ok 12:02:00.0562 2320 dmio (b293ce1c9243219f6b9e5dbcaa75b962) C:\WINDOWS\system32\DRIVERS\dmio.sys 12:02:00.0562 2320 dmio - ok 12:02:00.0562 2320 dmload (c294e31d6cb7407a43c96ec1fec1f8a4) C:\WINDOWS\system32\drivers\dmload.sys 12:02:00.0562 2320 dmload - ok 12:02:00.0578 2320 dpti2o - ok 12:02:00.0578 2320 dump_wmimmc - ok 12:02:00.0593 2320 esihdrv - ok 12:02:00.0640 2320 Fastfat (7c713b9f6f968f135d3d819492882cdd) C:\WINDOWS\system32\drivers\Fastfat.sys 12:02:00.0656 2320 Fastfat - ok 12:02:00.0687 2320 Fdc (7e35d423ff10ab5b8af1d3de86236690) C:\WINDOWS\system32\DRIVERS\fdc.sys 12:02:00.0687 2320 Fdc - ok 12:02:00.0703 2320 Fips (73ea9000f8fb2e060954eb7c3377a3c7) C:\WINDOWS\system32\drivers\Fips.sys 12:02:00.0703 2320 Fips - ok 12:02:00.0734 2320 Flpydisk (8ac77974378eac3548330951a5deeebf) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 12:02:00.0734 2320 Flpydisk - ok 12:02:00.0750 2320 FltMgr (087db260f98056ac40261acae4240882) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 12:02:00.0750 2320 FltMgr - ok 12:02:00.0781 2320 Fs_Rec (70df80567a55a97894b4e8952ec5e7fc) C:\WINDOWS\system32\drivers\Fs_Rec.sys 12:02:00.0781 2320 Fs_Rec - ok 12:02:00.0781 2320 Ftdisk (e90aa7c073519dd8571670818cb85ccb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 12:02:00.0781 2320 Ftdisk - ok 12:02:00.0812 2320 Gpc (865d4d0b4e3730ef8040000cfb846d9f) C:\WINDOWS\system32\DRIVERS\msgpc.sys 12:02:00.0812 2320 Gpc - ok 12:02:00.0812 2320 GPU-Z - ok 12:02:00.0828 2320 HDAudBus (d36e47728cdbc8d17a77d36a6cbc29bb) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 12:02:00.0828 2320 HDAudBus - ok 12:02:00.0859 2320 HidUsb (f32bec5614a61bbb2bede070d279f88b) C:\WINDOWS\system32\DRIVERS\hidusb.sys 12:02:00.0859 2320 HidUsb - ok 12:02:00.0890 2320 HTTP (2138f3fd8f0658adef14c6e5870fe1e9) C:\WINDOWS\system32\Drivers\HTTP.sys 12:02:00.0906 2320 HTTP - ok 12:02:00.0906 2320 i2omgmt - ok 12:02:00.0921 2320 i8042prt (50fd608643d9b56c4c75c0784513f77e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 12:02:00.0921 2320 i8042prt - ok 12:02:00.0937 2320 iirsp - ok 12:02:00.0953 2320 imapi (d2e541613b72ff9fcedf37b166930706) C:\WINDOWS\system32\DRIVERS\imapi.sys 12:02:00.0953 2320 imapi - ok 12:02:01.0078 2320 IntcAzAudAddService (c04be8a2a50b13eab6c3e1e3bc4de27e) C:\WINDOWS\system32\drivers\RTKHDA64.SYS 12:02:01.0109 2320 IntcAzAudAddService - ok 12:02:01.0125 2320 IntelIde - ok 12:02:01.0156 2320 intelppm (f8def5f83def3d1ee89bc851bfb6a886) C:\WINDOWS\system32\DRIVERS\intelppm.sys 12:02:01.0156 2320 intelppm - ok 12:02:01.0171 2320 Ip6Fw (6601a43ee389d0adb11aaede9a98036b) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 12:02:01.0187 2320 Ip6Fw - ok 12:02:01.0187 2320 IpFilterDriver (1b1b4654a5492a42d2e1bf5b2b22d32b) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 12:02:01.0187 2320 IpFilterDriver - ok 12:02:01.0203 2320 IpInIp - ok 12:02:01.0234 2320 IpNat (088ecb04137df1f52ec10c29d57a8cca) C:\WINDOWS\system32\DRIVERS\ipnat.sys 12:02:01.0234 2320 IpNat - ok 12:02:01.0265 2320 IPSec (db841ec6f027c780002ef47aabfddf86) C:\WINDOWS\system32\DRIVERS\ipsec.sys 12:02:01.0265 2320 IPSec - ok 12:02:01.0296 2320 IRENUM (8b7015ea0171242cca03c2fb48ccc771) C:\WINDOWS\system32\DRIVERS\irenum.sys 12:02:01.0296 2320 IRENUM - ok 12:02:01.0296 2320 isapnp (d994162e4d8e931fc16a892a87852bbb) C:\WINDOWS\system32\DRIVERS\isapnp.sys 12:02:01.0296 2320 isapnp - ok 12:02:01.0312 2320 Kbdclass (e85095372008a9194c7ed6206cb782da) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 12:02:01.0312 2320 Kbdclass - ok 12:02:01.0343 2320 kbdhid (f96d8cec38efd64aaf41976d214fc54e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 12:02:01.0343 2320 kbdhid - ok 12:02:01.0375 2320 kmixer (1b280b3b4c10cc2e3ec3aec17eb6b658) C:\WINDOWS\system32\drivers\kmixer.sys 12:02:01.0375 2320 kmixer - ok 12:02:01.0390 2320 KSecDD (2649aca0d7c01933c95073f4ebfac42c) C:\WINDOWS\system32\drivers\KSecDD.sys 12:02:01.0406 2320 KSecDD - ok 12:02:01.0406 2320 ksthunk (5cb302b6caace41af70c34b56eb3db23) C:\WINDOWS\system32\drivers\ksthunk.sys 12:02:01.0406 2320 ksthunk - ok 12:02:01.0437 2320 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\WINDOWS\system32\drivers\mbam.sys 12:02:01.0437 2320 MBAMProtector - ok 12:02:01.0453 2320 mnmdd (ad6bc1efa0c1b53409947f06de87fc89) C:\WINDOWS\system32\drivers\mnmdd.sys 12:02:01.0453 2320 mnmdd - ok 12:02:01.0484 2320 Modem (9a67a96a0cbc2bc658abf8c9b5ee065a) C:\WINDOWS\system32\drivers\Modem.sys 12:02:01.0484 2320 Modem - ok 12:02:01.0500 2320 Mouclass (12acf32edf03e46805347817acb9f64c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 12:02:01.0500 2320 Mouclass - ok 12:02:01.0515 2320 mouhid (a0c4e4a79c5d6f418315c33177f2b5bc) C:\WINDOWS\system32\DRIVERS\mouhid.sys 12:02:01.0515 2320 mouhid - ok 12:02:01.0531 2320 MountMgr (7e9cc7e4282a8e7a480560a6f817c177) C:\WINDOWS\system32\drivers\MountMgr.sys 12:02:01.0531 2320 MountMgr - ok 12:02:01.0531 2320 mraid35x - ok 12:02:01.0546 2320 MRxDAV (f588ab7dcffefb2891764cf380a80b63) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 12:02:01.0546 2320 MRxDAV - ok 12:02:01.0593 2320 MRxSmb (9899c0483ae641a9540731164fca1ac5) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 12:02:01.0593 2320 MRxSmb - ok 12:02:01.0609 2320 Msfs (983f4ab7a50d56cd33e2061ee733bd55) C:\WINDOWS\system32\drivers\Msfs.sys 12:02:01.0609 2320 Msfs - ok 12:02:01.0625 2320 MSKSSRV (308ec6fbef38871cb2c4cace9c8f4808) C:\WINDOWS\system32\drivers\MSKSSRV.sys 12:02:01.0640 2320 MSKSSRV - ok 12:02:01.0640 2320 MSPCLOCK (8d3226738479719aab3b6d2617d7a55c) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 12:02:01.0640 2320 MSPCLOCK - ok 12:02:01.0671 2320 MSPQM (058d63e8d000ae678d4549bfa8eb0deb) C:\WINDOWS\system32\drivers\MSPQM.sys 12:02:01.0671 2320 MSPQM - ok 12:02:01.0687 2320 mssmbios (5992d1f9ed64017a76afee2b79f5cfb9) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 12:02:01.0687 2320 mssmbios - ok 12:02:01.0718 2320 MSTEE (6c679fab17592620de60dc7700a039ea) C:\WINDOWS\system32\drivers\MSTEE.sys 12:02:01.0718 2320 MSTEE - ok 12:02:01.0718 2320 Mup (4e3a0746542aa482117293234bfde2c9) C:\WINDOWS\system32\drivers\Mup.sys 12:02:01.0718 2320 Mup - ok 12:02:01.0750 2320 NABTSFEC (933012d216d0022a500cc6c0dfa16428) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 12:02:01.0750 2320 NABTSFEC - ok 12:02:01.0765 2320 NDIS (6fe83d05aebef7930d7ce91568dc99df) C:\WINDOWS\system32\drivers\NDIS.sys 12:02:01.0765 2320 NDIS - ok 12:02:01.0781 2320 NdisIP (febeb8bf62b229ce9da98c32bf3d26a3) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 12:02:01.0781 2320 NdisIP - ok 12:02:01.0796 2320 NdisTapi (74612c7b722df0dbcc972f301bd1bf1e) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12:02:01.0796 2320 NdisTapi - ok 12:02:01.0812 2320 Ndisuio (49c1207c1ae8c6958f1c1747132814c2) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 12:02:01.0812 2320 Ndisuio - ok 12:02:01.0828 2320 NdisWan (6157a7aeae6d2b948ff2e872ffac765b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 12:02:01.0828 2320 NdisWan - ok 12:02:01.0843 2320 NDProxy (24ea58a8257c3a4557c589ee0d4ab19b) C:\WINDOWS\system32\drivers\NDProxy.sys 12:02:01.0843 2320 NDProxy - ok 12:02:01.0859 2320 NetBIOS (b1cee06471a069149b11fada23ff00fd) C:\WINDOWS\system32\DRIVERS\netbios.sys 12:02:01.0859 2320 NetBIOS - ok 12:02:01.0890 2320 NetBT (fedaafb6cd700b9e0787c94d81c07db5) C:\WINDOWS\system32\DRIVERS\netbt.sys 12:02:01.0890 2320 NetBT - ok 12:02:01.0906 2320 nmwcdnsucx64 - ok 12:02:01.0921 2320 nmwcdnsux64 - ok 12:02:01.0921 2320 Npfs (81819038621a2c524781ec503d400287) C:\WINDOWS\system32\drivers\Npfs.sys 12:02:01.0921 2320 Npfs - ok 12:02:01.0937 2320 NPPTNT2 - ok 12:02:01.0968 2320 Ntfs (c8904b5f90ab2236692e83d491c4d426) C:\WINDOWS\system32\drivers\Ntfs.sys 12:02:01.0984 2320 Ntfs - ok 12:02:02.0000 2320 Null (501039187c444fa7ab9d97b6a6c667b3) C:\WINDOWS\system32\drivers\Null.sys 12:02:02.0000 2320 Null - ok 12:02:02.0015 2320 NwlnkFlt - ok 12:02:02.0015 2320 NwlnkFwd - ok 12:02:02.0062 2320 Parport (7ddaa09186da9f1d304e819b5a6bbc5a) C:\WINDOWS\system32\drivers\Parport.sys 12:02:02.0062 2320 Parport - ok 12:02:02.0078 2320 PartMgr (5f9a703240468a0c35a629d17ffca847) C:\WINDOWS\system32\drivers\PartMgr.sys 12:02:02.0078 2320 PartMgr - ok 12:02:02.0078 2320 PCI (5b2c8d6971d8df4937c2fa013cd4c00d) C:\WINDOWS\system32\DRIVERS\pci.sys 12:02:02.0078 2320 PCI - ok 12:02:02.0093 2320 PCIIde (f1978c7849a0047306db3b8bb94f0764) C:\WINDOWS\system32\DRIVERS\pciide.sys 12:02:02.0093 2320 PCIIde - ok 12:02:02.0125 2320 Pcmcia (037f3a19f49a4c6a320c4154ebd6ee9d) C:\WINDOWS\system32\drivers\Pcmcia.sys 12:02:02.0125 2320 Pcmcia - ok 12:02:02.0140 2320 PDCOMP - ok 12:02:02.0140 2320 PDFRAME - ok 12:02:02.0156 2320 PDRELI - ok 12:02:02.0156 2320 PDRFRAME - ok 12:02:02.0203 2320 PptpMiniport (e176f640ee6bf550f61faa9ce9a683f4) C:\WINDOWS\system32\DRIVERS\raspptp.sys 12:02:02.0203 2320 PptpMiniport - ok 12:02:02.0203 2320 PRODIGY - ok 12:02:02.0218 2320 PSched (01aae06e543c0956ac247546a8f2dafe) C:\WINDOWS\system32\DRIVERS\psched.sys 12:02:02.0218 2320 PSched - ok 12:02:02.0234 2320 Ptilink (35e39a969d227c2a56c1dc98361d8e35) C:\WINDOWS\system32\DRIVERS\ptilink.sys 12:02:02.0234 2320 Ptilink - ok 12:02:02.0250 2320 RasAcd (d646a315e6386dac1d96c8ce8a4bfee7) C:\WINDOWS\system32\DRIVERS\rasacd.sys 12:02:02.0250 2320 RasAcd - ok 12:02:02.0265 2320 Rasl2tp (d81fdc53ee9c0f68d709e504342d1d74) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 12:02:02.0265 2320 Rasl2tp - ok 12:02:02.0281 2320 RasPppoe (31fa5ab662c58cc5cf92396224f6b29a) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 12:02:02.0281 2320 RasPppoe - ok 12:02:02.0281 2320 Raspti (701493f9a6ede759af8d3fa7c08bab3b) C:\WINDOWS\system32\DRIVERS\raspti.sys 12:02:02.0281 2320 Raspti - ok 12:02:02.0296 2320 Rdbss (251a8b39645c5b3dc7dcbbd03a3140cb) C:\WINDOWS\system32\DRIVERS\rdbss.sys 12:02:02.0296 2320 Rdbss - ok 12:02:02.0312 2320 RDPCDD (c013379d04060318c3b2e4967d82739a) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 12:02:02.0312 2320 RDPCDD - ok 12:02:02.0343 2320 rdpdr (0482a9be0be2098a12a61464306bf24b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 12:02:02.0343 2320 rdpdr - ok 12:02:02.0390 2320 RDPWD (ceca4f10b0118e3883628afa294b31d6) C:\WINDOWS\system32\drivers\RDPWD.sys 12:02:02.0390 2320 RDPWD - ok 12:02:02.0421 2320 redbook (1d793394201000d2d56e848c18fe9a62) C:\WINDOWS\system32\DRIVERS\redbook.sys 12:02:02.0421 2320 redbook - ok 12:02:02.0484 2320 Secdrv (6d4ccd356da407194c2574a68d9c727a) C:\WINDOWS\system32\DRIVERS\secdrv.sys 12:02:02.0484 2320 Secdrv - ok 12:02:02.0500 2320 Serial (c0dc97399576fccff5fe877ec2d8dacc) C:\WINDOWS\system32\drivers\Serial.sys 12:02:02.0500 2320 Serial - ok 12:02:02.0531 2320 Sfloppy (c6eacc8920a31b8d5842d1f7a28e2113) C:\WINDOWS\system32\drivers\Sfloppy.sys 12:02:02.0531 2320 Sfloppy - ok 12:02:02.0546 2320 Simbad - ok 12:02:02.0562 2320 SLIP (6763442af574d3d42cbfb8008b7a140f) C:\WINDOWS\system32\DRIVERS\SLIP.sys 12:02:02.0562 2320 SLIP - ok 12:02:02.0593 2320 splitter (17ec29105989101db536c49e1279a0eb) C:\WINDOWS\system32\drivers\splitter.sys 12:02:02.0593 2320 splitter - ok 12:02:02.0640 2320 sptd (9ab59cf736981ed1f83c6ab5faa8ba5c) C:\WINDOWS\System32\Drivers\sptd.sys 12:02:02.0640 2320 sptd - ok 12:02:02.0656 2320 sr (dae1d5553d42a06034001d6ef4f5cb36) C:\WINDOWS\system32\DRIVERS\sr.sys 12:02:02.0656 2320 sr - ok 12:02:02.0687 2320 Srv (da399dc57b869cf11b7cf98f0a8494d7) C:\WINDOWS\system32\DRIVERS\srv.sys 12:02:02.0687 2320 Srv - ok 12:02:02.0718 2320 ss_bbus (b13695429e5c0832403f6dfc14e0293f) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys 12:02:02.0718 2320 ss_bbus - ok 12:02:02.0750 2320 ss_bmdfl (02aec2e12740ffd5602d52fb074e06d1) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys 12:02:02.0750 2320 ss_bmdfl - ok 12:02:02.0781 2320 ss_bmdm (d8a587160188efbeb0cf9e630e7926a6) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys 12:02:02.0781 2320 ss_bmdm - ok 12:02:02.0796 2320 streamip (90c7874ff6babf98a801c7aebe3ad5a6) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 12:02:02.0796 2320 streamip - ok 12:02:02.0812 2320 swenum (b6536185feeb8f0c86ad3bf2fbab4f2f) C:\WINDOWS\system32\DRIVERS\swenum.sys 12:02:02.0812 2320 swenum - ok 12:02:02.0828 2320 swmidi (8e9e35b36a27ad154a5f92397cde343c) C:\WINDOWS\system32\drivers\swmidi.sys 12:02:02.0828 2320 swmidi - ok 12:02:02.0843 2320 symc8xx - ok 12:02:02.0843 2320 symmpi - ok 12:02:02.0859 2320 sym_hi - ok 12:02:02.0859 2320 sym_u3 - ok 12:02:02.0875 2320 sysaudio (2e843f129daf4c789df7acd40e26208f) C:\WINDOWS\system32\drivers\sysaudio.sys 12:02:02.0875 2320 sysaudio - ok 12:02:02.0921 2320 Tcpip (c013e7f14fd378a16f5b7a4b5a7050e9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 12:02:02.0921 2320 Tcpip - ok 12:02:02.0937 2320 TDPIPE (da1e9cd22238fa4db565ef41c7312e1b) C:\WINDOWS\system32\drivers\TDPIPE.sys 12:02:02.0937 2320 TDPIPE - ok 12:02:02.0953 2320 TDTCP (47d24ebb1c442dcc18d89b8b89bafb49) C:\WINDOWS\system32\drivers\TDTCP.sys 12:02:02.0953 2320 TDTCP - ok 12:02:02.0968 2320 TermDD (8ab9ad44907d4c57ad10e175c8720ecf) C:\WINDOWS\system32\DRIVERS\termdd.sys 12:02:02.0968 2320 TermDD - ok 12:02:02.0984 2320 TosIde - ok 12:02:03.0031 2320 Udfs (a6dd2dfcc44ec61d18aa645620cd8f63) C:\WINDOWS\system32\drivers\Udfs.sys 12:02:03.0031 2320 Udfs - ok 12:02:03.0046 2320 ultra - ok 12:02:03.0062 2320 Update (70ca9db8119fff67d9938f2ab2b8d50c) C:\WINDOWS\system32\DRIVERS\update.sys 12:02:03.0062 2320 Update - ok 12:02:03.0062 2320 upperdev - ok 12:02:03.0078 2320 usbccgp (3421b0691a0e365a020836369a296f0c) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 12:02:03.0093 2320 usbccgp - ok 12:02:03.0109 2320 usbehci (ae6521a1c79fc955ff26be9ca5521b51) C:\WINDOWS\system32\DRIVERS\usbehci.sys 12:02:03.0109 2320 usbehci - ok 12:02:03.0109 2320 usbhub (d63cb1b59d54f9c2bb8a4107584a664f) C:\WINDOWS\system32\DRIVERS\usbhub.sys 12:02:03.0109 2320 usbhub - ok 12:02:03.0125 2320 USBSTOR (edce8a162e8023fd1751e08e23e41948) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 12:02:03.0140 2320 USBSTOR - ok 12:02:03.0156 2320 usbuhci (4b7b4a2cc997c482a0aa7ca663af62a0) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 12:02:03.0156 2320 usbuhci - ok 12:02:03.0171 2320 vga (b40cfd2ffdd838b0ce0c35ee449407bd) C:\WINDOWS\system32\DRIVERS\vgapnp.sys 12:02:03.0171 2320 vga - ok 12:02:03.0187 2320 VgaSave (78ebfe6f11f10db8237b910e9158ca91) C:\WINDOWS\System32\drivers\vga.sys 12:02:03.0187 2320 VgaSave - ok 12:02:03.0203 2320 ViaIde - ok 12:02:03.0203 2320 VMnetAdapter - ok 12:02:03.0218 2320 VolSnap (fd6d28d1bbf31c719d9c5ec2d20fb5c2) C:\WINDOWS\system32\DRIVERS\volsnap.sys 12:02:03.0218 2320 VolSnap - ok 12:02:03.0234 2320 Wanarp (d2a01d73fe4a455c1d741b48c56763b2) C:\WINDOWS\system32\DRIVERS\wanarp.sys 12:02:03.0234 2320 Wanarp - ok 12:02:03.0250 2320 WDC_SAM - ok 12:02:03.0296 2320 Wdf01000 (92090a7bb3b37b534c4193238d120696) C:\WINDOWS\system32\Drivers\wdf01000.sys 12:02:03.0312 2320 Wdf01000 - ok 12:02:03.0312 2320 WDICA - ok 12:02:03.0343 2320 wdmaud (daff7e89c84079022b9606f83e1bd29a) C:\WINDOWS\system32\drivers\wdmaud.sys 12:02:03.0343 2320 wdmaud - ok 12:02:03.0421 2320 WINIO - ok 12:02:03.0468 2320 WpdUsb (4a59d22b86edf8306810fa10c58368c7) C:\WINDOWS\system32\Drivers\wpdusb.sys 12:02:03.0468 2320 WpdUsb - ok 12:02:03.0484 2320 WS2IFSL (13c901a30b4c248d640c4f32919cb920) C:\WINDOWS\System32\drivers\ws2ifsl.sys 12:02:03.0500 2320 WS2IFSL - ok 12:02:03.0531 2320 WSTCODEC (478a0c5cc7dc817269654804e495b81a) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 12:02:03.0531 2320 WSTCODEC - ok 12:02:03.0562 2320 yukonx64 (ad1a964bf17c7d1b93eeed96f3a6eb4a) C:\WINDOWS\system32\DRIVERS\yk51x64.sys 12:02:03.0562 2320 yukonx64 - ok 12:02:03.0593 2320 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 12:02:03.0718 2320 \Device\Harddisk0\DR0 - ok 12:02:03.0734 2320 Boot (0x1200) (4e9fb6d74c30e6fb79d5a9fe601338b0) \Device\Harddisk0\DR0\Partition0 12:02:03.0734 2320 \Device\Harddisk0\DR0\Partition0 - ok 12:02:03.0734 2320 Boot (0x1200) (36906b7240a5d4cf0ed696479fdd3be2) \Device\Harddisk0\DR0\Partition1 12:02:03.0734 2320 \Device\Harddisk0\DR0\Partition1 - ok 12:02:03.0750 2320 Boot (0x1200) (1c1db6c56355d82bdf03b1e38b2a9a7c) \Device\Harddisk0\DR0\Partition2 12:02:03.0750 2320 \Device\Harddisk0\DR0\Partition2 - ok 12:02:03.0765 2320 Boot (0x1200) (bc76283d31c3e475eb4413c6c58133d8) \Device\Harddisk0\DR0\Partition3 12:02:03.0765 2320 \Device\Harddisk0\DR0\Partition3 - ok 12:02:03.0765 2320 ============================================================ 12:02:03.0765 2320 Scan finished 12:02:03.0765 2320 ============================================================ 12:02:03.0781 3140 Detected object count: 0 12:02:03.0781 3140 Actual detected object count: 0 12:06:21.0171 0884 Deinitialize success
  2. Забавих се защото трябваше да си намеря ново копие на диска. Направих поправката на уиндоус. Смених видео драйверите. Всичко работи по-добре! Няма я дългата пауза в началото на зареждането и завлачването по време на работа.
