Премини към съдържанието

Препоръчан отговор


Здравейте преди няколко дена имах съмнения за вирус Anti-Malwarebytes сканирах и откри Rootkit.ZeroAccess и Rootkit.0Access.H казва че е успял да го премахне , но след това нямах Интернет. Според мен последствията са от него .Нито получавам нито изпраща пакети ! Беше загубил IP-adress. Зададох на ново IP и мрежа ОК. Сканирах многократно с Anti-Malwarebytes и Avast. Накрая програмите репортуват че не откриват нищо. Ще съм благодарен ако потвърдите или продължим да чистим системата. Прикачвам двата файла с логовете ! Благодаря и приятен ден Имам диск с XP . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-09-30.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2/11/2008 7:14:34 AM System Uptime: 4/5/2012 1:27:56 PM (1 hours ago) . Motherboard: MSI | | 0A90 Processor: Intel Pentium II processor | Socket 775 | 1596/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 139 GiB total, 119.087 GiB free. D: is FIXED (NTFS) - 10 GiB total, 8.204 GiB free. E: is Removable I: is NetworkDisk (NTFS) - 17 GiB total, 0.634 GiB free. T: is NetworkDisk (NTFS) - 17 GiB total, 0.634 GiB free. W: is NetworkDisk (NTFS) - 17 GiB total, 0.634 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318} Description: Communications Port Device ID: ACPI\PNP0501\1 Manufacturer: (Standard port types) Name: Communications Port (COM1) PNP Device ID: ACPI\PNP0501\1 Service: Serial . Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318} Description: Communications Port Device ID: ACPI\PNP0501\2 Manufacturer: (Standard port types) Name: Communications Port (COM2) PNP Device ID: ACPI\PNP0501\2 Service: Serial . Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318} Description: CD-ROM Drive Device ID: IDE\CDROMTSSTCORP_DVD-ROM_TS-H353B_______________BC03____\5&D53766A&0&0.0.0 Manufacturer: (Standard CD-ROM drives) Name: TSSTcorp DVD-ROM TS-H353B PNP Device ID: IDE\CDROMTSSTCORP_DVD-ROM_TS-H353B_______________BC03____\5&D53766A&0&0.0.0 Service: cdrom . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9.5.0 Advanced SystemCare 3 Autorun Virus Remover 2.3 avast! Free Antivirus DAEMON Tools Datakey CIP Dosprn v1.72 Empl2004 FlexType 2K Google Chrome Google Update Helper High Definition Audio Driver Package - KB888111 HiPath SIcurity Card API Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB981793) HP Backup and Recovery Manager HP Help and Support Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections Drivers InterVideo Register Manager InterVideo WinDVD IrfanView (remove only) Java™ SE Runtime Environment 6 Update 1 K-Lite Codec Pack 2.74 Full Malwarebytes Anti-Malware, Іµрсёя 1.60.1.1000 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Office Professional Edition 2003 Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 MSXML 6 Service Pack 2 (KB954459) PDF Complete QuickTime Realtek High Definition Audio Driver SA Dictionary 2005 T2 SCR3xx USB Smart Card Reader Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360131) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2416400) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB978207) WebFldrs XP Webshots! Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 8 Windows XP Service Pack 3 ррхёІ°тѕр WinRAR фµє»°р°цёя О±р.1 ё 6 чсУТ+ (тµрсёя 2.13) . ==== Event Viewer Messages From Past Week ======== . 4/5/2012 8:46:13 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/5/2012 8:46:13 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/5/2012 8:41:57 AM, error: NetBT [4311] - Initialization failed because the driver device could not be created. 4/4/2012 9:35:23 AM, error: Service Control Manager [7001] - The avast! Antivirus service depends on the avast! Standard Shield Support service which failed to start because of the following error: The specified path is invalid. 4/4/2012 9:35:23 AM, error: Service Control Manager [7000] - The avast! Standard Shield Support service failed to start due to the following error: The specified path is invalid. 4/4/2012 9:29:19 AM, error: Service Control Manager [7001] - The avast! Antivirus service depends on the Clmtomcatstartersvc service which failed to start because of the following error: The system cannot find the path specified. 4/4/2012 9:26:15 AM, error: Service Control Manager [7023] - The Ctdvda2k service terminated with the following error: The specified module could not be found. 4/4/2012 9:22:37 AM, error: Service Control Manager [7023] - The Ctdvda2k service terminated with the following error: The specified procedure could not be found. 4/4/2012 9:21:29 AM, error: Service Control Manager [7023] - The Vwlogger service terminated with the following error: Access is denied. 4/4/2012 9:20:29 AM, error: Service Control Manager [7023] - The Snare service terminated with the following error: Access is denied. 4/4/2012 9:19:32 AM, error: Service Control Manager [7023] - The Usb20l service terminated with the following error: Access is denied. 4/4/2012 9:18:31 AM, error: Service Control Manager [7023] - The SE2Dbus service terminated with the following error: Access is denied. 4/4/2012 9:17:30 AM, error: Service Control Manager [7023] - The BrUsbSer service terminated with the following error: Access is denied. 4/4/2012 9:16:29 AM, error: Service Control Manager [7023] - The Downloadmanagerlite service terminated with the following error: Access is denied. 4/4/2012 9:15:29 AM, error: Service Control Manager [7023] - The Lxrjd31d service terminated with the following error: Access is denied. 4/4/2012 9:14:29 AM, error: Service Control Manager [7023] - The Rpskt service terminated with the following error: Access is denied. 4/4/2012 9:13:29 AM, error: Service Control Manager [7023] - The Hcf_msft service terminated with the following error: Access is denied. 4/4/2012 9:12:29 AM, error: Service Control Manager [7023] - The Penclass service terminated with the following error: Access is denied. 4/4/2012 9:11:29 AM, error: Service Control Manager [7023] - The Btwusb service terminated with the following error: Access is denied. 4/4/2012 9:10:28 AM, error: Service Control Manager [7023] - The Avidsdmservice service terminated with the following error: Access is denied. 4/4/2012 9:09:29 AM, error: Service Control Manager [7023] - The Nimcdlbk service terminated with the following error: Access is denied. 4/4/2012 9:08:29 AM, error: Service Control Manager [7023] - The USBCamera service terminated with the following error: Access is denied. 4/4/2012 9:07:29 AM, error: Service Control Manager [7023] - The Snoopfree service terminated with the following error: Access is denied. 4/4/2012 9:06:29 AM, error: Service Control Manager [7023] - The LXARScan service terminated with the following error: Access is denied. 4/4/2012 9:05:29 AM, error: Service Control Manager [7023] - The Slimsvc service terminated with the following error: Access is denied. 4/4/2012 9:04:29 AM, error: Service Control Manager [7023] - The Dpc_srv_webcast service terminated with the following error: Access is denied. 4/4/2012 9:03:29 AM, error: Service Control Manager [7023] - The EUSBMSD service terminated with the following error: Access is denied. 4/4/2012 9:02:29 AM, error: Service Control Manager [7023] - The Ikhfile service terminated with the following error: Access is denied. 4/4/2012 9:02:01 AM, error: Service Control Manager [7023] - The CBTNDIS5 service terminated with the following error: Access is denied. 4/4/2012 9:00:38 AM, error: Service Control Manager [7023] - The Tsdhd service terminated with the following error: Access is denied. 4/4/2012 8:59:55 AM, error: Service Control Manager [7023] - The Ohci1394 service terminated with the following error: Access is denied. 4/4/2012 8:58:29 AM, error: Service Control Manager [7023] - The Pdlndint service terminated with the following error: Access is denied. 4/4/2012 8:57:30 AM, error: Service Control Manager [7023] - The Rismxdp service terminated with the following error: Access is denied. 4/4/2012 8:56:29 AM, error: Service Control Manager [7023] - The Pnkbstrk service terminated with the following error: Access is denied. 4/4/2012 8:55:34 AM, error: Service Control Manager [7023] - The Artourservice service terminated with the following error: Access is denied. 4/4/2012 8:55:07 AM, error: Service Control Manager [7023] - The Marvinbus service terminated with the following error: Access is denied. 4/3/2012 8:27:31 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Z525obex service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The YMIDUSB service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The X10nets service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Wtcls2k service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The WNCPKT service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The WmBEnum service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Vrservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Vmsprog service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The VICESYS service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Us30service service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Upsmonservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Upperdev service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Tvs service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Tsmservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Tsircsrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Tmtdi service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Tfsndres service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Syslogd service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Symantecantibotwatcher service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Sqlserveragent service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The SprintRcAppSvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Snpstd service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Smservauth service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Smartlinkservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Sk9920nt service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Sk99202k service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Si3114r service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Sfusvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Sentinel service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Scarddrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Sbhooksvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The S616mdm service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The S125mgmt service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The S117unic service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Rspndr service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Rimmptsk service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Quickbooksdb service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Qmofiltr service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The PTDCMdm service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Psdvdisk service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Prohlp02 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ppped service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Point32 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Pnp680r service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The PGPwded service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Perfproc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Pdlnatcm service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Pdengine service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Pccsmcfd service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Papycpu2 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ofcpfwsvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The NxSysMon service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Nvraid service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ntgrip service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Nsysaudm service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The NPPTNT service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Nipsvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The NIPALK service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Nimdbgk service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Naiavfilter1 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The N558 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The N3900 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The MtxDma0 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The MTsensor service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Mssql$microsoftsmlbiz service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The MRESP50 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Milshieldcleaner service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Mhndrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Mfehidk service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Megamonitorsrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Mcmispupdmgr service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Lxdj_device service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Lxcd_device service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The LMouFilt service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Kraidsvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Kbdhid service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Iwebmsg service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ireike service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The IPassP service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Inort service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Inorpc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Infrastructure service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Iftpsvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The HSFHWALI service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Hpt3xx service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Hpgate service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The GT891x service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The GT680x service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Govsrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ghoststartservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The GcKernel service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Gbpoll service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Fsaa service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Fs_rec service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ezplay service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Eplpdx02 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Epfwtdi service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Egathdrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The EACSvrMngr service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ds1 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The DniVad service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Dlcg_device service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The DellAMBrokerService service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Defwatch service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ddxgb service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The CTEAPSFX.DLL service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Cs429x service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Cpsvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Commserver service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Cobbmservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The CoachUsb service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The CnxTrUsb service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Clmtomcatstartersvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Cdvp service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Carboncopy32 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The CA561 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Btwdins service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Bthidenum service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The BrSerIf service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Brmfrmps service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Bobo service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Bjmcmng service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Backupclientsvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Axinstsv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Avgclean service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The ATNT40K service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Atkdisplf service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Arkbcfltr service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Appnnode service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The AppnBase service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Appdrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Aolservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Angel2 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Amon service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Alcaudsl service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ahcix86s service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The AGV service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Agnfilt service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The A8djavs service terminated with the following error: The specified module could not be found. 4/3/2012 12:51:15 PM, error: Service Control Manager [7023] - The Cdvp service terminated with the following error: Access is denied. 4/3/2012 12:50:15 PM, error: Service Control Manager [7023] - The Commserver service terminated with the following error: Access is denied. 4/3/2012 12:49:16 PM, error: Service Control Manager [7023] - The Tvs service terminated with the following error: Access is denied. 4/3/2012 12:48:15 PM, error: Service Control Manager [7023] - The Nimdbgk service terminated with the following error: Access is denied. 4/3/2012 12:47:15 PM, error: Service Control Manager [7023] - The Eplpdx02 service terminated with the following error: Access is denied. 4/3/2012 12:46:16 PM, error: Service Control Manager [7023] - The Mssql$microsoftsmlbiz service terminated with the following error: Access is denied. 4/3/2012 12:45:15 PM, error: Service Control Manager [7023] - The Tsircsrv service terminated with the following error: Access is denied. 4/3/2012 12:44:15 PM, error: Service Control Manager [7023] - The Smartlinkservice service terminated with the following error: Access is denied. 4/3/2012 12:43:15 PM, error: Service Control Manager [7023] - The Ddxgb service terminated with the following error: Access is denied. 4/3/2012 12:42:15 PM, error: Service Control Manager [7023] - The Cs429x service terminated with the following error: Access is denied. 4/3/2012 12:41:15 PM, error: Service Control Manager [7023] - The AppnBase service terminated with the following error: Access is denied. 4/3/2012 12:40:15 PM, error: Service Control Manager [7023] - The Sk9920nt service terminated with the following error: Access is denied. 4/3/2012 12:39:15 PM, error: Service Control Manager [7023] - The Naiavfilter1 service terminated with the following error: Access is denied. 4/3/2012 12:38:15 PM, error: Service Control Manager [7023] - The Ahcix86s service terminated with the following error: Access is denied. 4/3/2012 12:37:15 PM, error: Service Control Manager [7023] - The Vmsprog service terminated with the following error: Access is denied. 4/3/2012 12:36:15 PM, error: Service Control Manager [7023] - The Rimmptsk service terminated with the following error: Access is denied. 4/3/2012 12:35:16 PM, error: Service Control Manager [7023] - The Vrservice service terminated with the following error: Access is denied. 4/3/2012 12:34:15 PM, error: Service Control Manager [7023] - The Si3114r service terminated with the following error: Access is denied. 4/3/2012 12:33:16 PM, error: Service Control Manager [7023] - The Ezplay service terminated with the following error: Access is denied. 4/3/2012 12:32:15 PM, error: Service Control Manager [7023] - The X10nets service terminated with the following error: Access is denied. 4/3/2012 12:31:15 PM, error: Service Control Manager [7023] - The Egathdrv service terminated with the following error: Access is denied. 4/3/2012 12:30:15 PM, error: Service Control Manager [7023] - The Pdlnatcm service terminated with the following error: Access is denied. 4/3/2012 12:29:15 PM, error: Service Control Manager [7023] - The Papycpu2 service terminated with the following error: Access is denied. 4/3/2012 12:28:16 PM, error: Service Control Manager [7023] - The NxSysMon service terminated with the following error: Access is denied. 4/3/2012 12:27:16 PM, error: Service Control Manager [7023] - The MTsensor service terminated with the following error: Access is denied. 4/3/2012 12:26:15 PM, error: Service Control Manager [7023] - The Fs_rec service terminated with the following error: Access is denied. 4/3/2012 12:25:15 PM, error: Service Control Manager [7023] - The Ireike service terminated with the following error: Access is denied. 4/3/2012 12:24:19 PM, error: Service Control Manager [7023] - The Sk99202k service terminated with the following error: Access is denied. 4/3/2012 12:23:16 PM, error: Service Control Manager [7023] - The Cobbmservice service terminated with the following error: Access is denied. 4/3/2012 12:22:26 PM, error: Service Control Manager [7023] - The PTDCMdm service terminated with the following error: Access is denied. 4/3/2012 12:21:27 PM, error: Service Control Manager [7023] - The Gbpoll service terminated with the following error: Access is denied. 4/3/2012 12:20:27 PM, error: Service Control Manager [7023] - The Brmfrmps service terminated with the following error: Access is denied. 4/3/2012 12:19:22 PM, error: Service Control Manager [7023] - The Us30service service terminated with the following error: Access is denied. 4/3/2012 12:17:25 PM, error: Service Control Manager [7023] - The DniVad service terminated with the following error: Access is denied. 4/3/2012 12:16:20 PM, error: Service Control Manager [7023] - The EACSvrMngr service terminated with the following error: Access is denied. 4/3/2012 12:15:15 PM, error: Service Control Manager [7023] - The Angel2 service terminated with the following error: Access is denied. 4/3/2012 12:14:15 PM, error: Service Control Manager [7023] - The Pnp680r service terminated with the following error: Access is denied. 4/3/2012 12:13:15 PM, error: Service Control Manager [7023] - The Snpstd service terminated with the following error: Access is denied. 4/3/2012 12:12:15 PM, error: Service Control Manager [7023] - The Sentinel service terminated with the following error: Access is denied. 4/3/2012 12:11:15 PM, error: Service Control Manager [7023] - The Tmtdi service terminated with the following error: Access is denied. 4/3/2012 12:10:15 PM, error: Service Control Manager [7023] - The Iftpsvc service terminated with the following error: Access is denied. 4/3/2012 12:09:15 PM, error: Service Control Manager [7023] - The Tsmservice service terminated with the following error: Access is denied. 4/3/2012 12:08:15 PM, error: Service Control Manager [7023] - The Axinstsv service terminated with the following error: Access is denied. 4/3/2012 12:07:16 PM, error: Service Control Manager [7023] - The Infrastructure service terminated with the following error: Access is denied. 4/3/2012 12:06:15 PM, error: Service Control Manager [7023] - The Lxcd_device service terminated with the following error: Access is denied. 4/3/2012 12:05:15 PM, error: Service Control Manager [7023] - The Scarddrv service terminated with the following error: Access is denied. 4/3/2012 12:04:15 PM, error: Service Control Manager [7023] - The S125mgmt service terminated with the following error: Access is denied. 4/3/2012 12:03:15 PM, error: Service Control Manager [7023] - The Defwatch service terminated with the following error: Access is denied. 4/3/2012 12:02:15 PM, error: Service Control Manager [7023] - The Mhndrv service terminated with the following error: Access is denied. 4/3/2012 12:01:16 PM, error: Service Control Manager [7023] - The Nvraid service terminated with the following error: Access is denied. 4/3/2012 12:00:15 PM, error: Service Control Manager [7023] - The NIPALK service terminated with the following error: Access is denied. 4/3/2012 11:59:16 AM, error: Service Control Manager [7023] - The Appdrv service terminated with the following error: Access is denied. 4/3/2012 11:58:15 AM, error: Service Control Manager [7023] - The Bjmcmng service terminated with the following error: Access is denied. 4/3/2012 11:57:18 AM, error: Service Control Manager [7023] - The GcKernel service terminated with the following error: Access is denied. 4/3/2012 11:56:15 AM, error: Service Control Manager [7023] - The Carboncopy32 service terminated with the following error: Access is denied. 4/3/2012 11:55:15 AM, error: Service Control Manager [7023] - The Sfusvc service terminated with the following error: Access is denied. 4/3/2012 11:54:16 AM, error: Service Control Manager [7023] - The WNCPKT service terminated with the following error: Access is denied. 4/3/2012 11:53:15 AM, error: Service Control Manager [7023] - The Nsysaudm service terminated with the following error: Access is denied. 4/3/2012 11:52:15 AM, error: Service Control Manager [7023] - The Bthidenum service terminated with the following error: Access is denied. 4/3/2012 11:51:15 AM, error: Service Control Manager [7023] - The Ghoststartservice service terminated with the following error: Access is denied. 4/3/2012 11:50:15 AM, error: Service Control Manager [7023] - The ATNT40K service terminated with the following error: Access is denied. 4/3/2012 11:49:15 AM, error: Service Control Manager [7023] - The Bobo service terminated with the following error: Access is denied. 4/3/2012 11:48:15 AM, error: Service Control Manager [7023] - The SprintRcAppSvc service terminated with the following error: Access is denied. 4/3/2012 11:47:15 AM, error: Service Control Manager [7023] - The Clmtomcatstartersvc service terminated with the following error: Access is denied. 4/3/2012 11:46:15 AM, error: Service Control Manager [7023] - The Kbdhid service terminated with the following error: Access is denied. 4/3/2012 11:45:15 AM, error: Service Control Manager [7023] - The CnxTrUsb service terminated with the following error: Access is denied. 4/3/2012 11:44:15 AM, error: Service Control Manager [7023] - The A8djavs service terminated with the following error: Access is denied. 4/3/2012 11:43:16 AM, error: Service Control Manager [7023] - The S117unic service terminated with the following error: Access is denied. 4/3/2012 11:42:15 AM, error: Service Control Manager [7023] - The Psdvdisk service terminated with the following error: Access is denied. 4/3/2012 11:41:15 AM, error: Service Control Manager [7023] - The Mfehidk service terminated with the following error: Access is denied. 4/3/2012 11:40:15 AM, error: Service Control Manager [7023] - The Backupclientsvc service terminated with the following error: Access is denied. 4/3/2012 11:39:15 AM, error: Service Control Manager [7023] - The Avgclean service terminated with the following error: Access is denied. 4/3/2012 11:38:15 AM, error: Service Control Manager [7023] - The NPPTNT service terminated with the following error: Access is denied. 4/3/2012 11:37:15 AM, error: Service Control Manager [7023] - The Iwebmsg service terminated with the following error: Access is denied. 4/3/2012 11:36:15 AM, error: Service Control Manager [7023] - The Z525obex service terminated with the following error: Access is denied. 4/3/2012 11:35:15 AM, error: Service Control Manager [7023] - The Wtcls2k service terminated with the following error: Access is denied. 4/3/2012 11:34:15 AM, error: Service Control Manager [7023] - The YMIDUSB service terminated with the following error: Access is denied. 4/3/2012 11:33:15 AM, error: Service Control Manager [7023] - The Ds1 service terminated with the following error: Access is denied. 4/3/2012 11:32:16 AM, error: Service Control Manager [7023] - The Sqlserveragent service terminated with the following error: Access is denied. 4/3/2012 11:31:15 AM, error: Service Control Manager [7023] - The Lxdj_device service terminated with the following error: Access is denied. 4/3/2012 11:30:15 AM, error: Service Control Manager [7023] - The Inorpc service terminated with the following error: Access is denied. 4/3/2012 11:29:15 AM, error: Service Control Manager [7023] - The Prohlp02 service terminated with the following error: Access is denied. 4/3/2012 11:28:15 AM, error: Service Control Manager [7023] - The Cpsvc service terminated with the following error: Access is denied. 4/3/2012 11:27:17 AM, error: Service Control Manager [7023] - The WmBEnum service terminated with the following error: Access is denied. 4/3/2012 11:26:15 AM, error: Service Control Manager [7023] - The Hpgate service terminated with the following error: Access is denied. 4/3/2012 11:25:15 AM, error: Service Control Manager [7023] - The Smservauth service terminated with the following error: Access is denied. 4/3/2012 11:24:15 AM, error: Service Control Manager [7023] - The Ppped service terminated with the following error: Access is denied. 4/3/2012 11:23:15 AM, error: Service Control Manager [7023] - The BrSerIf service terminated with the following error: Access is denied. 4/3/2012 11:22:16 AM, error: Service Control Manager [7023] - The Amon service terminated with the following error: Access is denied. 4/3/2012 11:21:16 AM, error: Service Control Manager [7023] - The Btwdins service terminated with the following error: Access is denied. 4/3/2012 11:20:16 AM, error: Service Control Manager [7023] - The MRESP50 service terminated with the following error: Access is denied. 4/3/2012 11:19:17 AM, error: Service Control Manager [7023] - The Dlcg_device service terminated with the following error: Access is denied. 4/3/2012 11:18:20 AM, error: Service Control Manager [7023] - The GT891x service terminated with the following error: Access is denied. 4/3/2012 11:17:17 AM, error: Service Control Manager [7023] - The Sbhooksvc service terminated with the following error: Access is denied. 4/3/2012 11:16:16 AM, error: Service Control Manager [7023] - The Upsmonservice service terminated with the following error: Access is denied. 4/3/2012 11:15:15 AM, error: Service Control Manager [7023] - The Aolservice service terminated with the following error: Access is denied. 4/3/2012 11:14:17 AM, error: Service Control Manager [7023] - The CTEAPSFX.DLL service terminated with the following error: Access is denied. 4/3/2012 11:13:15 AM, error: Service Control Manager [7023] - The GT680x service terminated with the following error: Access is denied. 4/3/2012 11:12:15 AM, error: Service Control Manager [7023] - The Mcmispupdmgr service terminated with the following error: Access is denied. 4/3/2012 11:11:15 AM, error: Service Control Manager [7023] - The Tfsndres service terminated with the following error: Access is denied. 4/3/2012 11:10:15 AM, error: Service Control Manager [7023] - The Qmofiltr service terminated with the following error: Access is denied. 4/3/2012 11:09:15 AM, error: Service Control Manager [7023] - The Megamonitorsrv service terminated with the following error: Access is denied. 4/3/2012 11:08:15 AM, error: Service Control Manager [7023] - The Pccsmcfd service terminated with the following error: Access is denied. 4/3/2012 11:07:15 AM, error: Service Control Manager [7023] - The Kraidsvc service terminated with the following error: Access is denied. 4/3/2012 11:06:17 AM, error: Service Control Manager [7023] - The VICESYS service terminated with the following error: Access is denied. 4/3/2012 11:05:24 AM, error: Service Control Manager [7023] - The Milshieldcleaner service terminated with the following error: Access is denied. 4/3/2012 11:04:28 AM, error: Service Control Manager [7023] - The Atkdisplf service terminated with the following error: Access is denied. 4/3/2012 11:03:15 AM, error: Service Control Manager [7023] - The Upperdev service terminated with the following error: Access is denied. 4/3/2012 11:02:15 AM, error: Service Control Manager [7023] - The N3900 service terminated with the following error: Access is denied. 4/3/2012 11:01:22 AM, error: Service Control Manager [7023] - The Syslogd service terminated with the following error: Access is denied. 4/3/2012 11:00:16 AM, error: Service Control Manager [7023] - The Rspndr service terminated with the following error: Access is denied. 4/3/2012 10:59:15 AM, error: Service Control Manager [7023] - The Arkbcfltr service terminated with the following error: Access is denied. 4/3/2012 10:58:15 AM, error: Service Control Manager [7023] - The Ntgrip service terminated with the following error: Access is denied. 4/3/2012 10:57:15 AM, error: Service Control Manager [7023] - The AGV service terminated with the following error: Access is denied. 4/3/2012 10:56:15 AM, error: Service Control Manager [7023] - The IPassP service terminated with the following error: Access is denied. 4/3/2012 10:55:15 AM, error: Service Control Manager [7023] - The LMouFilt service terminated with the following error: Access is denied. 4/3/2012 10:54:16 AM, error: Service Control Manager [7023] - The Govsrv service terminated with the following error: Access is denied. 4/3/2012 10:53:15 AM, error: Service Control Manager [7023] - The CA561 service terminated with the following error: Access is denied. 4/3/2012 10:52:15 AM, error: Service Control Manager [7023] - The CoachUsb service terminated with the following error: Access is denied. 4/3/2012 10:51:15 AM, error: Service Control Manager [7023] - The Symantecantibotwatcher service terminated with the following error: Access is denied. 4/3/2012 10:50:17 AM, error: Service Control Manager [7023] - The Fsaa service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The S616mdm service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Quickbooksdb service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Point32 service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Pdengine service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Ofcpfwsvc service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Nipsvc service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The N558 service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The MtxDma0 service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Inort service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The HSFHWALI service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Hpt3xx service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Epfwtdi service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Appnnode service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Alcaudsl service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Agnfilt service terminated with the following error: Access is denied. 4/3/2012 1:09:15 PM, error: Service Control Manager [7023] - The DellAMBrokerService service terminated with the following error: Access is denied. 4/3/2012 1:08:15 PM, error: Service Control Manager [7023] - The PGPwded service terminated with the following error: Access is denied. 4/3/2012 1:07:15 PM, error: Service Control Manager [7023] - The Perfproc service terminated with the following error: Access is denied. 4/2/2012 11:34:25 AM, error: SCR3xx USB Smart Card Reader [0] - 4/2/2012 11:34:25 AM, error: SCardSvr [610] - Smart Card Reader 'SCM Microsystems Inc. SCR33x USB Smart Card Reader 0' rejected IOCTL POWER: The smart card is not responding to a reset. . ==== End Of File =========================== dds.txt DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by Plamenka at 14:24:59 on 2012-04-05 Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.502.241 [GMT 3:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes ================ . C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\System32\DkLog.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\PDF Complete\pdfsty.exe C:\Program Files\PDF Complete\pdfsvc.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AutorunRemover\AutorunRemover.exe C:\Program Files\Datakey\Crypt32\DkAutoReg.exe C:\Program Files\Datakey\Crypt32\DkMonitor.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\WINDOWS\System32\dkcktkn.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\Datecs\Flex2K.exe C:\Program Files\Siemens\Card API\bin\siecacst.exe C:\Program Files\Dosprn\DOSprn.exe C:\Program Files\Webshots\WebshotsTray.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.bg/ uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: {A5366673-E8CA-11D3-9CD9-0090271D075B} - <orphaned> TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe" mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe mRun: [Recguard] c:\windows\sminst\Recguard.exe mRun: [Reminder] c:\windows\creator\Remind_XP.exe mRun: [scheduler] c:\windows\sminst\Scheduler.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [AutorunRemover.exe] c:\program files\autorunremover\AutorunRemover.exe -Hide mRun: [DkAutoReg.exe] c:\program files\datakey\crypt32\DkAutoReg.exe mRun: [DkMonitor.exe] c:\program files\datakey\crypt32\DkMonitor.exe mRun: [DkStartup] c:\program files\datakey\crypt32\DkStartup.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\plamenka\startm~1\programs\startup\dosprn.lnk - c:\program files\dosprn\DOSprn.exe StartupFolder: c:\docume~1\plamenka\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\WebshotsTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flexty~1.lnk - c:\windows\datecs\Flex2K.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hipath~1.lnk - c:\program files\siemens\card api\bin\siecacst.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: Download All by FlashGet - \\Secretary\Share\Flashget\jc_all.htm IE: Download using FlashGet - \\Secretary\Share\Flashget\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {167248DA-0F88-4DE1-B4B1-45176751026D} - hxxps://bs.b-trust.org/wl-dl/bs/js/renew/CertManX.cab DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} - hxxps://srl.nssi.bg/ExtUsers/viewer/activeXViewer/activexviewer.cab DPF: {4DB62416-BC86-4439-B5BA-366948F47C8D} - hxxps://bs.b-trust.org/wl-dl/bs/js/sign/SCManagerX.cab DPF: {500A3316-5B0E-4253-BBE5-CE3F11A1AE71} - hxxps://inetdec.nra.bg/dds/InetVAT5Frm.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {97EA2A5E-A821-48A1-B0F9-DEDB5E0E62A2} - hxxps://inetdec.nra.bg/cabs/SignCOM.cab DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://www.extri.bg/capicom.cab DPF: {C186F386-6FC6-414C-AB53-975FB0EB15C1} - hxxp://v.netlogstatic.com/v5.00/2995//s/e/Aurigma/ImageUploaderPHP/PhotoUploader.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: Interfaces\{02B9B549-6E76-4467-94AD-2664E3FE96D2} : NameServer = 192.168.1.1 Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2008-2-12 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2008-2-12 5248] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-4 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-4 337880] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-4 20696] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-4 44768] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-20 652360] R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-11-10 540184] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-20 20464] R3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [2010-3-17 47488] S2 awhost32;Snpstd;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 gupdate;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-4 136176] S2 GV600_4;Btwdins;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 ikhlayer;Bthidenum;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 LRMINIPORT;BrSerIf;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 mcafeeantispyware;PTDCMdm;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 navapsvc;Hpgate;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 ofcservice;NPPTNT;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 savrtpel;NIPALK;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 vet-filt;Smartlinkservice;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 vsmon;SprintRcAppSvc;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-4 136176] S3 MFE_RR;MFE_RR;\??\c:\docume~1\plamenka\locals~1\temp\mfe_rr.sys --> c:\docume~1\plamenka\locals~1\temp\mfe_rr.sys [?] S3 SCR33x USB Smart Card Reader;SCR33x USB Smart Card Reader;c:\windows\system32\drivers\scr33x.sys --> c:\windows\system32\drivers\SCR33x.sys [?] S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [2004-10-25 7796] . =============== File Associations =============== . ShellExec: pdfvista.exe: Open="c:\program files\pdf complete\pdfvista.exe" ShellExec: pdfvista.exe: Read="c:\program files\pdf complete\pdfvista.exe" . =============== Created Last 30 ================ . 2012-04-05 09:14:40 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2012-04-05 09:14:40 64512 ----a-w- c:\windows\system32\drivers\Serial.sys 2012-04-05 09:14:37 162816 ----a-w- c:\windows\system32\drivers\netbt.sys 2012-04-05 09:14:35 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2012-04-05 08:40:26 98816 ----a-w- c:\windows\sed.exe 2012-04-05 08:40:26 256000 ----a-w- c:\windows\PEV.exe 2012-04-05 08:40:26 208896 ----a-w- c:\windows\MBR.exe 2012-04-04 07:00:56 -------- d-----w- c:\documents and settings\plamenka\local settings\application data\Google 2012-04-04 07:00:43 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-04-04 06:59:16 41184 ----a-w- c:\windows\avastSS.scr 2012-04-04 06:26:10 -------- d-----w- c:\program files\AVAST Software 2012-04-04 06:26:10 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software 2012-04-03 14:42:55 -------- d-----w- c:\documents and settings\all users\application data\MFAData 2012-04-03 07:48:00 -------- d-sh--w- c:\documents and settings\plamenka\local settings\application data\1cf6efbe . ==================== Find3M ==================== . 2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 14:25:40.00 ===============