  3. стана по-зле, в смисъл, цялата система не работи нормално- увисва, бави, а като правя няколко неща едновременно даже забива. Отделно паролата за логин в рутера ми се бъгна- исках да я сменя от фабричната(правил съм го много пъти преди) защото подозирам че някой ми ресетва настройките, и сега не мога да се логна защото не приема новата парола поради неизвестна за мен причина. Това допълнително ме изнервя и ме кара да мисля че поправка на инсталацията е необходима. Отделно направих дефрагмент, почистих от неизползвани програми, тествах паметта- всяко парче отделно, не показа грешки. Драйверите на видеото не съм ги пипал все още защото имам спомен, че ati x550 не харесва най новите версии. направих си архив на Documents and settings директорията и съм готов за Repair.
  4. Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. Cleaning up minor inconsistencies on the drive. Cleaning up 4 unused index entries from index $SII of file 0x9. Cleaning up 4 unused index entries from index $SDH of file 0x9. Cleaning up 4 unused security descriptors. CHKDSK is verifying file data (stage 4 of 5)... File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... Free space verification is complete. 38025823 KB total disk space. 22461845 KB in 61792 files. 25440 KB in 8994 indexes. 0 KB in bad sectors. 167709 KB in use by the system. 65536 KB occupied by the log file. 15370829 KB available on disk. 512 bytes in each allocation unit. 76051646 total allocation units on disk. 30741658 allocation units available on disk. Internal Info: e0 64 01 00 8d 14 01 00 e4 b1 01 00 00 00 00 00 .d.............. 5b 02 00 00 04 00 00 00 e0 00 00 00 00 00 00 00 [............... cc 74 75 12 00 00 00 00 c0 24 ec 38 00 00 00 00 .tu......$.8.... 24 54 e4 16 00 00 00 00 4e 72 9c 7f 0f 00 00 00 $T......Nr...... 32 d4 c8 85 00 00 00 00 d2 14 01 80 10 00 00 00 2............... 99 9e 36 00 00 00 00 00 40 78 01 00 01 00 00 00 ..6.....@x...... d8 1b 00 00 01 00 00 00 40 3d 0b 00 00 00 00 00 ........@=...... Windows has finished checking your disk. Please wait while your computer restarts. 18:40:10.0265 1344 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24 18:40:11.0437 1344 ============================================================ 18:40:11.0437 1344 Current date / time: 2011/10/15 18:40:11.0437 18:40:11.0437 1344 SystemInfo: 18:40:11.0437 1344 18:40:11.0437 1344 OS Version: 5.2.3790 ServicePack: 2.0 18:40:11.0437 1344 Product type: Workstation 18:40:11.0437 1344 ComputerName: ETAJ2 18:40:11.0437 1344 UserName: D 18:40:11.0437 1344 Windows directory: C:\WINDOWS 18:40:11.0437 1344 System windows directory: C:\WINDOWS 18:40:11.0437 1344 Running under WOW64 18:40:11.0437 1344 Processor architecture: Intel x64 18:40:11.0437 1344 Number of processors: 2 18:40:11.0437 1344 Page size: 0x1000 18:40:11.0437 1344 Boot type: Normal boot 18:40:11.0437 1344 ============================================================ 18:40:12.0968 1344 Initialize success 18:40:13.0890 0744 ============================================================ 18:40:13.0890 0744 Scan started 18:40:13.0890 0744 Mode: Manual; 18:40:13.0890 0744 ============================================================ 18:40:15.0531 0744 Abiosdsk - ok 18:40:15.0984 0744 ACPI (0cc42d1fb637112de6f6196ddaf83dec) C:\WINDOWS\system32\DRIVERS\ACPI.sys 18:40:15.0984 0744 ACPI - ok 18:40:16.0109 0744 ACPIEC (a4d4f508bc6613442b0c32cde443e382) C:\WINDOWS\system32\drivers\ACPIEC.sys 18:40:16.0109 0744 ACPIEC - ok 18:40:16.0234 0744 adpu160m - ok 18:40:16.0343 0744 adpu320 - ok 18:40:16.0531 0744 aec (92500bc3a6e241bbc357f532dd500a75) C:\WINDOWS\system32\drivers\aec.sys 18:40:16.0531 0744 aec - ok 18:40:16.0796 0744 AFD (f0e008ac59faa5ecd22c8891b3300378) C:\WINDOWS\System32\drivers\afd.sys 18:40:16.0796 0744 AFD - ok 18:40:16.0906 0744 aic78u2 - ok 18:40:17.0031 0744 aic78xx - ok 18:40:17.0156 0744 AliIde - ok 18:40:17.0265 0744 AmdIde - ok 18:40:17.0390 0744 arc - ok 18:40:17.0546 0744 AsyncMac (7380acdd2d8e6621392e56d9a0467fe4) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 18:40:17.0546 0744 AsyncMac - ok 18:40:17.0750 0744 atapi (7a1814d0d112f50f828e25557a1ed29f) C:\WINDOWS\system32\DRIVERS\atapi.sys 18:40:17.0750 0744 atapi - ok 18:40:17.0875 0744 Atdisk - ok 18:40:19.0453 0744 ati2mtag (5146feac97ee2831bc0c007e822e31b9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 18:40:20.0859 0744 ati2mtag - ok 18:40:21.0062 0744 AtiHdmiService (23aaf25bf2c70978f6214a196124032c) C:\WINDOWS\system32\drivers\AtiHdmi.sys 18:40:21.0109 0744 AtiHdmiService - ok 18:40:21.0265 0744 Atmarpc (62d65fce5695b53a2ddf92e83111ea06) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 18:40:21.0296 0744 Atmarpc - ok 18:40:21.0437 0744 audstub (1437089f59dba75fee4ed959077a938e) C:\WINDOWS\system32\DRIVERS\audstub.sys 18:40:21.0437 0744 audstub - ok 18:40:21.0578 0744 Beep (8ba2e5cdfde406dc4646afb894804844) C:\WINDOWS\system32\drivers\Beep.sys 18:40:21.0578 0744 Beep - ok 18:40:21.0734 0744 CCDECODE (2367a4dda10960624fe696bcedfc995a) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 18:40:21.0765 0744 CCDECODE - ok 18:40:21.0890 0744 CdaC15BA (982563cf02cd6d4e5d8e0f4b5cbb9b6a) C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys 18:40:21.0906 0744 CdaC15BA - ok 18:40:22.0031 0744 CdaD10BA (9067d96899d98ca4535a76e8c8b2e3a5) C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys 18:40:22.0031 0744 CdaD10BA - ok 18:40:22.0187 0744 Cdfs (4d99e36322fb51a8d1b2b6d6b69d9889) C:\WINDOWS\system32\drivers\Cdfs.sys 18:40:22.0203 0744 Cdfs - ok 18:40:22.0343 0744 cdrbsdrv (9edd76d0800a022ae10b9243d0224e72) C:\WINDOWS\system32\drivers\cdrbsdrv.sys 18:40:22.0359 0744 cdrbsdrv - ok 18:40:22.0500 0744 Cdrom (11663fe50e499ffee77979542b285f38) C:\WINDOWS\system32\DRIVERS\cdrom.sys 18:40:22.0531 0744 Cdrom - ok 18:40:22.0640 0744 Changer - ok 18:40:22.0781 0744 CmdIde - ok 18:40:22.0843 0744 cpuz128 - ok 18:40:22.0968 0744 crcdisk (423f7a6e3af4c2a73c8c8ad945f72cba) C:\WINDOWS\system32\DRIVERS\crcdisk.sys 18:40:22.0968 0744 crcdisk - ok 18:40:23.0125 0744 Disk (417d7b9c6f36685a417e54690f8bd7b2) C:\WINDOWS\system32\DRIVERS\disk.sys 18:40:23.0125 0744 Disk - ok 18:40:23.0375 0744 dmboot (19d704c92c2e2bd4dc99db18a3523918) C:\WINDOWS\system32\drivers\dmboot.sys 18:40:23.0484 0744 dmboot - ok 18:40:23.0671 0744 dmio (b293ce1c9243219f6b9e5dbcaa75b962) C:\WINDOWS\system32\drivers\dmio.sys 18:40:23.0718 0744 dmio - ok 18:40:23.0859 0744 dmload (c294e31d6cb7407a43c96ec1fec1f8a4) C:\WINDOWS\system32\drivers\dmload.sys 18:40:23.0859 0744 dmload - ok 18:40:23.0984 0744 dpti2o - ok 18:40:24.0000 0744 dump_wmimmc - ok 18:40:24.0015 0744 esihdrv - ok 18:40:24.0218 0744 Fastfat (7c713b9f6f968f135d3d819492882cdd) C:\WINDOWS\system32\drivers\Fastfat.sys 18:40:24.0281 0744 Fastfat - ok 18:40:24.0421 0744 Fdc (7e35d423ff10ab5b8af1d3de86236690) C:\WINDOWS\system32\DRIVERS\fdc.sys 18:40:24.0437 0744 Fdc - ok 18:40:24.0578 0744 Fips (73ea9000f8fb2e060954eb7c3377a3c7) C:\WINDOWS\system32\drivers\Fips.sys 18:40:24.0578 0744 Fips - ok 18:40:24.0718 0744 Flpydisk (8ac77974378eac3548330951a5deeebf) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 18:40:24.0734 0744 Flpydisk - ok 18:40:24.0937 0744 FltMgr (087db260f98056ac40261acae4240882) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 18:40:24.0984 0744 FltMgr - ok 18:40:25.0109 0744 Fs_Rec (70df80567a55a97894b4e8952ec5e7fc) C:\WINDOWS\system32\drivers\Fs_Rec.sys 18:40:25.0125 0744 Fs_Rec - ok 18:40:25.0296 0744 Ftdisk (e90aa7c073519dd8571670818cb85ccb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 18:40:25.0343 0744 Ftdisk - ok 18:40:25.0484 0744 Gpc (865d4d0b4e3730ef8040000cfb846d9f) C:\WINDOWS\system32\DRIVERS\msgpc.sys 18:40:25.0515 0744 Gpc - ok 18:40:25.0703 0744 HDAudBus (d36e47728cdbc8d17a77d36a6cbc29bb) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 18:40:25.0781 0744 HDAudBus - ok 18:40:25.0937 0744 HidUsb (f32bec5614a61bbb2bede070d279f88b) C:\WINDOWS\system32\DRIVERS\hidusb.sys 18:40:25.0937 0744 HidUsb - ok 18:40:26.0265 0744 HTTP (2138f3fd8f0658adef14c6e5870fe1e9) C:\WINDOWS\system32\Drivers\HTTP.sys 18:40:26.0406 0744 HTTP - ok 18:40:26.0531 0744 i2omgmt - ok 18:40:26.0687 0744 i8042prt (50fd608643d9b56c4c75c0784513f77e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 18:40:26.0703 0744 i8042prt - ok 18:40:26.0843 0744 iirsp - ok 18:40:27.0000 0744 imapi (d2e541613b72ff9fcedf37b166930706) C:\WINDOWS\system32\DRIVERS\imapi.sys 18:40:27.0015 0744 imapi - ok 18:40:28.0484 0744 IntcAzAudAddService (c04be8a2a50b13eab6c3e1e3bc4de27e) C:\WINDOWS\system32\drivers\RTKHDA64.SYS 18:40:29.0843 0744 IntcAzAudAddService - ok 18:40:29.0968 0744 IntelIde - ok 18:40:30.0109 0744 intelppm (f8def5f83def3d1ee89bc851bfb6a886) C:\WINDOWS\system32\DRIVERS\intelppm.sys 18:40:30.0125 0744 intelppm - ok 18:40:30.0265 0744 Ip6Fw (6601a43ee389d0adb11aaede9a98036b) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 18:40:30.0281 0744 Ip6Fw - ok 18:40:30.0421 0744 IpFilterDriver (1b1b4654a5492a42d2e1bf5b2b22d32b) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 18:40:30.0437 0744 IpFilterDriver - ok 18:40:30.0546 0744 IpInIp - ok 18:40:30.0718 0744 IpNat (088ecb04137df1f52ec10c29d57a8cca) C:\WINDOWS\system32\DRIVERS\ipnat.sys 18:40:30.0828 0744 IpNat - ok 18:40:31.0000 0744 IPSec (db841ec6f027c780002ef47aabfddf86) C:\WINDOWS\system32\DRIVERS\ipsec.sys 18:40:31.0046 0744 IPSec - ok 18:40:31.0187 0744 IRENUM (8b7015ea0171242cca03c2fb48ccc771) C:\WINDOWS\system32\DRIVERS\irenum.sys 18:40:31.0203 0744 IRENUM - ok 18:40:31.0375 0744 isapnp (d994162e4d8e931fc16a892a87852bbb) C:\WINDOWS\system32\DRIVERS\isapnp.sys 18:40:31.0390 0744 isapnp - ok 18:40:31.0531 0744 Kbdclass (e85095372008a9194c7ed6206cb782da) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 18:40:31.0546 0744 Kbdclass - ok 18:40:31.0687 0744 kbdhid (f96d8cec38efd64aaf41976d214fc54e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 18:40:31.0687 0744 kbdhid - ok 18:40:31.0984 0744 kmixer (1b280b3b4c10cc2e3ec3aec17eb6b658) C:\WINDOWS\system32\drivers\kmixer.sys 18:40:32.0062 0744 kmixer - ok 18:40:32.0296 0744 KSecDD (2649aca0d7c01933c95073f4ebfac42c) C:\WINDOWS\system32\drivers\KSecDD.sys 18:40:32.0328 0744 KSecDD - ok 18:40:32.0468 0744 ksthunk (5cb302b6caace41af70c34b56eb3db23) C:\WINDOWS\system32\drivers\ksthunk.sys 18:40:32.0468 0744 ksthunk - ok 18:40:32.0625 0744 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\WINDOWS\system32\drivers\mbam.sys 18:40:32.0625 0744 MBAMProtector - ok 18:40:32.0812 0744 mnmdd (ad6bc1efa0c1b53409947f06de87fc89) C:\WINDOWS\system32\drivers\mnmdd.sys 18:40:32.0828 0744 mnmdd - ok 18:40:32.0984 0744 Modem (9a67a96a0cbc2bc658abf8c9b5ee065a) C:\WINDOWS\system32\drivers\Modem.sys 18:40:33.0000 0744 Modem - ok 18:40:33.0140 0744 Mouclass (12acf32edf03e46805347817acb9f64c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 18:40:33.0156 0744 Mouclass - ok 18:40:33.0281 0744 mouhid (a0c4e4a79c5d6f418315c33177f2b5bc) C:\WINDOWS\system32\DRIVERS\mouhid.sys 18:40:33.0281 0744 mouhid - ok 18:40:33.0437 0744 MountMgr (7e9cc7e4282a8e7a480560a6f817c177) C:\WINDOWS\system32\drivers\MountMgr.sys 18:40:33.0437 0744 MountMgr - ok 18:40:33.0546 0744 mraid35x - ok 18:40:33.0765 0744 MRxDAV (f588ab7dcffefb2891764cf380a80b63) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 18:40:33.0843 0744 MRxDAV - ok 18:40:34.0187 0744 MRxSmb (9899c0483ae641a9540731164fca1ac5) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 18:40:34.0390 0744 MRxSmb - ok 18:40:34.0531 0744 Msfs (983f4ab7a50d56cd33e2061ee733bd55) C:\WINDOWS\system32\drivers\Msfs.sys 18:40:34.0531 0744 Msfs - ok 18:40:34.0671 0744 MSKSSRV (308ec6fbef38871cb2c4cace9c8f4808) C:\WINDOWS\system32\drivers\MSKSSRV.sys 18:40:34.0671 0744 MSKSSRV - ok 18:40:34.0828 0744 MSPCLOCK (8d3226738479719aab3b6d2617d7a55c) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 18:40:34.0828 0744 MSPCLOCK - ok 18:40:34.0953 0744 MSPQM (058d63e8d000ae678d4549bfa8eb0deb) C:\WINDOWS\system32\drivers\MSPQM.sys 18:40:34.0953 0744 MSPQM - ok 18:40:35.0140 0744 mssmbios (5992d1f9ed64017a76afee2b79f5cfb9) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 18:40:35.0156 0744 mssmbios - ok 18:40:35.0390 0744 MSTEE (6c679fab17592620de60dc7700a039ea) C:\WINDOWS\system32\drivers\MSTEE.sys 18:40:35.0406 0744 MSTEE - ok 18:40:35.0671 0744 Mup (4e3a0746542aa482117293234bfde2c9) C:\WINDOWS\system32\drivers\Mup.sys 18:40:35.0718 0744 Mup - ok 18:40:36.0078 0744 NABTSFEC (933012d216d0022a500cc6c0dfa16428) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 18:40:36.0125 0744 NABTSFEC - ok 18:40:36.0531 0744 NDIS (6fe83d05aebef7930d7ce91568dc99df) C:\WINDOWS\system32\drivers\NDIS.sys 18:40:36.0671 0744 NDIS - ok 18:40:36.0937 0744 NdisIP (febeb8bf62b229ce9da98c32bf3d26a3) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 18:40:36.0953 0744 NdisIP - ok 18:40:37.0187 0744 NdisTapi (74612c7b722df0dbcc972f301bd1bf1e) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 18:40:37.0203 0744 NdisTapi - ok 18:40:37.0421 0744 Ndisuio (49c1207c1ae8c6958f1c1747132814c2) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 18:40:37.0437 0744 Ndisuio - ok 18:40:37.0687 0744 NdisWan (6157a7aeae6d2b948ff2e872ffac765b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 18:40:37.0765 0744 NdisWan - ok 18:40:38.0125 0744 NDProxy (24ea58a8257c3a4557c589ee0d4ab19b) C:\WINDOWS\system32\drivers\NDProxy.sys 18:40:38.0140 0744 NDProxy - ok 18:40:38.0406 0744 NetBIOS (b1cee06471a069149b11fada23ff00fd) C:\WINDOWS\system32\DRIVERS\netbios.sys 18:40:38.0406 0744 NetBIOS - ok 18:40:38.0750 0744 NetBT (fedaafb6cd700b9e0787c94d81c07db5) C:\WINDOWS\system32\DRIVERS\netbt.sys 18:40:39.0015 0744 NetBT - ok 18:40:39.0218 0744 nmwcdnsucx64 - ok 18:40:39.0421 0744 nmwcdnsux64 - ok 18:40:39.0656 0744 Npfs (81819038621a2c524781ec503d400287) C:\WINDOWS\system32\drivers\Npfs.sys 18:40:39.0656 0744 Npfs - ok 18:40:39.0812 0744 NPPTNT2 - ok 18:40:40.0484 0744 Ntfs (c8904b5f90ab2236692e83d491c4d426) C:\WINDOWS\system32\drivers\Ntfs.sys 18:40:40.0984 0744 Ntfs - ok 18:40:41.0281 0744 Null (501039187c444fa7ab9d97b6a6c667b3) C:\WINDOWS\system32\drivers\Null.sys 18:40:41.0281 0744 Null - ok 18:40:41.0578 0744 Parport (7ddaa09186da9f1d304e819b5a6bbc5a) C:\WINDOWS\system32\drivers\Parport.sys 18:40:41.0656 0744 Parport - ok 18:40:41.0984 0744 PartMgr (5f9a703240468a0c35a629d17ffca847) C:\WINDOWS\system32\drivers\PartMgr.sys 18:40:41.0984 0744 PartMgr - ok 18:40:42.0234 0744 PCI (5b2c8d6971d8df4937c2fa013cd4c00d) C:\WINDOWS\system32\DRIVERS\pci.sys 18:40:42.0265 0744 PCI - ok 18:40:42.0484 0744 PCIIde (f1978c7849a0047306db3b8bb94f0764) C:\WINDOWS\system32\DRIVERS\pciide.sys 18:40:42.0484 0744 PCIIde - ok 18:40:42.0765 0744 Pcmcia (037f3a19f49a4c6a320c4154ebd6ee9d) C:\WINDOWS\system32\drivers\Pcmcia.sys 18:40:42.0921 0744 Pcmcia - ok 18:40:43.0109 0744 PDCOMP - ok 18:40:43.0281 0744 PDFRAME - ok 18:40:43.0468 0744 PDRELI - ok 18:40:43.0625 0744 PDRFRAME - ok 18:40:44.0031 0744 PptpMiniport (e176f640ee6bf550f61faa9ce9a683f4) C:\WINDOWS\system32\DRIVERS\raspptp.sys 18:40:44.0078 0744 PptpMiniport - ok 18:40:44.0250 0744 PRODIGY - ok 18:40:44.0500 0744 PSched (01aae06e543c0956ac247546a8f2dafe) C:\WINDOWS\system32\DRIVERS\psched.sys 18:40:44.0546 0744 PSched - ok 18:40:44.0750 0744 Ptilink (35e39a969d227c2a56c1dc98361d8e35) C:\WINDOWS\system32\DRIVERS\ptilink.sys 18:40:44.0781 0744 Ptilink - ok 18:40:45.0078 0744 RasAcd (d646a315e6386dac1d96c8ce8a4bfee7) C:\WINDOWS\system32\DRIVERS\rasacd.sys 18:40:45.0078 0744 RasAcd - ok 18:40:45.0343 0744 Rasl2tp (d81fdc53ee9c0f68d709e504342d1d74) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 18:40:45.0406 0744 Rasl2tp - ok 18:40:45.0625 0744 RasPppoe (31fa5ab662c58cc5cf92396224f6b29a) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 18:40:45.0640 0744 RasPppoe - ok 18:40:46.0015 0744 Raspti (701493f9a6ede759af8d3fa7c08bab3b) C:\WINDOWS\system32\DRIVERS\raspti.sys 18:40:46.0031 0744 Raspti - ok 18:40:46.0343 0744 Rdbss (251a8b39645c5b3dc7dcbbd03a3140cb) C:\WINDOWS\system32\DRIVERS\rdbss.sys 18:40:46.0453 0744 Rdbss - ok 18:40:46.0718 0744 RDPCDD (c013379d04060318c3b2e4967d82739a) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 18:40:46.0734 0744 RDPCDD - ok 18:40:47.0203 0744 rdpdr (0482a9be0be2098a12a61464306bf24b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 18:40:47.0312 0744 rdpdr - ok 18:40:47.0593 0744 RDPWD (ceca4f10b0118e3883628afa294b31d6) C:\WINDOWS\system32\drivers\RDPWD.sys 18:40:47.0703 0744 RDPWD - ok 18:40:48.0031 0744 redbook (1d793394201000d2d56e848c18fe9a62) C:\WINDOWS\system32\DRIVERS\redbook.sys 18:40:48.0046 0744 redbook - ok 18:40:48.0328 0744 Secdrv (6d4ccd356da407194c2574a68d9c727a) C:\WINDOWS\system32\DRIVERS\secdrv.sys 18:40:48.0343 0744 Secdrv - ok 18:40:48.0609 0744 Serial (c0dc97399576fccff5fe877ec2d8dacc) C:\WINDOWS\system32\drivers\Serial.sys 18:40:48.0656 0744 Serial - ok 18:40:49.0000 0744 Sfloppy (c6eacc8920a31b8d5842d1f7a28e2113) C:\WINDOWS\system32\drivers\Sfloppy.sys 18:40:49.0015 0744 Sfloppy - ok 18:40:49.0171 0744 Simbad - ok 18:40:49.0343 0744 SLIP (6763442af574d3d42cbfb8008b7a140f) C:\WINDOWS\system32\DRIVERS\SLIP.sys 18:40:49.0359 0744 SLIP - ok 18:40:49.0500 0744 splitter (17ec29105989101db536c49e1279a0eb) C:\WINDOWS\system32\drivers\splitter.sys 18:40:49.0500 0744 splitter - ok 18:40:49.0937 0744 sptd (9ab59cf736981ed1f83c6ab5faa8ba5c) C:\WINDOWS\System32\Drivers\sptd.sys 18:40:50.0359 0744 sptd - ok 18:40:50.0625 0744 sr (dae1d5553d42a06034001d6ef4f5cb36) C:\WINDOWS\system32\DRIVERS\sr.sys 18:40:50.0703 0744 sr - ok 18:40:51.0312 0744 Srv (da399dc57b869cf11b7cf98f0a8494d7) C:\WINDOWS\system32\DRIVERS\srv.sys 18:40:51.0562 0744 Srv - ok 18:40:51.0906 0744 ss_bbus (b13695429e5c0832403f6dfc14e0293f) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys 18:40:52.0015 0744 ss_bbus - ok 18:40:52.0296 0744 ss_bmdfl (02aec2e12740ffd5602d52fb074e06d1) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys 18:40:52.0328 0744 ss_bmdfl - ok 18:40:52.0656 0744 ss_bmdm (d8a587160188efbeb0cf9e630e7926a6) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys 18:40:52.0750 0744 ss_bmdm - ok 18:40:53.0031 0744 streamip (90c7874ff6babf98a801c7aebe3ad5a6) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 18:40:53.0062 0744 streamip - ok 18:40:53.0312 0744 swenum (b6536185feeb8f0c86ad3bf2fbab4f2f) C:\WINDOWS\system32\DRIVERS\swenum.sys 18:40:53.0312 0744 swenum - ok 18:40:53.0562 0744 swmidi (8e9e35b36a27ad154a5f92397cde343c) C:\WINDOWS\system32\drivers\swmidi.sys 18:40:53.0593 0744 swmidi - ok 18:40:53.0703 0744 symc8xx - ok 18:40:53.0828 0744 symmpi - ok 18:40:54.0000 0744 sym_hi - ok 18:40:54.0187 0744 sym_u3 - ok 18:40:54.0437 0744 sysaudio (2e843f129daf4c789df7acd40e26208f) C:\WINDOWS\system32\drivers\sysaudio.sys 18:40:54.0500 0744 sysaudio - ok 18:40:54.0671 0744 TCCrystalCpuInfo - ok 18:40:55.0062 0744 Tcpip (c013e7f14fd378a16f5b7a4b5a7050e9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 18:40:55.0390 0744 Tcpip - ok 18:40:55.0625 0744 TDPIPE (da1e9cd22238fa4db565ef41c7312e1b) C:\WINDOWS\system32\drivers\TDPIPE.sys 18:40:55.0640 0744 TDPIPE - ok 18:40:55.0843 0744 TDTCP (47d24ebb1c442dcc18d89b8b89bafb49) C:\WINDOWS\system32\drivers\TDTCP.sys 18:40:55.0875 0744 TDTCP - ok 18:40:56.0125 0744 TermDD (8ab9ad44907d4c57ad10e175c8720ecf) C:\WINDOWS\system32\DRIVERS\termdd.sys 18:40:56.0187 0744 TermDD - ok 18:40:56.0359 0744 TosIde - ok 18:40:56.0515 0744 Udfs (a6dd2dfcc44ec61d18aa645620cd8f63) C:\WINDOWS\system32\drivers\Udfs.sys 18:40:56.0546 0744 Udfs - ok 18:40:56.0687 0744 ultra - ok 18:40:56.0843 0744 Update (70ca9db8119fff67d9938f2ab2b8d50c) C:\WINDOWS\system32\DRIVERS\update.sys 18:40:56.0890 0744 Update - ok 18:40:57.0078 0744 upperdev - ok 18:40:57.0234 0744 usbccgp (3421b0691a0e365a020836369a296f0c) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 18:40:57.0250 0744 usbccgp - ok 18:40:57.0390 0744 usbehci (ae6521a1c79fc955ff26be9ca5521b51) C:\WINDOWS\system32\DRIVERS\usbehci.sys 18:40:57.0421 0744 usbehci - ok 18:40:57.0562 0744 usbhub (d63cb1b59d54f9c2bb8a4107584a664f) C:\WINDOWS\system32\DRIVERS\usbhub.sys 18:40:57.0593 0744 usbhub - ok 18:40:57.0750 0744 USBSTOR (edce8a162e8023fd1751e08e23e41948) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 18:40:57.0765 0744 USBSTOR - ok 18:40:57.0953 0744 usbuhci (4b7b4a2cc997c482a0aa7ca663af62a0) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 18:40:57.0984 0744 usbuhci - ok 18:40:58.0218 0744 vga (b40cfd2ffdd838b0ce0c35ee449407bd) C:\WINDOWS\system32\DRIVERS\vgapnp.sys 18:40:58.0234 0744 vga - ok 18:40:58.0359 0744 VgaSave (78ebfe6f11f10db8237b910e9158ca91) C:\WINDOWS\System32\drivers\vga.sys 18:40:58.0359 0744 VgaSave - ok 18:40:58.0484 0744 ViaIde - ok 18:40:58.0609 0744 VMnetAdapter - ok 18:40:58.0796 0744 VolSnap (fd6d28d1bbf31c719d9c5ec2d20fb5c2) C:\WINDOWS\system32\DRIVERS\volsnap.sys 18:40:58.0859 0744 VolSnap - ok 18:40:59.0109 0744 Wanarp (d2a01d73fe4a455c1d741b48c56763b2) C:\WINDOWS\system32\DRIVERS\wanarp.sys 18:40:59.0125 0744 Wanarp - ok 18:40:59.0234 0744 WDC_SAM - ok 18:40:59.0625 0744 Wdf01000 (92090a7bb3b37b534c4193238d120696) C:\WINDOWS\system32\Drivers\wdf01000.sys 18:40:59.0890 0744 Wdf01000 - ok 18:41:00.0062 0744 WDICA - ok 18:41:00.0281 0744 wdmaud (daff7e89c84079022b9606f83e1bd29a) C:\WINDOWS\system32\drivers\wdmaud.sys 18:41:00.0343 0744 wdmaud - ok 18:41:00.0390 0744 WINIO - ok 18:41:00.0562 0744 WpdUsb (4a59d22b86edf8306810fa10c58368c7) C:\WINDOWS\system32\Drivers\wpdusb.sys 18:41:00.0578 0744 WpdUsb - ok 18:41:00.0703 0744 WS2IFSL (13c901a30b4c248d640c4f32919cb920) C:\WINDOWS\System32\drivers\ws2ifsl.sys 18:41:00.0718 0744 WS2IFSL - ok 18:41:00.0859 0744 WSTCODEC (478a0c5cc7dc817269654804e495b81a) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 18:41:00.0875 0744 WSTCODEC - ok 18:41:01.0218 0744 yukonx64 (ad1a964bf17c7d1b93eeed96f3a6eb4a) C:\WINDOWS\system32\DRIVERS\yk51x64.sys 18:41:01.0359 0744 yukonx64 - ok 18:41:01.0375 0744 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 18:41:01.0500 0744 \Device\Harddisk0\DR0 - ok 18:41:01.0531 0744 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 18:41:01.0828 0744 \Device\Harddisk1\DR1 - ok 18:41:01.0843 0744 Boot (0x1200) (59ee5edb3f7c38ec1243f82828c93745) \Device\Harddisk0\DR0\Partition0 18:41:01.0843 0744 \Device\Harddisk0\DR0\Partition0 - ok 18:41:01.0859 0744 Boot (0x1200) (77610cdf9adc466e6e3f8ded22d35969) \Device\Harddisk0\DR0\Partition1 18:41:01.0875 0744 \Device\Harddisk0\DR0\Partition1 - ok 18:41:01.0875 0744 Boot (0x1200) (4e9fb6d74c30e6fb79d5a9fe601338b0) \Device\Harddisk1\DR1\Partition0 18:41:01.0890 0744 \Device\Harddisk1\DR1\Partition0 - ok 18:41:01.0906 0744 Boot (0x1200) (36906b7240a5d4cf0ed696479fdd3be2) \Device\Harddisk1\DR1\Partition1 18:41:01.0937 0744 \Device\Harddisk1\DR1\Partition1 - ok 18:41:01.0953 0744 Boot (0x1200) (1c1db6c56355d82bdf03b1e38b2a9a7c) \Device\Harddisk1\DR1\Partition2 18:41:01.0984 0744 \Device\Harddisk1\DR1\Partition2 - ok 18:41:02.0000 0744 Boot (0x1200) (bc76283d31c3e475eb4413c6c58133d8) \Device\Harddisk1\DR1\Partition3 18:41:02.0031 0744 \Device\Harddisk1\DR1\Partition3 - ok 18:41:02.0031 0744 ============================================================ 18:41:02.0031 0744 Scan finished 18:41:02.0031 0744 ============================================================ 18:41:02.0046 1804 Detected object count: 0 18:41:02.0046 1804 Actual detected object count: 0 18:41:05.0390 0688 Deinitialize success