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Виждат се някои остатъци в логовете, но ще са необходими още проверки:

1. Изтеглете ComboFix от BleepingComputer

и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:

Публикувано изображение

След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:

Публикувано изображение

2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива.

3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.

4. ComboFix ще провери дали Windows Recovery Console e инсталиранa.

*Ако Windows Recovery Console не е инсталирана, ще е необходимо да използвате YES за инсталация на Windows Recovery Console

*Ако Windows Recovery Console е инсталирана, ComboFix ще продължи работата си.

Публикувано изображение

Забележка: Необходимо е да сте свързани към Интернет за да може Windows Recovery Console да се изтегли.

След инсталация на Windows Recovery Console потвърдете с YES, за да продължите напред. Снимка:

Публикувано изображение

5. ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на ComboFix, моля да прочетете това: Manually restoring the Internet connection section.

6. Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:

Публикувано изображение

Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

ComboFix 12-04-05.09 - Plamenka 04/06/2012 10:55:50.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.502.257 [GMT 3:00]

Running from: c:\documents and settings\Plamenka\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\$NtUninstallKB3255$

c:\windows\$NtUninstallKB3255$\2446036716

c:\windows\$NtUninstallKB3255$\485945278\@

c:\windows\$NtUninstallKB3255$\485945278\L\nnznorar

c:\windows\system32\regmon701.dll

c:\windows\TEMP\sig3.tmp

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_THKEYS

-------\Service_thkeys

.

.

((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))

.

.

2012-04-05 09:14 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2012-04-05 09:14 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\drivers\Serial.sys

2012-04-05 09:14 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-04-05 09:14 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2012-04-04 07:00 . 2012-04-04 07:05 -------- d-----w- c:\documents and settings\Plamenka\Local Settings\Application Data\Google

2012-04-04 07:00 . 2012-04-04 07:01 -------- d-----w- c:\program files\Google

2012-04-04 07:00 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-04-04 07:00 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-04-04 07:00 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-04-04 07:00 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-04-04 07:00 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-04-04 07:00 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-04-04 07:00 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-04-04 07:00 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-04-04 06:59 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr

2012-04-04 06:59 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-04-04 06:26 . 2012-04-04 06:58 -------- d-----w- c:\program files\AVAST Software

2012-04-04 06:26 . 2012-04-04 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-04-03 14:42 . 2012-04-03 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-04-03 09:28 . 2012-04-03 09:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2012-04-03 07:48 . 2012-04-05 09:14 -------- d-sh--w- c:\documents and settings\Plamenka\Local Settings\Application Data\1cf6efbe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-03 09:22 . 2004-08-04 08:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-17 06:23 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2004-08-04 08:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-05_09.19.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-04 08:00 . 2004-08-03 20:14 52736 c:\windows\system32\drivers\i8042prt.sys

+ 2004-08-04 08:00 . 2004-08-03 20:14 52736 c:\windows\system32\dllcache\i8042prt.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-09-25 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-09-25 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-09-25 94208]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-04-24 888832]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-01 98304]

"AutorunRemover.exe"="c:\program files\AutorunRemover\AutorunRemover.exe" [2009-10-20 1257472]

"DkAutoReg.exe"="c:\program files\Datakey\Crypt32\DkAutoReg.exe" [2003-05-13 245760]

"DkMonitor.exe"="c:\program files\Datakey\Crypt32\DkMonitor.exe" [2003-05-13 143360]

"DkStartup"="c:\program files\Datakey\Crypt32\DkStartup.exe" [2003-05-13 217088]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Plamenka\Start Menu\Programs\Startup\

DOSprn.lnk - c:\program files\Dosprn\DOSprn.exe [2011-11-3 234496]

Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2008-2-26 192512]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2008-2-12 151552]

HiPath SIcurity Card API.lnk - c:\program files\Siemens\Card API\bin\siecacst.exe [2010-3-17 61440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\IObit\\Advanced SystemCare 3\\AWC.exe"=

"c:\\Program Files\\IObit\\Advanced SystemCare 3\\Sut_SoftUninstaller.exe"=

"c:\\Documents and Settings\\Plamenka\\Local Settings\\Temp\\_av_sfx.tm~a03296\\avast.setup"=

"c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"=

"c:\\Program Files\\AVAST Software\\Avast\\Setup\\avast.setup"=

"c:\\Documents and Settings\\Plamenka\\Local Settings\\Temp\\_av_sfx.tm~a01800\\avast.setup"=

"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\WINDOWS\\system32\\msfeedssync.exe"=

.