  5. Искрено Ви Благодаря !! Няма да казвам колко проблеми ми спести! Все още изпълнявам препоръките, но май ще трябва поправка на системните файлове, все още го има забавянето. Искам само да те попитам: 1. настройките на безж. ми рутер, аз ли ги ресетнах с инструментите които ползвах? 2. в момента имам 6 непознати потребители закачени към рутера ми- Възможно ли е да са част от ботнет мрежата и да ме заразят? и какви са тези потребители (виждам им MAC Address )? 3. с кой инструмент да проверявам за в бъдеще дали не съм станал пак част от такава мрежа?
  6. ========== FILES ========== C:\Program Files\ESET\ESET Smart Security\nodlogin.exe moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\\virx deleted successfully. ========== COMMANDS ========== OTL by OldTimer - Version 3.2.29.1 log created on 10132011_214059 Има следния симптом- цялата система работи по-бавно, но не забива. Напр. в началото все още зарежда доста по-бавно след логото на Уин х64 има черен екран вместо за 3-4 секунди за 15-20с. Всяка задача я изпълнява със забавяне или завлачване. напр. слушам музика и се чува на бавен кадър, докато зарежда някое дрго приложение.
  7. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" + "Monitor" "Registry Monitor" "PixArt Imaging Incorporation" "c:\windows\pixart\pac207\monitor.exe" + "RTHDCPL" "Realtek HD Audio Control Panel" "Realtek Semiconductor Corp." "c:\windows\rthdcpl.exe" "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" + "Malwarebytes' Anti-Malware" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" + "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" + "SunJavaUpdateSched" "Java Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jusched.exe" "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" + "MagicISO" "" "" "File not found: C:\Program Files (x86)\MagicISO\misosh64.dll" + "TeraCopyS64" "Simple Context Menu" "" "c:\program files\teracopy\teracopyext64.dll" + "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll" "HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" + "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll" "HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" + "MBAMShlExt" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll" "HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" + "MagicISO" "" "" "File not found: C:\Program Files (x86)\MagicISO\misosh64.dll" + "TeraCopyS64" "Simple Context Menu" "" "c:\program files\teracopy\teracopyext64.dll" + "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll" "HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" + "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll" "HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" "" + "TeraCopy64" "Simple Context Menu" "" "c:\program files\teracopy\teracopy64.dll" + "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll" "HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" "" + "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll" "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" + "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll" + "NvCplDesktopContext" "" "" "File not found: C:\WINDOWS\system32\nvcpl.dll" + "TeraCopyS64" "Simple Context Menu" "" "c:\program files\teracopy\teracopyext64.dll" "HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" "" + "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\adobe\acrobat 7.0\activex\pdfshell.dll" "HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" + "MagicISO" "" "" "File not found: C:\Program Files (x86)\MagicISO\misosh64.dll" + "MBAMShlExt" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll" + "TeraCopyS64" "Simple Context Menu" "" "c:\program files\teracopy\teracopyext64.dll" + "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll" "HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" + "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll" "HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" + "TeraCopy64" "Simple Context Menu" "" "c:\program files\teracopy\teracopy64.dll" + "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll" "HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" + "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll" "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" + "AcroIEHlprObj Class" "Adobe Acrobat IE Helper Version 7.0 for ActiveX" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\acrobat 7.0\activex\acroiehelper.dll" + "Java Plug-In 2 SSV Helper" "Java Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll" + "JQSIEStartDetectorImpl Class" "Java Quick Starter binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" "HKLM\System\CurrentControlSet\Services" "" "" "" + "Ati HotKey Poller" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe" + "ATI Smart" "ATI Smart" "" "c:\windows\system32\ati2saag.exe" + "bgsvcgen" "Provides CD/DVD writing interface for B's Recorder" "B.H.A Corporation" "c:\windows\syswow64\bgsvcgen.exe" + "Bonjour Service" "##Id_String2.6844F930_1628_4223_B5CC_5BB94B879762##" "" "File not found: C:\Program Files (x86)\Bonjour\mDNSResponder.exe" + "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jqs.exe" + "MBAMService" "Malwarebytes' Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe" + "ufad-ws60" "VMware Agent Service" "VMware, Inc." "c:\program files (x86)\vmware\vmware workstation\vmware-ufad.exe" + "UTSCSI" "UTSCSI Application" "" "c:\windows\syswow64\utscsi.exe" + "VMAuthdService" "Authorization and authentication service for starting and accessing virtual machines" "VMware, Inc." "c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe" + "VMnetDHCP" "DHCP service for virtual networks" "VMware, Inc." "c:\windows\syswow64\vmnetdhcp.exe" + "VMware NAT Service" "Network address translation for virtual networks" "VMware, Inc." "c:\windows\syswow64\vmnat.exe" + "WDBtnMgrSvc.exe" "Provides functionality for Western Digital disk drives." "WDC" "c:\program files\western digital\wd drive manager\wdbtnmgrsvc.exe" + "WinHttpAutoProxySvc" "Implements the Web Proxy Auto-Discovery (WPAD) protocol for Windows HTTP Services (WinHTTP). WPAD is a protocol to enable an HTTP client to automatically discover a proxy configuration. If this service is stopped or disabled, the WPAD protocol will be executed within the HTTP client's process instead of an external service process; there would be no loss of functionality as a result." "" "File not found: winhttp.dll" "HKLM\System\CurrentControlSet\Services" "" "" "" + "ati2mtag" "ATI Radeon WindowsNT Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mtag.sys" + "AtiHdmiService" "Ati High Definition Audio Function Driver" "ATI Research Inc." "c:\windows\system32\drivers\atihdmi.sys" + "CdaC15BA" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\cdac15ba.sys" + "CdaD10BA" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\cdad10ba.sys" + "cdrbsdrv" "CD-ROM Filter Driver for WindowsXP x64Edition" "B.H.A Corporation" "c:\windows\system32\drivers\cdrbsdrv.sys" + "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys" + "cpuz128" "" "" "File not found: C:\DOCUME~1\D\LOCALS~1\Temp\cpuz_x64.sys" + "dump_wmimmc" "" "" "File not found: E:\freya test server\FREYA\system\GameGuard\dump_wmimmc.sys" + "GPU-Z" "" "" "File not found: C:\DOCUME~1\D\LOCALS~1\Temp\GPU-Z.sys" + "hcmon" "VMware USB Driver" "VMware, Inc." "c:\windows\system32\drivers\hcmon.sys" + "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys" + "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys" + "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkhda64.sys" + "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys" + "MBAMProtector" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys" + "nmwcdcx64" "Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\ccdcmbox64.sys" + "nmwcdnsucx64" "Nokia USB Phone Generic Client" "Nokia" "c:\windows\system32\drivers\nmwcdnsucx64.sys" + "nmwcdnsux64" "Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\nmwcdnsux64.sys" + "nmwcdx64" "Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\ccdcmbx64.sys" + "NPPTNT2" "" "" "File not found: C:\WINDOWS\system32\npptNT2.sys" + "PAC207" "PFC027" "PixArt Imaging Inc." "c:\windows\system32\drivers\pfc027.sys" + "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys" + "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys" + "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys" + "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys" + "PRODIGY" "" "" "File not found: System32\Drivers\PRODIGY.SYS" + "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys" + "Secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" + "ss_bbus" "SAMSUNG USB Mobile Device" "MCCI" "c:\windows\system32\drivers\ss_bbus.sys" + "ss_bmdfl" "SAMSUNG USB Mobile Modem (Filter)" "MCCI Corporation" "c:\windows\system32\drivers\ss_bmdfl.sys" + "ss_bmdm" "MCCI® USB Function Drivers (WDM)" "MCCI Corporation" "c:\windows\system32\drivers\ss_bmdm.sys" + "upperdev" "Filter Driver for Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\usbser_lowerfltx64.sys" + "UsbserFilt" "Filter Driver for Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\usbser_lowerfltx64j.sys" + "vmci" "VMware vmci Driver" "VMware, Inc." "c:\windows\system32\drivers\vmci.sys" + "vmkbd" "VMware Keyboard Driver" "VMware, Inc." "c:\windows\system32\drivers\vmkbd.sys" + "VMnetAdapter" "Driver for VMware's Virtual Ethernet Adapters Ver. 2" "VMware, Inc." "c:\windows\system32\drivers\vmnetadapter.sys" + "VMnetBridge" "VMware Bridge Protocol" "VMware, Inc." "c:\windows\system32\drivers\vmnetbridge.sys" + "VMnetuserif" "Allows VMware applications to use virtual networks." "VMware, Inc." "c:\windows\system32\drivers\vmnetuserif.sys" + "vmx86" "VMware Virtualization Driver" "VMware, Inc." "c:\windows\system32\drivers\vmx86.sys" + "vstor2-ws60" "VMware Virtual Storage Volume Driver" "VMware, Inc." "c:\program files (x86)\vmware\vmware workstation\vstor2-ws60.sys" + "WDC_SAM" "Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam64.sys" + "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys" + "WINIO" "" "" "File not found: C:\DOCUME~1\D\LOCALS~1\Temp\Rar$EX00.484\winio.sys" + "yukonx64" "NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller" "Marvell" "c:\windows\system32\drivers\yk51x64.sys" "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" + "msacm.trspch" "DSP Group TrueSpeech Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm" + "VIDC.FPS1" "Fraps" "Beepa P/L" "c:\windows\system32\frapsv64.dll" + "vidc.i420" "" "" "File not found: msh263.drv" + "vidc.iv31" "" "" "File not found: ir32_32.dll" + "vidc.iv32" "" "" "File not found: ir32_32.dll" + "vidc.iv41" "" "" "File not found: ir41_32.ax" + "vidc.iv50" "" "" "File not found: ir50_32.dll" "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" + "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm" + "msacm.lhacm" "" "" "File not found: lhacm.acm" + "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\syswow64\sl_anet.acm" + "msacm.trspch" "DSP Group TrueSpeech Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\syswow64\tssoft32.acm" + "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" + "VIDC.FFDS" "" "" "c:\windows\syswow64\ff_vfw.dll" + "VIDC.FPS1" "Fraps" "Beepa P/L" "c:\windows\syswow64\frapsvid.dll" + "vidc.iv31" "" "" "c:\windows\syswow64\ir32_32.dll" + "vidc.iv32" "" "" "c:\windows\syswow64\ir32_32.dll" + "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\syswow64\ir41_32.ax" + "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\syswow64\ir50_32.dll" + "VIDC.VMnc" "VMware Movie decoder" "VMware, Inc." "c:\windows\syswow64\vmnc.dll" "HKLM\Software\Classes\Filter" "" "" "" + "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\syswow64\ir41_32.ax" + "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\syswow64\ir41_32.ax" "HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" + "CoreAVC Video Decoder" "" "" "File not found: C:\Program Files (x86)\CoreCodec\CoreAVC Professional Edition\CoreAVCDecoder64.ax" + "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files (x86)\haali\matroskasplitter\splitter.x64.ax" + "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\haali\matroskasplitter\splitter.x64.ax" + "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files (x86)\haali\matroskasplitter\splitter.x64.ax" + "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\haali\matroskasplitter\splitter.x64.ax" + "Haali Video Renderer" "" "" "c:\program files (x86)\haali\matroskasplitter\dxr.x64.dll" + "Haali Video Sink" "Haali Media Splitter" "" "c:\program files (x86)\haali\matroskasplitter\splitter.x64.ax" "HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" + "ACELP.net Audio Decoder" "" "" "File not found: C:\WINDOWS\SysWOW64\acelpdec.ax" + "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax" + "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax" + "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax" + "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax" + "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax" + "FunUnify Async Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files (x86)\samsung\samsung new pc studio\funcodecfilter.ax" + "FunUnify Audio Trnas Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files (x86)\samsung\samsung new pc studio\funcodecfilter.ax" + "FunUnify Codec Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files (x86)\samsung\samsung new pc studio\funcodecfilter.ax" + "FunUnify Encoder Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files (x86)\samsung\samsung new pc studio\funcodecfilter.ax" + "FunUnify Video Trans Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files (x86)\samsung\samsung new pc studio\funcodecfilter.ax" + "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\syswow64\ir50_32.dll" + "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\syswow64\ir50_32.dll" + "KTF MUSIC AoD Sourcer" "KTF MUSIC AoD Sourcer" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsasrc.dll" + "KTF MUSIC AoD WMT Splitter" "KTF MUSIC AoD WMT Splitter" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsawms.dll" + "KTF MUSIC Audio Decoder" "KTF MUSIC Audio Decoder" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsadec.dll" + "KTF MUSIC Audio Effector" "KTF MUSIC Audio Effector" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsaef.dll" + "KTF MUSIC MPEG Splitter" "KTF MUSIC MPEG Splitter" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsmpgs.dll" + "KTF MUSIC VoD Audio Effector" "KTF MUSIC VoD Audio Effector" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsvae.dll" + "KTF MUSIC VoD Sourcer" "KTF MUSIC VoD Sourcer" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsvsrc.dll" + "KTF MUSIC VoD Video Effector" "KTF MUSIC VoD Video Effector" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsvve.dll" + "KTF MUSIC VoD WMT Splitter" "KTF MUSIC VoD WMT Splitter " "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsvwms.dll" + "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll" + "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll" + "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll" + "Moto Image Decoder Filter" "image filter" "mobileleader" "c:\program files (x86)\samsung\samsung new pc studio\npsimgfilter.ax" + "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codecx.ax" + "SubPicture Filter" "subpicture filter" "mobileleader" "c:\program files (x86)\samsung\samsung new pc studio\npssubpicture.dll" "HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls" "" "" "" + "wow64" "" "" "File not found: C:\WINDOWS\syswow64\wow64.dll" + "wow64cpu" "" "" "File not found: C:\WINDOWS\syswow64\wow64cpu.dll" + "wow64win" "" "" "File not found: C:\WINDOWS\syswow64\wow64win.dll" "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" "" + "AtiExtEvent" "ATI External Event Utility DLL Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.dll" "HKCU\Control Panel\Desktop\Scrnsave.exe" "" "" "" + "C:\DOCUME~1\D\Desktop\dds.scr" "" "" "File not found: C:\DOCUME~1\D\Desktop\dds.scr" "HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" + "mdnsNSP" "" "" "File not found: C:\Program Files (x86)\Bonjour\mdnsNSP.dll" "HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" + "PS3200 Langmon" "Language Monitor for Status Monitor" "" "c:\windows\system32\ps3200l6.dll" "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders" "" "" "" + "msapsspc.dll" "" "" "File not found: msapsspc.dll" + "msnsspc.dll" "" "" "File not found: msnsspc.dll" SysInspector-ETAJ2-111013-1958.zip