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2/12/2008 4:27 PM 155136]

R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2/12/2008 4:27 PM 5248]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/4/2012 10:00 AM 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/4/2012 10:00 AM 337880]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/4/2012 10:00 AM 20696]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/20/2009 10:29 AM 652360]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [11/10/2007 10:01 PM 540184]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/20/2009 10:29 AM 20464]

R3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [3/17/2010 4:03 PM 47488]

S2 gupdate;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2012 10:01 AM 136176]

S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2012 10:01 AM 136176]

S3 MFE_RR;MFE_RR;\??\c:\docume~1\Plamenka\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\Plamenka\LOCALS~1\Temp\mfe_rr.sys [?]

S3 SCR33x USB Smart Card Reader;SCR33x USB Smart Card Reader;c:\windows\system32\DRIVERS\SCR33x.sys --> c:\windows\system32\DRIVERS\SCR33x.sys [?]

S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [10/25/2004 1:04 AM 7796]

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

{834170a7-af3b-4d34-a757-e05eb29ee96d}

vwkernel

bwsvc

tvalz

comhost

qcmerced

a016obex

CVirtA

wg3n

SE2Cbus

vpcnets2

tmactmon

vvoice

smrt

hwdatacard

LVBulk

pcx1nd5

Wdf01000

navapsvc

ino_fltr

athr

DLARTL_M

e1000

ASLDRService

ofcservice

backupexecnamingservice

ppmoucls

VX3000

SMCB000

vsmon

amdagp

ikhlayer

cachemanxp

AmeLanPc

netcfgsvr

savrtpel

CXTUNE

epson_pm_rpcv4_01

ATMsrvc

lvselsus

W8100PCI

APLMp50

prosync1

prismxl

winvnc4

MS1000

mcafeeantispyware

mfeapfk

atksgt

TVALG

sthda

lxct_device

oracleorahome92tnslistener

ownershipprotocol

3dkeybd

TPECioCtl

tpsrv

vet-filt

slabbus

w810mdm

personalsecuredriveservice

tomcatcws3

bc_ip_f

pdlndoem

nvrd64

nhcDriverDevice

CdaD10BA

p2psvc

XUIF

s716mdfl

WscNetDr

wltrysvc

cyberpowerups

pnkbstrk

vmparport

smcirda

alcaudsl

cwafrmiregistry

p1131vid

ati2mtaa

advservice

mgactrl

SE2Bobex

IBM_LLC2

PTDCBus

vulfnths

aksusb

stllssvr

cpucoolserver

CTEDSPFX.DLL

gearaspiwdm

ibmpmsvc

lxcf_device

tvtpktfilter

PCISys

dmisrv

avidstartup

tavsvc

sit_prt

teefer2

smartscaps

radclock

scarddrv

DeviceScanner

ASNDIS5

{95808DC4-FA4A-4c74-92FE-5B863F82066B}

pmem

vxsvc

btwrchid

Nsynas32

arkbcfltr

OracleOraHome92ClientCache

AdobeActiveFileMonitor6.0

wencrservice

hmonitor

mgisvr

GoToAssist

wwnetdde

AYDrvNT_ALYAC

w810obex

macformatservice

ma_cmidi_installerservice

cpqvcagent

iolo_srv

pfmodnt

ARSVC

PDExchange

tabletservice

awhost32

ANC

hclinetd

PSI_SVC_2

riomsc

WINUSB

VrAcFil

ICAM3NT5

hsxhwazl

bltrust

DELL_A02

ftrtsvc

SymIM

aswmon2

stylexphelper

xfactorae1

niorbk

asapiw2k

hpzius12

LoopBeMidi1

megamonitorsrv

hcwPP2

pvservice

ShockMgr

LRMINIPORT

GV600_4

bthusb

p2pgasvc

nmservice

zpnodecollector

nvsvc

sony_ssm.sys

FETNDIS

nvenetfd

tifm21

aswupdsv

cqmghost

surveyor

backupexecnotificationserver

passthru

toddsrv

Rasman

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

BITS

wuauserv

ShellHWDetection

helpsvc

WmdmPmSN

napagent

hkmsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 07:00]

.

2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 07:00]

.

2012-04-06 c:\windows\Tasks\User_Feed_Synchronization-{6482A737-AA76-49D9-B493-A348479543DB}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

IE: Download All by FlashGet - \\Secretary\Share\Flashget\jc_all.htm

IE: Download using FlashGet - \\Secretary\Share\Flashget\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: Interfaces\{02B9B549-6E76-4467-94AD-2664E3FE96D2}: NameServer = 192.168.1.1

DPF: {167248DA-0F88-4DE1-B4B1-45176751026D} - hxxps://bs.b-trust.org/wl-dl/bs/js/renew/CertManX.cab

DPF: {4DB62416-BC86-4439-B5BA-366948F47C8D} - hxxps://bs.b-trust.org/wl-dl/bs/js/sign/SCManagerX.cab

DPF: {500A3316-5B0E-4253-BBE5-CE3F11A1AE71} - hxxps://inetdec.nra.bg/dds/InetVAT5Frm.cab

DPF: {97EA2A5E-A821-48A1-B0F9-DEDB5E0E62A2} - hxxps://inetdec.nra.bg/cabs/SignCOM.cab

DPF: {C186F386-6FC6-414C-AB53-975FB0EB15C1} - hxxp://v.netlogstatic.com/v5.00/2995//s/e/Aurigma/ImageUploaderPHP/PhotoUploader.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-06 11:06

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1176)

c:\windows\system32\WININET.dll

c:\windows\system32\newdll.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\System32\SCardSvr.exe

c:\windows\System32\DkLog.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\windows\System32\dkcktkn.exe

.

**************************************************************************

.

Completion time: 2012-04-06 11:09:29 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-06 08:09

ComboFix2.txt 2012-04-05 09:22

.

Pre-Run: 127,682,486,272 bytes free

Post-Run: 127,706,243,072 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - A44E7958794D42F20B69C6ABF91DE93A

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изтеглете прикачения файл => XPSP3_netsvcs.zip

Разархивирайте го на десктопа и стартирайте файла XPSP3_netsvcs.reg

Потвърдете с YES на диалоговия прозорец.

  • Отворете notepad и с copy/paste въведете следната информация:

    Folder::
    c:documents and settingsPlamenkaLocal SettingsApplication Data1cf6efbe
    Registry::
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
    "AntiVirusOverride"=dword:00000000
    
  • Запазете файла с име CFScript и го провлачете и пуснете в Combofix (както е показано на картинката отдолу).

    Публикувано изображение

  • По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !
  • Публикувайте лог файла, който ще се създаде след рестарта на компютъра в следващия си пост.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

ComboFix 12-04-05.09 - Plamenka 04/07/2012 17:53:46.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.502.223 [GMT 3:00]

Running from: c:\documents and settings\Plamenka\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Plamenka\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Plamenka\Local Settings\Application Data\1cf6efbe

c:\documents and settings\Plamenka\Local Settings\Application Data\1cf6efbe\@

.

.

((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))

.

.

2012-04-05 09:14 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2012-04-05 09:14 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\drivers\Serial.sys

2012-04-05 09:14 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-04-05 09:14 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2012-04-04 07:00 . 2012-04-04 07:05 -------- d-----w- c:\documents and settings\Plamenka\Local Settings\Application Data\Google

2012-04-04 07:00 . 2012-04-04 07:01 -------- d-----w- c:\program files\Google

2012-04-04 07:00 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-04-04 07:00 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-04-04 07:00 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-04-04 07:00 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-04-04 07:00 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-04-04 07:00 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-04-04 07:00 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-04-04 07:00 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-04-04 06:59 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr

2012-04-04 06:59 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-04-04 06:26 . 2012-04-04 06:58 -------- d-----w- c:\program files\AVAST Software

2012-04-04 06:26 . 2012-04-04 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-04-03 14:42 . 2012-04-03 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-04-03 09:28 . 2012-04-03 09:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-03 09:22 . 2004-08-04 08:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-17 06:23 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2004-08-04 08:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-05_09.19.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-04 08:00 . 2004-08-03 20:14 52736 c:\windows\system32\drivers\i8042prt.sys

+ 2004-08-04 08:00 . 2004-08-03 20:14 52736 c:\windows\system32\dllcache\i8042prt.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-09-25 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-09-25 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-09-25 94208]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-04-24 888832]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-01 98304]

"AutorunRemover.exe"="c:\program files\AutorunRemover\AutorunRemover.exe" [2009-10-20 1257472]

"DkAutoReg.exe"="c:\program files\Datakey\Crypt32\DkAutoReg.exe" [2003-05-13 245760]

"DkMonitor.exe"="c:\program files\Datakey\Crypt32\DkMonitor.exe" [2003-05-13 143360]

"DkStartup"="c:\program files\Datakey\Crypt32\DkStartup.exe" [2003-05-13 217088]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Plamenka\Start Menu\Programs\Startup\

DOSprn.lnk - c:\program files\Dosprn\DOSprn.exe [2011-11-3 234496]

Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2008-2-26 192512]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2008-2-12 151552]

HiPath SIcurity Card API.lnk - c:\program files\Siemens\Card API\bin\siecacst.exe [2010-3-17 61440]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\IObit\\Advanced SystemCare 3\\AWC.exe"=

"c:\\Program Files\\IObit\\Advanced SystemCare 3\\Sut_SoftUninstaller.exe"=

"c:\\Documents and Settings\\Plamenka\\Local Settings\\Temp\\_av_sfx.tm~a03296\\avast.setup"=

"c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"=

"c:\\Program Files\\AVAST Software\\Avast\\Setup\\avast.setup"=

"c:\\Documents and Settings\\Plamenka\\Local Settings\\Temp\\_av_sfx.tm~a01800\\avast.setup"=

"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\WINDOWS\\system32\\msfeedssync.exe"=

.

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2/12/2008 4:27 PM 155136]

R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2/12/2008 4:27 PM 5248]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/4/2012 10:00 AM 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/4/2012 10:00 AM 337880]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/4/2012 10:00 AM 20696]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/20/2009 10:29 AM 652360]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [11/10/2007 10:01 PM 540184]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/20/2009 10:29 AM 20464]

R3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [3/17/2010 4:03 PM 47488]

S2 gupdate;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2012 10:01 AM 136176]

S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2012 10:01 AM 136176]

S3 MFE_RR;MFE_RR;\??\c:\docume~1\Plamenka\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\Plamenka\LOCALS~1\Temp\mfe_rr.sys [?]

S3 SCR33x USB Smart Card Reader;SCR33x USB Smart Card Reader;c:\windows\system32\DRIVERS\SCR33x.sys --> c:\windows\system32\DRIVERS\SCR33x.sys [?]

S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [10/25/2004 1:04 AM 7796]

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 07:00]

.

2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 07:00]

.

2012-04-07 c:\windows\Tasks\User_Feed_Synchronization-{6482A737-AA76-49D9-B493-A348479543DB}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

IE: Download All by FlashGet - \\Secretary\Share\Flashget\jc_all.htm

IE: Download using FlashGet - \\Secretary\Share\Flashget\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: Interfaces\{02B9B549-6E76-4467-94AD-2664E3FE96D2}: NameServer = 192.168.1.1

DPF: {167248DA-0F88-4DE1-B4B1-45176751026D} - hxxps://bs.b-trust.org/wl-dl/bs/js/renew/CertManX.cab

DPF: {4DB62416-BC86-4439-B5BA-366948F47C8D} - hxxps://bs.b-trust.org/wl-dl/bs/js/sign/SCManagerX.cab

DPF: {500A3316-5B0E-4253-BBE5-CE3F11A1AE71} - hxxps://inetdec.nra.bg/dds/InetVAT5Frm.cab

DPF: {97EA2A5E-A821-48A1-B0F9-DEDB5E0E62A2} - hxxps://inetdec.nra.bg/cabs/SignCOM.cab

DPF: {C186F386-6FC6-414C-AB53-975FB0EB15C1} - hxxp://v.netlogstatic.com/v5.00/2995//s/e/Aurigma/ImageUploaderPHP/PhotoUploader.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-07 18:02

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

Completion time: 2012-04-07 18:04:24

ComboFix-quarantined-files.txt 2012-04-07 15:04

ComboFix2.txt 2012-04-06 08:09

ComboFix3.txt 2012-04-05 09:22

.

Pre-Run: 127,527,481,344 bytes free

Post-Run: 127,539,871,744 bytes free

.

- - End Of File - - 61C040A3D3B347F7FBEEE8A5A68C6DBE


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Дотук добре, но искам да направим още малко проверки:

СТЪПКА 1

Изтеглете OTL.exe и го запазете на десктопа.

  • Стартирайте OTL.exe
  • Направете следните настройки:
  • Сложете отметка пред Scan All Users Публикувано изображение
  • Под менюто File Age изберете 90 days
  • Под менюто Standard Registry променете на ALL
  • Сложете отметки пред LOP и Purity Check
Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):

netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%*.*
%USERPROFILE%*.*
%USERPROFILE%Application Data*.*
%USERPROFILE%Local SettingsApplication Data*.*
%AllUsersProfile%*.*
%AllUsersProfile%Application Data*.*
%USERPROFILE%My Documents*.*
%CommonProgramFiles%*.*
%PROGRAMFILES%*.*
%systemroot%system32configsystemprofile*.*
%windir%ServiceProfilesLocalServiceAppDataLocalTemp*.*
%windir%ServiceProfilesNetworkServiceAppDataLocalTemp*.*
%windir%temp*.*
%windir%system32*.
%systemroot%system32*.dll /lockedfiles
%systemroot%Tasks*.job /lockedfiles
%systemroot%system32drivers*.sys /90
%systemroot%system32drivers*.sys /lockedfiles
%systemroot%system32Spoolprtprocsw32x86*.dll
%systemroot%*. /rp /s
%systemroot%assemblytmp*.* /S /MD5
%systemroot%assemblytemp*.* /S /MD5
%systemroot%assemblyGAC_32*.* /S /MD5
%systemroot%assemblyGAC_MSIL*.* /S /MD5
/md5start
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
atapi.sys
iaStor.sys
serial.sys
disk.sys
volsnap.sys
redbook.sys
i8042prt.sys
afd.sys
netbt.sys
tcpip.sys
ipsec.sys
hlp.dat
/md5stop
  • Натиснете маркираният в синьо бутон: Run Scan.
  • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

СТЪПКА 2

Моля изтеглете последната версия на TDSSKiller оттук и я запазете на вашия декстоп.

  • Стартирайте TDSSKiller.exe за да стартирате приложението. След това кликнете върху бутона Change parameters.

    Публикувано изображение

  • Сложете отметки пред Verify Driver Digital Signature и Detect TDLFS file system и натиснете ОК.

    Публикувано изображение

  • Натиснете бутона Start Scan.

    Публикувано изображение

  • Ако подозрителен обект бъде засечен, действието по подразбиране ще бъде Skip, кликнете върху Continue.

    Публикувано изображение

  • Ако зловредни обекти бъдат намерени, тогава от падащото меню ще имате три възможности.

    Бъдете сигурни, че избраното действие е Cure и натиснете върху Continue > Рестартирайте за да бъде завършена поправката.

    Публикувано изображение

    Забележка: Ако Cure бутона не е наличен от възможностите, тогава моля изберете Skip бутона, не избирайте Delete освен ако не сте инструктирани затова.

  • Лог файл ще бъде създаден в свободната директория на дял C: . Потърсете за лог с името "TDSSKiller.[Version]_[Date]_[Time]_log.txt" и копирайте съдържанието му в следващия си пост.

СТЪПКА 3

Моля, изтеглете aswMBR и го запазете на вашия десктоп.

  • Кликнете с двоен клин на мишката върху файла aswMBR.exe за да го стартирате.
  • Изчакайте да изтегли дефинициите на avast!
  • От падащото меню посочете дял C: както е на снимката:
Публикувано изображение
  • Изберете Scan бутона, за да започне проверката.
  • Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му в следващия си коментар.

СТЪПКА 4

Моля изтеглете Farbar Service Scanner и я стартирайте.