  8. aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software Run date: 2011-10-13 12:51:08 ----------------------------- 12:51:08.390 OS Version: Windows x64 5.2.3790 Service Pack 2 12:51:08.390 Number of processors: 2 586 0xF02 12:51:08.390 ComputerName: ETAJ2 UserName: D 12:51:43.937 Initialize success 12:52:11.093 AVAST engine defs: 11101201 12:52:34.328 Disk 0 \Device\Harddisk0\DR0 -&gt; \Device\Ide\IdeDeviceP0T1L0-c 12:52:34.328 Disk 0 Vendor: ST380011A 8.01 Size: 76318MB BusType: 3 12:52:34.328 Disk 1 (boot) \Device\Harddisk1\DR1 -&gt; \Device\Ide\IdeDeviceP2T0L0-19 12:52:34.328 Disk 1 Vendor: WDC_WD3200AAKS-00YGA0 12.01C02 Size: 305244MB BusType: 3 12:52:34.343 Disk 1 MBR read successfully 12:52:34.343 Disk 1 MBR scan 12:52:34.421 Disk 1 Windows XP default MBR code 12:52:34.421 Service scanning 12:52:37.671 Modules scanning 12:52:37.671 Disk 1 trace - called modules: 12:52:37.671 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys atapi.sys pciide.sys 12:52:37.671 1 nt!IofCallDriver -&gt; \Device\Harddisk1\DR1[0xfffffadf9caa5060] 12:52:37.687 3 CLASSPNP.SYS[fffffadf906378c9] -&gt; nt!IofCallDriver -&gt; \Device\00000072[0xfffffadf9c31f590] 12:52:37.687 5 ACPI.sys[fffffadf907a9e69] -&gt; nt!IofCallDriver -&gt; \Device\Ide\IdeDeviceP2T0L0-19[0xfffffadf9c31f060] 12:52:40.593 AVAST engine scan C:\ 13:01:54.078 File: C:\Program Files\ESET\ESET Smart Security\nodlogin.exe **INFECTED** Win32:Malware-gen 14:33:24.765 Scan finished successfully 14:33:36.531 Disk 1 MBR has been saved successfully to &quot;C:\Documents and Settings\D\Desktop\MBR.dat&quot; 14:33:36.562 The log file has been saved successfully to &quot;C:\Documents and Settings\D\Desktop\aswMBR.txt&quot; 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: nodlogin.exe Submission date: 2011-10-13 11:32:02 (UTC) Current status: queued queued (#23) analysing finished Result: 25/ 42 (59.5%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.10.12.02 2011.10.12 Malware/Win64.Trojan Horse AntiVir 7.11.15.248 2011.10.13 TR/PSW.Delf.CRX Antiy-AVL 2.0.3.7 2011.10.13 - Avast 6.0.1289.0 2011.10.13 Win32:Malware-gen AVG 10.0.0.1190 2011.10.12 Worm/Autoit.BRE BitDefender 7.2 2011.10.13 Trojan.Generic.IS.543521 ByteHero 1.0.0.1 2011.09.23 - CAT-QuickHeal 11.00 2011.10.13 - ClamAV 0.97.0.0 2011.10.13 W32.Autoit.Obfus-3 Commtouch 5.3.2.6 2011.10.12 - Comodo 10436 2011.10.13 UnclassifiedMalware DrWeb 5.0.2.03300 2011.10.12 - Emsisoft 5.1.0.11 2011.10.13 Trojan-PWS.Delf!IK eSafe 7.0.17.0 2011.10.11 Win32.Banker eTrust-Vet 36.1.8617 2011.10.13 - F-Prot 4.6.5.141 2011.10.12 - F-Secure 9.0.16440.0 2011.10.13 Trojan.Generic.IS.543521 Fortinet 4.3.370.0 2011.10.13 - GData 22 2011.10.13 Trojan.Generic.IS.543521 Ikarus T3.1.1.107.0 2011.10.13 Trojan-PWS.Delf Jiangmin 13.0.900 2011.10.12 - K7AntiVirus 9.115.5273 2011.10.12 Trojan Kaspersky 9.0.0.837 2011.10.13 - McAfee 5.400.0.1158 2011.10.13 Generic.dx!pyz McAfee-GW-Edition 2010.1D 2011.10.13 Generic.dx!pyz Microsoft 1.7702 2011.10.13 - NOD32 6539 2011.10.13 Win64/HackAV.D Norman 6.07.11 2011.10.13 Suspicious_Gen2.BYZCX nProtect 2011-10-13.01 2011.10.13 Trojan/W32.Agent.839060 Panda 10.0.3.5 2011.10.12 Generic Trojan PCTools 8.0.0.5 2011.10.13 Trojan.Generic Prevx 3.0 2011.10.13 - Rising 23.79.03.02 2011.10.13 - Sophos 4.70.0 2011.10.13 - SUPERAntiSpyware 4.40.0.1006 2011.10.13 - Symantec 20111.2.0.82 2011.10.13 Trojan Horse TheHacker 6.7.0.1.321 2011.10.12 - TrendMicro 9.500.0.1008 2011.10.13 TROJ_GEN.R4CC3DE TrendMicro-HouseCall 9.500.0.1008 2011.10.13 TROJ_GEN.R4CC3DE VIPRE 10747 2011.10.13 Trojan.Win32.AutoIt.gen.1 (v) ViRobot 2011.10.13.4717 2011.10.13 - VirusBuster 14.1.9.0 2011.10.12 Worm.Autoit.Gen Additional information Show all MD5 : 93d4e153ff4b6da68676bd378116c443 SHA1 : 69a50300673b30862de59e358e7e004402fc46b7 SHA256: 5fb896e682a346bfdd226bf668a5ddec3b50132947e8aff2de08e8702184c3b1 ssdeep: 24576:jaQBcV0EB0KrGSJvBOh7gmjDTXlLWk2n66c97XWIoG+VclBzH7:jpcexKqSJvBOhsmhz2 66m7+VQBzH7 File size : 839060 bytes First seen: 2008-06-21 20:51:53 Last seen : 2011-10-13 11:32:02 TrID: Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck: publisher....: n/a copyright....: UlisesSoft product......: n/a description..: www.ulisessoft.info original name: n/a internal name: n/a file version.: 9.1.0.0 comments.....: NodLogin 9.1 signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x765A0 timedatestamp....: 0x482D38A0 (Fri May 16 07:32:48 2008) machinetype......: 0x8664 (AMD64) [[ 5 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x8D84A, 0x8DA00, 6.40, 9afaabe62703d76f66a0ee0f0b527ab4 .rdata, 0x8F000, 0x13FDE, 0x14000, 5.16, b32d35ec499ac28b097be4689e91efa7 .data, 0xA3000, 0x19688, 0x4200, 2.98, f3ebfc8daa3f7caf8f9f3fc4a10e14ed .pdata, 0xBD000, 0x4AB8, 0x4C00, 5.80, 8c560e95d4546fe73135f96fc487e77a .rsrc, 0xC2000, 0x37B8, 0x3800, 3.80, 0813076796427518e77f340b016699bc [[ 13 import(s) ]] WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW WINMM.dll: waveOutSetVolume, timeGetTime, mciSendStringW COMCTL32.dll: ImageList_DragEnter, ImageList_BeginDrag, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_EndDrag, ImageList_DragLeave, ImageList_Destroy, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Remove MPR.dll: WNetUseConnectionW, WNetGetConnectionW, WNetAddConnection2W, WNetCancelConnection2W KERNEL32.dll: QueryPerformanceFrequency, UnmapViewOfFile, OpenProcess, CreateFileMappingW, MapViewOfFile, WriteProcessMemory, ReadProcessMemory, CreateFileW, ReadFile, SetFilePointer, OutputDebugStringW, CreateDirectoryW, RemoveDirectoryW, TerminateProcess, SetSystemPowerState, SetFileTime, FindResourceW, GetFileAttributesW, LoadResource, FindFirstFileW, LockResource, FindClose, SizeofResource, EnumResourceNamesW, DeleteFileW, FindNextFileW, lstrcmpiW, MoveFileW, CopyFileW, GetLocalTime, MultiByteToWideChar, WideCharToMultiByte, CompareStringW, WriteFile, CreatePipe, GetStdHandle, EnterCriticalSection, TerminateThread, LeaveCriticalSection, DeleteCriticalSection, GetTempPathW, GetTempFileNameW, FormatMessageW, GetExitCodeProcess, VirtualFree, GetDriveTypeW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, DeviceIoControl, SetErrorMode, QueryPerformanceCounter, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, SetFileAttributesW, GetPrivateProfileSectionNamesW, GetShortPathNameW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GlobalAlloc, SetProcessWorkingSetSize, GlobalMemoryStatus, Beep, GetEnvironmentVariableW, GetFileSize, SetEnvironmentVariableW, GlobalFree, GlobalLock, GlobalUnlock, GetComputerNameW, GetWindowsDirectoryW, GetSystemDirectoryW, GetCurrentProcessId, GetCurrentThread, CreateProcessW, SetPriorityClass, VirtualAlloc, LoadLibraryExW, GetStartupInfoW, GetVersionExA, ResumeThread, GetSystemTimeAsFileTime, ExitThread, ExitProcess, GetModuleHandleA, FlsSetValue, TlsFree, FlsFree, SetLastError, TlsSetValue, FlsAlloc, UnhandledExceptionFilter, SetUnhandledExceptionFilter, RtlCaptureContext, RaiseException, RtlPcToFileHeader, GetModuleFileNameA, RtlUnwindEx, HeapSize, HeapSetInformation, HeapCreate, GetConsoleCP, GetConsoleMode, SetHandleCount, GetModuleHandleW, GetSystemInfo, GetVersionExW, GetCurrentThreadId, Sleep, HeapFree, CloseHandle, GetCurrentProcess, WaitForSingleObject, CreateThread, DuplicateHandle, HeapAlloc, GetLastError, GetProcessHeap, LoadLibraryA, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetFileType, GetStartupInfoA, FlushFileBuffers, GetCurrentDirectoryW, FreeLibrary, InitializeCriticalSection, GetProcAddress, LoadLibraryW, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, FlsGetValue, SetStdHandle, LCMapStringA, LCMapStringW, GetTimeZoneInformation, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, GetTickCount, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, HeapReAlloc, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, RtlVirtualUnwind, RtlLookupFunctionEntry, SetEndOfFile, CompareStringA, GetPrivateProfileStringW, SetEnvironmentVariableA USER32.dll: FillRect, PtInRect, DrawMenuBar, DestroyMenu, SetMenu, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowTextLengthW, GetWindowDC, TranslateAcceleratorW, IsDialogMessageW, GetSystemMetrics, SetWindowLongPtrW, CreateMenu, GetSysColor, IsDlgButtonChecked, GetActiveWindow, InflateRect, CharNextW, DefDlgProcW, ReleaseCapture, SetCapture, CountClipboardFormats, CharLowerBuffW, UnregisterHotKey, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, DrawFrameControl, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, IsCharLowerW, GetKeyState, keybd_event, GetCursor, GetKeyboardLayoutNameA, GetAsyncKeyState, CharUpperW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, DestroyWindow, GetMenu, GetClientRect, EndPaint, CopyRect, BeginPaint, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongPtrW, EnumChildWindows, CharUpperBuffW, GetWindowThreadProcessId, AttachThreadInput, FrameRect, RedrawWindow, DrawTextW, wsprintfW, DrawFocusRect, FlashWindow, SetWindowLongW, GetWindowLongW, IsZoomed, GetCaretPos, GetSubMenu, GetCursorPos, GetMenuStringW, SendMessageTimeoutW, GetFocus, GetWindowTextW, ScreenToClient, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, MessageBoxW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, IsCharAlphaNumericW, IsCharAlphaW, IsCharUpperW, GetKeyboardLayoutNameW, SetWindowPos, CopyImage, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, AdjustWindowRectEx, SetRect, ClientToScreen, RegisterHotKey, GetKeyboardState, ReleaseDC, MessageBoxA, RegisterWindowMessageW, DestroyIcon, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, GetDC, WindowFromPoint, SetClipboardData, VkKeyScanA, EmptyClipboard, SetKeyboardState GDI32.dll: LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CloseFigure, SetPixel, EndPath, StrokePath, StrokeAndFillPath, ExtCreatePen, PolyBezierTo, SetViewportOrgEx, Rectangle, GetObjectW, SetBkMode, CreateDCW, CreateCompatibleBitmap, GetPixel, DeleteDC, GetDIBits, BitBlt, SelectObject, CreateDIBSection, CreateCompatibleDC, CreateFontW, GetDeviceCaps, GetTextFaceW, GetStockObject, GetTextExtentPoint32W, DeleteObject comdlg32.dll: GetSaveFileNameW, GetOpenFileNameW ADVAPI32.dll: RegSetValueExW, RegCreateKeyExW, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, GetUserNameW, RegConnectRegistryW, RegEnumKeyExW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, RegCloseKey, RegQueryValueExW, RegOpenKeyExW SHELL32.dll: DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHBrowseForFolderW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish ole32.dll: OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, IIDFromString, StringFromIID, CLSIDFromString, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, StringFromCLSID, OleUninitialize, CoTaskMemAlloc, CoTaskMemFree OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, - ExifTool: file metadata CharacterSet: Unicode CodeSize: 580096 Comments: NodLogin 9.1 EntryPoint: 0x765a0 FileDescription: www.ulisessoft.info FileFlagsMask: 0x0000 FileOS: Win32 FileSize: 819 kB FileSubtype: 0 FileType: Win32 EXE FileVersion: 9.1.0.0 FileVersionNumber: 9.1.0.0 ImageVersion: 0.0 InitializedDataSize: 156160 LanguageCode: Unknown (280A) LegalCopyright: UlisesSoft LinkerVersion: 8.0 MIMEType: application/octet-stream MachineType: AMD AMD64 OSVersion: 4.0 ObjectFileType: Unknown PEType: PE32+ ProductVersionNumber: 3.2.12.0 Subsystem: Windows GUI SubsystemVersion: 5.2 TimeStamp: 2008:05:16 09:32:48+02:00 UninitializedDataSize: 0
  9. този път завърши сканирането- със AV scan C: aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software Run date: 2011-10-13 09:55:16 ----------------------------- 09:55:16.468 OS Version: Windows x64 5.2.3790 Service Pack 2 09:55:16.468 Number of processors: 2 586 0xF02 09:55:16.468 ComputerName: ETAJ2 UserName: D 09:55:19.734 Initialize success 09:55:43.328 AVAST engine defs: 11101201 09:55:58.593 The log file has been saved successfully to "C:\Documents and Settings\D\Desktop\aswMBR.txt" 09:56:06.734 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c 09:56:06.734 Disk 0 Vendor: ST380011A 8.01 Size: 76318MB BusType: 3 09:56:06.750 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-19 09:56:06.750 Disk 1 Vendor: WDC_WD3200AAKS-00YGA0 12.01C02 Size: 305244MB BusType: 3 09:56:06.750 Device \Driver\atapi -> MajorFunction fffffadf9c6202c0 09:56:06.750 Disk 1 MBR read successfully 09:56:06.750 Disk 1 MBR scan 09:56:06.843 Disk 1 Windows XP default MBR code 09:56:06.843 Service scanning 09:56:13.437 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32 09:56:15.468 Modules scanning 09:56:15.468 Disk 1 trace - called modules: 09:56:15.468 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffadf9c6202c0]<< 09:56:15.468 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffadf9cb74770] 09:56:15.468 3 CLASSPNP.SYS[fffffadf906d28c9] -> nt!IofCallDriver -> \Device\00000074[0xfffffadf9c51ba30] 09:56:15.484 5 ACPI.sys[fffffadf90844e69] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-19[0xfffffadf9c516800] 09:56:15.484 \Driver\atapi[0xfffffadf9c51a7d0] -> IRP_MJ_CREATE -> 0xfffffadf9c6202c0 09:56:18.546 AVAST engine scan C:\ 09:58:09.718 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\D\Desktop\MBR.dat" 09:58:09.718 The log file has been saved successfully to "C:\Documents and Settings\D\Desktop\aswMBR.txt" 09:58:30.656 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\D\Desktop\MBR.dat" 09:58:30.656 The log file has been saved successfully to "C:\Documents and Settings\D\Desktop\aswMBR.txt" 10:09:28.046 File: C:\Program Files\ESET\ESET Smart Security\nodlogin.exe **INFECTED** Win32:Malware-gen 10:09:38.625 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\D\Desktop\MBR.dat" 10:09:38.640 The log file has been saved successfully to "C:\Documents and Settings\D\Desktop\aswMBR.txt" 10:11:48.484 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\D\Desktop\MBR.dat" 10:11:48.515 The log file has been saved successfully to "C:\Documents and Settings\D\Desktop\aswMBR.txt" aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software Run date: 2011-10-13 10:43:13 ----------------------------- 10:43:13.093 OS Version: Windows x64 5.2.3790 Service Pack 2 10:43:13.093 Number of processors: 2 586 0xF02 10:43:13.093 ComputerName: ETAJ2 UserName: D 10:43:17.031 Initialize success 10:43:58.187 AVAST engine defs: 11101201 10:44:30.437 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c 10:44:30.437 Disk 0 Vendor: ST380011A 8.01 Size: 76318MB BusType: 3 10:44:30.437 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-19 10:44:30.437 Disk 1 Vendor: WDC_WD3200AAKS-00YGA0 12.01C02 Size: 305244MB BusType: 3 10:44:30.437 Device \Driver\atapi -> MajorFunction fffffadf9cca52c0 10:44:30.453 Disk 1 MBR read successfully 10:44:30.453 Disk 1 MBR scan 10:44:30.500 Disk 1 Windows XP default MBR code 10:44:30.515 Service scanning 10:44:33.140 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32 10:44:33.750 Modules scanning 10:44:33.750 Disk 1 trace - called modules: 10:44:33.750 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffadf9cca52c0]<< 10:44:33.750 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffadf9cb8e400] 10:44:33.750 3 CLASSPNP.SYS[fffffadf906d28c9] -> nt!IofCallDriver -> \Device\00000074[0xfffffadf9cadd590] 10:44:33.750 5 ACPI.sys[fffffadf90844e69] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-19[0xfffffadf9cc3ec30] 10:44:33.750 \Driver\atapi[0xfffffadf9cc42c80] -> IRP_MJ_CREATE -> 0xfffffadf9cca52c0 10:44:36.703 AVAST engine scan C:\ 10:53:20.937 File: C:\Program Files\ESET\ESET Smart Security\nodlogin.exe **INFECTED** Win32:Malware-gen 12:24:36.296 Scan finished successfully 12:24:43.984 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\D\Desktop\MBR.dat" 12:24:43.984 The log file has been saved successfully to "C:\Documents and Settings\D\Desktop\aswMBR.txt"
  10. Втората програма рестартира компютъра преди да е завършила. не мога да взема лог. вече 4ти път се рестартира. НЕщо което ми прави впечатление е след първия рестарт машината зарежда уиндос осезаемо по бавно. около 2 пъти по-бавно е времето между логото на уинх64 с прогрес бара и Уелкоме картинката с юзърите, както и времето за десктопа. Програмата рестартира след 35 мин работа така че сега ще опитам да взема лог преди тези 35 мин.
  11. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: PhysicalMBR.bin Submission date: 2011-10-12 21:21:01 (UTC) Current status: queued queued analysing finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.10.12.02 2011.10.12 - AntiVir 7.11.15.240 2011.10.12 - Antiy-AVL 2.0.3.7 2011.10.12 - Avast 6.0.1289.0 2011.10.12 - AVG 10.0.0.1190 2011.10.12 - BitDefender 7.2 2011.10.12 - ByteHero 1.0.0.1 2011.09.23 - CAT-QuickHeal 11.00 2011.10.12 - ClamAV 0.97.0.0 2011.10.12 - Commtouch 5.3.2.6 2011.10.12 - Comodo 10433 2011.10.12 - DrWeb 5.0.2.03300 2011.10.12 - Emsisoft 5.1.0.11 2011.10.12 - eSafe 7.0.17.0 2011.10.11 - eTrust-Vet 36.1.8616 2011.10.12 - F-Prot 4.6.5.141 2011.10.12 - F-Secure 9.0.16440.0 2011.10.12 - Fortinet 4.3.370.0 2011.10.12 - GData 22 2011.10.12 - Ikarus T3.1.1.107.0 2011.10.12 - Jiangmin 13.0.900 2011.10.12 - K7AntiVirus 9.115.5273 2011.10.12 - Kaspersky 9.0.0.837 2011.10.12 - McAfee 5.400.0.1158 2011.10.12 - McAfee-GW-Edition 2010.1D 2011.10.12 - Microsoft 1.7702 2011.10.12 - NOD32 6538 2011.10.12 - Norman 6.07.11 2011.10.12 - nProtect 2011-10-12.01 2011.10.12 - Panda 10.0.3.5 2011.10.12 - PCTools 8.0.0.5 2011.10.12 - Prevx 3.0 2011.10.12 - Rising 23.79.02.02 2011.10.12 - Sophos 4.70.0 2011.10.12 - SUPERAntiSpyware 4.40.0.1006 2011.10.12 - Symantec 20111.2.0.82 2011.10.12 - TheHacker 6.7.0.1.321 2011.10.12 - TrendMicro 9.500.0.1008 2011.10.12 - TrendMicro-HouseCall 9.500.0.1008 2011.10.12 - VBA32 3.12.16.4 2011.10.12 - VIPRE 10743 2011.10.12 - ViRobot 2011.10.12.4715 2011.10.12 - VirusBuster 14.1.9.0 2011.10.12 - Additional information Show all MD5 : 278c184f205c024b3d7c15642c7ce915 SHA1 : 048af94ccff0156368256d50fa3aed9c1269f3c2 SHA256: 4ae7b9785bc39fc93e720397f22dbb9ddcf61730a08caa50782de6a15cc4c482 ssdeep: 12:0T4ioypl5v/c8i0HYkosStYcWLTl3rF9iy:qoypzc8XosjvlT File size : 512 bytes First seen: 2011-10-12 21:21:01 Last seen : 2011-10-12 21:21:01 TrID: Unknown! sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned
  12. All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully. Registry value HKEY_USERS\S-1-5-21-1555638461-1044350833-3229896005-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e22e1a4-cb25-11df-86a7-0016e6de2558}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e22e1a4-cb25-11df-86a7-0016e6de2558}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e22e1a4-cb25-11df-86a7-0016e6de2558}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e22e1a4-cb25-11df-86a7-0016e6de2558}\ not found. File SHORTI\\\\kolonija.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e22e1a4-cb25-11df-86a7-0016e6de2558}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e22e1a4-cb25-11df-86a7-0016e6de2558}\ not found. File SHORTI\\\\\kolonija.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e22e1a4-cb25-11df-86a7-0016e6de2558}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e22e1a4-cb25-11df-86a7-0016e6de2558}\ not found. File SHORTI\\\\\kolonija.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c21657e7-6c28-11dd-86a4-0016e6de2558}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c21657e7-6c28-11dd-86a4-0016e6de2558}\ not found. File K:\USBNB.exe not found. ========== FILES ========== File\Folder C:\Documents and Settings\All Users\Application Data\bPxedpkqwSG.exe not found. C:\RECYCLER\S-1-5-21-1555638461-1044350833-3229896005-500\Dc44\cddb folder moved successfully. C:\RECYCLER\S-1-5-21-1555638461-1044350833-3229896005-500\Dc44 folder moved successfully. C:\RECYCLER\S-1-5-21-1555638461-1044350833-3229896005-500\Dc18\Taja\VOL.2 folder moved successfully. C:\RECYCLER\S-1-5-21-1555638461-1044350833-3229896005-500\Dc18\Taja\VOL.1 folder moved successfully. C:\RECYCLER\S-1-5-21-1555638461-1044350833-3229896005-500\Dc18\Taja folder moved successfully. C:\RECYCLER\S-1-5-21-1555638461-1044350833-3229896005-500\Dc18 folder moved successfully. C:\RECYCLER\S-1-5-21-1555638461-1044350833-3229896005-500\Dc14 folder moved successfully. C:\RECYCLER\S-1-5-21-1555638461-1044350833-3229896005-500 folder moved successfully. C:\RECYCLER\S-1-5-21-1555638461-1044350833-3229896005-1002\Dc757 folder moved successfully. C:\RECYCLER\S-1-5-21-1555638461-1044350833-3229896005-1002\Dc2679 folder moved successfully. C:\RECYCLER\S-1-5-21-1555638461-1044350833-3229896005-1002\Dc2673\Downloaded Installations\{AB40E02C-84D2-439E-8A68-473726442DE6} folder moved successfully. C:\RECYCLER\S-1-5-21-1555638461-1044350833-3229896005-1002\Dc2673\Downloaded Installations\{4604550F-B940-4351-8F32-40B915603317} folder moved successfully. C:\RECYCLER\S-1-5-21-1555638461-1044350833-3229896005-1002\Dc2673\Downloaded Installations folder moved successfully. C:\RECYCLER\S-1-5-21-1555638461-1044350833-3229896005-1002\Dc2673 folder moved successfully. C:\RECYCLER\S-1-5-21-1555638461-1044350833-3229896005-1002\Dc2668 folder moved successfully. C:\RECYCLER\S-1-5-21-1555638461-1044350833-3229896005-1002\Dc2573.net\MeGUI.exe_Url_2xkergdqyjkpwhxqolko1hktluwn1okw folder moved successfully. C:\RECYCLER\S-1-5-21-1555638461-1044350833-3229896005-1002\Dc2573.net folder moved successfully. C:\RECYCLER\S-1-5-21-1555638461-1044350833-3229896005-1002 folder moved successfully. C:\RECYCLER folder moved successfully. < netsh winsock reset catalog /c > Sucessfully reset the Winsock Catalog. You must restart the machine in order to complete the reset. C:\Documents and Settings\D\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\D\Desktop\cmd.txt deleted successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\D\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\D\Desktop\cmd.txt deleted successfully. ========== REGISTRY ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\bPxedpkqwSG.exe not found. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: Administrator ->Flash cache emptied: 1559 bytes User: All Users User: D ->Flash cache emptied: 123654 bytes User: Default User User: LocalService User: NetworkService User: WDTV Live ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 34772510 bytes ->Temporary Internet Files folder emptied: 119043372 bytes ->FireFox cache emptied: 62739681 bytes ->Flash cache emptied: 0 bytes User: All Users User: D ->Temp folder emptied: 166744945 bytes ->Temporary Internet Files folder emptied: 34596018 bytes ->Java cache emptied: 12618949 bytes ->FireFox cache emptied: 111606545 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes User: WDTV Live ->Temp folder emptied: 7761701 bytes ->Temporary Internet Files folder emptied: 1740850 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2168024 bytes %systemroot%\System32 .tmp files removed: 4265 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 252500610 bytes RecycleBin emptied: 1311963773 bytes Total Files Cleaned = 2 020,00 mb OTL by OldTimer - Version 3.2.29.1 log created on 10122011_175518 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7929 Windows 5.2.3790 Service Pack 2 Internet Explorer 6.0.3790.1830 12.10.2011 г. 18:09:09 mbam-log-2011-10-12 (18-09-09).txt Scan type: Quick scan Objects scanned: 196357 Time elapsed: 2 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\dmans.dll (Backdoor.Bot) -> Quarantined and deleted successfully. c:\WINDOWS\SysWOW64\dmans.dll (Backdoor.Bot) -> Quarantined and deleted successfully. c:\documents and settings\administrator\favorites\online security test.url (Rogue.Link) -> Quarantined and deleted successfully. c:\documents and settings\all users\favorites\online security test.url (Rogue.Link) -> Quarantined and deleted successfully. c:\documents and settings\D\favorites\online security test.url (Rogue.Link) -> Quarantined and deleted successfully. c:\documents and settings\default user\favorites\online security test.url (Rogue.Link) -> Quarantined and deleted successfully. c:\documents and settings\wdtv live\favorites\online security test.url (Rogue.Link) -> Quarantined and deleted successfully. c:\WINDOWS\system32\dbqp.fon (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\SysWOW64\dbqp.fon (Malware.Trace) -> Quarantined and deleted successfully. След рестарта се зареди десктопа, повторно сканиране с MBAM дава 0. Таск мениджър работи. Фаиловете от диска бяха с Hidden атрибут така че вече се виждат. Единствен "проблем" остана СТАРТ Меню-то в което не се зареждат иконите на програмите. Но това май не е проблем и другото е че липсвот иконите в Лентата със задачи които са точно до СТАРТ бутона- може би ще успея да си ги върна.