  • Сложете всички отметки
  • Натиснете бутона "Scan".
  • Ще се създаде лог файл с името (FSS.txt) в папката откъдето стартирате инструмента.
  • Копирайте съдържанието на лог файла в следващия си пост.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

СТЪПКА 2

19:21:45.0593 1748 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02

19:21:46.0718 1748 ============================================================

19:21:46.0718 1748 Current date / time: 2012/04/07 19:21:46.0718

19:21:46.0718 1748 SystemInfo:

19:21:46.0718 1748

19:21:46.0718 1748 OS Version: 5.1.2600 ServicePack: 3.0

19:21:46.0718 1748 Product type: Workstation

19:21:46.0718 1748 ComputerName: PLAMENKARAINOVA

19:21:46.0718 1748 UserName: Plamenka

19:21:46.0718 1748 Windows directory: C:\WINDOWS

19:21:46.0718 1748 System windows directory: C:\WINDOWS

19:21:46.0718 1748 Processor architecture: Intel x86

19:21:46.0718 1748 Number of processors: 1

19:21:46.0718 1748 Page size: 0x1000

19:21:46.0718 1748 Boot type: Normal boot

19:21:46.0718 1748 ============================================================

19:21:49.0062 1748 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

19:21:49.0062 1748 \Device\Harddisk0\DR0:

19:21:49.0062 1748 MBR used

19:21:49.0062 1748 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1160E866

19:21:49.0062 1748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x11612766, BlocksNum 0x140249A

19:21:49.0125 1748 Initialize success

19:21:49.0125 1748 ============================================================

19:22:11.0640 1220 ============================================================

19:22:11.0640 1220 Scan started

19:22:11.0640 1220 Mode: Manual; SigCheck; TDLFS;

19:22:11.0640 1220 ============================================================

19:22:11.0781 1220 3dkeybd - ok

19:22:11.0796 1220 a016obex - ok

19:22:11.0875 1220 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys

19:22:12.0125 1220 Aavmker4 - ok

19:22:12.0156 1220 Abiosdsk - ok

19:22:12.0171 1220 abp480n5 - ok

19:22:12.0218 1220 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

19:22:13.0781 1220 ac97intc - ok

19:22:13.0984 1220 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

19:22:14.0609 1220 ACPI - ok

19:22:14.0640 1220 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

19:22:14.0781 1220 ACPIEC - ok

19:22:14.0781 1220 AdobeActiveFileMonitor6.0 - ok

19:22:14.0796 1220 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

19:22:15.0015 1220 adpu160m - ok

19:22:15.0031 1220 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys

19:22:15.0046 1220 adpu320 ( UnsignedFile.Multi.Generic ) - warning

19:22:15.0046 1220 adpu320 - detected UnsignedFile.Multi.Generic (1)

19:22:15.0078 1220 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

19:22:15.0234 1220 aec - ok

19:22:15.0265 1220 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

19:22:15.0359 1220 AFD - ok

19:22:15.0359 1220 Aha154x - ok

19:22:15.0406 1220 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

19:22:15.0562 1220 aic78u2 - ok

19:22:15.0578 1220 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

19:22:15.0718 1220 aic78xx - ok

19:22:15.0750 1220 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

19:22:15.0890 1220 Alerter - ok

19:22:15.0921 1220 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

19:22:15.0984 1220 ALG - ok

19:22:16.0000 1220 AliIde - ok

19:22:16.0015 1220 amdagp - ok

19:22:16.0031 1220 AmeLanPc - ok

19:22:16.0031 1220 amsint - ok

19:22:16.0046 1220 ANC - ok

19:22:16.0062 1220 APLMp50 - ok

19:22:16.0093 1220 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

19:22:16.0171 1220 AppMgmt - ok

19:22:16.0187 1220 arkbcfltr - ok

19:22:16.0187 1220 asapiw2k - ok

19:22:16.0203 1220 asc - ok

19:22:16.0218 1220 asc3350p - ok

19:22:16.0218 1220 asc3550 - ok

19:22:16.0234 1220 ASLDRService - ok

19:22:16.0234 1220 ASNDIS5 - ok

19:22:16.0343 1220 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

19:22:16.0375 1220 aspnet_state - ok

19:22:16.0406 1220 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys

19:22:16.0421 1220 aswFsBlk - ok

19:22:16.0453 1220 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys

19:22:16.0468 1220 aswMon2 - ok

19:22:16.0484 1220 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys

19:22:16.0500 1220 AswRdr - ok

19:22:16.0531 1220 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys

19:22:16.0578 1220 aswSnx - ok

19:22:16.0593 1220 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys

19:22:16.0640 1220 aswSP - ok

19:22:16.0656 1220 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys

19:22:16.0671 1220 aswTdi - ok

19:22:16.0687 1220 aswupdsv - ok

19:22:16.0718 1220 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

19:22:16.0859 1220 AsyncMac - ok

19:22:16.0906 1220 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

19:22:17.0125 1220 atapi - ok

19:22:17.0140 1220 Atdisk - ok

19:22:17.0156 1220 athr - ok

19:22:17.0171 1220 atksgt - ok

19:22:17.0187 1220 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

19:22:17.0343 1220 Atmarpc - ok

19:22:17.0359 1220 ATMsrvc - ok

19:22:17.0406 1220 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

19:22:17.0562 1220 AudioSrv - ok

19:22:17.0625 1220 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

19:22:17.0781 1220 audstub - ok

19:22:17.0890 1220 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

19:22:17.0890 1220 avast! Antivirus - ok

19:22:17.0906 1220 awhost32 - ok

19:22:17.0921 1220 AYDrvNT_ALYAC - ok

19:22:17.0921 1220 backupexecnamingservice - ok

19:22:17.0937 1220 backupexecnotificationserver - ok

19:22:17.0953 1220 bc_ip_f - ok

19:22:17.0984 1220 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

19:22:18.0140 1220 Beep - ok

19:22:18.0187 1220 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

19:22:18.0390 1220 BITS - ok

19:22:18.0406 1220 bltrust - ok

19:22:18.0453 1220 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

19:22:18.0593 1220 Browser - ok

19:22:18.0609 1220 bthusb - ok

19:22:18.0625 1220 btwrchid - ok

19:22:18.0625 1220 bwsvc - ok

19:22:18.0640 1220 cachemanxp - ok

19:22:18.0765 1220 catchme - ok

19:22:18.0828 1220 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

19:22:18.0968 1220 cbidf2k - ok

19:22:18.0984 1220 cd20xrnt - ok

19:22:19.0000 1220 CdaD10BA - ok

19:22:19.0015 1220 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

19:22:19.0156 1220 Cdaudio - ok

19:22:19.0203 1220 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

19:22:19.0343 1220 Cdfs - ok

19:22:19.0375 1220 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

19:22:19.0531 1220 Cdrom - ok

19:22:19.0546 1220 Changer - ok

19:22:19.0562 1220 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

19:22:19.0718 1220 CiSvc - ok

19:22:19.0734 1220 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

19:22:19.0890 1220 ClipSrv - ok

19:22:19.0968 1220 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:22:20.0031 1220 clr_optimization_v2.0.50727_32 - ok

19:22:20.0031 1220 CmdIde - ok

19:22:20.0046 1220 comhost - ok

19:22:20.0062 1220 COMSysApp - ok

19:22:20.0078 1220 Cpqarray - ok

19:22:20.0078 1220 cpqvcagent - ok

19:22:20.0093 1220 cqmghost - ok

19:22:20.0140 1220 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

19:22:20.0296 1220 CryptSvc - ok

19:22:20.0312 1220 CVirtA - ok

19:22:20.0328 1220 CXTUNE - ok

19:22:20.0359 1220 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys

19:22:20.0390 1220 d347bus ( UnsignedFile.Multi.Generic ) - warning

19:22:20.0390 1220 d347bus - detected UnsignedFile.Multi.Generic (1)

19:22:20.0406 1220 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys

19:22:20.0421 1220 d347prt ( UnsignedFile.Multi.Generic ) - warning

19:22:20.0421 1220 d347prt - detected UnsignedFile.Multi.Generic (1)

19:22:20.0421 1220 dac2w2k - ok

19:22:20.0437 1220 dac960nt - ok

19:22:20.0484 1220 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

19:22:20.0546 1220 DcomLaunch - ok

19:22:20.0562 1220 DELL_A02 - ok

19:22:20.0578 1220 DeviceScanner - ok

19:22:20.0640 1220 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

19:22:21.0031 1220 Dhcp - ok

19:22:21.0046 1220 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

19:22:21.0187 1220 Disk - ok

19:22:21.0234 1220 DkLogger (dfce12cf6420cc54ad5c5a4d3b115a6c) C:\WINDOWS\System32\DkLog.exe

19:22:21.0234 1220 DkLogger ( UnsignedFile.Multi.Generic ) - warning

19:22:21.0234 1220 DkLogger - detected UnsignedFile.Multi.Generic (1)

19:22:21.0312 1220 DkTknSrv (94d990c5cc9745b8af676bf5da088670) C:\WINDOWS\System32\dkcktkn.exe

19:22:21.0343 1220 DkTknSrv ( UnsignedFile.Multi.Generic ) - warning

19:22:21.0343 1220 DkTknSrv - detected UnsignedFile.Multi.Generic (1)

19:22:21.0359 1220 DLARTL_M - ok

19:22:21.0375 1220 dmadmin - ok

19:22:21.0406 1220 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

19:22:21.0609 1220 dmboot - ok

19:22:21.0656 1220 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

19:22:21.0812 1220 dmio - ok

19:22:21.0843 1220 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

19:22:22.0000 1220 dmload - ok

19:22:22.0046 1220 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

19:22:22.0203 1220 dmserver - ok

19:22:22.0250 1220 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

19:22:22.0406 1220 DMusic - ok

19:22:22.0562 1220 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

19:22:23.0031 1220 Dnscache - ok

19:22:23.0250 1220 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

19:22:23.0484 1220 Dot3svc - ok

19:22:23.0718 1220 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

19:22:23.0953 1220 Dot4 - ok

19:22:24.0078 1220 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

19:22:24.0234 1220 Dot4Print - ok

19:22:24.0234 1220 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

19:22:24.0406 1220 dot4usb - ok

19:22:24.0421 1220 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

19:22:24.0578 1220 dpti2o - ok

19:22:24.0625 1220 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

19:22:24.0781 1220 drmkaud - ok

19:22:24.0796 1220 e1000 - ok

19:22:24.0828 1220 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys

19:22:24.0859 1220 E100B - ok

19:22:24.0906 1220 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

19:22:25.0062 1220 EapHost - ok

19:22:25.0078 1220 epson_pm_rpcv4_01 - ok

19:22:25.0109 1220 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

19:22:25.0265 1220 ERSvc - ok

19:22:25.0312 1220 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

19:22:25.0359 1220 Eventlog - ok

19:22:25.0406 1220 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

19:22:25.0500 1220 EventSystem - ok

19:22:25.0562 1220 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

19:22:25.0734 1220 Fastfat - ok

19:22:25.0796 1220 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

19:22:25.0859 1220 FastUserSwitchingCompatibility - ok

19:22:25.0890 1220 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

19:22:26.0062 1220 Fdc - ok

19:22:26.0062 1220 FETNDIS - ok

19:22:26.0093 1220 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

19:22:26.0250 1220 Fips - ok

19:22:26.0281 1220 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

19:22:26.0421 1220 Flpydisk - ok

19:22:26.0484 1220 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

19:22:26.0640 1220 FltMgr - ok

19:22:26.0734 1220 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

19:22:26.0750 1220 FontCache3.0.0.0 - ok

19:22:26.0781 1220 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

19:22:26.0937 1220 Fs_Rec - ok

19:22:27.0015 1220 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

19:22:27.0203 1220 Ftdisk - ok

19:22:27.0234 1220 ftrtsvc - ok

19:22:27.0250 1220 gearaspiwdm - ok

19:22:27.0390 1220 GoToAssist - ok

19:22:27.0437 1220 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

19:22:27.0593 1220 Gpc - ok

19:22:27.0687 1220 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

19:22:27.0703 1220 gupdate - ok

19:22:27.0703 1220 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

19:22:27.0718 1220 gupdatem - ok

19:22:27.0734 1220 GV600_4 - ok

19:22:27.0750 1220 hclinetd - ok

19:22:27.0750 1220 hcwPP2 - ok

19:22:27.0796 1220 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

19:22:27.0968 1220 HDAudBus - ok

19:22:28.0046 1220 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

19:22:28.0218 1220 helpsvc - ok

19:22:28.0234 1220 HidServ - ok

19:22:28.0265 1220 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

19:22:28.0421 1220 HidUsb - ok

19:22:28.0468 1220 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

19:22:28.0687 1220 hkmsvc - ok

19:22:28.0687 1220 hmonitor - ok

19:22:28.0703 1220 hpn - ok

19:22:28.0718 1220 hpzius12 - ok

19:22:28.0734 1220 hsxhwazl - ok

19:22:28.0796 1220 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

19:22:28.0843 1220 HTTP - ok

19:22:28.0875 1220 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

19:22:29.0140 1220 HTTPFilter - ok

19:22:29.0187 1220 hwdatacard - ok

19:22:29.0328 1220 i2omgmt - ok

19:22:29.0421 1220 i2omp - ok

19:22:29.0578 1220 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

19:22:29.0859 1220 i8042prt - ok

19:22:30.0265 1220 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

19:22:30.0453 1220 i81x - ok

19:22:30.0484 1220 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

19:22:30.0687 1220 iAimFP0 - ok

19:22:30.0718 1220 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

19:22:30.0875 1220 iAimFP1 - ok

19:22:30.0906 1220 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

19:22:31.0218 1220 iAimFP2 - ok

19:22:31.0343 1220 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

19:22:31.0671 1220 iAimFP3 - ok

19:22:31.0703 1220 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

19:22:32.0484 1220 iAimFP4 - ok

19:22:32.0593 1220 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys

19:22:32.0906 1220 iAimFP5 - ok

19:22:32.0937 1220 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys

19:22:33.0140 1220 iAimFP6 - ok

19:22:33.0171 1220 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys

19:22:33.0390 1220 iAimFP7 - ok

19:22:33.0406 1220 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

19:22:33.0562 1220 iAimTV0 - ok

19:22:33.0578 1220 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

19:22:33.0718 1220 iAimTV1 - ok

19:22:33.0734 1220 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

19:22:33.0875 1220 iAimTV3 - ok

19:22:33.0890 1220 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

19:22:34.0031 1220 iAimTV4 - ok

19:22:34.0062 1220 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys

19:22:34.0218 1220 iAimTV5 - ok

19:22:34.0218 1220 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys

19:22:34.0375 1220 iAimTV6 - ok

19:22:34.0453 1220 ialm (85d42b7f0dd406adf5e3ec7659a279ec) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

19:22:34.0546 1220 ialm - ok

19:22:34.0546 1220 ICAM3NT5 - ok

19:22:34.0640 1220 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

19:22:34.0703 1220 idsvc - ok

19:22:34.0703 1220 ikhlayer - ok

19:22:34.0781 1220 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

19:22:34.0937 1220 Imapi - ok

19:22:34.0984 1220 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

19:22:35.0140 1220 ImapiService - ok

19:22:35.0156 1220 ini910u - ok

19:22:35.0171 1220 ino_fltr - ok

19:22:35.0328 1220 IntcAzAudAddService (b29781b9a90cd55fc5d859c0b1c243bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys

19:22:35.0562 1220 IntcAzAudAddService - ok

19:22:35.0750 1220 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

19:22:35.0875 1220 IntelIde - ok

19:22:35.0921 1220 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

19:22:36.0078 1220 intelppm - ok

19:22:36.0078 1220 iolo_srv - ok

19:22:36.0109 1220 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

19:22:36.0265 1220 Ip6Fw - ok

19:22:36.0296 1220 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

19:22:36.0453 1220 IpFilterDriver - ok

19:22:36.0484 1220 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

19:22:36.0625 1220 IpInIp - ok

19:22:36.0656 1220 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

19:22:36.0812 1220 IpNat - ok

19:22:36.0843 1220 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

19:22:36.0984 1220 IPSec - ok

19:22:37.0015 1220 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

19:22:37.0093 1220 IRENUM - ok

19:22:37.0125 1220 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

19:22:37.0281 1220 isapnp - ok

19:22:37.0375 1220 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

19:22:37.0390 1220 IviRegMgr - ok

19:22:37.0406 1220 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

19:22:37.0562 1220 Kbdclass - ok

19:22:37.0593 1220 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

19:22:37.0734 1220 kmixer - ok

19:22:37.0781 1220 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

19:22:37.0859 1220 KSecDD - ok

19:22:37.0890 1220 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

19:22:37.0953 1220 lanmanserver - ok

19:22:38.0640 1220 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

19:22:38.0718 1220 lanmanworkstation - ok

19:22:38.0734 1220 lbrtfdc - ok

19:22:38.0812 1220 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

19:22:38.0984 1220 LmHosts - ok

19:22:39.0000 1220 LoopBeMidi1 - ok

19:22:39.0000 1220 LRMINIPORT - ok

19:22:39.0015 1220 LVBulk - ok

19:22:39.0031 1220 lvselsus - ok

19:22:39.0046 1220 lxcf_device - ok

19:22:39.0062 1220 lxct_device - ok

19:22:39.0078 1220 macformatservice - ok

19:22:39.0078 1220 ma_cmidi_installerservice - ok

19:22:39.0125 1220 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

19:22:39.0140 1220 MBAMProtector - ok

19:22:39.0312 1220 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

19:22:39.0390 1220 MBAMService - ok

19:22:39.0421 1220 mcafeeantispyware - ok

19:22:39.0437 1220 megamonitorsrv - ok

19:22:39.0468 1220 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

19:22:39.0640 1220 Messenger - ok

19:22:39.0656 1220 mfeapfk - ok

19:22:39.0765 1220 MFE_RR - ok

19:22:39.0781 1220 mgisvr - ok

19:22:39.0843 1220 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

19:22:40.0000 1220 mnmdd - ok

19:22:40.0046 1220 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

19:22:40.0187 1220 mnmsrvc - ok

19:22:40.0218 1220 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

19:22:40.0375 1220 Modem - ok

19:22:40.0406 1220 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

19:22:40.0562 1220 Mouclass - ok

19:22:40.0593 1220 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

19:22:40.0750 1220 mouhid - ok

19:22:40.0796 1220 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

19:22:40.0937 1220 MountMgr - ok

19:22:40.0953 1220 mraid35x - ok

19:22:40.0968 1220 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

19:22:41.0125 1220 MRxDAV - ok

19:22:41.0187 1220 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

19:22:41.0234 1220 MRxSmb - ok

19:22:41.0250 1220 MS1000 - ok

19:22:41.0296 1220 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

19:22:41.0437 1220 MSDTC - ok

19:22:41.0453 1220 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

19:22:41.0609 1220 Msfs - ok

19:22:41.0625 1220 MSIServer - ok

19:22:41.0640 1220 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

19:22:41.0812 1220 MSKSSRV - ok

19:22:41.0843 1220 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

19:22:42.0015 1220 MSPCLOCK - ok

19:22:42.0046 1220 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

19:22:42.0203 1220 MSPQM - ok

19:22:42.0250 1220 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

19:22:42.0406 1220 mssmbios - ok

19:22:42.0437 1220 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

19:22:42.0484 1220 Mup - ok

19:22:42.0546 1220 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

19:22:42.0718 1220 napagent - ok

19:22:42.0718 1220 navapsvc - ok

19:22:42.0765 1220 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

19:22:42.0906 1220 NDIS - ok

19:22:42.0953 1220 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

19:22:43.0015 1220 NdisTapi - ok

19:22:43.0031 1220 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

19:22:43.0187 1220 Ndisuio - ok

19:22:43.0218 1220 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

19:22:43.0359 1220 NdisWan - ok

19:22:43.0421 1220 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

19:22:43.0484 1220 NDProxy - ok

19:22:43.0500 1220 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

19:22:43.0640 1220 NetBIOS - ok

19:22:43.0687 1220 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\drivers\netbt.sys