  13. OTL logfile created on: 12.10.2011 г. 14:11:09 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\D\Desktop 64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 6.0.3790.1830) Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.' 4,00 Gb Total Physical Memory | 3,09 Gb Available Physical Memory | 77,40% Memory free 11,75 Gb Paging File | 11,15 Gb Available in Paging File | 94,91% Paging File free Paging file location(s): c:\pagefile.sys 0 0i:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 36,26 Gb Total Space | 13,06 Gb Free Space | 36,00% Space Free | Partition Type: NTFS Drive D: | 74,47 Gb Total Space | 6,28 Gb Free Space | 8,44% Space Free | Partition Type: NTFS Drive E: | 151,11 Gb Total Space | 19,93 Gb Free Space | 13,19% Space Free | Partition Type: NTFS Drive G: | 9,32 Gb Total Space | 2,53 Gb Free Space | 27,15% Space Free | Partition Type: NTFS Drive H: | 65,21 Gb Total Space | 19,21 Gb Free Space | 29,46% Space Free | Partition Type: NTFS Drive I: | 36,25 Gb Total Space | 31,72 Gb Free Space | 87,51% Space Free | Partition Type: NTFS Computer Name: ETAJ2 | User Name: D | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days ========== Processes (SafeList) ========== PRC - [2011.10.12 14:09:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\D\Desktop\OTL.exe PRC - [2010.08.26 17:18:27 | 000,045,056 | -H-- | M] () -- C:\WINDOWS\SysWOW64\UTSCSI.EXE PRC - [2010.07.25 01:09:51 | 000,910,296 | -H-- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2009.05.12 06:33:56 | 000,731,840 | -H-- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2007.06.14 19:57:42 | 000,145,504 | -H-- | M] (B.H.A Corporation) -- C:\WINDOWS\SysWOW64\bgsvcgen.exe PRC - [2006.11.03 11:01:16 | 000,319,488 | -H-- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe ========== Modules (No Company Name) ========== MOD - [2011.09.03 23:32:38 | 006,277,280 | -H-- | M] () -- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2010.08.26 17:18:27 | 000,045,056 | -H-- | M] () -- C:\WINDOWS\SysWOW64\UTSCSI.EXE MOD - [2010.07.25 01:09:51 | 001,015,768 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.06.26 15:56:50 | 000,119,296 | -H-- | M] (WDC) [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe) SRV:64bit: - [2009.05.12 06:35:50 | 000,023,296 | -H-- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV:64bit: - [2009.05.12 06:33:56 | 000,731,840 | -H-- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV - [2010.08.26 17:18:27 | 000,045,056 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\UTSCSI.EXE -- (UTSCSI) SRV - [2010.08.03 01:11:31 | 003,732,680 | -H-- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\SysWow64\GameMon.des -- (npggsvc) SRV - [2010.02.10 21:20:00 | 000,663,552 | -H-- | M] () [Auto | Stopped] -- C:\WINDOWS\SysWOW64\ati2saag.exe -- (ATI Smart) SRV - [2009.01.28 21:03:39 | 000,654,848 | -H-- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.10.29 00:08:44 | 000,326,192 | -H-- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2008.10.29 00:07:56 | 000,113,200 | -H-- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2008.10.29 00:07:20 | 000,399,920 | -H-- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2008.10.02 19:25:42 | 000,191,024 | -H-- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2008.07.25 11:17:02 | 000,069,632 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.06.14 19:57:42 | 000,145,504 | -H-- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\bgsvcgen.exe -- (bgsvcgen) SRV - [2007.02.17 08:44:20 | 000,077,312 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc) SRV - [2005.03.25 16:00:00 | 000,039,424 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf) ========== Driver Services (SafeList) ========== DRV - [2008.10.02 19:24:54 | 000,032,816 | -H-- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2006.08.29 17:56:20 | 000,032,377 | -H-- | M] (B-phreaks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\prodigy.sys -- (PRODIGY) DRV - [2006.02.04 03:50:16 | 000,004,682 | -H-- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\npptNT2.sys -- (NPPTNT2) DRV - [2005.03.25 16:00:00 | 000,033,792 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1555638461-1044350833-3229896005-1002\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1 IE - HKU\S-1-5-21-1555638461-1044350833-3229896005-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1555638461-1044350833-3229896005-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1555638461-1044350833-3229896005-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1555638461-1044350833-3229896005-1002\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\shdocvw.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1555638461-1044350833-3229896005-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1555638461-1044350833-3229896005-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {A5475360-A7EA-437b-9A79-29208F476940}:1.3.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\D\Application Data\Facebook\npfbplugin_1_0_3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ff [2009.09.11 19:12:51 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.19 20:00:05 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.25 01:09:52 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.05.28 23:45:54 | 000,000,000 | -H-D | M] [2008.07.08 23:49:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\D\Application Data\Mozilla\Extensions [2008.07.08 23:49:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\D\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011.10.02 18:12:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\D\Application Data\Mozilla\Firefox\Profiles\3hzc28k6.default\extensions [2011.09.16 15:54:46 | 000,000,000 | -H-D | M] (Simple RSS Reader (SRR)) -- C:\Documents and Settings\D\Application Data\Mozilla\Firefox\Profiles\3hzc28k6.default\extensions\{A5475360-A7EA-437b-9A79-29208F476940} [2011.10.02 18:12:11 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\D\Application Data\Mozilla\Firefox\Profiles\3hzc28k6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.02.21 17:28:34 | 000,002,042 | -H-- | M] () -- C:\Documents and Settings\D\Application Data\Mozilla\Firefox\Profiles\3hzc28k6.default\searchplugins\facebook.xml [2011.10.02 18:12:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.07.25 01:09:52 | 000,000,000 | -H-D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008.12.22 21:43:12 | 000,000,000 | -H-D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2008.08.02 11:56:57 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009.09.11 19:13:02 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.09.11 19:12:51 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010.07.25 01:09:51 | 000,023,512 | -H-- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll [2010.07.25 01:09:51 | 000,138,712 | -H-- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll [2007.04.10 18:21:08 | 000,163,256 | -H-- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2009.09.11 19:12:50 | 000,411,368 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll [2010.07.25 01:09:51 | 000,064,984 | -H-- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2006.10.26 21:12:16 | 000,016,192 | -H-- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2004.12.14 03:19:18 | 000,057,344 | -H-- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2010.03.17 11:09:40 | 000,001,394 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml [2010.03.17 11:09:40 | 000,002,193 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml [2010.03.17 11:09:40 | 000,001,534 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml [2010.03.17 11:09:40 | 000,002,344 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml [2010.03.17 11:09:40 | 000,002,371 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml [2010.03.17 11:09:40 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml [2010.03.17 11:09:40 | 000,001,096 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml Hosts file not found O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3:64bit: - HKU\S-1-5-21-1555638461-1044350833-3229896005-1002\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found O3 - HKU\S-1-5-21-1555638461-1044350833-3229896005-1002\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation) O3:64bit: - HKU\S-1-5-21-1555638461-1044350833-3229896005-1002\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found O3 - HKU\S-1-5-21-1555638461-1044350833-3229896005-1002\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation) O3:64bit: - HKU\S-1-5-21-1555638461-1044350833-3229896005-1002\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found O3 - HKU\S-1-5-21-1555638461-1044350833-3229896005-1002\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:64bit: - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-1555638461-1044350833-3229896005-1002..\Run: [ctfmon.exe] C:\WINDOWS\SysWOW64\ctfmon.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1555638461-1044350833-3229896005-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1555638461-1044350833-3229896005-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 O7 - HKU\S-1-5-21-1555638461-1044350833-3229896005-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\D\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\D\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6D04C91-4C80-4AB9-A677-C26DC53CAAC5}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SysWOW64\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SysWOW64\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysWOW64\wiascr.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: System - (lsass.exe) - File not found O20 - HKLM Winlogon: UserInit - (userinit) -C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) -C:\WINDOWS\SysWOW64\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\SysWow64\sysdm.cpl (Microsoft Corporation) O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\SysWow64\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\SysWow64\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\SysWow64\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - C:\WINDOWS\SysWow64\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\EFS: DllName - (sclgntfy.dll) - C:\WINDOWS\SysWow64\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\SysWow64\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found O21:64bit: - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\system32\webcheck.dll File not found O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SysWOW64\webcheck.dll (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\D\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\D\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation) O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\SysWow64\msapsspc.dll (Microsoft Corporation) O29:64bit: - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation) O29:64bit: - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\SysWow64\digest.dll (Microsoft Corporation) O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\SysWow64\msnsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\SysWow64\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\SysWow64\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\SysWow64\msnsspc.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.06.29 09:28:15 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007.09.22 21:52:17 | 000,000,000 | -H-- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{9e22e1a4-cb25-11df-86a7-0016e6de2558}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9e22e1a4-cb25-11df-86a7-0016e6de2558}\Shell\AutoRun\command - "" = SHORTI\\\\kolonija.exe O33 - MountPoints2\{9e22e1a4-cb25-11df-86a7-0016e6de2558}\Shell\explore\command - "" = SHORTI\\\\\kolonija.exe O33 - MountPoints2\{9e22e1a4-cb25-11df-86a7-0016e6de2558}\Shell\open\command - "" = SHORTI\\\\\kolonija.exe O33 - MountPoints2\{c21657e7-6c28-11dd-86a4-0016e6de2558}\Shell\AutoRun\command - "" = K:\USBNB.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* СЛЕДВА ПРОДЪЛЖЕНИЕ MsConfig:64bit - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) MsConfig:64bit - StartUpReg: AlcWzrd - hkey= - key= - C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - File not found MsConfig:64bit - StartUpReg: NBKeyScan - hkey= - key= - File not found MsConfig:64bit - StartUpReg: NeroHomeFirstStart - hkey= - key= - File not found MsConfig:64bit - StartUpReg: nwiz - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.) MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig:64bit - StartUpReg: WD Drive Manager - hkey= - key= - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC) MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: sermouse.sys - Driver SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: wd.sys - Driver SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: wd.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: sermouse.sys - Driver SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: UploadMgr - Service SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin ========== Files/Folders - Created Within 90 Days ========== [2011.10.12 14:09:04 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\D\Desktop\OTL.exe [2011.10.12 13:50:06 | 001,559,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\D\Desktop\tdsskiller.exe [2011.10.12 13:02:51 | 000,000,000 | ---D | C] -- C:\Trend Micro [2011.10.12 13:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D\Start Menu\Programs\HiJackThis [2011.10.12 12:57:00 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\D\Desktop\dds.scr [2011.10.12 11:55:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D\DoctorWeb [2011.10.12 10:47:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\D\Recent [2011.10.11 19:53:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\D\Start Menu\Programs\System Restore [2011.10.02 17:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D\Desktop\BEGLIKA MUSIKA [2011.09.27 16:05:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\D\Local Settings\Application Data\TeamSpeak 3 Client [2011.09.27 02:15:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center [2011.09.27 02:13:51 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\ATI Technologies [2011.09.27 02:12:50 | 000,000,000 | -H-D | C] -- C:\ATI [2011.09.01 13:50:50 | 000,032,377 | -H-- | C] (B-phreaks) -- C:\WINDOWS\SysWow64\drivers\prodigy.sys [2011.09.01 13:50:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\NSS [2011.08.14 13:09:43 | 000,004,682 | -H-- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\SysWow64\npptNT2.sys [2011.08.14 13:04:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lineage II [2011.08.07 19:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D\Desktop\Teh Project [2011.07.16 20:12:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\D\Application Data\ts3overlay [2011.07.16 20:10:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\D\Application Data\TS3Client [2011.07.16 20:09:47 | 000,000,000 | -H-D | C] -- C:\Program Files\TeamSpeak 3 Client [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\Documents and Settings\D\Desktop\*.tmp files -> C:\Documents and Settings\D\Desktop\*.tmp -> ] [2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2011.10.12 14:12:05 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2011.10.12 14:09:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\D\Desktop\OTL.exe [2011.10.12 13:53:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.10.12 13:50:06 | 001,559,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\D\Desktop\tdsskiller.exe [2011.10.12 13:02:58 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\D\Desktop\HiJackThis.lnk [2011.10.12 13:02:16 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\D\Desktop\tool.msi [2011.10.12 12:57:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\D\Desktop\dds.scr [2011.10.11 20:06:03 | 000,000,857 | -H-- | M] () -- C:\Documents and Settings\D\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk [2011.10.11 19:53:46 | 000,000,839 | ---- | M] () -- C:\Documents and Settings\D\Desktop\System Restore.lnk [2011.10.09 14:06:43 | 000,209,920 | -H-- | M] () -- C:\Documents and Settings\D\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.02 22:01:19 | 000,006,329 | ---- | M] () -- C:\Documents and Settings\D\Desktop\Audio2.nra [2011.10.02 18:08:09 | 000,549,642 | -H-- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2011.10.01 13:05:56 | 000,000,010 | -H-- | M] () -- C:\WINDOWS\WININIT.INI [2011.09.28 21:19:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\D\Desktop\vlc-1.1.11-win32.exe [2011.09.27 17:50:23 | 000,006,656 | -H-- | M] () -- C:\WINDOWS\SysWow64\lpcio.dll [2011.09.27 16:05:26 | 000,001,190 | ---- | M] () -- C:\Documents and Settings\D\Desktop\TeamSpeak 3 Client.lnk [2011.09.27 14:59:46 | 000,075,353 | ---- | M] () -- C:\Documents and Settings\D\Desktop\Daniel_Minkov_Pr_Profil.ppsx [2011.09.27 14:46:19 | 000,274,667 | ---- | M] () -- C:\Documents and Settings\D\Desktop\PotrbitelskoPovedenie.rar [2011.09.27 02:10:02 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\SysWow64\d3d9caps.dat [2011.09.19 12:11:03 | 000,000,941 | ---- | M] () -- C:\Documents and Settings\D\Desktop\Shortcut (3) to L2.exe.lnk [2011.09.14 18:24:47 | 000,093,033 | ---- | M] () -- C:\Documents and Settings\D\Desktop\AnsoffMatrixWorksheetBusiness.pdf [2011.09.14 17:07:42 | 000,079,805 | ---- | M] () -- C:\Documents and Settings\D\Desktop\SWOT Chart.jpg [2011.09.14 17:02:30 | 000,028,130 | ---- | M] () -- C:\Documents and Settings\D\Desktop\index.png [2011.09.14 12:49:22 | 000,095,227 | ---- | M] () -- C:\Documents and Settings\D\Desktop\PESTAnalysisWorksheet.pdf [2011.09.13 16:25:15 | 000,120,964 | ---- | M] () -- C:\Documents and Settings\D\Desktop\7SWorksheet.pdf [2011.09.12 14:32:29 | 000,073,740 | ---- | M] () -- C:\Documents and Settings\D\Desktop\BLOK SHEMA - OP.jpg [2011.09.09 16:52:31 | 000,037,764 | ---- | M] () -- C:\Documents and Settings\D\Desktop\White widow.jpg [2011.09.05 20:15:42 | 000,066,724 | ---- | M] () -- C:\Documents and Settings\D\Desktop\1.jpg [2011.09.03 23:32:38 | 000,404,640 | -H-- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl [2011.08.31 15:31:55 | 000,161,246 | ---- | M] () -- C:\Documents and Settings\D\Desktop\dsc01010.jpg [2011.08.30 23:42:57 | 000,085,144 | ---- | M] () -- C:\Documents and Settings\D\Desktop\Organic Matter.pdf [2011.08.23 17:08:39 | 000,584,568 | ---- | M] () -- C:\Documents and Settings\D\Desktop\Kak si otgledah novi zybi.pdf [2011.08.18 16:54:29 | 002,895,582 | ---- | M] () -- C:\Documents and Settings\D\Desktop\BodyLanguagebyAllanPease.pdf [2011.08.18 11:14:24 | 000,614,512 | ---- | M] () -- C:\Documents and Settings\D\Desktop\Reflex teeth.pdf [2011.08.17 20:36:00 | 000,086,719 | ---- | M] () -- C:\Documents and Settings\D\Desktop\holography.jpg [2011.08.10 12:09:40 | 007,421,582 | ---- | M] () -- C:\Documents and Settings\D\Desktop\Mystery Method - VenusianArts BG by Ferdo.pdf [2011.08.08 22:37:33 | 002,703,140 | ---- | M] () -- C:\Documents and Settings\D\Desktop\Johnson-TSWM.pdf [2011.08.04 21:29:52 | 000,663,260 | ---- | M] () -- C:\Documents and Settings\D\Desktop\Ganjanology_Carbon_filter.pdf [2011.07.19 15:18:56 | 000,050,616 | ---- | M] () -- C:\Documents and Settings\D\Desktop\10.2_QPad_with_Keyboard_details.jpg [2011.07.19 15:18:30 | 000,031,739 | ---- | M] () -- C:\Documents and Settings\D\Desktop\10.2_QPad_with_Keyboard.jpg [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\Documents and Settings\D\Desktop\*.tmp files -> C:\Documents and Settings\D\Desktop\*.tmp -> ] [2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.12 14:12:05 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2011.10.12 13:02:51 | 000,002,309 | ---- | C] () -- C:\Documents and Settings\D\Desktop\HiJackThis.lnk [2011.10.12 13:02:15 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\D\Desktop\tool.msi [2011.10.11 20:06:02 | 000,000,857 | -H-- | C] () -- C:\Documents and Settings\D\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk [2011.10.11 19:53:46 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\D\Desktop\System Restore.lnk [2011.10.02 22:01:19 | 000,006,329 | ---- | C] () -- C:\Documents and Settings\D\Desktop\Audio2.nra [2011.10.01 13:23:12 | 000,663,552 | -H-- | C] () -- C:\WINDOWS\SysWow64\ati2saag.exe [2011.09.28 21:19:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\D\Desktop\vlc-1.1.11-win32.exe [2011.09.27 16:05:26 | 000,001,190 | ---- | C] () -- C:\Documents and Settings\D\Desktop\TeamSpeak 3 Client.lnk [2011.09.27 14:59:46 | 000,075,353 | ---- | C] () -- C:\Documents and Settings\D\Desktop\Daniel_Minkov_Pr_Profil.ppsx [2011.09.27 14:46:18 | 000,274,667 | ---- | C] () -- C:\Documents and Settings\D\Desktop\PotrbitelskoPovedenie.rar [2011.09.19 12:11:03 | 000,000,941 | ---- | C] () -- C:\Documents and Settings\D\Desktop\Shortcut (3) to L2.exe.lnk [2011.09.14 18:24:47 | 000,093,033 | ---- | C] () -- C:\Documents and Settings\D\Desktop\AnsoffMatrixWorksheetBusiness.pdf [2011.09.14 17:07:40 | 000,079,805 | ---- | C] () -- C:\Documents and Settings\D\Desktop\SWOT Chart.jpg [2011.09.14 17:02:30 | 000,028,130 | ---- | C] () -- C:\Documents and Settings\D\Desktop\index.png [2011.09.14 12:49:22 | 000,095,227 | ---- | C] () -- C:\Documents and Settings\D\Desktop\PESTAnalysisWorksheet.pdf [2011.09.13 16:25:15 | 000,120,964 | ---- | C] () -- C:\Documents and Settings\D\Desktop\7SWorksheet.pdf [2011.09.12 14:32:28 | 000,073,740 | ---- | C] () -- C:\Documents and Settings\D\Desktop\BLOK SHEMA - OP.jpg [2011.09.09 16:52:30 | 000,037,764 | ---- | C] () -- C:\Documents and Settings\D\Desktop\White widow.jpg [2011.09.05 20:15:40 | 000,066,724 | ---- | C] () -- C:\Documents and Settings\D\Desktop\1.jpg [2011.08.31 15:31:55 | 000,161,246 | ---- | C] () -- C:\Documents and Settings\D\Desktop\dsc01010.jpg [2011.08.30 23:42:56 | 000,085,144 | ---- | C] () -- C:\Documents and Settings\D\Desktop\Organic Matter.pdf [2011.08.23 17:08:38 | 000,584,568 | ---- | C] () -- C:\Documents and Settings\D\Desktop\Kak si otgledah novi zybi.pdf [2011.08.18 16:51:37 | 002,895,582 | ---- | C] () -- C:\Documents and Settings\D\Desktop\BodyLanguagebyAllanPease.pdf [2011.08.18 11:14:24 | 000,614,512 | ---- | C] () -- C:\Documents and Settings\D\Desktop\Reflex teeth.pdf [2011.08.17 20:36:00 | 000,086,719 | ---- | C] () -- C:\Documents and Settings\D\Desktop\holography.jpg [2011.08.14 13:09:43 | 000,005,174 | -H-- | C] () -- C:\WINDOWS\SysWow64\nppt9x.vxd [2011.08.10 12:09:37 | 