19:22:43.0828 1220 NetBT - ok

19:22:43.0843 1220 netcfgsvr - ok

19:22:43.0890 1220 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

19:22:44.0031 1220 NetDDE - ok

19:22:44.0031 1220 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

19:22:44.0187 1220 NetDDEdsdm - ok

19:22:44.0218 1220 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

19:22:44.0359 1220 Netlogon - ok

19:22:44.0515 1220 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

19:22:44.0687 1220 Netman - ok

19:22:44.0796 1220 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:22:44.0812 1220 NetTcpPortSharing - ok

19:22:44.0828 1220 nhcDriverDevice - ok

19:22:44.0843 1220 niorbk - ok

19:22:44.0906 1220 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

19:22:45.0062 1220 Nla - ok

19:22:45.0078 1220 nmservice - ok

19:22:45.0156 1220 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

19:22:45.0375 1220 Npfs - ok

19:22:45.0390 1220 Nsynas32 - ok

19:22:45.0453 1220 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

19:22:45.0625 1220 Ntfs - ok

19:22:45.0671 1220 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

19:22:45.0843 1220 NtLmSsp - ok

19:22:45.0890 1220 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

19:22:46.0046 1220 NtmsSvc - ok

19:22:46.0093 1220 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

19:22:46.0250 1220 Null - ok

19:22:46.0250 1220 nvenetfd - ok

19:22:46.0265 1220 nvrd64 - ok

19:22:46.0281 1220 nvsvc - ok

19:22:46.0312 1220 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

19:22:46.0453 1220 NwlnkFlt - ok

19:22:46.0468 1220 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

19:22:46.0609 1220 NwlnkFwd - ok

19:22:46.0625 1220 ofcservice - ok

19:22:46.0640 1220 OracleOraHome92ClientCache - ok

19:22:46.0656 1220 oracleorahome92tnslistener - ok

19:22:46.0750 1220 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:22:46.0765 1220 ose - ok

19:22:46.0765 1220 ownershipprotocol - ok

19:22:46.0781 1220 p2pgasvc - ok

19:22:46.0796 1220 p2psvc - ok

19:22:46.0859 1220 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

19:22:47.0015 1220 P3 - ok

19:22:47.0093 1220 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

19:22:47.0359 1220 Parport - ok

19:22:47.0390 1220 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

19:22:47.0609 1220 PartMgr - ok

19:22:47.0640 1220 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

19:22:47.0796 1220 ParVdm - ok

19:22:47.0828 1220 passthru - ok

19:22:47.0921 1220 PCA (2a42ddaeaae7743c55a3fa68a7ad9538) C:\WINDOWS\SMINST\PCAngel.exe

19:22:47.0937 1220 PCA ( UnsignedFile.Multi.Generic ) - warning

19:22:47.0937 1220 PCA - detected UnsignedFile.Multi.Generic (1)

19:22:47.0968 1220 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

19:22:48.0109 1220 PCI - ok

19:22:48.0125 1220 PCIDump - ok

19:22:48.0156 1220 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

19:22:48.0296 1220 PCIIde - ok

19:22:48.0328 1220 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

19:22:48.0468 1220 Pcmcia - ok

19:22:48.0484 1220 pcx1nd5 - ok

19:22:48.0484 1220 PDCOMP - ok

19:22:48.0500 1220 PDExchange - ok

19:22:48.0593 1220 pdfcDispatcher - ok

19:22:48.0609 1220 PDFRAME - ok

19:22:48.0625 1220 pdlndoem - ok

19:22:48.0640 1220 PDRELI - ok

19:22:48.0640 1220 PDRFRAME - ok

19:22:48.0656 1220 perc2 - ok

19:22:48.0671 1220 perc2hib - ok

19:22:48.0703 1220 personalsecuredriveservice - ok

19:22:48.0718 1220 pfmodnt - ok

19:22:48.0765 1220 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

19:22:48.0875 1220 PlugPlay - ok

19:22:48.0890 1220 pmem - ok

19:22:48.0906 1220 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

19:22:49.0109 1220 PolicyAgent - ok

19:22:49.0109 1220 ppmoucls - ok

19:22:49.0140 1220 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

19:22:49.0296 1220 PptpMiniport - ok

19:22:49.0312 1220 prismxl - ok

19:22:49.0312 1220 prosync1 - ok

19:22:49.0328 1220 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

19:22:49.0593 1220 ProtectedStorage - ok

19:22:49.0609 1220 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

19:22:49.0750 1220 PSched - ok

19:22:49.0750 1220 PSI_SVC_2 - ok

19:22:49.0796 1220 PTDCBus - ok

19:22:49.0828 1220 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

19:22:49.0984 1220 Ptilink - ok

19:22:50.0000 1220 pvservice - ok

19:22:50.0000 1220 qcmerced - ok

19:22:50.0015 1220 ql1080 - ok

19:22:50.0031 1220 Ql10wnt - ok

19:22:50.0046 1220 ql12160 - ok

19:22:50.0062 1220 ql1240 - ok

19:22:50.0078 1220 ql1280 - ok

19:22:50.0078 1220 radclock - ok

19:22:50.0109 1220 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

19:22:50.0265 1220 RasAcd - ok

19:22:50.0296 1220 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

19:22:50.0500 1220 RasAuto - ok

19:22:50.0531 1220 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

19:22:50.0718 1220 Rasl2tp - ok

19:22:50.0781 1220 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

19:22:50.0921 1220 RasMan - ok

19:22:50.0937 1220 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

19:22:51.0109 1220 RasPppoe - ok

19:22:51.0156 1220 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

19:22:51.0281 1220 Raspti - ok

19:22:51.0312 1220 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

19:22:51.0453 1220 Rdbss - ok

19:22:51.0484 1220 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

19:22:51.0625 1220 RDPCDD - ok

19:22:51.0640 1220 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

19:22:51.0796 1220 rdpdr - ok

19:22:51.0828 1220 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

19:22:51.0875 1220 RDPWD - ok

19:22:51.0906 1220 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

19:22:52.0062 1220 RDSessMgr - ok

19:22:52.0109 1220 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

19:22:52.0250 1220 RemoteAccess - ok

19:22:52.0296 1220 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

19:22:52.0468 1220 RemoteRegistry - ok

19:22:52.0515 1220 riomsc - ok

19:22:52.0531 1220 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

19:22:52.0781 1220 RpcLocator - ok

19:22:52.0843 1220 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

19:22:52.0984 1220 RpcSs - ok

19:22:53.0015 1220 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

19:22:53.0171 1220 RSVP - ok

19:22:53.0187 1220 s716mdfl - ok

19:22:53.0234 1220 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

19:22:53.0375 1220 SamSs - ok

19:22:53.0390 1220 savrtpel - ok

19:22:53.0390 1220 scarddrv - ok

19:22:53.0437 1220 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

19:22:53.0625 1220 SCardSvr - ok

19:22:53.0671 1220 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

19:22:53.0843 1220 Schedule - ok

19:22:53.0890 1220 SCR33x USB Smart Card Reader - ok

19:22:53.0937 1220 SCR3xx USB Smart Card Reader (a2b0f1ad2919b13c7eb0fc743492bfd1) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys

19:22:54.0000 1220 SCR3xx USB Smart Card Reader - ok

19:22:54.0000 1220 SE2Cbus - ok

19:22:54.0046 1220 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

19:22:54.0109 1220 Secdrv - ok

19:22:54.0140 1220 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

19:22:54.0296 1220 seclogon - ok

19:22:54.0312 1220 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

19:22:54.0468 1220 SENS - ok

19:22:54.0515 1220 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

19:22:54.0656 1220 serenum - ok

19:22:54.0718 1220 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

19:22:55.0015 1220 Sfloppy - ok

19:22:55.0062 1220 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

19:22:55.0234 1220 SharedAccess - ok

19:22:55.0281 1220 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

19:22:55.0312 1220 ShellHWDetection - ok

19:22:55.0328 1220 ShockMgr - ok

19:22:55.0328 1220 Simbad - ok

19:22:55.0343 1220 sit_prt - ok

19:22:55.0359 1220 slabbus - ok

19:22:55.0375 1220 smartscaps - ok

19:22:55.0375 1220 SMCB000 - ok

19:22:55.0390 1220 smcirda - ok

19:22:55.0406 1220 smrt - ok

19:22:55.0421 1220 sony_ssm.sys - ok

19:22:55.0421 1220 Sparrow - ok

19:22:55.0437 1220 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

19:22:55.0578 1220 splitter - ok

19:22:55.0640 1220 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

19:22:55.0671 1220 Spooler - ok

19:22:55.0781 1220 SQLWriter (9263c8898732e2b890f7e954e7729ab7) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

19:22:55.0796 1220 SQLWriter - ok

19:22:55.0828 1220 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

19:22:55.0890 1220 sr - ok

19:22:55.0953 1220 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

19:22:56.0046 1220 srservice - ok

19:22:56.0093 1220 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

19:22:56.0156 1220 Srv - ok

19:22:56.0187 1220 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

19:22:56.0250 1220 SSDPSRV - ok

19:22:56.0296 1220 STC2DFU (594898b175b8b7d2897a71227d4bbda1) C:\WINDOWS\system32\DRIVERS\Stc2Dfu.SYS

19:22:56.0343 1220 STC2DFU - ok

19:22:56.0359 1220 sthda - ok

19:22:56.0406 1220 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

19:22:56.0578 1220 stisvc - ok

19:22:56.0593 1220 stllssvr - ok

19:22:56.0609 1220 stylexphelper - ok

19:22:56.0625 1220 surveyor - ok

19:22:56.0656 1220 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

19:22:56.0812 1220 swenum - ok

19:22:56.0843 1220 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

19:22:57.0000 1220 swmidi - ok

19:22:57.0015 1220 SwPrv - ok

19:22:57.0078 1220 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

19:22:57.0234 1220 symc810 - ok

19:22:57.0250 1220 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

19:22:57.0406 1220 symc8xx - ok

19:22:57.0421 1220 SymIM - ok

19:22:57.0484 1220 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys

19:22:57.0484 1220 Symmpi ( UnsignedFile.Multi.Generic ) - warning

19:22:57.0484 1220 Symmpi - detected UnsignedFile.Multi.Generic (1)

19:22:57.0500 1220 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

19:22:57.0718 1220 sym_hi - ok

19:22:57.0734 1220 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

19:22:57.0875 1220 sym_u3 - ok

19:22:57.0906 1220 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

19:22:58.0046 1220 sysaudio - ok

19:22:58.0062 1220 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

19:22:58.0218 1220 SysmonLog - ok

19:22:58.0218 1220 tabletservice - ok

19:22:58.0250 1220 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

19:22:58.0406 1220 TapiSrv - ok

19:22:58.0421 1220 tavsvc - ok

19:22:58.0453 1220 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

19:22:58.0484 1220 Tcpip - ok

19:22:58.0515 1220 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

19:22:58.0640 1220 TDPIPE - ok

19:22:58.0656 1220 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

19:22:58.0812 1220 TDTCP - ok

19:22:58.0828 1220 teefer2 - ok

19:22:58.0859 1220 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

19:22:59.0015 1220 TermDD - ok

19:22:59.0078 1220 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

19:22:59.0234 1220 TermService - ok

19:22:59.0281 1220 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

19:22:59.0312 1220 Themes - ok

19:22:59.0312 1220 tifm21 - ok

19:22:59.0375 1220 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

19:22:59.0500 1220 TlntSvr - ok

19:22:59.0500 1220 tmactmon - ok

19:22:59.0515 1220 toddsrv - ok

19:22:59.0531 1220 tomcatcws3 - ok

19:22:59.0546 1220 TosIde - ok

19:22:59.0546 1220 TPECioCtl - ok

19:22:59.0562 1220 tpsrv - ok

19:22:59.0593 1220 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

19:22:59.0781 1220 TrkWks - ok

19:22:59.0796 1220 TVALG - ok

19:22:59.0812 1220 tvalz - ok

19:22:59.0859 1220 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

19:23:00.0078 1220 Udfs - ok

19:23:00.0093 1220 ultra - ok

19:23:00.0125 1220 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

19:23:00.0281 1220 upnphost - ok

19:23:00.0296 1220 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

19:23:00.0437 1220 UPS - ok

19:23:00.0468 1220 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

19:23:00.0625 1220 usbccgp - ok

19:23:00.0671 1220 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

19:23:00.0812 1220 usbehci - ok

19:23:00.0828 1220 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

19:23:00.0984 1220 usbhub - ok

19:23:01.0015 1220 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

19:23:01.0156 1220 usbscan - ok

19:23:01.0187 1220 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:23:01.0328 1220 USBSTOR - ok

19:23:01.0359 1220 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

19:23:01.0500 1220 usbuhci - ok

19:23:01.0515 1220 vet-filt - ok

19:23:01.0531 1220 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

19:23:01.0687 1220 VgaSave - ok

19:23:01.0703 1220 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

19:23:01.0859 1220 ViaIde - ok

19:23:01.0875 1220 vmparport - ok

19:23:01.0906 1220 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

19:23:02.0078 1220 VolSnap - ok

19:23:02.0093 1220 vpcnets2 - ok

19:23:02.0109 1220 VrAcFil - ok

19:23:02.0125 1220 vsmon - ok

19:23:02.0171 1220 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

19:23:02.0250 1220 VSS - ok

19:23:02.0250 1220 vvoice - ok

19:23:02.0265 1220 vwkernel - ok

19:23:02.0281 1220 VX3000 - ok

19:23:02.0296 1220 vxsvc - ok

19:23:02.0328 1220 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

19:23:02.0468 1220 W32Time - ok

19:23:02.0484 1220 W8100PCI - ok

19:23:02.0500 1220 w810mdm - ok

19:23:02.0515 1220 w810obex - ok

19:23:02.0531 1220 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

19:23:02.0656 1220 Wanarp - ok

19:23:02.0671 1220 Wdf01000 - ok

19:23:02.0687 1220 WDICA - ok

19:23:02.0703 1220 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

19:23:02.0843 1220 wdmaud - ok

19:23:02.0875 1220 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

19:23:03.0031 1220 WebClient - ok

19:23:03.0062 1220 wencrservice - ok

19:23:03.0062 1220 wg3n - ok

19:23:03.0125 1220 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

19:23:03.0265 1220 winmgmt - ok

19:23:03.0296 1220 WINUSB - ok

19:23:03.0296 1220 winvnc4 - ok

19:23:03.0312 1220 wltrysvc - ok

19:23:03.0359 1220 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll

19:23:03.0500 1220 WmdmPmSN - ok

19:23:03.0578 1220 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

19:23:03.0640 1220 Wmi - ok

19:23:03.0671 1220 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

19:23:03.0812 1220 WmiApSrv - ok

19:23:03.0890 1220 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

19:23:04.0031 1220 WS2IFSL - ok

19:23:04.0046 1220 WscNetDr - ok

19:23:04.0093 1220 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

19:23:04.0234 1220 wscsvc - ok

19:23:04.0265 1220 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

19:23:04.0437 1220 wuauserv - ok

19:23:04.0453 1220 wwnetdde - ok

19:23:04.0515 1220 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

19:23:04.0687 1220 WZCSVC - ok

19:23:04.0703 1220 xfactorae1 - ok

19:23:04.0734 1220 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

19:23:04.0890 1220 xmlprov - ok

19:23:04.0906 1220 XUIF - ok

19:23:04.0921 1220 zpnodecollector - ok

19:23:04.0937 1220 {834170a7-af3b-4d34-a757-e05eb29ee96d} - ok

19:23:04.0937 1220 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok

19:23:04.0953 1220 MBR (0x1B8) (0c808e7238c810543120b2dc771ed1ba) \Device\Harddisk0\DR0

19:23:05.0203 1220 \Device\Harddisk0\DR0 - ok

19:23:05.0218 1220 Boot (0x1200) (b592005a6acea05ce3192ccd058969c4) \Device\Harddisk0\DR0\Partition0

19:23:05.0218 1220 \Device\Harddisk0\DR0\Partition0 - ok

19:23:05.0218 1220 Boot (0x1200) (f1723416ca25f57dd9d95bca902cbfb2) \Device\Harddisk0\DR0\Partition1

19:23:05.0218 1220 \Device\Harddisk0\DR0\Partition1 - ok

19:23:05.0218 1220 ============================================================

19:23:05.0218 1220 Scan finished

19:23:05.0218 1220 ============================================================

19:23:05.0343 3048 Detected object count: 7

19:23:05.0343 3048 Actual detected object count: 7

19:26:46.0656 3048 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:26:46.0656 3048 d347bus ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 d347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:26:46.0656 3048 d347prt ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 d347prt ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:26:46.0656 3048 DkLogger ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 DkLogger ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:26:46.0656 3048 DkTknSrv ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 DkTknSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:26:46.0656 3048 PCA ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 PCA ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:26:46.0656 3048 Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:27:42.0546 0536 Deinitialize success

СТЪПКА 3

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-07 19:33:48

-----------------------------

19:33:48.296 OS Version: Windows 5.1.2600 Service Pack 3

19:33:48.296 Number of processors: 1 586 0x1601

19:33:48.296 ComputerName: PLAMENKARAINOVA UserName: Plamenka

19:33:52.406 Initialize success

19:33:55.531 AVAST engine defs: 12040700

19:35:19.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

19:35:19.843 Disk 0 Vendor: SAMSUNG_HD161HJ JF100-20 Size: 152627MB BusType: 3

19:35:19.859 Disk 0 MBR read successfully

19:35:19.875 Disk 0 MBR scan

19:35:19.875 Disk 0 unknown MBR code

19:35:19.875 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 142365 MB offset 63

19:35:19.906 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10244 MB offset 291579750

19:35:19.921 Disk 0 scanning sectors +312560640

19:35:19.968 Disk 0 scanning C:\WINDOWS\system32\drivers

19:35:32.953 Service scanning

19:35:45.953 Modules scanning

19:35:51.953 Disk 0 trace - called modules:

19:35:51.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

19:35:51.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82d7d998]

19:35:51.968 3 CLASSPNP.SYS[f85f4fd7] -> nt!IofCallDriver -> \Device\0000005f[0x82d7ef18]

19:35:51.968 5 ACPI.sys[f8465620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82d8b3a0]

19:35:52.218 AVAST engine scan C:\

19:46:05.484 File: C:\old\Program Files\Symantec_Client_Security\Symantec AntiVirus\qsinfo.dll **INFECTED** Win32:MalOb-HG [Cryp]

21:38:48.718 Scan finished successfully

09:47:54.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Plamenka\Desktop\OTL\MBR.dat"

09:47:54.750 The log file has been saved successfully to "C:\Documents and Settings\Plamenka\Desktop\OTL\aswMBR.txt"

СТЪПКА 4

Farbar Service Scanner Version: 01-03-2012

Ran by Plamenka (administrator) on 08-04-2012 at 09:49:56

Running from "C:\Documents and Settings\Plamenka\Desktop"

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

aswTdi(8) Gpc(6) IPSec(4) NetBT(9) PSched(7) Tcpip(3)

0x09000000040000000100000002000000030000000800000056000000050000000600000007000000

IpSec Tag value is correct.

**** End of log ****

OTL.Txt

Extras.Txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

здравейте,

ТОВА НОРМАЛНО ЛИ Е ???

След стартиране на OTL, Copy/ Paste и Run Fix

в статус бара на OTL изписва "Killing processes. DO NOT INTERRUPT......" и компютъра е зависнал вече повевче от час и половина /имах отворе Task Manager -от час и половина неактивен , часовника е умрял / ТОВА НОРМАЛНО ЛИ Е???

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ок, спрете инструмента и рестартирайте компютъра (може и през Task Manager-a) Рестартирайте в Safe Mode и пробвайте оттам. Спрете всички програми преди да го изпълните. В друга тема се получи същото, защото скрипта е доста дълъг. Пишете за резултатите.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не мога да изпратя лог-а. Може би е прекалено голям. Прикачвам го04102012_081747.zip Ето и MBR.DATMBR.zip

Редактирано от B-boy[StyLe]
Латиница ! (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

До тук добре.

Финални проверки...

Направете нова проверка, както е описано в този пост, стъпка 1

Прикачете лог файловете ако са много големи.

И второ:

Изтеглете GrantPerms.zip и го разархивирайте в папка по избор. Стартирайте GrantPerms.exe и въведете следната информация:

c:\windows\$NtUninstallKB3255$
C:\WINDOWS\$NtUninstallKB938828$

Натиснете Unlock и след това List Permissions. Публикувайте лог файла в следващия си пост.

Следвайте следната инструкция за работа със SystemLook:

Изтеглете SystemLook и запазете програмата на десктопа.

  • Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
  • Копирайте съдържанието от цитата по-долу в текстовото поле на програмата:

    :dir
    c:\windows\$NtUninstallKB3255$ /s
    C:\WINDOWS\$NtUninstallKB938828$ /s
  • Кликнете на бутона Look, за да започне сканирането.
  • Когато сканирането завърши ще се отвори Notepad с резултата от сканирането. После публикувайте лог файла в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Лог фаила от OTL - OTL.zip

GrantPerms by Farbar

Ran by Plamenka (administrator) at 2012-04-10 14:57:08

===============================================

ERROR: Parsing the SD of <\\?\c:\windows\$NtUninstallKB3255$ > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

\\?\C:\WINDOWS\$NtUninstallKB938828$

Owner: BUILTIN\Administrators

DACL(NP)(AI):

BUILTIN\Administrators FULL ALLOW (CI)(OI)

NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)

BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)

BUILTIN\Users READ/EXECUTE ALLOW (I)

BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(IO)(I)

BUILTIN\Power Users change ALLOW (I)

BUILTIN\Power Users change ALLOW (CI)(OI)(IO)(I)

BUILTIN\Administrators FULL ALLOW (I)

BUILTIN\Administrators FULL ALLOW (CI)(OI)(IO)(I)

NT AUTHORITY\SYSTEM FULL ALLOW (I)

NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(IO)(I)

CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)

SystemLook 30.07.11 by jpshortstuff

Log created at 14:59 on 10/04/2012 by Plamenka

Administrator - Elevation successful

========== dir ==========

c:\windows\$NtUninstallKB3255$ - Unable to find folder.

C:\WINDOWS\$NtUninstallKB938828$ - Parameters: "/s"

---Files---

explorer.exe --a--c- 1032192 bytes [14:51 19/02/2008] [08:00 04/08/2004]

C:\WINDOWS\$NtUninstallKB938828$\spuninst d----c- [14:51 19/02/2008]

spuninst.exe --a--c- 213216 bytes [14:51 19/02/2008] [23:12 12/10/2005]

spuninst.inf --a--c- 5161 bytes [14:51 19/02/2008] [14:51 19/02/2008]

spuninst.txt --a--c- 311 bytes [14:51 19/02/2008] [14:51 19/02/2008]

updspapi.dll --a--c- 371424 bytes [14:51 19/02/2008] [23:12 12/10/2005]

-= EOF =-

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Последен напън:

  • Стартирайте файла Публикувано изображение с двукратен клик на мишката.
  • Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):
:OTL
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ctl3dv2.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\ntldr:KAVICHS
:files
dir /s /a "C:\8f1faac2df4bafcb014484efad6630ed" /c
:commands
[emptytemp]
След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл - OTL fix log. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

здравейте отново,

След два опита при които ОТЛ-то зависва както преди го пуснах в Сеив Мод

ето и резултата:

All processes killed

========== OTL ==========

Unable to delete ADS C:WINDOWSSystem32ctl3dv2.dll:KAVICHS .

Unable to delete ADS C:ntldr:KAVICHS .

========== FILES ==========

< dir /s /a "C:8f1faac2df4bafcb014484efad6630ed" /c >

Volume in drive C has no label.

Volume Serial Number is 10A9-DC13

Directory of C:8f1faac2df4bafcb014484efad6630ed

02/17/2012 04:50 PM <DIR> .

02/17/2012 04:50 PM <DIR> ..

02/17/2012 04:50 PM 788 $shtdwn$.req

01/27/2012 12:27 AM 3,650,706 mrt.exe._p

01/27/2012 12:13 AM 92,976 mrtstub.exe

3 File(s) 3,744,470 bytes

Total Files Listed:

3 File(s) 3,744,470 bytes

2 Dir(s) 126,844,305,408 bytes free

C:Documents and SettingsPlamenkaDesktopcmd.bat deleted successfully.

C:Documents and SettingsPlamenkaDesktopcmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Plamenka

->Temp folder emptied: 335644 bytes

->Temporary Internet Files folder emptied: 30964474 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 734 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32dllcache .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 483 bytes

%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 1056 bytes

%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 1289041 bytes

Total Files Cleaned = 31.00 mb

OTL by OldTimer - Version 3.2.39.2 log created on 04182012_104103

FilesFolders moved on Reboot...

Registry entries deleted on Reboot...

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Отворете virustotal и с бутона Browse намерете файла:

C:ntldr (за този файл трябва да покажете скритите файлове)

My Computer => Tools => Folder Options => View => Hidden files and folders => слагате радиобутона пред Show Hidden FIles and Folders

My Computer => Tools => Folder Options => View => Hide protected operating system files(recommended) => премахнете отметката

Натиснете бутона SEND.

Ако файла вече е анализирам, моля натиснете Reanalyse.

Повторете стъпките за този файл:

C:WINDOWSSystem32ctl3dv2.dll

Публикувайте резултатите от проверката за този файл в следващяи си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

SHA256: 644335c778eed2c2acb701657fb337cef93bde486650878d3c6ebc2ac4d4a447 SHA1: cb8c794dbe38d7bbe79e992823678e493370e975 MD5: c1b29b4e6eea9510610db2ec4d6db160 File size: 244.2 KB ( 250048 bytes ) File name: C:ntldr File type: DOS EXE Detection ratio: 1 / 42 Analysis date: 2012-04-20 10:32:31 UTC ( 3 минути ago ) More details Antivirus Result Update AhnLab-V3 - 20120420 AntiVir - 20120420 Antiy-AVL - 20120420 Avast - 20120420 AVG - 20120420 BitDefender - 20120420 ByteHero - 20120417 CAT-QuickHeal - 20120420 ClamAV - 20120419 Commtouch - 20120420 Comodo - 20120420 DrWeb - 20120420 Emsisoft - 20120420 eSafe - 20120419 eTrust-Vet - 20120420 F-Prot - 20120420 F-Secure - 20120420 Fortinet - 20120420 GData - 20120420 Ikarus - 20120420 Jiangmin - 20120420 K7AntiVirus - 20120418 Kaspersky - 20120420 McAfee - 20120420 McAfee-GW-Edition Heuristic.BehavesLike.Exploit.CodeExec.O 20120420 Microsoft - 20120420 NOD32 - 20120420 Norman - 20120420 nProtect - 20120420 Panda - 20120420 PCTools - 20120420 Rising - 20120420 Sophos - 20120420 SUPERAntiSpyware - 20120402 Symantec - 20120420 TheHacker - 20120420 TrendMicro - 20120420 TrendMicro-HouseCall - 20120420 VBA32 - 20120419 VIPRE - 20120420 ViRobot - 20120420 VirusBuster - 20120420 SHA256: 3387135a5075439b9238d6c486b047d4dba8d9a6d1dad6bb74050347c70616db SHA1: 17155dedec7d8cd7aa305e204c489c6bc3060cf7 MD5: 637d88e7a1bedc4457c80dbc8ba9f135 File size: 26.6 KB ( 27200 bytes ) File name: C:WINDOWSsystem32ctl3dv2.dll File type: Win16 EXE Detection ratio: 0 / 42 Analysis date: 2012-04-20 10:43:13 UTC ( 2 минути ago ) More details Antivirus Result Update AhnLab-V3 - 20120420 AntiVir - 20120420 Antiy-AVL - 20120420 Avast - 20120420 AVG - 20120420 BitDefender - 20120420 ByteHero - 20120417 CAT-QuickHeal - 20120420 ClamAV - 20120419 Commtouch - 20120420 Comodo - 20120420 DrWeb - 20120420 Emsisoft - 20120420 eSafe - 20120419 eTrust-Vet - 20120420 F-Prot - 20120420 F-Secure - 20120420 Fortinet - 20120420 GData - 20120420 Ikarus - 20120420 Jiangmin - 20120420 K7AntiVirus - 20120418 Kaspersky - 20120420 McAfee - 20120420 McAfee-GW-Edition - 20120420 Microsoft - 20120420 NOD32 - 20120420 Norman - 20120420 nProtect - 20120420 Panda - 20120420 PCTools - 20120420 Rising - 20120420 Sophos - 20120420 SUPERAntiSpyware - 20120402 Symantec - 20120420 TheHacker - 20120420 TrendMicro - 20120420 TrendMicro-HouseCall - 20120420 VBA32 - 20120419 VIPRE - 20120420 ViRobot - 20120420 VirusBuster - 20120420

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не искам да ми копирате резултатите... Може ли да ми дадете линковете към самите резултати от проверката ? :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Така. Мисля че може да пропуснем последните стъпки. Упоритите ADS потоци не искат да се премахнат заради проблеми с правата на линкнатите два обекта. Можем да: - Пробваме да взема права над тези обекти и да премахнем ADS потоците. - Да не се занимаваме с тях - безредни са - размера е под минималния за създаване на изпълним код. - Създадени са от Kaspersky 5 - стартите версии създаваха такива потоци. Безопасни са, но malware по-принцип може да се възползва от тях и затова в новите версии на Kaspersky няма такива потоци. Можем да пробваме да почистим остатъците от Kaspersky и да видим дали това ще помогне (с някой инструмент за деинсталация). Така или иначе компютъра вече е чист. Някакви други проблеми преди финалните ми съвети. :)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

За сега няма други проблеми. :) Ако ми препоръчате деинсталатор бих пробвал да почистя остатаците от Kaspersky 5. Благодаря за помоща!

Редактирано от i5o (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

По едно време ми се намираха някакви конкретни деинсталатори за версия 5, но сега нещо не ги намирам...

Все пак почистете остатъците с тези:

kavremover.exe (трябва да въведете кода показан при стартиране на инструмента. Оставете да премахне всички познати продукти).

KAV_REGISTRY_CLEANER (разархивирайте в папка по избор и стартирайте exe-то).

KisKav6Remove.zip (разархивирайте в папка по избор и старайте exe-то).

Рестартирайте след почистването.

За ADS потоците се сетих, че от Kaspersky имат инструмент и за тях.

Изтеглете този инструмент - Klstreamremover.zip

Разархивирайте го в C:

След това от Start => Run => напишете командата - C:Klstreamremover.exe –r

Натиснете Enter и рестартирайте.

После отговорете как е минало и ще дам финалните си съвети.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте, Извинявам се за дългото време преди отговора ми. Пуснах всички инструменти и почистването премина без проблеми. Очаквам вашите съвети. Благодаря.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте, Ами то няма какво повече да се прави, но все пак ще ми е любопитно дали stream-овете са били успешно премахнати. И да не са, не е голям проблем, но ако ви се занимава пуснете нова проверка с OTL и публикувайте резултатите... Ако пък искате да приключваме ще пиша как да деинсталирате използваните от нас неща.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

OTL logfile created on: 5/17/2012 3:54:26 PM - Run 3

OTL by OldTimer - Version 3.2.39.2 Folder = C:Documents and SettingsPlamenkaDesktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000402 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.42 Mb Total Physical Memory | 243.78 Mb Available Physical Memory | 48.52% Memory free

1.20 Gb Paging File | 0.84 Gb Available in Paging File | 70.30% Paging File free

Paging file location(s): C:pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files

Drive C: | 139.03 Gb Total Space | 114.59 Gb Free Space | 82.42% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 8.20 Gb Free Space | 82.01% Space Free | Partition Type: NTFS

Drive I: | 16.94 Gb Total Space | 1.24 Gb Free Space | 7.33% Space Free | Partition Type: NTFS

Drive T: | 16.94 Gb Total Space | 1.24 Gb Free Space | 7.33% Space Free | Partition Type: NTFS

Drive W: | 16.94 Gb Total Space | 1.24 Gb Free Space | 7.33% Space Free | Partition Type: NTFS

Computer Name: PLAMENKARAINOVA | User Name: Plamenka | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/10 14:21:44 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsPlamenkaDesktopOTL.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe

PRC - [2012/03/07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:Program FilesAVAST SoftwareAvastAvastUI.exe

PRC - [2012/03/07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:Program FilesAVAST SoftwareAvastAvastSvc.exe

PRC - [2010/12/16 17:19:34 | 002,402,512 | ---- | M] (IObit) -- C:Program FilesIObitAdvanced SystemCare 3AWC.exe

PRC - [2008/04/14 03:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe

PRC - [2007/01/05 06:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe

PRC - [2006/04/24 21:42:06 | 000,888,832 | ---- | M] () -- C:WINDOWSSMINSTScheduler.exe

PRC - [2006/01/05 14:34:56 | 000,061,440 | ---- | M] (Siemens AG) -- C:Program FilesSiemensCard APIbinsiecacst.exe

PRC - [2003/09/12 23:55:10 | 000,234,496 | ---- | M] (DOSPRN) -- C:Program FilesDosprnDOSprn.exe

PRC - [2003/05/13 04:58:00 | 000,475,136 | R--- | M] (Datakey, Inc.) -- C:WINDOWSsystem32dkcktkn.exe

PRC - [2003/05/13 04:52:00 | 000,143,360 | R--- | M] (Datakey, Inc.) -- C:Program FilesDatakeyCrypt32dkMonitor.exe

PRC - [2003/05/13 04:48:00 | 000,245,760 | R--- | M] (Datakey, Inc.) -- C:Program FilesDatakeyCrypt32dkAutoReg.exe

PRC - [2003/05/13 04:37:00 | 000,102,400 | R--- | M] (Datakey, Inc.) -- C:WINDOWSsystem32dklog.exe

PRC - [2000/12/30 13:39:58 | 000,151,552 | ---- | M] () -- C:WINDOWSDatecsFlex2K.exe

PRC - [2000/09/13 11:51:58 | 000,192,512 | ---- | M] (The Webshots Corporation) -- C:Program FilesWebshotsWebshotsTray.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/16 22:46:16 | 001,759,232 | ---- | M] () -- C:Program FilesAVAST SoftwareAvastdefs12051601algo.dll

MOD - [2010/01/22 15:13:30 | 000,323,160 | ---- | M] () -- C:Program FilesIObitAdvanced SystemCare 3winSkinD7R.bpl

MOD - [2010/01/22 15:13:16 | 000,045,656 | ---- | M] () -- C:Program FilesIObitAdvanced SystemCare 3CoolTrayIcon_D6plus.bpl

MOD - [2010/01/22 15:11:36 | 000,150,616 | ---- | M] () -- C:Program FilesIObitAdvanced SystemCare 3STFix.dll

MOD - [2010/01/22 15:11:30 | 000,057,432 | ---- | M] () -- C:Program FilesIObitAdvanced SystemCare 3NtfsData.dll

MOD - [2006/04/24 21:42:06 | 000,888,832 | ---- | M] () -- C:WINDOWSSMINSTScheduler.exe

MOD - [2002/12/09 09:38:28 | 000,094,274 | ---- | M] () -- C:WINDOWSsystem32HPBHEALR.DLL

MOD - [2000/12/30 13:39:58 | 000,151,552 | ---- | M] () -- C:WINDOWSDatecsFlex2K.exe

MOD - [2000/12/13 01:55:40 | 000,028,672 | ---- | M] () -- C:WINDOWSsystem32newdll.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%System32hidserv.dll -- (HidServ)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe -- (MBAMService)

SRV - [2012/03/07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:Program FilesAVAST SoftwareAvastAvastSvc.exe -- (avast! Antivirus)

SRV - [2007/01/05 06:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe -- (IviRegMgr)

SRV - [2003/05/13 04:58:00 | 000,475,136 | R--- | M] (Datakey, Inc.) [Auto | Running] -- C:WINDOWSsystem32dkcktkn.exe -- (DkTknSrv)