007,421,582 | ---- | C] () -- C:\Documents and Settings\D\Desktop\Mystery Method - VenusianArts BG by Ferdo.pdf [2011.08.08 22:37:31 | 002,703,140 | ---- | C] () -- C:\Documents and Settings\D\Desktop\Johnson-TSWM.pdf [2011.08.04 21:29:52 | 000,663,260 | ---- | C] () -- C:\Documents and Settings\D\Desktop\Ganjanology_Carbon_filter.pdf [2011.07.19 15:18:37 | 000,050,616 | ---- | C] () -- C:\Documents and Settings\D\Desktop\10.2_QPad_with_Keyboard_details.jpg [2011.07.19 15:18:29 | 000,031,739 | ---- | C] () -- C:\Documents and Settings\D\Desktop\10.2_QPad_with_Keyboard.jpg [2011.06.25 16:12:30 | 000,000,399 | -H-- | C] () -- C:\WINDOWS\SysWow64\Remover.ini [2011.06.25 16:12:29 | 000,000,566 | -H-- | C] () -- C:\WINDOWS\SysWow64\SP207.INI [2010.11.05 13:46:30 | 000,000,893 | -H-- | C] () -- C:\WINDOWS\SysWow64\apexconverter.exe.stackdump [2010.11.05 13:41:44 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\SysWow64\cygz.dll [2010.09.21 18:08:11 | 000,000,033 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini [2010.09.02 22:15:25 | 000,000,599 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini [2010.09.02 22:14:17 | 000,001,264 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini [2010.08.26 17:18:27 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\SysWow64\UTSCSI.EXE [2010.06.18 19:25:18 | 000,002,774 | -H-- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010.06.18 19:25:13 | 000,010,288 | -H-- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS [2010.04.29 19:52:03 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2010.02.19 16:56:16 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\D\Application Data\$_hpcst$.hpc [2010.01.28 00:20:17 | 000,007,680 | -H-- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll [2010.01.23 03:13:47 | 000,000,917 | -H-- | C] () -- C:\Documents and Settings\D\Application Data\coreavc.ini [2009.05.21 18:06:14 | 000,000,005 | -H-- | C] () -- C:\WINDOWS\SysWow64\jGuest.dll [2009.05.21 18:04:56 | 000,041,935 | -H-- | C] () -- C:\WINDOWS\SysWow64\ybn2e.dll [2009.05.21 18:02:26 | 000,029,342 | -H-- | C] () -- C:\WINDOWS\SysWow64\ybn3e.dll [2009.03.10 22:21:32 | 000,000,010 | -H-- | C] () -- C:\WINDOWS\WININIT.INI [2009.02.17 02:53:22 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\vpc32.INI [2008.12.12 22:31:40 | 000,023,954 | -H-- | C] () -- C:\WINDOWS\SysWow64\ybn1e.dll [2008.10.30 22:56:30 | 000,034,360 | -H-- | C] () -- C:\WINDOWS\SysWow64\colfld.dll [2008.10.13 00:21:23 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.09.05 00:28:19 | 000,008,704 | -H-- | C] () -- C:\WINDOWS\SysWow64\BHARegister.dll [2008.07.26 20:59:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\SysWow64\ezsidmv.dat [2008.07.13 18:35:30 | 000,209,920 | -H-- | C] () -- C:\Documents and Settings\D\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.07.08 20:33:24 | 000,000,262 | -H-- | C] () -- C:\WINDOWS\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2008.07.01 22:24:39 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI [2008.06.29 12:32:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat [2008.06.29 11:26:59 | 000,549,642 | -H-- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2008.06.29 10:02:03 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\SysWow64\ChCfg.exe [2008.06.29 10:01:36 | 000,037,376 | -H-- | C] () -- C:\WINDOWS\CPLUtl64.exe [2008.06.29 09:58:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\ativpsrm.bin [2008.06.29 09:41:19 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\SysWow64\d3d9caps.dat [2008.06.29 09:33:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008.06.29 05:58:12 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.03.03 02:33:18 | 000,001,707 | -H-- | C] () -- C:\WINDOWS\SysWow64\neiom.dll [2007.10.25 18:26:10 | 000,005,632 | -H-- | C] () -- C:\WINDOWS\SysWow64\drivers\StarOpen.sys [2007.02.18 19:05:48 | 000,276,992 | -H-- | C] () -- C:\WINDOWS\SysWow64\sbe.dll [2007.02.18 19:05:46 | 001,274,880 | -H-- | C] () -- C:\WINDOWS\SysWow64\quartz.dll [2007.02.18 19:05:46 | 000,512,512 | -H-- | C] () -- C:\WINDOWS\SysWow64\qedit.dll [2007.02.18 19:05:46 | 000,385,536 | -H-- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll [2007.02.18 19:05:46 | 000,279,040 | -H-- | C] () -- C:\WINDOWS\SysWow64\qdv.dll [2007.02.18 19:05:46 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\SysWow64\qcap.dll [2007.02.18 19:05:40 | 000,355,112 | -H-- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2007.02.18 19:05:34 | 000,062,464 | -H-- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll [2007.02.18 19:05:34 | 000,006,656 | -H-- | C] () -- C:\WINDOWS\SysWow64\lpcio.dll [2007.02.18 19:05:28 | 000,396,288 | -H-- | C] () -- C:\WINDOWS\SysWow64\encdec.dll [2007.02.18 19:05:24 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\SysWow64\devenum.dll [2007.02.18 19:05:20 | 000,072,704 | -H-- | C] () -- C:\WINDOWS\SysWow64\amstream.dll [2006.10.28 13:29:26 | 000,001,506 | -H-- | C] () -- C:\WINDOWS\SysWow64\dnmssa.dll [2006.05.11 06:50:58 | 000,013,765 | -H-- | C] () -- C:\WINDOWS\SysWow64\nmessd.dll [2006.05.11 05:03:04 | 000,023,490 | -H-- | C] () -- C:\WINDOWS\SysWow64\xl4m3r.dll [2005.11.26 08:44:36 | 000,025,248 | -H-- | C] () -- C:\WINDOWS\SysWow64\spn1k.dll [2005.03.28 14:31:48 | 000,088,944 | -H-- | C] () -- C:\WINDOWS\SysWow64\eciysaw.dll [2005.03.25 16:00:00 | 000,733,696 | -H-- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll [2005.03.25 16:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\SysWow64\mlang.dat [2005.03.25 16:00:00 | 000,498,205 | -H-- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll [2005.03.25 16:00:00 | 000,199,168 | -H-- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll [2005.03.25 16:00:00 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\SysWow64\msencode.dll [2005.03.25 16:00:00 | 000,082,432 | -H-- | C] () -- C:\WINDOWS\SysWow64\ieencode.dll [2005.03.25 16:00:00 | 000,055,808 | -H-- | C] () -- C:\WINDOWS\SysWow64\dvdplay.exe [2005.03.25 16:00:00 | 000,046,907 | -H-- | C] () -- C:\WINDOWS\mib.bin [2005.03.25 16:00:00 | 000,016,896 | -H-- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll [2005.03.25 16:00:00 | 000,014,336 | -H-- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll [2005.03.25 16:00:00 | 000,012,498 | -H-- | C] () -- C:\WINDOWS\SysWow64\append.exe [2005.03.25 16:00:00 | 000,004,126 | -H-- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll [2005.03.25 16:00:00 | 000,001,129 | -H-- | C] () -- C:\WINDOWS\SysWow64\vwipxspx.exe [2005.01.27 13:54:08 | 000,000,834 | -H-- | C] () -- C:\WINDOWS\SysWow64\comqsss.dll [2005.01.27 13:53:04 | 000,089,005 | -H-- | C] () -- C:\WINDOWS\SysWow64\na4.dll [2003.03.16 15:49:00 | 000,033,792 | --S- | C] () -- C:\WINDOWS\SysWow64\dmans.dll [2000.06.23 05:48:04 | 000,000,734 | -H-- | C] () -- C:\WINDOWS\SysWow64\identzsa.dll ========== LOP Check ========== [2008.06.29 11:58:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\ESET [2008.07.08 23:43:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent [2010.08.03 14:45:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2008.06.29 11:56:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ESET [2010.05.13 19:51:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\fontconfig [2009.09.11 02:39:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Palo Alto Software [2008.09.05 00:34:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic [2010.04.29 19:52:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft [2008.11.09 16:36:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\D\Application Data\DAEMON Tools [2011.10.02 18:12:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\D\Application Data\DVDVideoSoft [2011.10.02 18:12:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\D\Application Data\DVDVideoSoftIEHelpers [2008.07.08 23:44:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\D\Application Data\ESET [2010.05.13 21:11:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\D\Application Data\HandBrake [2009.10.28 00:59:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\D\Application Data\HDRsoft [2008.08.01 22:39:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\D\Application Data\ICQ [2011.06.25 14:36:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\D\Application Data\Lineage Utils [2011.03.22 01:36:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\D\Application Data\LolClient [2011.08.20 10:59:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\D\Application Data\Mumble [2009.09.11 02:40:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\D\Application Data\Palo Alto Software [2010.02.19 16:56:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\D\Application Data\Samsung [2010.10.03 14:12:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\D\Application Data\SupRip [2010.08.07 20:26:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\D\Application Data\TeraCopy [2011.07.16 22:10:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\D\Application Data\TS3Client [2011.07.16 20:12:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\D\Application Data\ts3overlay [2011.10.09 16:59:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\D\Application Data\uTorrent [2011.10.12 13:52:59 | 000,032,632 | -H-- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt ========== Purity Check ========== ========== Custom Scans ========== < > < %SYSTEMDRIVE%\*.* > [2009.11.25 20:56:12 | 000,001,024 | -H-- | M] () -- C:\.rnd [2008.06.29 09:28:15 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT [2008.06.29 09:21:07 | 000,000,213 | -HS- | M] () -- C:\boot.ini [2008.06.29 09:28:15 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS [2008.06.29 09:28:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008.06.29 09:28:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2005.03.25 16:00:00 | 000,047,772 | RHS- | M] () -- C:\NTDETECT.COM [2007.02.18 19:12:38 | 000,297,072 | RHS- | M] () -- C:\ntldr [2011.10.12 13:53:39 | 4293,079,040 | -HS- | M] () -- C:\pagefile.sys [2011.10.12 14:12:05 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2011.10.12 13:52:49 | 000,051,278 | ---- | M] () -- C:\TDSSKiller.2.6.8.0_12.10.2011_13.50.22_log.txt < %USERPROFILE%\*.* > [2009.09.22 12:54:28 | 000,000,048 | -H-- | M] () -- C:\Documents and Settings\D\.jupload.properties [2011.06.27 23:58:05 | 000,014,997 | -H-- | M] () -- C:\Documents and Settings\D\Config.xml [2008.12.14 16:25:52 | 000,000,091 | -H-- | M] () -- C:\Documents and Settings\D\default.pls [2011.06.27 23:58:05 | 000,001,993 | -H-- | M] () -- C:\Documents and Settings\D\Log.xml [2011.05.10 14:50:12 | 000,000,066 | -H-- | M] () -- C:\Documents and Settings\D\maestro-server.log [2011.10.12 13:52:56 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\D\NTUSER.DAT [2011.10.12 14:12:43 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\D\ntuser.dat.LOG [2011.10.12 13:52:56 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\D\ntuser.ini [2008.06.29 06:00:31 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\D\Sti_Trace.log [2011.09.14 17:04:17 | 000,000,265 | -H-- | M] () -- C:\Documents and Settings\D\wiadebug.log < %USERPROFILE%\AppData\Local\*.* > < %USERPROFILE%\AppData\Roaming\*.* > Invalid Environment Variable: ProgramData < %CommonProgramFiles%\*.* > < %PROGRAMFILES%\*.* > [2005.03.25 16:00:00 | 000,000,002 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %systemroot%\system32\*.dll /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\system64\*.dll /lockedfiles > < %systemroot%\syswow64\*.dll /lockedfiles > [2 C:\WINDOWS\syswow64\*.tmp files -> C:\WINDOWS\syswow64\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /90 > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system64\drivers\*.sys /lockedfiles > < %systemroot%\syswow64\drivers\*.sys /lockedfiles > < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2006.10.14 17:43:18 | 000,027,648 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll < %systemroot%\*. /mp /s > < %systemroot%\assembly\tmp\*.* /S /MD5 > < %systemroot%\assembly\GAC_32\*.* /S /MD5 > [2011.10.02 18:07:42 | 000,069,120 | -H-- | M] () MD5=DC426A365577F27187F99EB506ECD5D1 -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll [2011.10.02 18:07:41 | 000,072,192 | -H-- | M] () MD5=29B35A999E341A37BE67771BE01CC275 -- C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll [2009.01.31 21:29:16 | 000,118,112 | -H-- | M] () MD5=9249408608D1B5BA410481D763D248B5 -- C:\WINDOWS\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll [2011.10.02 17:27:51 | 000,163,840 | -H-- | M] () MD5=36BDD82A92AA704034475C2DEF7FBD29 -- C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll [2009.01.31 21:29:30 | 000,367,400 | -H-- | M] () MD5=6CAD87F2BE4A4BC31D3FD5C923741418 -- C:\WINDOWS\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll [2009.01.31 21:29:24 | 001,662,976 | -H-- | M] () MD5=2148068617A9D2B5E08520CAD7014E64 -- C:\WINDOWS\assembly\GAC_32\mscorcfg\2.0.0.0__b03f5f7f11d50a3a\mscorcfg.dll [2011.10.02 18:07:47 | 000,066,728 | -H-- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp [2011.10.02 18:07:47 | 000,082,172 | -H-- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp [2011.10.02 18:07:47 | 000,116,756 | -H-- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp [2011.10.02 18:07:47 | 004,546,560 | -H-- | M] () MD5=0E6ABF2107C72F5FA86EE620BE315CA0 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll [2011.10.02 18:07:47 | 000,059,342 | -H-- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp [2011.10.02 18:07:48 | 000,045,794 | -H-- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp [2011.10.02 18:07:48 | 000,039,284 | -H-- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp [2011.10.02 18:07:48 | 000,066,384 | -H-- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp [2011.10.02 18:07:48 | 000,060,294 | -H-- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp [2011.10.02 18:07:47 | 000,083,748 | -H-- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp [2011.10.02 18:07:47 | 000,083,748 | -H-- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp [2011.10.02 18:07:47 | 000,262,148 | -H-- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp [2011.10.02 18:07:47 | 000,020,320 | -H-- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp [2011.10.02 18:07:47 | 000,028,288 | -H-- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp [2011.10.02 17:27:55 | 004,210,688 | -H-- | M] () MD5=A9D42B0504EAE68C4D45692F019B543A -- C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll [2011.10.02 18:07:43 | 000,486,400 | -H-- | M] () MD5=B2EDA351AB2DEE6F0CE95B38F8BFA0D5 -- C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll [2011.10.02 18:07:43 | 002,933,248 | -H-- | M] () MD5=16F96C1496CBD0965285AB19A9271D02 -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll [2011.10.02 18:07:39 | 000,258,048 | -H-- | M] () MD5=9631B15DB7C43C267636FF43C3075E07 -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll [2011.10.02 18:07:39 | 000,113,664 | -H-- | M] () MD5=E786C33D35D39C5CCB523AECC18D7BD7 -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll [2011.10.02 17:27:55 | 000,368,640 | -H-- | M] () MD5=34FA631FAA4B2DF8C0A92B7B5AD9D6E1 -- C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll [2011.10.02 18:07:42 | 000,261,632 | -H-- | M] () MD5=F054572A92573CA32D5F3AA8C15D2BAC -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll [2011.10.02 18:07:37 | 005,238,784 | -H-- | M] () MD5=4D041993C3728B5924039E69074F238C -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll < %systemroot%\assembly\GAC_64\*.* /S /MD5 > [2011.10.02 18:07:50 | 000,080,896 | -H-- | M] () MD5=6028F821B5C027F532875B0C37A749C7 -- C:\WINDOWS\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll [2011.10.02 18:07:47 | 000,089,600 | -H-- | M] () MD5=6D25D7B664DA978E867EB6EAF13A2331 -- C:\WINDOWS\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll [2011.10.02 17:27:47 | 000,163,840 | -H-- | M] () MD5=63E5A73B745240A2CE7B529866B30B10 -- C:\WINDOWS\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll [2009.01.31 21:29:30 | 000,454,440 | -H-- | M] () MD5=78D01EA9CE232F25ACE9024E12950853 -- C:\WINDOWS\assembly\GAC_64\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll [2011.10.02 18:07:36 | 000,066,728 | -H-- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp [2011.10.02 18:07:36 | 000,082,172 | -H-- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp [2011.10.02 18:07:36 | 000,116,756 | -H-- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp [2011.10.02 18:07:36 | 004,562,944 | -H-- | M] () MD5=654C63D6B8E7A6336BB2D41405D89D69 -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll [2011.10.02 18:07:36 | 000,059,342 | -H-- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp [2011.10.02 18:07:36 | 000,045,794 | -H-- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp [2011.10.02 18:07:36 | 000,039,284 | -H-- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp [2011.10.02 18:07:36 | 000,066,384 | -H-- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp [2011.10.02 18:07:36 | 000,060,294 | -H-- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp [2011.10.02 18:07:36 | 000,083,748 | -H-- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp [2011.10.02 18:07:36 | 000,083,748 | -H-- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp [2011.10.02 18:07:36 | 000,262,148 | -H-- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp [2011.10.02 18:07:36 | 000,020,320 | -H-- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp [2011.10.02 18:07:36 | 000,028,288 | -H-- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp [2011.10.02 17:28:00 | 003,996,160 | -H-- | M] () MD5=237847447C96FEF2026D37EDAC8AC6A3 -- C:\WINDOWS\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll [2011.10.02 18:07:47 | 000,502,272 | -H-- | M] () MD5=98C3AEA41A59B7DD41903D837A44D921 -- C:\WINDOWS\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll [2011.10.02 18:07:41 | 003,008,512 | -H-- | M] () MD5=D05EFD4972D8BB8C951E88AB0175E317 -- C:\WINDOWS\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll [2011.10.02 18:07:50 | 000,245,760 | -H-- | M] () MD5=B3F1206075ED3EFBA4A76525979193B8 -- C:\WINDOWS\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll [2011.10.02 18:07:50 | 000,133,120 | -H-- | M] () MD5=1F29B0E5A6F27DFFD7FA14771F4C6F60 -- C:\WINDOWS\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll [2011.10.02 17:28:01 | 000,357,376 | -H-- | M] () MD5=13D7E224A73120D3E3079A680C8D4F7A -- C:\WINDOWS\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll [2011.10.02 18:07:48 | 000,283,136 | -H-- | M] () MD5=7BC68D4F870C63950ADD273718FA1B22 -- C:\WINDOWS\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll [2011.10.02 18:07:49 | 005,251,072 | -H-- | M] () MD5=C44686E9B11205663D5E8C3DAAA897C9 -- C:\WINDOWS\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s > "Debug" = "Kmode" = %SystemRoot%\system32\win32k.sys "Optional" = Posix [binary data] "Posix" = %SystemRoot%\system32\psxss.exe "Required" = DebugWindows [binary data] "Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS] "CsrSrvSharedSectionBase" = 2130575360 < %SystemDrive%\PhysicalMBR.bin /md5 > [2011.10.12 14:12:05 | 000,000,512 | ---- | M] () MD5=278C184F205C024B3D7C15642C7CE915 -- C:\PhysicalMBR.bin < End of report > OTL Extras logfile created on: 12.10.2011 г. 14:11:09 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\D\Desktop 64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 6.0.3790.1830) Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.' 4,00 Gb Total Physical Memory | 3,09 Gb Available Physical Memory | 77,40% Memory free 11,75 Gb Paging File | 11,15 Gb Available in Paging File | 94,91% Paging File free Paging file location(s): c:\pagefile.sys 0 0i:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 36,26 Gb Total Space | 13,06 Gb Free Space | 36,00% Space Free | Partition Type: NTFS Drive D: | 74,47 Gb Total Space | 6,28 Gb Free Space | 8,44% Space Free | Partition Type: NTFS Drive E: | 151,11 Gb Total Space | 19,93 Gb Free Space | 13,19% Space Free | Partition Type: NTFS Drive G: | 9,32 Gb Total Space | 2,53 Gb Free Space | 27,15% Space Free | Partition Type: NTFS Drive H: | 65,21 Gb Total Space | 19,21 Gb Free Space | 29,46% Space Free | Partition Type: NTFS Drive I: | 36,25 Gb Total Space | 31,72 Gb Free Space | 87,51% Space Free | Partition Type: NTFS Computer Name: ETAJ2 | User Name: D | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1 .ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1 .