SRV - [2003/05/13 04:37:00 | 000,102,400 | R--- | M] (Datakey, Inc.) [Auto | Running] -- C:WINDOWSsystem32dklog.exe -- (DkLogger)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32DRIVERSSCR33x.sys -- (SCR33x USB Smart Card Reader)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:WINDOWSsystem32driversmbam.sys -- (MBAMProtector)

DRV - [2012/03/07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:WINDOWSSystem32driversaswSnx.sys -- (aswSnx)

DRV - [2012/03/07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:WINDOWSSystem32driversaswSP.sys -- (aswSP)

DRV - [2012/03/07 02:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:WINDOWSSystem32driversaswRdr.sys -- (AswRdr)

DRV - [2012/03/07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:WINDOWSSystem32driversaswTdi.sys -- (aswTdi)

DRV - [2012/03/07 02:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:WINDOWSSystem32driversaswmon2.sys -- (aswMon2)

DRV - [2012/03/07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:WINDOWSSystem32driversaswFsBlk.sys -- (aswFsBlk)

DRV - [2012/03/07 01:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:WINDOWSSystem32driversaavmker4.sys -- (Aavmker4)

DRV - [2007/01/30 21:57:50 | 004,474,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversRtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/11/07 05:35:00 | 000,047,488 | R--- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversSCR3XX2K.sys -- (SCR3xx USB Smart Card Reader)

DRV - [2004/10/25 01:04:00 | 000,007,796 | R--- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversStc2Dfu.sys -- (STC2DFU)

DRV - [2004/08/22 17:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:WINDOWSsystem32driversd347prt.sys -- (d347prt)

DRV - [2004/08/22 17:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:WINDOWSsystem32driversd347bus.sys -- (d347bus)

DRV - [2004/08/03 20:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswVchNTxx.sys -- (iAimFP4)

DRV - [2004/08/03 20:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswSiINTxx.sys -- (iAimFP3)

DRV - [2004/08/03 20:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswATV10nt.sys -- (iAimTV5)

DRV - [2004/08/03 20:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswCh7xxNT.sys -- (iAimTV4)

DRV - [2004/08/03 20:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswATV06nt.sys -- (iAimTV6)

DRV - [2004/08/03 20:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswATV04nt.sys -- (iAimTV3)

DRV - [2004/08/03 20:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswATV02NT.sys -- (iAimTV1)

DRV - [2004/08/03 20:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswATV01nt.sys -- (iAimTV0)

DRV - [2004/08/03 20:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswADV09NT.sys -- (iAimFP7)

DRV - [2004/08/03 20:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswADV07nt.sys -- (iAimFP5)

DRV - [2004/08/03 20:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswADV08NT.sys -- (iAimFP6)

DRV - [2004/08/03 20:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversi81xnt5.sys -- (i81x)

DRV - [2004/08/03 20:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswADV01nt.sys -- (iAimFP0)

DRV - [2004/08/03 20:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswADV02NT.sys -- (iAimFP1)

DRV - [2004/08/03 20:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswADV05NT.sys -- (iAimFP2)

DRV - [2002/04/04 09:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:WINDOWSsystem32driverssymmpi.sys -- (Symmpi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM..SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.bg/

IE - HKCU..SearchScopes,DefaultScope = {C1D0976E-4F98-4B91-8B6A-1A76D5FCCC7C}

IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU..SearchScopes{C1D0976E-4F98-4B91-8B6A-1A76D5FCCC7C}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight4.1.10111.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WPF,version=3.5: c:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program FilesAdobeReader 9.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - Extension: YouTube = C:Documents and SettingsPlamenkaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2_0

CHR - Extension: Google u0422u044Au0440u0441u0435u043Du0435 = C:Documents and SettingsPlamenkaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.14_0

CHR - Extension: avast! WebRep = C:Documents and SettingsPlamenkaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsicmlaeflemplmjndnaapfdbbnpncnbda7.0.1426_0

CHR - Extension: Gmail = C:Documents and SettingsPlamenkaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia6.1.3_0

O1 HOSTS File: ([2012/04/07 18:01:52 | 000,000,027 | ---- | M]) - C:WINDOWSsystem32driversetchosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll (AVAST Software)

O3 - HKLM..Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll (AVAST Software)

O4 - HKLM..Run: [avast] C:Program FilesAVAST SoftwareAvastavastUI.exe (AVAST Software)

O4 - HKLM..Run: [DkAutoReg.exe] C:Program FilesDatakeyCrypt32dkAutoReg.exe (Datakey, Inc.)

O4 - HKLM..Run: [DkMonitor.exe] C:Program FilesDatakeyCrypt32dkMonitor.exe (Datakey, Inc.)

O4 - HKLM..Run: [DkStartup] C:Program FilesDatakeyCrypt32DkStartup.exe (Datakey, Inc.)

O4 - HKLM..Run: [Malwarebytes' Anti-Malware] C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

O4 - HKLM..Run: [Recguard] C:WINDOWSSMINSTRecguard.exe ()

O4 - HKLM..Run: [Reminder] C:WINDOWSCREATORRemind_XP.exe ()

O4 - HKLM..Run: [scheduler] C:WINDOWSSMINSTScheduler.exe ()

O4 - HKLM..Run: [setRefresh] C:Program FilesCompaqSetRefreshSetRefresh.exe (Hewlett-Packard Company)

O4 - HKCU..Run: [Advanced SystemCare 3] C:Program FilesIObitAdvanced SystemCare 3AWC.exe (IObit)

O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupFlexType 2K.lnk = C:WINDOWSDatecsFlex2K.exe ()

O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupHiPath SIcurity Card API.lnk = C:Program FilesSiemensCard APIbinsiecacst.exe (Siemens AG)

O4 - Startup: C:Documents and SettingsPlamenkaStart MenuProgramsStartupDOSprn.lnk = C:Program FilesDosprnDOSprn.exe (DOSPRN)

O4 - Startup: C:Documents and SettingsPlamenkaStart MenuProgramsStartupWebshots.lnk = C:Program FilesWebshotsWebshotsTray.exe (The Webshots Corporation)

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerInfodelivery present

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoResolveSearch = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binnpjpi160_01.dll (Sun Microsystems, Inc.)

O16 - DPF: {167248DA-0F88-4DE1-B4B1-45176751026D} https://bs.b-trust.org/wl-dl/bs/js/renew/CertManX.cab (CertManX Control)

O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://srl.nssi.bg/ExtUsers/viewer/activeXViewer/activexviewer.cab (Crystal Report Viewer Control 9)

O16 - DPF: {4DB62416-BC86-4439-B5BA-366948F47C8D} https://bs.b-trust.org/wl-dl/bs/js/sign/SCManagerX.cab (SCManagerX Control)

O16 - DPF: {500A3316-5B0E-4253-BBE5-CE3F11A1AE71} https://inetdec.nra.bg/dds/InetVAT5Frm.cab (InetVAT5Form Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {97EA2A5E-A821-48A1-B0F9-DEDB5E0E62A2} https://inetdec.nra.bg/cabs/SignCOM.cab (SignedFile Object)

O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} https://www.extri.bg/capicom.cab (Settings Class)

O16 - DPF: {C186F386-6FC6-414C-AB53-975FB0EB15C1} http://v.netlogstatic.com/v5.00/2995//s/e/Aurigma/ImageUploaderPHP/PhotoUploader.cab (Photo Uploader Control)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{02B9B549-6E76-4467-94AD-2664E3FE96D2}: NameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WINDOWSexplorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) - C:WINDOWSsystem32userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:Documents and SettingsPlamenkaLocal SettingsApplication DataMicrosoftWallpaper1.bmp

O24 - Desktop BackupWallPaper: C:Documents and SettingsPlamenkaLocal SettingsApplication DataMicrosoftWallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37 - HKLM...com [@ = ComFile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/23 08:55:34 | 000,000,000 | ---D | C] -- C:Documents and SettingsPlamenkaDesktopНова папка

[2012/04/20 08:23:37 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32mucltui.dll

[2012/04/20 08:23:37 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32mucltui.dll.mui

[2012/04/19 08:54:58 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsMicrosoft Silverlight

[2012/04/19 08:54:52 | 000,000,000 | ---D | C] -- C:Program FilesMicrosoft Silverlight

========== Files - Modified Within 30 Days ==========

[2012/05/17 15:50:02 | 000,001,946 | ---- | M] () -- C:WINDOWSwebshots.ini

[2012/05/17 15:11:01 | 000,000,890 | ---- | M] () -- C:WINDOWS asksGoogleUpdateTaskMachineUA.job

[2012/05/17 14:26:20 | 000,000,428 | -H-- | M] () -- C:WINDOWS asksUser_Feed_Synchronization-{6482A737-AA76-49D9-B493-A348479543DB}.job

[2012/05/17 12:24:45 | 000,001,158 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl

[2012/05/17 12:24:18 | 000,000,886 | ---- | M] () -- C:WINDOWS asksGoogleUpdateTaskMachineCore.job

[2012/05/17 12:23:52 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat

[2012/05/17 12:23:51 | 526,897,152 | -HS- | M] () -- C:hiberfil.sys

[2012/05/17 08:28:55 | 000,001,813 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopGoogle Chrome.lnk

[2012/05/17 08:12:05 | 003,932,214 | ---- | M] () -- C:WINDOWSwebshots.bmp

[2012/05/15 16:03:40 | 000,471,628 | ---- | M] () -- C:WINDOWSSystem32perfh009.dat

[2012/05/15 16:03:40 | 000,083,692 | ---- | M] () -- C:WINDOWSSystem32perfc009.dat

[2012/05/15 14:24:14 | 000,002,425 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopДекларации Обр.1 и 6.lnk

[2012/04/26 08:38:26 | 000,000,680 | ---- | M] () -- C:Documents and SettingsPlamenkaStart MenuProgramsStartupWebshots.lnk

[2012/04/26 08:33:39 | 000,278,944 | ---- | M] () -- C:WINDOWSSystem32FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/04/26 16:52:52 | 000,016,448 | ---- | C] () -- C:KLStreamRemover.exe

[2012/04/18 10:43:40 | 526,897,152 | -HS- | C] () -- C:hiberfil.sys

[2012/04/05 11:40:26 | 000,256,000 | ---- | C] () -- C:WINDOWSPEV.exe

[2012/04/05 11:40:26 | 000,208,896 | ---- | C] () -- C:WINDOWSMBR.exe

[2012/04/05 11:40:26 | 000,098,816 | ---- | C] () -- C:WINDOWSsed.exe

[2012/04/05 11:40:26 | 000,080,412 | ---- | C] () -- C:WINDOWSgrep.exe

[2012/04/05 11:40:26 | 000,068,096 | ---- | C] () -- C:WINDOWSzip.exe

[2012/02/17 09:23:28 | 000,003,072 | ---- | C] () -- C:WINDOWSSystem32iacenc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:WINDOWSSystem32ctl3dv2.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:ntldr:KAVICHS