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l .js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %* .jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %* .txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1 .vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %* .vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %* .wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %* .wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1555638461-1044350833-3229896005-1002\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] ========== System Restore Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "49200:TCP" = 49200:TCP:*:Enabled:utorrent "49200:UDP" = 49200:UDP:LocalSubNet:Enabled:utorrent "4166:TCP" = 4166:TCP:*:Enabled:VENTRILO "4166:UDP" = 4166:UDP:*:Enabled:VENTRILO "8396:TCP" = 8396:TCP:*:Enabled:League of Legends Launcher "8396:UDP" = 8396:UDP:*:Enabled:League of Legends Launcher "6898:TCP" = 6898:TCP:*:Enabled:League of Legends Launcher "6898:UDP" = 6898:UDP:*:Enabled:League of Legends Launcher "6910:TCP" = 6910:TCP:*:Enabled:League of Legends Launcher "6910:UDP" = 6910:UDP:*:Enabled:League of Legends Launcher ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 "C:\Program Files (x86)\ICQ6\ICQ.exe" = C:\Program Files (x86)\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, Inc.) "C:\Program Files (x86)\Ventrilo\Ventrilo.exe" = C:\Program Files (x86)\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe "C:\Program Files (x86)\Nero\Nero8\Nero ShowTime\ShowTime.exe" = C:\Program Files (x86)\Nero\Nero8\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" = C:\Program Files (x86)\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- () "C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe" = C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.) "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Program Files (x86)\Java\jre6\bin\java.exe" = C:\Program Files (x86)\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe" = C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server "C:\Program Files (x86)\MakeMKV\makemkvcon64.exe" = C:\Program Files (x86)\MakeMKV\makemkvcon64.exe:*:Enabled:MakeMKV console application "E:\BLUE RAY MOVIES\StarCraft II Beta enUS 13891 Installer\StarCraft II Beta\StarCraft II.exe" = E:\BLUE RAY MOVIES\StarCraft II Beta enUS 13891 Installer\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher "E:\BLUE RAY MOVIES\StarCraft II Beta enUS 13891 Installer\StarCraft II Beta\Versions\Base14133\SC2.exe" = E:\BLUE RAY MOVIES\StarCraft II Beta enUS 13891 Installer\StarCraft II Beta\Versions\Base14133\SC2.exe:*:Enabled:StarCraft II "E:\StarCraft II\StarCraft II.exe" = E:\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher "E:\StarCraft II\Versions\Base15405\SC2.exe" = E:\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II "I:\GRACIA EPILOGE\RPGBOT\tcppm.exe" = I:\GRACIA EPILOGE\RPGBOT\tcppm.exe:*:Enabled:tcppm "C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "E:\LOL\air\LolClient.exe" = E:\LOL\air\LolClient.exe:*:Enabled:League of Legends Lobby "E:\LOL\game\League of Legends.exe" = E:\LOL\game\League of Legends.exe:*:Enabled:League of Legends Game Client "C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.) "C:\Program Files (x86)\Skype\Phone\Skype.exe" = C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 "C:\Program Files (x86)\ICQ6\ICQ.exe" = C:\Program Files (x86)\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, Inc.) "C:\Program Files (x86)\Ventrilo\Ventrilo.exe" = C:\Program Files (x86)\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe "C:\Program Files (x86)\Nero\Nero8\Nero ShowTime\ShowTime.exe" = C:\Program Files (x86)\Nero\Nero8\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" = C:\Program Files (x86)\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- () "C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe" = C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.) "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Program Files (x86)\Java\jre6\bin\java.exe" = C:\Program Files (x86)\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe" = C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server "C:\Program Files (x86)\MakeMKV\makemkvcon64.exe" = C:\Program Files (x86)\MakeMKV\makemkvcon64.exe:*:Enabled:MakeMKV console application "E:\BLUE RAY MOVIES\StarCraft II Beta enUS 13891 Installer\StarCraft II Beta\StarCraft II.exe" = E:\BLUE RAY MOVIES\StarCraft II Beta enUS 13891 Installer\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher "E:\BLUE RAY MOVIES\StarCraft II Beta enUS 13891 Installer\StarCraft II Beta\Versions\Base14133\SC2.exe" = E:\BLUE RAY MOVIES\StarCraft II Beta enUS 13891 Installer\StarCraft II Beta\Versions\Base14133\SC2.exe:*:Enabled:StarCraft II "E:\StarCraft II\StarCraft II.exe" = E:\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher "E:\StarCraft II\Versions\Base15405\SC2.exe" = E:\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II "I:\GRACIA EPILOGE\RPGBOT\tcppm.exe" = I:\GRACIA EPILOGE\RPGBOT\tcppm.exe:*:Enabled:tcppm "C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "E:\LOL\air\LolClient.exe" = E:\LOL\air\LolClient.exe:*:Enabled:League of Legends Lobby "E:\LOL\game\League of Legends.exe" = E:\LOL\game\League of Legends.exe:*:Enabled:League of Legends Game Client "C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.) "C:\Program Files (x86)\Skype\Phone\Skype.exe" = C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{24A3A639-AADA-4980-A7AD-5D3B7492FF57}" = ESET NOD32 Antivirus "{299B6DC9-BB63-415C-1F72-44436B257156}" = ccc-utility64 "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.4.2499.0 x64 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver "{6BF33822-1560-B1A6-E2CE-721C22F84FDB}" = ccc-utility64 "{7797B1D5-E173-2EDC-84ED-74B5A28B5CF4}" = ccc-utility64 "{78B94245-253C-4A49-09E1-C021309F5A82}" = ccc-utility64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C754CF00-A47C-97A5-FFE0-4B0E8BEDA86A}" = ccc-utility64 "{D2CBDAE4-0D71-4A61-A565-CA8A26026C6C}" = WD Drive Manager (x64) "{DB3B4D98-DDDC-BBFE-A616-E0EBF9AF5097}" = ccc-utility64 "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64 "{F7855754-13F5-426B-B090-5875FAFF1B20}" = Windows Presentation Foundation x64 "ATI Display Driver" = ATI Display Driver "MediaInfo" = MediaInfo 0.7.33 "TeraCopy_is1" = TeraCopy 2.12 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish "{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}" = Lineage II "{08B21B7E-DC6F-69F0-780F-FE7918726A34}" = Catalyst Control Center Localization Korean "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{095B0246-4EB6-45B9-B1BE-536097A0BDDA}" = HD Writer 2.5E for HDC "{0993EC24-BE70-5D44-55F7-244956DAD3F6}" = CCC Help Italian "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics "{0D7960F2-3A9B-5CC6-C951-7A1E9EBA8C7D}" = CCC Help German "{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common "{10738BAA-C24D-5D0F-87FF-2CD559C7F515}" = CCC Help English "{14ED13B4-FBF9-294B-8B2E-EB6DA73E7329}" = Catalyst Control Center Graphics Previews Common "{1556796A-D096-BBF8-C819-31CF1C265111}" = CCC Help French "{16AED8AD-6577-4D9C-305A-F0D12814EB7B}" = CCC Help Spanish "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{193DDD97-B56A-511D-0CD6-78D5F421D5BD}" = Catalyst Control Center HydraVision Full "{1AC4A62E-6DAE-A722-E41A-C34402381CDD}" = CCC Help Thai "{1B4FC4DB-4ACD-77A1-BA99-C820E5CB68BC}" = CCC Help Chinese Standard "{1FCD1EC0-CEC7-4E7E-BAD6-024F2F5E9944}" = Catalyst Control Center Localization Italian "{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob "{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish "{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard "{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0 "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 15 "{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2B38F1FE-26DB-AFA4-AE6F-3B852F9D1BB7}" = CCC Help French "{2BE013D0-4CF4-AA57-05E1-19F9FACCF622}" = CCC Help English "{2C98995F-76EF-0D6C-E94D-EBAA3056C2B2}" = Catalyst Control Center Graphics Previews Common "{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English "{2D63B217-DB36-D44E-9BCE-C5CB701949AD}" = CCC Help Portuguese "{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German "{330B7A0E-EC17-4EE5-8D20-AC0B5E7E183E}" = Catalyst Control Center HydraVision Full "{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins "{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish "{3F7C20E7-37DA-4DBF-B1C1-0F207633C178}" = Marketing Plan Pro 9.0 "{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian "{455875EB-92E1-DAD0-AA17-EFB4C5BE9140}" = ccc-core-preinstall "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{493DA5BA-01A4-9D8D-90C8-EB15E88BDF57}" = Catalyst Control Center Graphics Light "{4C8E4664-A6A1-4847-61D0-D4FA02C42BB0}" = Skins "{4CACC1AC-7EDF-4E73-0019-A446CE2CA02B}" = Catalyst Control Center Localization Chinese Standard "{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean "{4CE5EEC7-FF28-72DE-D997-0F55715B6B56}" = Catalyst Control Center Graphics Full New "{4E304114-DD15-41F5-6759-E9FC28D4564D}" = Catalyst Control Center Graphics Light "{4E7AC2F8-5063-1BE2-4C9C-B269137B3284}" = ccc-core-preinstall "{4F28C8B9-E1A5-7BC1-915A-29913E129042}" = Catalyst Control Center Localization Japanese "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{520598A4-EF3E-497C-3BB5-C2A9BFF2CB6B}" = Catalyst Control Center Graphics Light "{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver "{5427A9FF-3347-7641-CE78-6762AA2A43DD}" = Skins "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5487643D-AE39-3A71-709E-624F12E7CF8D}" = Catalyst Control Center Core Implementation "{553D1C37-3FE5-9701-64CB-D965746303E0}" = Catalyst Control Center Core Implementation "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch "{599E0DB0-43FC-E016-08A1-487C3056ECFA}" = Catalyst Control Center Localization French "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5E31835F-420B-20F9-B0A1-5F314F53E6C8}" = Catalyst Control Center Graphics Previews Common "{5E85647B-DAF4-E174-9954-210D18B123E6}" = Catalyst Control Center Localization Thai "{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6 "{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek "{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full "{662BBB56-FA24-19F7-BD35-586EFDE02BF5}" = ccc-core-preinstall "{68DCD2A8-0F5B-E02F-4CA1-35A506FDA634}" = Catalyst Control Center Localization Portuguese "{695A0D79-FAB3-B2A9-7AED-6AEF166346A1}" = Catalyst Control Center Localization German "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A6818AD-60CE-9346-60BB-0717876E40F4}" = ccc-core-preinstall "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B2C675E-8040-431B-99C4-137DF4FBF75A}" = Thermal Analysis Tool "{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall "{6FF51CE8-B71F-A3BA-9FAD-0E7B99827151}" = Catalyst Control Center Graphics Previews Common "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{71B49AA5-C251-1270-4AE6-C82C0ED95416}" = Catalyst Control Center Graphics Light "{7216A385-87E4-D3CD-1F5A-B8F1BEEA9D62}" = CCC Help Chinese Traditional "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74011E60-5D5C-8F4D-8580-9884733F16AC}" = CCC Help English "{788F45B5-816D-2294-33DD-BF080093D54D}" = Catalyst Control Center Graphics Previews Common "{7C7575F4-351D-8F62-5693-61D6E0171F85}" = CCC Help Korean "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{83E90202-B3C0-A4FC-65A8-76ECD9DBC102}" = Catalyst Control Center Graphics Full Existing "{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New "{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian "{8ACA1202-FBC0-E57F-5606-120AFF0D4A1B}" = CCC Help Chinese Standard "{8B37180A-CBB4-0A02-D909-511B43FD11E1}" = Skins "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8F200108-28C9-772A-4430-4564A6CABB45}" = CCC Help Italian "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" = "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{9210C991-FE28-2B30-3E27-0F921AB5B9EC}" = Catalyst Control Center Localization Chinese Traditional "{9417CBB4-AD8E-8438-B34B-0A720BA313DC}" = CCC Help German "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{970881B7-A55A-2EB6-6A9B-EB856F9FE4B4}" = CCC Help Spanish "{98127F9B-2F73-C709-5D20-E7004B85A17C}" = CCC Help English "{9B0CCE51-B328-D4F7-C4A4-65723AF20574}" = Catalyst Control Center Core Implementation "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A37D6DC1-FE07-D3B2-6198-2733DF9BA285}" = CCC Help Japanese "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{A6D023C1-8DA3-6E1E-5D9E-936C664979DF}" = Catalyst Control Center Graphics Full New "{AC08AAE6-81D4-447B-19E9-8AAC7A8A9EFB}" = Catalyst Control Center HydraVision Full "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{AC8A6ACF-9AA5-0C48-1E57-8089B6A4DC9E}" = Catalyst Control Center Core Implementation "{AE57CB6B-0F29-BF3F-5D53-A01DD61554B4}" = Catalyst Control Center Localization All "{AE5A5ECE-60FC-8205-AA9F-02F5D29CCA08}" = ccc-core-preinstall "{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian "{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish "{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai "{B248AF20-3246-9D81-A4FE-8879B162F19A}" = Catalyst Control Center Graphics Full Existing "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{B9C149DB-E4F6-573A-DF3B-B9E392F1BA64}" = CCC Help Thai "{B9DE29AF-7DB1-B760-140E-4E9F032C8ADB}" = Catalyst Control Center Core Implementation "{BAD00139-E284-4F6C-AA94-FB637462DEEB}" = Palo Alto Software's Application Manager 8.2 "{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All "{BCF98F45-C1B6-1FCB-CEDE-3BD048FF03B8}" = Catalyst Control Center Graphics Full Existing "{BE25D779-A79F-936D-CD4F-13DD619F91E4}" = Catalyst Control Center Graphics Full New "{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing "{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = Budget III USB PC Camera "{C73B3D3A-2FDC-EE8F-F0E5-0269A85014D3}" = Catalyst Control Center Graphics Light "{C950A76F-96B9-48B2-250B-DF594CF41488}" = Catalyst Control Center Graphics Full New "{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D2D2786A-3565-CD83-BDD2-F8EE3A657E40}" = CCC Help Portuguese "{D4B95A0D-CF13-633F-09A6-15D78B24F3AE}" = CCC Help Chinese Traditional "{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD0908B9-F6BB-56C0-75F5-F9E91F81B73F}" = CCC Help English "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light "{E03E99DD-0B7D-97DD-4DBB-EC17F847FCB5}" = Catalyst Control Center Graphics Full Existing "{E35E6F15-67BC-AACE-0E86-6F2CA6AA2310}" = ccc-core-static "{E46B244B-9BF2-EA75-2D4C-7BD0BA12860A}" = CCC Help Japanese "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E6AB8441-1CCF-C686-BAB8-F7326B75774A}" = Skins "{ECA89BA0-1C9B-237D-F59E-EC62534831A5}" = Catalyst Control Center Graphics Full New "{ED862528-0058-F09F-F4B3-3E3276A3F3C7}" = Catalyst Control Center Graphics Full Existing "{EF289C2C-1D48-624A-A3B3-AF8212A768E2}" = CCC Help Korean "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F501AA12-28DE-2F04-B2C8-86AB1B410997}" = Catalyst Control Center Localization All "{F5C3FB26-3EA4-7831-67C2-7ACC630FF4B5}" = Catalyst Control Center Localization Spanish "{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian "{FCC41976-0521-73F0-0A06-83292B9FC7AA}" = Catalyst Control Center HydraVision Full "{FD2CBFC1-0993-3770-2B56-006801780660}" = ccc-core-static "{FDE1B9A0-C869-2597-C2C8-5712A8D98031}" = Skins "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3 "All ATI Software" = ATI - Software Uninstall Utility "Audacity_is1" = Audacity 1.2.6 "AviSynth" = AviSynth 2.5 "CCleaner" = CCleaner "ENTERPRISE" = Microsoft Office Enterprise 2007 "ffdshow_is1" = ffdshow [rev 1723] [2007-12-24] "Fraps" = Fraps (remove only) "Free Video to Sony Phones Converter_is1" = Free Video to Sony Phones Converter version 1.0.5.324 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923 "HaaliMkx" = Haali Media Splitter "Handbrake" = Handbrake 0.9.4 "HijackThis" = HijackThis 2.0.2 "MeGUI" = MeGUI (remove only) "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "Mumble" = Mumble and Murmur "Nero7Lite_is1" = Nero 7 Lite v7.7.5.1 "TsRemux_is1" = TsRemux 0.23.2 "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.7 "Winamp" = Winamp "WinRAR archiver" = WinRAR archiver ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1555638461-1044350833-3229896005-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.10.2011 г. 03:37:50 | Computer Name = ETAJ2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000 Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib, P5 2.0.0.0, P6 4889e950, P7 20c7, P8 143, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10 NIL. Error - 12.10.2011 г. 03:57:21 | Computer Name = ETAJ2 | Source = VSS | ID = 8211 Description = Error - 12.10.2011 г. 04:54:34 | Computer Name = ETAJ2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000 Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib, P5 2.0.0.0, P6 4889e950, P7 20c7, P8 143, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10 NIL. Error - 12.10.2011 г. 04:55:17 | Computer Name = ETAJ2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000 Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib, P5 2.0.0.0, P6 4889e950, P7 20c7, P8 143, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10 NIL. Error - 12.10.2011 г. 06:19:27 | Computer Name = ETAJ2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000 Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib, P5 2.0.0.0, P6 4889e950, P7 20c7, P8 143, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10 NIL. Error - 12.10.2011 г. 06:20:11 | Computer Name = ETAJ2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000 Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib, P5 2.0.0.0, P6 4889e950, P7 20c7, P8 143, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10 NIL. Error - 12.10.2011 г. 06:46:55 | Computer Name = ETAJ2 | Source = Windows Product Activation | ID = 1010 Description = Error - 12.10.2011 г. 06:48:13 | Computer Name = ETAJ2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000 Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib, P5 2.0.0.0, P6 4889e950, P7 20c7, P8 143, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10 NIL. Error - 12.10.2011 г. 06:49:10 | Computer Name = ETAJ2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000 Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib, P5 2.0.0.0, P6 4889e950, P7 20c7, P8 143, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10 NIL. Error - 12.10.2011 г. 06:54:37 | Computer Name = ETAJ2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000 Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib, P5 2.0.0.0, P6 4889e950, P7 20c7, P8 143, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10 NIL. [ OSession Events ] Error - 24.5.2009 г. 13:02:31 | Computer Name = E2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1788 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 12.10.2011 г. 03:58:31 | Computer Name = ETAJ2 | Source = Service Control Manager | ID = 7001 Description = The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31 Error - 12.10.2011 г. 03:58:31 | Computer Name = ETAJ2 | Source = Service Control Manager | ID = 7001 Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error - 12.10.2011 г. 03:58:31 | Computer Name = ETAJ2 | Source = Service Control Manager | ID = 7001 Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error - 12.10.2011 г. 03:58:31 | Computer Name = ETAJ2 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD ehdrv epfwtdir Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL Error - 12.10.2011 г. 04:54:03 | Computer Name = ETAJ2 | Source = DCOM | ID = 10016 Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool. Error - 12.10.2011 г. 04:54:03 | Computer Name = ETAJ2 | Source = DCOM | ID = 10016 Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool. Error - 12.10.2011 г. 04:54:15 | Computer Name = ETAJ2 | Source = Service Control Manager | ID = 7000 Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service failed to start due to the following error: %%3 Error - 12.10.2011 г. 06:19:18 | Computer Name = ETAJ2 | Source = Service Control Manager | ID = 7000 Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service failed to start due to the following error: %%3 Error - 12.10.2011 г. 06:47:17 | Computer Name = ETAJ2 | Source = Service Control Manager | ID = 7000 Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service failed to start due to the following error: %%3 Error - 12.10.2011 г. 06:54:29 | Computer Name = ETAJ2 | Source = Service Control Manager | ID = 7000 Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service failed to start due to the following error: %%3 < End of report >
  14. 13:50:22.0140 1592 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54 13:50:22.0406 1592 ============================================================ 13:50:22.0406 1592 Current date / time: 2011/10/12 13:50:22.0406 13:50:22.0406 1592 SystemInfo: 13:50:22.0406 1592 13:50:22.0406 1592 OS Version: 5.2.3790 ServicePack: 2.0 13:50:22.0406 1592 Product type: Workstation 13:50:22.0406 1592 ComputerName: ETAJ2 13:50:22.0406 1592 UserName: D 13:50:22.0406 1592 Windows directory: C:\WINDOWS 13:50:22.0406 1592 System windows directory: C:\WINDOWS 13:50:22.0406 1592 Running under WOW64 13:50:22.0406 1592 Processor architecture: Intel x64 13:50:22.0406 1592 Number of processors: 2 13:50:22.0406 1592 Page size: 0x1000 13:50:22.0406 1592 Boot type: Normal boot 13:50:22.0406 1592 ============================================================ 13:50:24.0546 1592 Initialize success 13:50:40.0968 1340 ============================================================ 13:50:40.0968 1340 Scan started 13:50:40.0968 1340 Mode: Manual; 13:50:40.0968 1340 ============================================================ 13:50:41.0234 1340 Abiosdsk - ok 13:50:41.0328 1340 ACPI (0cc42d1fb637112de6f6196ddaf83dec) C:\WINDOWS\system32\DRIVERS\ACPI.sys 13:50:41.0406 1340 ACPI - ok 13:50:41.0421 1340 ACPIEC (a4d4f508bc6613442b0c32cde443e382) C:\WINDOWS\system32\drivers\ACPIEC.sys 13:50:41.0468 1340 ACPIEC - ok 13:50:41.0484 1340 adpu160m - ok 13:50:41.0500 1340 adpu320 - ok 13:50:41.0578 1340 aec (92500bc3a6e241bbc357f532dd500a75) C:\WINDOWS\system32\drivers\aec.sys 13:50:41.0578 1340 aec - ok 13:50:41.0625 1340 AFD (f0e008ac59faa5ecd22c8891b3300378) C:\WINDOWS\System32\drivers\afd.sys 13:50:41.0656 1340 AFD - ok 13:50:41.0671 1340 aic78u2 - ok 13:50:41.0687 1340 aic78xx - ok 13:50:41.0687 1340 AliIde - ok 13:50:41.0703 1340 AmdIde - ok 13:50:41.0718 1340 arc - ok 13:50:41.0750 1340 AsyncMac (7380acdd2d8e6621392e56d9a0467fe4) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 13:50:41.0765 1340 AsyncMac - ok 13:50:41.0796 1340 atapi (7a1814d0d112f50f828e25557a1ed29f) C:\WINDOWS\system32\DRIVERS\atapi.sys 13:50:41.0796 1340 atapi - ok 13:50:41.0812 1340 Atdisk - ok 13:50:42.0031 1340 ati2mtag (5146feac97ee2831bc0c007e822e31b9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 13:50:43.0421 1340 ati2mtag - ok 13:50:43.0593 1340 AtiHdmiService (23aaf25bf2c70978f6214a196124032c) C:\WINDOWS\system32\drivers\AtiHdmi.sys 13:50:43.0625 1340 AtiHdmiService - ok 13:50:43.0640 1340 Atmarpc (62d65fce5695b53a2ddf92e83111ea06) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 13:50:43.0671 1340 Atmarpc - ok 13:50:43.0703 1340 audstub (1437089f59dba75fee4ed959077a938e) C:\WINDOWS\system32\DRIVERS\audstub.sys 13:50:43.0718 1340 audstub - ok 13:50:43.0750 1340 Beep (8ba2e5cdfde406dc4646afb894804844) C:\WINDOWS\system32\drivers\Beep.sys 13:50:43.0781 1340 Beep - ok 13:50:43.0812 1340 CCDECODE (2367a4dda10960624fe696bcedfc995a) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 13:50:43.0859 1340 CCDECODE - ok 13:50:43.0875 1340 CdaC15BA (982563cf02cd6d4e5d8e0f4b5cbb9b6a) C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys 13:50:43.0890 1340 CdaC15BA - ok 13:50:43.0906 1340 CdaD10BA (9067d96899d98ca4535a76e8c8b2e3a5) C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys 13:50:43.0921 1340 CdaD10BA - ok 13:50:43.0937 1340 Cdfs (4d99e36322fb51a8d1b2b6d6b69d9889) C:\WINDOWS\system32\drivers\Cdfs.sys 13:50:43.0984 1340 Cdfs - ok 13:50:44.0015 1340 cdrbsdrv (9edd76d0800a022ae10b9243d0224e72) C:\WINDOWS\system32\drivers\cdrbsdrv.sys 13:50:44.0062 1340 cdrbsdrv - ok 13:50:44.0078 1340 Cdrom (11663fe50e499ffee77979542b285f38) C:\WINDOWS\system32\DRIVERS\cdrom.sys 13:50:44.0109 1340 Cdrom - ok 13:50:44.0125 1340 Changer - ok 13:50:44.0156 1340 CmdIde - ok 13:50:44.0218 1340 cpuz128 - ok 13:50:44.0234 1340 crcdisk (423f7a6e3af4c2a73c8c8ad945f72cba) C:\WINDOWS\system32\DRIVERS\crcdisk.sys 13:50:44.0265 1340 crcdisk - ok 13:50:44.0281 1340 Disk (417d7b9c6f36685a417e54690f8bd7b2) C:\WINDOWS\system32\DRIVERS\disk.sys 13:50:44.0328 1340 Disk - ok 13:50:44.0359 1340 dmboot (19d704c92c2e2bd4dc99db18a3523918) C:\WINDOWS\system32\drivers\dmboot.sys 13:50:44.0406 1340 dmboot - ok 13:50:44.0406 1340 dmio (b293ce1c9243219f6b9e5dbcaa75b962) C:\WINDOWS\system32\drivers\dmio.sys 13:50:44.0437 1340 dmio - ok 13:50:44.0453 1340 dmload (c294e31d6cb7407a43c96ec1fec1f8a4) C:\WINDOWS\system32\drivers\dmload.sys 13:50:44.0468 1340 dmload - ok 13:50:44.0484 1340 dpti2o - ok 13:50:44.0500 1340 dump_wmimmc - ok 13:50:44.0531 1340 eamon (0abccfbef6b3d1068f48c9d98bc0e3a4) C:\WINDOWS\system32\DRIVERS\eamon.sys 13:50:44.0546 1340 eamon - ok 13:50:44.0578 1340 ehdrv (15e6b6f1b574eed0511498d0c2cb168d) C:\WINDOWS\system32\DRIVERS\ehdrv.sys 13:50:44.0609 1340 ehdrv - ok 13:50:44.0625 1340 epfwtdir (ca1c32fdda85f9f4718fb4f504bcc200) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys 13:50:44.0625 1340 epfwtdir - ok 13:50:44.0656 1340 Fastfat (7c713b9f6f968f135d3d819492882cdd) C:\WINDOWS\system32\drivers\Fastfat.sys 13:50:44.0687 1340 Fastfat - ok 13:50:44.0718 1340 Fdc (7e35d423ff10ab5b8af1d3de86236690) C:\WINDOWS\system32\DRIVERS\fdc.sys 13:50:44.0734 1340 Fdc - ok 13:50:44.0750 1340 Fips (73ea9000f8fb2e060954eb7c3377a3c7) C:\WINDOWS\system32\drivers\Fips.sys 13:50:44.0765 1340 Fips - ok 13:50:44.0781 1340 Flpydisk (8ac77974378eac3548330951a5deeebf) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 13:50:44.0796 1340 Flpydisk - ok 13:50:44.0812 1340 FltMgr (087db260f98056ac40261acae4240882) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 13:50:44.0843 1340 FltMgr - ok 13:50:44.0859 1340 Fs_Rec (70df80567a55a97894b4e8952ec5e7fc) C:\WINDOWS\system32\drivers\Fs_Rec.sys 13:50:44.0890 1340 Fs_Rec - ok 13:50:44.0890 1340 Ftdisk (e90aa7c073519dd8571670818cb85ccb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 13:50:44.0906 1340 Ftdisk - ok 13:50:44.0921 1340 Gpc (865d4d0b4e3730ef8040000cfb846d9f) C:\WINDOWS\system32\DRIVERS\msgpc.sys 13:50:44.0937 1340 Gpc - ok 13:50:44.0953 1340 GPU-Z - ok 13:50:44.0984 1340 hcmon (8895d459bf7a26445acd8512cbae1679) C:\WINDOWS\system32\drivers\hcmon.sys 13:50:45.0000 1340 hcmon - ok 13:50:45.0015 1340 HDAudBus (d36e47728cdbc8d17a77d36a6cbc29bb) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 13:50:45.0046 1340 HDAudBus - ok 13:50:45.0078 1340 HidUsb (f32bec5614a61bbb2bede070d279f88b) C:\WINDOWS\system32\DRIVERS\hidusb.sys 13:50:45.0109 1340 HidUsb - ok 13:50:45.0125 1340 HTTP (2138f3fd8f0658adef14c6e5870fe1e9) C:\WINDOWS\system32\Drivers\HTTP.sys 13:50:45.0187 1340 HTTP - ok 13:50:45.0203 1340 i2omgmt - ok 13:50:45.0218 1340 i8042prt (50fd608643d9b56c4c75c0784513f77e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 13:50:45.0265 1340 i8042prt - ok 13:50:45.0281 1340 iirsp - ok 13:50:45.0312 1340 imapi (d2e541613b72ff9fcedf37b166930706) C:\WINDOWS\system32\DRIVERS\imapi.sys 13:50:45.0375 1340 imapi - ok 13:50:45.0500 1340 IntcAzAudAddService (c04be8a2a50b13eab6c3e1e3bc4de27e) C:\WINDOWS\system32\drivers\RTKHDA64.SYS 13:50:45.0609 1340 IntcAzAudAddService - ok 13:50:45.0609 1340 IntelIde - ok 13:50:45.0640 1340 intelppm (f8def5f83def3d1ee89bc851bfb6a886) C:\WINDOWS\system32\DRIVERS\intelppm.sys 13:50:45.0703 1340 intelppm - ok 13:50:45.0718 1340 Ip6Fw (6601a43ee389d0adb11aaede9a98036b) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 13:50:45.0765 1340 Ip6Fw - ok 13:50:45.0765 1340 IpFilterDriver (1b1b4654a5492a42d2e1bf5b2b22d32b) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 13:50:45.0796 1340 IpFilterDriver - ok 13:50:45.0796 1340 IpInIp - ok 13:50:45.0828 1340 IpNat (088ecb04137df1f52ec10c29d57a8cca) C:\WINDOWS\system32\DRIVERS\ipnat.sys 13:50:45.0859 1340 IpNat - ok 13:50:45.0875 1340 IPSec (db841ec6f027c780002ef47aabfddf86) C:\WINDOWS\system32\DRIVERS\ipsec.sys 13:50:45.0906 1340 IPSec - ok 13:50:45.0937 1340 IRENUM (8b7015ea0171242cca03c2fb48ccc771) C:\WINDOWS\system32\DRIVERS\irenum.sys 13:50:45.0968 1340 IRENUM - ok 13:50:46.0000 1340 isapnp (d994162e4d8e931fc16a892a87852bbb) C:\WINDOWS\system32\DRIVERS\isapnp.sys 13:50:46.0015 1340 isapnp - ok 13:50:46.0031 1340 Kbdclass (e85095372008a9194c7ed6206cb782da) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 13:50:46.0062 1340 Kbdclass - ok 13:50:46.0062 1340 kbdhid (f96d8cec38efd64aaf41976d214fc54e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 13:50:46.0093 1340 kbdhid - ok 13:50:46.0125 1340 kmixer (1b280b3b4c10cc2e3ec3aec17eb6b658) C:\WINDOWS\system32\drivers\kmixer.sys 13:50:46.0125 1340 kmixer - ok 13:50:46.0140 1340 KSecDD (2649aca0d7c01933c95073f4ebfac42c) C:\WINDOWS\system32\drivers\KSecDD.sys 13:50:46.0140 1340 KSecDD - ok 13:50:46.0156 1340 ksthunk (5cb302b6caace41af70c34b56eb3db23) C:\WINDOWS\system32\drivers\ksthunk.sys 13:50:46.0156 1340 ksthunk - ok 13:50:46.0187 1340 mnmdd (ad6bc1efa0c1b53409947f06de87fc89) C:\WINDOWS\system32\drivers\mnmdd.sys 13:50:46.0218 1340 mnmdd - ok 13:50:46.0234 1340 Modem (9a67a96a0cbc2bc658abf8c9b5ee065a) C:\WINDOWS\system32\drivers\Modem.sys 13:50:46.0265 1340 Modem - ok 13:50:46.0281 1340 Mouclass (12acf32edf03e46805347817acb9f64c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 13:50:46.0296 1340 Mouclass - ok 13:50:46.0312 1340 mouhid (a0c4e4a79c5d6f418315c33177f2b5bc) C:\WINDOWS\system32\DRIVERS\mouhid.sys 13:50:46.0343 1340 mouhid - ok 13:50:46.0343 1340 MountMgr (7e9cc7e4282a8e7a480560a6f817c177) C:\WINDOWS\system32\drivers\MountMgr.sys 13:50:46.0375 1340 MountMgr - ok 13:50:46.0375 1340 mraid35x - ok 13:50:46.0406 1340 MRxDAV (f588ab7dcffefb2891764cf380a80b63) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 13:50:46.0406 1340 MRxDAV - ok 13:50:46.0437 1340 MRxSmb (9899c0483ae641a9540731164fca1ac5) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 13:50:46.0453 1340 MRxSmb - ok 13:50:46.0468 1340 Msfs (983f4ab7a50d56cd33e2061ee733bd55) C:\WINDOWS\system32\drivers\Msfs.sys 13:50:46.0484 1340 Msfs - ok 13:50:46.0500 1340 MSKSSRV (308ec6fbef38871cb2c4cace9c8f4808) C:\WINDOWS\system32\drivers\MSKSSRV.sys 13:50:46.0531 1340 MSKSSRV - ok 13:50:46.0562 1340 MSPCLOCK (8d3226738479719aab3b6d2617d7a55c) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 13:50:46.0593 1340 MSPCLOCK - ok 13:50:46.0609 1340 MSPQM (058d63e8d000ae678d4549bfa8eb0deb) C:\WINDOWS\system32\drivers\MSPQM.sys 13:50:46.0625 1340 MSPQM - ok 13:50:46.0640 1340 mssmbios (5992d1f9ed64017a76afee2b79f5cfb9) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 13:50:46.0671 1340 mssmbios - ok 13:50:46.0687 1340 MSTEE (6c679fab17592620de60dc7700a039ea) C:\WINDOWS\system32\drivers\MSTEE.sys 13:50:46.0718 1340 MSTEE - ok 13:50:46.0734 1340 Mup (4e3a0746542aa482117293234bfde2c9) C:\WINDOWS\system32\drivers\Mup.sys 13:50:46.0921 1340 Mup - ok 13:50:46.0953 1340 NABTSFEC (933012d216d0022a500cc6c0dfa16428) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 13:50:46.0968 1340 NABTSFEC - ok 13:50:46.0984 1340 NDIS (6fe83d05aebef7930d7ce91568dc99df) C:\WINDOWS\system32\drivers\NDIS.sys 13:50:47.0031 1340 NDIS - ok 13:50:47.0062 1340 NdisIP (febeb8bf62b229ce9da98c32bf3d26a3) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 13:50:47.0078 1340 NdisIP - ok 13:50:47.0078 1340 NdisTapi (74612c7b722df0dbcc972f301bd1bf1e) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 13:50:47.0109 1340 NdisTapi - ok 13:50:47.0125 1340 Ndisuio (49c1207c1ae8c6958f1c1747132814c2) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 13:50:47.0140 1340 Ndisuio - ok 13:50:47.0156 1340 NdisWan (6157a7aeae6d2b948ff2e872ffac765b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 13:50:47.0171 1340 NdisWan - ok 13:50:47.0171 1340 NDProxy (24ea58a8257c3a4557c589ee0d4ab19b) C:\WINDOWS\system32\drivers\NDProxy.sys 13:50:47.0234 1340 NDProxy - ok 13:50:47.0250 1340 NetBIOS (b1cee06471a069149b11fada23ff00fd) C:\WINDOWS\system32\DRIVERS\netbios.sys 13:50:47.0265 1340 NetBIOS - ok 13:50:47.0296 1340 NetBT (fedaafb6cd700b9e0787c94d81c07db5) C:\WINDOWS\system32\DRIVERS\netbt.sys 13:50:47.0328 1340 NetBT - ok 13:50:47.0375 1340 nmwcdcx64 (02c1198276c0d4f39e54eb5148af1e2a) C:\WINDOWS\system32\drivers\ccdcmbox64.sys 13:50:47.0375 1340 nmwcdcx64 - ok 13:50:47.0406 1340 nmwcdnsucx64 (76292103c5149eb140419f36dcf26c1b) C:\WINDOWS\system32\drivers\nmwcdnsucx64.sys 13:50:47.0437 1340 nmwcdnsucx64 - ok 13:50:47.0453 1340 nmwcdnsux64 (2974296da6296b4fea3e313bf98c693d) C:\WINDOWS\system32\drivers\nmwcdnsux64.sys 13:50:47.0468 1340 nmwcdnsux64 - ok 13:50:47.0484 1340 nmwcdx64 (d8f00fcc82451bdaa3db93bb62ae6ac3) C:\WINDOWS\system32\drivers\ccdcmbx64.sys 13:50:47.0531 1340 nmwcdx64 - ok 13:50:47.0531 1340 Npfs (81819038621a2c524781ec503d400287) C:\WINDOWS\system32\drivers\Npfs.sys 13:50:47.0578 1340 Npfs - ok 13:50:47.0593 1340 NPPTNT2 - ok 13:50:47.0625 1340 Ntfs (c8904b5f90ab2236692e83d491c4d426) C:\WINDOWS\system32\drivers\Ntfs.sys 13:50:47.0671 1340 Ntfs - ok 13:50:47.0703 1340 Null (501039187c444fa7ab9d97b6a6c667b3) C:\WINDOWS\system32\drivers\Null.sys 13:50:47.0718 1340 Null - ok 13:50:47.0765 1340 PAC207 (edff43dc53efe3c8190178f72e411b6d) C:\WINDOWS\system32\DRIVERS\PFC027.SYS 13:50:47.0828 1340 PAC207 - ok 13:50:47.0843 1340 Parport (7ddaa09186da9f1d304e819b5a6bbc5a) C:\WINDOWS\system32\drivers\Parport.sys 13:50:47.0875 1340 Parport - ok 13:50:47.0890 1340 PartMgr (5f9a703240468a0c35a629d17ffca847) C:\WINDOWS\system32\drivers\PartMgr.sys 13:50:47.0906 1340 PartMgr - ok 13:50:47.0921 1340 PCI (5b2c8d6971d8df4937c2fa013cd4c00d) C:\WINDOWS\system32\DRIVERS\pci.sys 13:50:47.0953 1340 PCI - ok 13:50:47.0953 1340 PCIIde (f1978c7849a0047306db3b8bb94f0764) C:\WINDOWS\system32\DRIVERS\pciide.sys 13:50:47.0984 1340 PCIIde - ok 13:50:48.0000 1340 Pcmcia (037f3a19f49a4c6a320c4154ebd6ee9d) C:\WINDOWS\system32\drivers\Pcmcia.sys 13:50:48.0062 1340 Pcmcia - ok 13:50:48.0078 1340 PDCOMP - ok 13:50:48.0078 1340 PDFRAME - ok 13:50:48.0093 1340 PDRELI - ok 13:50:48.0093 1340 PDRFRAME - ok 13:50:48.0140 1340 PptpMiniport (e176f640ee6bf550f61faa9ce9a683f4) C:\WINDOWS\system32\DRIVERS\raspptp.sys 13:50:48.0187 1340 PptpMiniport - ok 13:50:48.0187 1340 PRODIGY - ok 13:50:48.0203 1340 PSched (01aae06e543c0956ac247546a8f2dafe) C:\WINDOWS\system32\DRIVERS\psched.sys 13:50:48.0218 1340 PSched - ok 13:50:48.0218 1340 Ptilink (35e39a969d227c2a56c1dc98361d8e35) C:\WINDOWS\system32\DRIVERS\ptilink.sys 13:50:48.0281 1340 Ptilink - ok 13:50:48.0296 1340 RasAcd (d646a315e6386dac1d96c8ce8a4bfee7) C:\WINDOWS\system32\DRIVERS\rasacd.sys 13:50:48.0296 1340 RasAcd - ok 13:50:48.0312 1340 Rasl2tp (d81fdc53ee9c0f68d709e504342d1d74) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 13:50:48.0359 1340 Rasl2tp - ok 13:50:48.0375 1340 RasPppoe (31fa5ab662c58cc5cf92396224f6b29a) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 13:50:48.0390 1340 RasPppoe - ok 13:50:48.0406 1340 Raspti (701493f9a6ede759af8d3fa7c08bab3b) C:\WINDOWS\system32\DRIVERS\raspti.sys 13:50:48.0437 1340 Raspti - ok 13:50:48.0468 1340 Rdbss (251a8b39645c5b3dc7dcbbd03a3140cb) C:\WINDOWS\system32\DRIVERS\rdbss.sys 13:50:48.0500 1340 Rdbss - ok 13:50:48.0531 1340 RDPCDD (c013379d04060318c3b2e4967d82739a) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 13:50:48.0531 1340 RDPCDD - ok 13:50:48.0562 1340 rdpdr (0482a9be0be2098a12a61464306bf24b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 13:50:48.0593 1340 rdpdr - ok 13:50:48.0625 1340 RDPWD (ceca4f10b0118e3883628afa294b31d6) C:\WINDOWS\system32\drivers\RDPWD.sys 13:50:48.0656 1340 RDPWD - ok 13:50:48.0671 1340 redbook (1d793394201000d2d56e848c18fe9a62) C:\WINDOWS\system32\DRIVERS\redbook.sys 13:50:48.0703 1340 redbook - ok 13:50:48.0734 1340 Secdrv (6d4ccd356da407194c2574a68d9c727a) C:\WINDOWS\system32\DRIVERS\secdrv.sys 13:50:48.0765 1340 Secdrv - ok 13:50:48.0781 1340 Serial (c0dc97399576fccff5fe877ec2d8dacc) C:\WINDOWS\system32\drivers\Serial.sys 13:50:48.0812 1340 Serial - ok 13:50:48.0828 1340 Sfloppy (c6eacc8920a31b8d5842d1f7a28e2113) C:\WINDOWS\system32\drivers\Sfloppy.sys 13:50:48.0843 1340 Sfloppy - ok 13:50:48.0859 1340 Simbad - ok 13:50:48.0906 1340 SLIP (6763442af574d3d42cbfb8008b7a140f) C:\WINDOWS\system32\DRIVERS\SLIP.sys 13:50:48.0937 1340 SLIP - ok 13:50:48.0953 1340 splitter (17ec29105989101db536c49e1279a0eb) C:\WINDOWS\system32\drivers\splitter.sys 13:50:48.0953 1340 splitter - ok 13:50:49.0000 1340 sptd (9ab59cf736981ed1f83c6ab5faa8ba5c) C:\WINDOWS\system32\Drivers\sptd.sys 13:50:49.0000 1340 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 9ab59cf736981ed1f83c6ab5faa8ba5c 13:50:49.0000 1340 sptd ( LockedFile.Multi.Generic ) - warning 13:50:49.0000 1340 sptd - detected LockedFile.Multi.Generic (1) 13:50:49.0031 1340 sr (dae1d5553d42a06034001d6ef4f5cb36) C:\WINDOWS\system32\DRIVERS\sr.sys 13:50:49.0062 1340 sr - ok 13:50:49.0093 1340 Srv (da399dc57b869cf11b7cf98f0a8494d7) C:\WINDOWS\system32\DRIVERS\srv.sys 13:50:49.0125 1340 Srv - ok 13:50:49.0171 1340 ss_bbus (b13695429e5c0832403f6dfc14e0293f) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys 13:50:49.0171 1340 ss_bbus - ok 13:50:49.0203 1340 ss_bmdfl (02aec2e12740ffd5602d52fb074e06d1) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys 13:50:49.0218 1340 ss_bmdfl - ok 13:50:49.0281 1340 ss_bmdm (d8a587160188efbeb0cf9e630e7926a6) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys 13:50:49.0296 1340 ss_bmdm - ok 13:50:49.0328 1340 streamip (90c7874ff6babf98a801c7aebe3ad5a6) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 13:50:49.0359 1340 streamip - ok 13:50:49.0375 1340 swenum (b6536185feeb8f0c86ad3bf2fbab4f2f) C:\WINDOWS\system32\DRIVERS\swenum.sys 13:50:49.0406 1340 swenum - ok 13:50:49.0421 1340 swmidi (8e9e35b36a27ad154a5f92397cde343c) C:\WINDOWS\system32\drivers\swmidi.sys 13:50:49.0421 1340 swmidi - ok 13:50:49.0437 1340 symc8xx - ok 13:50:49.0437 1340 symmpi - ok 13:50:49.0453 1340 sym_hi - ok 13:50:49.0453 1340 sym_u3 - ok 13:50:49.0468 1340 sysaudio (2e843f129daf4c789df7acd40e26208f) C:\WINDOWS\system32\drivers\sysaudio.sys 13:50:49.0484 1340 sysaudio - ok 13:50:49.0515 1340 Tcpip (c013e7f14fd378a16f5b7a4b5a7050e9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 13:50:49.0531 1340 Tcpip - ok 13:50:49.0546 1340 TDPIPE (da1e9cd22238fa4db565ef41c7312e1b) C:\WINDOWS\system32\drivers\TDPIPE.sys 13:50:49.0546 1340 TDPIPE - ok 13:50:49.0562 1340 TDTCP (47d24ebb1c442dcc18d89b8b89bafb49) C:\WINDOWS\system32\drivers\TDTCP.sys 13:50:49.0609 1340 TDTCP - ok 13:50:49.0625 1340 TermDD (8ab9ad44907d4c57ad10e175c8720ecf) C:\WINDOWS\system32\DRIVERS\termdd.sys 13:50:49.0625 1340 TermDD - ok 13:50:49.0640 1340 TosIde - ok 13:50:49.0671 1340 Udfs (a6dd2dfcc44ec61d18aa645620cd8f63) C:\WINDOWS\system32\drivers\Udfs.sys 13:50:49.0703 1340 Udfs - ok 13:50:49.0703 1340 ultra - ok 13:50:49.0734 1340 Update (70ca9db8119fff67d9938f2ab2b8d50c) C:\WINDOWS\system32\DRIVERS\update.sys 13:50:49.0765 1340 Update - ok 13:50:49.0796 1340 upperdev (9856c38ab8faacca4dd99dac7b42f838) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltx64.sys 13:50:49.0812 1340 upperdev - ok 13:50:49.0843 1340 usbccgp (3421b0691a0e365a020836369a296f0c) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 13:50:49.0843 1340 usbccgp - ok 13:50:49.0875 1340 usbehci (ae6521a1c79fc955ff26be9ca5521b51) C:\WINDOWS\system32\DRIVERS\usbehci.sys 13:50:49.0906 1340 usbehci - ok 13:50:49.0921 1340 usbhub (d63cb1b59d54f9c2bb8a4107584a664f) C:\WINDOWS\system32\DRIVERS\usbhub.sys 13:50:49.0953 1340 usbhub - ok 13:50:49.0968 1340 usbser (cddf534b7bc42235ce8042155c7e2775) C:\WINDOWS\system32\drivers\usbser.sys 13:50:50.0015 1340 usbser - ok 13:50:50.0031 1340 UsbserFilt (89123dc822ac7a708bd4c9e196a37610) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltx64j.sys 13:50:50.0062 1340 UsbserFilt - ok 13:50:50.0078 1340 USBSTOR (edce8a162e8023fd1751e08e23e41948) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 13:50:50.0109 1340 USBSTOR - ok 13:50:50.0125 1340 usbuhci (4b7b4a2cc997c482a0aa7ca663af62a0) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 13:50:50.0156 1340 usbuhci - ok 13:50:50.0187 1340 vga (b40cfd2ffdd838b0ce0c35ee449407bd) C:\WINDOWS\system32\DRIVERS\vgapnp.sys 13:50:50.0203 1340 vga - ok 13:50:50.0234 1340 VgaSave (78ebfe6f11f10db8237b910e9158ca91) C:\WINDOWS\System32\drivers\vga.sys 13:50:50.0265 1340 VgaSave - ok 13:50:50.0296 1340 ViaIde - ok 13:50:50.0343 1340 vmci (8df03c05fe2456c8ec1a026d74543a63) C:\WINDOWS\system32\drivers\vmci.sys 13:50:50.0359 1340 vmci - ok 13:50:50.0390 1340 vmkbd (a3ca226c5a3e026649102ad6e7bd3784) C:\WINDOWS\system32\drivers\VMkbd.sys 13:50:50.0421 1340 vmkbd - ok 13:50:50.0437 1340 VMnetAdapter (3c37a81c995aee1802c9d8dd9ea0e835) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys 13:50:50.0453 1340 VMnetAdapter - ok 13:50:50.0468 1340 VMnetBridge (d3b25ed3a6796fe3078475d8cfcd6024) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys 13:50:50.0500 1340 VMnetBridge - ok 13:50:50.0515 1340 VMnetuserif (ed4444485be1da3cb769041c624f500b) C:\WINDOWS\system32\drivers\vmnetuserif.sys 13:50:50.0515 1340 VMnetuserif - ok 13:50:50.0546 1340 vmx86 (8ff09da54eb03dba277a550055f1356c) C:\WINDOWS\system32\drivers\vmx86.sys 13:50:50.0546 1340 vmx86 - ok 13:50:50.0578 1340 VolSnap (fd6d28d1bbf31c719d9c5ec2d20fb5c2) C:\WINDOWS\system32\DRIVERS\volsnap.sys 13:50:50.0609 1340 VolSnap - ok 13:50:50.0656 1340 vstor2-ws60 (bb0cebbcb75f1a2d790f9235edfe5052) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys 13:50:50.0687 1340 vstor2-ws60 - ok 13:50:50.0718 1340 Wanarp (d2a01d73fe4a455c1d741b48c56763b2) C:\WINDOWS\system32\DRIVERS\wanarp.sys 13:50:50.0750 1340 Wanarp - ok 13:50:50.0781 1340 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\WINDOWS\system32\DRIVERS\wdcsam64.sys 13:50:50.0796 1340 WDC_SAM - ok 13:50:50.0843 1340 Wdf01000 (92090a7bb3b37b534c4193238d120696) C:\WINDOWS\system32\Drivers\wdf01000.sys 13:50:50.0875 1340 Wdf01000 - ok 13:50:50.0890 1340 WDICA - ok 13:50:50.0921 1340 wdmaud (daff7e89c84079022b9606f83e1bd29a) C:\WINDOWS\system32\drivers\wdmaud.sys 13:50:50.0968 1340 wdmaud - ok 13:50:51.0031 1340 WINIO - ok 13:50:51.0078 1340 WpdUsb (4a59d22b86edf8306810fa10c58368c7) C:\WINDOWS\system32\Drivers\wpdusb.sys 13:50:51.0109 1340 WpdUsb - ok 13:50:51.0125 1340 WS2IFSL (13c901a30b4c248d640c4f32919cb920) C:\WINDOWS\System32\drivers\ws2ifsl.sys 13:50:51.0156 1340 WS2IFSL - ok 13:50:51.0171 1340 WSTCODEC (478a0c5cc7dc817269654804e495b81a) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 13:50:51.0265 1340 WSTCODEC - ok 13:50:51.0312 1340 yukonx64 (ad1a964bf17c7d1b93eeed96f3a6eb4a) C:\WINDOWS\system32\DRIVERS\yk51x64.sys 13:50:51.0343 1340 yukonx64 - ok 13:50:51.0359 1340 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0 13:50:51.0375 1340 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected 13:50:51.0375 1340 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0) 13:50:51.0375 1340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 13:50:51.0500 1340 \Device\Harddisk1\DR1 - ok 13:50:51.0500 1340 Boot (0x1200) (59ee5edb3f7c38ec1243f82828c93745) \Device\Harddisk0\DR0\Partition0 13:50:51.0500 1340 \Device\Harddisk0\DR0\Partition0 - ok 13:50:51.0515 1340 Boot (0x1200) (77610cdf9adc466e6e3f8ded22d35969) \Device\Harddisk0\DR0\Partition1 13:50:51.0515 1340 \Device\Harddisk0\DR0\Partition1 - ok 13:50:51.0531 1340 Boot (0x1200) (4e9fb6d74c30e6fb79d5a9fe601338b0) \Device\Harddisk1\DR1\Partition0 13:50:51.0531 1340 \Device\Harddisk1\DR1\Partition0 - ok 13:50:51.0531 1340 Boot (0x1200) (36906b7240a5d4cf0ed696479fdd3be2) \Device\Harddisk1\DR1\Partition1 13:50:51.0531 1340 \Device\Harddisk1\DR1\Partition1 - ok 13:50:51.0546 1340 Boot (0x1200) (1c1db6c56355d82bdf03b1e38b2a9a7c) \Device\Harddisk1\DR1\Partition2 13:50:51.0546 1340 \Device\Harddisk1\DR1\Partition2 - ok 13:50:51.0562 1340 Boot (0x1200) (bc76283d31c3e475eb4413c6c58133d8) \Device\Harddisk1\DR1\Partition3 13:50:51.0562 1340 \Device\Harddisk1\DR1\Partition3 - ok 13:50:51.0562 1340 ============================================================ 13:50:51.0562 1340 Scan finished 13:50:51.0562 1340 ============================================================ 13:50:51.0578 2800 Detected object count: 2 13:50:51.0578 2800 Actual detected object count: 2 13:52:18.0812 2800 sptd ( LockedFile.Multi.Generic ) - skipped by user 13:52:18.0812 2800 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 13:52:18.0890 2800 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot 13:52:18.0906 2800 \Device\Harddisk0\DR0 - ok 13:52:18.0906 2800 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure 13:52:49.0015 1344 Deinitialize success
  15. Привет! При логване в акаунта се зареждат 10 съобщения "Windows - delayed write failed", стартира се непозната програма System recovery- която съобщава за много грешки(по това което четох тази програма е маска за вируса), десктопа въобще не се зарежда, нямам достъп до нито един фаил от диска, нито до таск мениджър. имам Успях да изтрия, под сейф мод няколко файла "apgjk-в-комбинация-с-цифри" и сега System recovery програмата не се зарежда. имам достъп до Мозилата и до regedit. Nod32 4 засича Win32/Olmasco.O както и заразен МВR. Бих искал да помоля за помощ за отстраняванета на този проблем! Нямам диск с уиндоус но мага да поискам от приятел. DDS: от BleepingComputer. не се поддържа от Windows XP x64 какъвто имам аз, затова пускам HJT лог. пердварително съм преименувал на tool.exe. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:03:53, on 12.10.2011 г. Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830) Boot mode: Normal Running processes: C:\WINDOWS\SysWOW64\bgsvcgen.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Program Files (x86)\Java\jre6\bin\jqs.exe C:\WINDOWS\SysWOW64\UTSCSI.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\PixArt\PAC207\Monitor.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Trend Micro\HiJackThis\tool.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=userinit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bPxedpkqwSG.exe] C:\Documents and Settings\All Users\Application Data\bPxedpkqwSG.exe O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\D\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\bonjour\mdnsnsp.dll' missing O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SysWOW64\bgsvcgen.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (file missing) O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) -- End of file - 6136 bytes
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.