< End of report >

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от kalinm
      Здравейте,
      Имам проблем с JRT и AdwCleaner. Имам ги и двете, но не могат да се стартират. Като щракна в папката на AdwCleaner, се затваря файловия мениджър (експлорер) и не мога да достигна до .ехе файла. Същото се случва и когато отида на страницата за изтегляне на AdwCleaner. Явно имам някаква зараза. Това се случи, след сваляне на една програма  и се накачиха вируси, които засече Windows Defender и уж ги изчисти, но това остана като проблем.
      Промени се и началната страница за зареждане на мозилата, но го оправих. Дори текстов файл, в заглавието на който има име AdwCleaner не се отворя. По някакъв начин един път успях да отворя програмата AdwCleaner и сканирам компа, която откри доста неща, които  видях в лог файла след сканирането, че са премахнати и докато се наканих да го запаша в друга директория, той се затвори и се е записал в папката на AdwCleaner, която не мога да отворя. Добре че първия текстов лог файл при първоначалното сканиране записах какво е открил, но го преименувах с име промяна.txt , защото с име AdwCleaner(...).тхт не се отваря. Прикачвам го.
      JRT уж се стартира, но приключва без видимо стартиране.
      Въпросът ми е, може ли да ми помогнете с решаването на този проблем.
      За всеки случай, моят Е-майл: kalinm@gbg.bg. Използвам лицензиран Windows 10 Home, който актуализирах да последната версия 1803 на 7 май.
      Интересното е, че и точките за възстановяване на системата ги няма. Все едно че тази опция не е избирана, т.е. казва ми да включа опцията за възстановяване. А беше включена...
      Дефендера казва, че няма вируси, но явно има нещо много нередно.
      А не ми се иска да преинсталирам
      В момента не разполагам с компакт диск за операционната система WINDOWS 10 Home 64 bit for OEM версия 1511, тъй като съм в друго населено място. Имам диск дори и втори, който създадох миналата година с по-новата версия  1607, но не са при мен, но разполагам с  Регистрационния 25-знаков продуктов ключ. Сега съм с Windows 10 Home последната версия 1803, който обнових, но след заразата.
    • от Rustislav Petrov
      Здравейте, от някакво време забелязвам, че компютърът ми започва да се натоварва и вентилаторите бучат по-силно като го оставя да стои без да го пипам да кажем след около 30 мин, също някой път много ми забива, отварям си Task Manager-а и най-натоварващата програма откъм диск и рам е мозилата, която със отворен 1 таб на ютюб и 1 таб facebook ми точи около 3гб рам(което мисля че е твърде много)
      Addition.txt
      FRST.txt
    • от v3cko
      Здравейте , напоследък много често през хром ми дава че е засечен необичаен трафик и да потвърдя че не съм робот
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.04.2018
      Ran by USER (administrator) on NB4-031017 (04-05-2018 10:28:50)
      Running from C:\Users\USER\Downloads
      Loaded Profiles: USER (Available Profiles: USER)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Английски (Съединени щати)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Hewlett-Packard) C:\Windows\System32\hpservice.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
      (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
      (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
      (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
      (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
      (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      (Skillbrains) C:\Program Files\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
      () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
      HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
      HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-05-14] (Synaptics Incorporated)
      HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company)
      HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
      HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-06-29] (Adobe Systems Incorporated)
      HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-05] (AVAST Software)
      HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
      Winlogon\Notify\ScCertProp: wlnotify.dll [X]
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: G - G:\Lenovo_Suite.exe
      HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: {2266d480-0128-11e8-9d2e-002713343a56} - G:\Lenovo_Suite.exe
      HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: {b041fd1c-4532-11e8-ad0d-f4ce46ad0471} - G:\HiSuiteDownLoader.exe
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-10-03]
      ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{536A229A-CF6B-40F3-A422-B91758B05919}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{B985E446-CCC9-4317-97EE-CC040A2A18B2}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-3304134733-819666466-2278347041-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.bg/
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
      FireFox:
      ========
      FF ProfilePath: C:\Users\USER\AppData\Roaming\K-Meleon\y7sqykvz.default [2018-05-04]
      FF user.js: detected! => C:\Users\USER\AppData\Roaming\K-Meleon\y7sqykvz.default\user.js [2006-04-06]
      FF Homepage: K-Meleon\y7sqykvz.default -> google.bg
      FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-12] [Legacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
      FF Plugin: @photodex.com/PhotodexPresenter -> C:\Program Files\Photodex Presenter\npPxPlay.dll [No File]
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-24] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-24] (Google Inc.)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
      Chrome: 
      =======
      CHR HomePage: Default -> hxxp://google.bg/
      CHR StartupUrls: Default -> "hxxps://www.google.bg/"
      CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2018-05-04]
      CHR Extension: (Презентации) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-24]
      CHR Extension: (Документи) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-24]
      CHR Extension: (Google Диск) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-03]
      CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-03]
      CHR Extension: (Chrome Cleaner Pro) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2018-04-20]
      CHR Extension: (Adblock Plus) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-27]
      CHR Extension: (Таблици) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-24]
      CHR Extension: (Google Документи офлайн) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-03]
      CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2018-04-07]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
      CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-03]
      CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-02]
      CHR HKLM\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-05] (AVAST Software)
      S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4707104 2018-03-27] (Malwarebytes)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
      S4 ScsiAccess; C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 AIDA64Driver; D:\_Install\AIDA64 Extreme Edition 5.80.4000\kerneld.x32 [44176 2016-10-24] ()
      R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-04-05] (AVAST Software)
      S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-04-05] (AVAST Software)
      R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124392 2018-04-12] (AVAST Software)
      R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100544 2018-04-05] (AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70816 2018-04-05] (AVAST Software)
      R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783600 2018-04-05] (AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [391856 2018-04-05] (AVAST Software)
      R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [152344 2018-04-05] (AVAST Software)
      R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-04-05] (AVAST Software)
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2017-10-03] (Disc Soft Ltd)
      S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
      R2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [27872 2017-01-11] (LogMeIn, Inc.)
      R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
      R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1805872 2009-07-01] ()
      S4 LMIRfsClientNP; no ImagePath
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-05-04 10:28 - 2018-05-04 10:29 - 000012608 _____ C:\Users\USER\Downloads\FRST.txt
      2018-05-04 10:28 - 2018-05-04 10:28 - 002066432 _____ (Farbar) C:\Users\USER\Downloads\FRST.exe
      2018-05-04 10:28 - 2018-05-04 10:28 - 000000000 ____D C:\FRST
      2018-05-04 00:41 - 2018-05-04 10:00 - 000000000 ____D C:\Users\USER\AppData\Local\Puffin
      2018-05-04 00:41 - 2018-05-04 00:41 - 000000937 _____ C:\Users\Public\Desktop\Puffin.lnk
      2018-05-04 00:41 - 2018-05-04 00:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puffin Browser
      2018-05-04 00:40 - 2018-05-04 00:41 - 000000000 ____D C:\Program Files\Puffin
      2018-05-03 22:47 - 2018-05-03 22:51 - 068539808 _____ (CloudMosa, Inc. ) C:\Users\USER\Downloads\PuffinBetaSetup.exe
      2018-05-02 21:46 - 2018-05-02 21:46 - 000218295 _____ C:\Users\USER\Downloads\14415951001_20180501_1245790475.pdf
      2018-05-02 16:25 - 2018-05-02 16:25 - 000408064 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-05-02 01:17 - 2018-05-02 01:17 - 000109280 _____ C:\Users\USER\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-05-02 01:11 - 2018-05-02 01:11 - 000001264 _____ C:\Users\Public\Desktop\Skype.lnk
      2018-05-02 01:11 - 2018-05-02 01:11 - 000000000 ____D C:\Users\USER\AppData\Roaming\Skype
      2018-05-02 01:11 - 2018-05-02 01:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      2018-05-02 01:09 - 2018-05-02 01:11 - 018529206 _____ (Skype Technologies S.A.) C:\Users\USER\Downloads\Непотвърдено 702826.crdownload
      2018-05-02 01:09 - 2018-05-02 01:10 - 062741696 _____ (Skype Technologies S.A.) C:\Users\USER\Downloads\Skype-8.20.0.9.exe
      2018-04-28 12:22 - 2018-04-28 12:22 - 000001194 _____ C:\Users\Public\Desktop\Easy2Convert JPG to DDS.lnk
      2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\Users\USER\AppData\Roaming\Easy2Convert
      2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy2Convert Software
      2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\Program Files\Easy2Convert Software
      2018-04-28 12:20 - 2018-04-28 12:20 - 003340649 _____ (Easy2Convert Software ) C:\Users\USER\Downloads\jpg2dds.exe
      2018-04-28 12:18 - 2018-04-28 12:18 - 000162944 _____ C:\Users\USER\Downloads\XRG_Nikaz_Sport_R34.dds
      2018-04-28 06:02 - 2018-04-28 06:02 - 000029105 _____ C:\Users\USER\Downloads\XRGT_Alloy2.7z
      2018-04-28 05:35 - 2018-04-28 05:35 - 000000132 _____ C:\Users\USER\Downloads\XRG_BL1_HL_133550.set
      2018-04-28 05:24 - 2018-04-28 05:24 - 000000132 _____ C:\Users\USER\Downloads\XRG_BL1_HL_132690.set
      2018-04-27 20:03 - 2018-04-27 20:03 - 000417869 _____ C:\Users\USER\Downloads\mustang-sport.rar
      2018-04-27 20:02 - 2018-04-27 20:02 - 000474539 _____ C:\Users\USER\Downloads\Непотвърдено 315132.crdownload
      2018-04-27 20:02 - 2018-04-27 20:02 - 000474539 _____ C:\Users\USER\Downloads\Непотвърдено 122074.crdownload
      2018-04-21 23:38 - 2018-04-23 18:54 - 006268764 _____ C:\Users\USER\Documents\NB4-031017.arn
      2018-04-21 23:32 - 2018-04-21 23:32 - 000735888 _____ (Sysinternals - www.sysinternals.com) C:\Users\USER\Downloads\autoruns.exe
      2018-04-21 15:16 - 2017-06-30 11:30 - 000002111 _____ C:\Users\USER\Documents\XFG.cfg_v2
      2018-04-21 15:16 - 2016-01-20 10:53 - 000001528 _____ C:\Users\USER\Documents\XFG.cfg
      2018-04-21 14:38 - 2018-04-21 14:39 - 012258354 _____ C:\Users\USER\Downloads\BMW_M4_14 LB BY MARK.rar
      2018-04-21 11:28 - 2018-04-21 11:28 - 000012006 _____ C:\Users\USER\Downloads\DiscATEST.zip
      2018-04-20 19:08 - 2018-04-20 19:09 - 000000782 _____ C:\DelFix.txt
      2018-04-20 18:10 - 2018-04-20 18:10 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-04-20 18:10 - 2018-04-20 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-04-20 18:10 - 2018-04-20 18:10 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-04-20 18:10 - 2018-04-20 18:10 - 000000000 ____D C:\Program Files\Malwarebytes
      2018-04-20 18:10 - 2018-03-19 12:57 - 000058656 _____ C:\Windows\system32\Drivers\mbae.sys
      2018-04-20 18:08 - 2018-04-20 18:09 - 073430920 _____ (Malwarebytes ) C:\Users\USER\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4792.exe
      2018-04-14 19:26 - 2018-04-14 19:26 - 001254569 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R12.exe
      2018-04-13 21:28 - 2018-04-13 21:28 - 000001704 _____ C:\Users\USER\Documents\1.txt
      2018-04-09 23:16 - 2018-04-09 23:16 - 001018015 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R11.exe
      2018-04-09 10:31 - 2018-04-09 10:31 - 000000000 ____D C:\Users\USER\AppData\Roaming\Nero
      2018-04-09 07:37 - 2018-04-09 07:37 - 000972765 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R10.exe
      2018-04-07 15:06 - 2018-04-08 07:53 - 000000000 ____D C:\Users\USER\Documents\My Games
      2018-04-07 15:05 - 2018-04-07 15:05 - 000000000 ____D C:\Users\USER\AppData\Roaming\Microsoft Games
      2018-04-07 15:03 - 2018-04-07 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
      2018-04-07 06:57 - 2018-04-07 06:57 - 000974910 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R9.exe
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000413 _____ C:\Users\USER\AppData\Local\UserProducts.xml
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000000 ____D C:\Program Files\Skillbrains
      2018-04-07 06:54 - 2018-04-07 06:54 - 002731128 _____ (Skillbrains ) C:\Users\USER\Downloads\setup-lightshot.exe
      2018-04-06 10:36 - 2018-04-06 10:36 - 000974764 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R8.exe
      2018-04-06 09:51 - 2018-04-06 09:51 - 003148854 _____ C:\Users\USER\Downloads\cheats.bmp
      2018-04-05 10:06 - 2018-04-05 10:06 - 000320728 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-05-04 07:45 - 2018-01-24 22:57 - 000000000 ____D C:\LFS
      2018-05-04 00:41 - 2018-02-26 19:19 - 000000000 ____D C:\Users\USER\AppData\Local\CrashDumps
      2018-05-03 16:48 - 2017-10-03 14:33 - 000000277 _____ C:\ProgramData\HPWALog.txt
      2018-05-03 16:30 - 2009-07-14 07:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-05-03 16:30 - 2009-07-14 07:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-05-03 16:22 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-05-02 17:32 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\NDF
      2018-05-02 16:31 - 2010-11-21 00:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-05-02 16:31 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
      2018-05-02 03:27 - 2017-10-03 14:10 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-05-02 03:27 - 2017-10-03 14:10 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-05-01 16:43 - 2018-03-10 17:08 - 000000000 ____D C:\Users\USER\AppData\Local\PrivaZer
      2018-04-20 11:34 - 2009-07-14 07:53 - 000032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
      2018-04-15 14:58 - 2017-10-03 15:09 - 000000000 ____D C:\Users\USER\AppData\Roaming\MPC-HC
      2018-04-12 22:07 - 2017-10-03 16:08 - 000124392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2018-04-10 22:02 - 2017-10-03 14:07 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2018-04-10 22:02 - 2017-10-03 14:07 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2018-04-10 22:02 - 2017-10-03 14:07 - 000000000 ____D C:\Windows\system32\Macromed
      2018-04-07 14:08 - 2018-03-23 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Producer
      2018-04-05 10:06 - 2018-01-24 20:07 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000783600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000391856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000152344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000100544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000070816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
      ==================== Files in the root of some directories =======
      2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\AtStart.txt
      2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\DSwitch.txt
      2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\QSwitch.txt
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000003 _____ () C:\Users\USER\AppData\Local\updater.log
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000413 _____ () C:\Users\USER\AppData\Local\UserProducts.xml
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-04-28 21:03
      ==================== End of FRST.txt ============================
      Addition.txt
    • от mamasve
      Здравейте , 
      имам вирус на компютъра , който постоянно ми инсталира икона на десктопа Panda viewer и когато отворя който и да е браузър започва да ме пренасочва към всевъзможни сайтове и практически не мога да си ползвам компа вече . Помощ , моля ! 
    • от AHybuC
      Здравейте!
      От тази сутрин не съм способен нормално да стартирам компютъра си. Веднага щом зареди Windows-a, появява се прозорче, в което пише "Windows has encountered a critical problem and will restart automatically in one minute" и както съобщението гласи, след една минута се рестартирва компютъра. Понякога дори се появява директно синия екран, още преди да е успял да зареди Windows-a, с код на грешката 0x000000F4. Направих пълно сканиране с Malwarebytes и Kaspersky Rescue CD 10, отстраниха проблемите, които откриха, но проблемът с рестартирването е все още присъстващ. Редно е да спомена, че в Safe Mode не изпитвам автоматични рестартирвания. Също така, премахнах отметката от Startup and Recovery -> System Failure -> Automatically Restart, но продължават да са налични рестартирванията, само че отметката я бях премахнал, докато бях в Safe Mode. Не знам дали това е от значение, но все пак исках да спомена това.
       
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15.04.2018
      Ran by IvailoCOMP (administrator) on IVAILOCOMP-PC (18-04-2018 19:02:33)
      Running from C:\Users\IvailoCOMP\Desktop
      Loaded Profiles: IvailoCOMP (Available Profiles: IvailoCOMP)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
      Internet Explorer Version 11 (Default browser: FF)
      Boot Mode: Safe Mode (with Networking)
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
      (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [] => [X]
      HKU\S-1-5-21-1339006810-3010099187-1440784813-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
      HKU\S-1-5-21-1339006810-3010099187-1440784813-1001\...\Policies\Explorer: [NoSMBalloonTip] 0
      HKU\S-1-5-21-1339006810-3010099187-1440784813-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
      HKU\S-1-5-21-1339006810-3010099187-1440784813-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\..\Interfaces\{1290CD49-798E-4B6B-9CB6-A0F176F07BD0}: [DhcpNameServer] 192.168.1.1 192.168.1.1
      Internet Explorer:
      ==================
      BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
      BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet)
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-12] (Oracle Corporation)
      BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll => No File
      BHO: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation)
      BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-12] (Oracle Corporation)
      BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
      Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
      FireFox:
      ========
      FF ProfilePath: C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default [2018-04-18]
      FF Homepage: Mozilla\Firefox\Profiles\qhtq97on.default -> google.bg
      FF NewTab: Mozilla\Firefox\Profiles\qhtq97on.default -> about:home
      FF Session Restore: Mozilla\Firefox\Profiles\qhtq97on.default -> is enabled.
      FF NewTabOverride: Mozilla\Firefox\Profiles\qhtq97on.default -> Enabled: newtaboverride@agenedia.com
      FF Extension: (Adblocker X) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\@adblock57.xpi [2018-04-11]
      FF Extension: (MEGA) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\firefox@mega.co.nz.xpi [2018-04-13]
      FF Extension: (UniverseView Extension) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\firefox@universeview.ext.xpi [2017-03-01]
      FF Extension: (h264ify) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\jid1-TSgSxBhncsPBWQ@jetpack.xpi [2017-08-03]
      FF Extension: (New Tab Override) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\newtaboverride@agenedia.com.xpi [2018-02-04]
      FF Extension: (Greasemonkey) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-03-17]
      FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\features\{15eba6de-45fd-4321-9dcb-85b0a795c148}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-08] [Legacy]
      FF SearchPlugin: C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\searchplugins\yahoo-lavasoft.xml [2016-07-21]
      FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
      FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-09-28] [Legacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-11] ()
      FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-12] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-12] (Oracle Corporation)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll [2017-03-22] (Nexon)
      FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
      FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
      FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll [No File]
      FF Plugin: @Webzen.com/NPBrowserExt -> C:\Program Files\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll [2012-03-27] (WEBZEN)
      FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
      FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
      FF Plugin HKU\S-1-5-21-1339006810-3010099187-1440784813-1001: @fancyguo.com/FancyGame,version=1.0.0.1 -> C:\Users\IvailoCOMP\AppData\Local\Fancy\npfancygame.dll [2015-05-10] (Hongfeng Hengyu (Beijing) Tech Ltd.)
      FF Plugin HKU\S-1-5-21-1339006810-3010099187-1440784813-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\IvailoCOMP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-13] (Unity Technologies ApS)
      FF Plugin HKU\S-1-5-21-1339006810-3010099187-1440784813-1001: xyzgl-plugin@xyz-soft.com -> C:\Program Files\Alfheim\npxyzgl.dll [2012-06-13] (XYZ-SOFT Inc.)
      Chrome:
      =======
      CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S2 CachemanService; C:\Program Files\Cacheman\CachemanServ.exe [210944 2009-05-16] (Outertech) [File not signed]
      S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [382504 2017-05-17] (EasyAntiCheat Ltd)
      S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1353720 2015-07-08] (ESET)
      S2 EslWireHelper; D:\Games\EslWire\service\WireHelperSvc.exe [614416 2014-01-28] ()
      S3 fussvc; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [133632 2012-07-25] (Microsoft Corporation) [File not signed]
      S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [930240 2016-06-14] (NVIDIA Corporation)
      R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2283432 2017-06-29] (LogMeIn Inc.)
      S2 HiPatchService; D:\Program Files\Hi-Rez Studios\HiPatchService.exe [9728 2017-05-11] (Hi-Rez Studios) [File not signed]
      S2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [405424 2016-05-27] (LogMeIn, Inc.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4707104 2018-03-27] (Malwarebytes)
      S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [239880 2016-03-11] (McAfee, Inc.)
      S3 npggsvc; C:\Windows\system32\GameMon.des [5284208 2013-10-30] (INCA Internet Co., Ltd.)
      S2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
      S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2904000 2016-06-14] (NVIDIA Corporation)
      S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016704 2016-06-14] (NVIDIA Corporation)
      S2 OracleOraDb11g_home1TNSListener; D:\app\IvailoCOMP\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe [512000 2010-03-31] (Oracle Corporation) [File not signed]
      S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [1453384 2018-04-08] (Overwolf LTD)
      S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2014-10-13] ()
      S3 Te.Service; C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [94208 2012-07-25] (Microsoft Corporation) [File not signed]
      S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-26] (TeamViewer GmbH)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 1394hub; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
      S3 apf004; C:\Windows\system32\apf004.sys [15112 2015-02-14] ()
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-11-22] (DT Soft Ltd)
      S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202704 2015-07-14] (ESET)
      S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [144536 2015-07-14] (ESET)
      S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [132152 2015-07-14] (ESET)
      R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [31008 2015-02-12] (<Turtle Entertainment>)
      S3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [42496 2007-05-15] (Eugene V. Muzychenko) [File not signed]
      R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [167656 2018-04-18] (Malwarebytes)
      S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40160 2018-04-18] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-04-18] (Malwarebytes)
      S3 NPPTNT2; C:\Windows\system32\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
      S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26048 2016-06-14] (NVIDIA Corporation)
      S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-04-14] (NVIDIA Corporation)
      S3 SDGame; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
      S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [63352 2006-07-05] (Protection Technology (StarForce))
      S0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [59776 2006-08-11] (Protection Technology (StarForce))
      S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [33664 2016-03-11] (The OpenVPN Project)
      S3 VSPerfDrv110; C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [55416 2012-07-13] (Microsoft Corporation)
      U4 CiSvc; no ImagePath
      U4 Messenger; no ImagePath
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-04-18 19:02 - 2018-04-18 19:04 - 000014732 _____ C:\Users\IvailoCOMP\Desktop\FRST.txt
      2018-04-18 19:02 - 2018-04-18 19:02 - 000000000 ____D C:\FRST
      2018-04-18 19:01 - 2018-04-18 19:02 - 001763840 _____ (Farbar) C:\Users\IvailoCOMP\Desktop\FRST.exe
      2018-04-18 18:29 - 2018-04-18 18:55 - 000040160 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2018-04-18 18:29 - 2018-04-18 18:29 - 000167656 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2018-04-18 18:28 - 2018-04-18 18:28 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-04-18 18:28 - 2018-04-18 18:28 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-04-18 18:28 - 2018-04-18 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-04-18 18:28 - 2018-04-18 18:28 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-04-18 18:28 - 2018-04-18 18:28 - 000000000 ____D C:\Program Files\Malwarebytes
      2018-04-18 18:28 - 2018-03-19 12:57 - 000058656 _____ C:\Windows\system32\Drivers\mbae.sys
      2018-04-18 18:27 - 2018-04-18 18:27 - 073254968 _____ (Malwarebytes ) C:\Users\IvailoCOMP\Desktop\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4766.exe
      2018-04-18 18:22 - 2018-04-18 18:22 - 000001270 _____ C:\Users\IvailoCOMP\Desktop\asda.lnk
      2018-04-18 18:04 - 2018-04-18 18:07 - 000005192 _____ C:\Users\IvailoCOMP\Desktop\Rkill.txt
      2018-04-18 17:54 - 2018-04-18 17:54 - 000003408 ____N C:\bootsqm.dat
      2018-04-18 17:52 - 2018-04-18 17:52 - 000000000 __SHD C:\found.000
      2018-04-18 17:37 - 2018-04-18 17:37 - 000151072 _____ C:\Windows\Minidump\041818-20997-01.dmp
      2018-04-18 17:11 - 2018-04-18 17:11 - 000151312 _____ C:\Windows\Minidump\041818-23821-01.dmp
      2018-04-18 13:42 - 2018-04-18 20:07 - 000000000 ____D C:\Kaspersky Rescue Disk 10.0
      2018-04-18 10:33 - 2018-04-18 10:33 - 000001261 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 18.lnk
      2018-04-18 10:33 - 2018-04-18 10:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
      2018-04-18 10:26 - 2018-04-18 10:33 - 000000221 _____ C:\Users\Public\Desktop\Ashampoo Deals.url
      2018-04-18 10:26 - 2018-04-18 10:33 - 000000000 ____D C:\ProgramData\Ashampoo
      2018-04-18 10:14 - 2018-04-18 10:18 - 338960384 _____ C:\Users\IvailoCOMP\Desktop\kav_rescue_10.iso
      2018-04-18 10:12 - 2018-04-18 10:12 - 000001270 _____ C:\Users\IvailoCOMP\Desktop\shutdown.exe.lnk
      2018-04-18 10:11 - 2018-04-18 18:54 - 000424982 _____ C:\Windows\ntbtlog.txt
      2018-04-18 10:10 - 2018-04-18 10:10 - 000000000 _____ C:\Users\IvailoCOMP\Desktop\New shortcut.lnk
      2018-04-18 09:57 - 2018-04-18 09:57 - 000151696 _____ C:\Windows\Minidump\041818-19999-01.dmp
      2018-04-18 09:54 - 2018-04-18 09:54 - 000151696 _____ C:\Windows\Minidump\041818-18954-01.dmp
      2018-04-18 09:40 - 2018-04-18 17:37 - 286301067 _____ C:\Windows\MEMORY.DMP
      2018-04-18 09:40 - 2018-04-18 17:37 - 000000000 ____D C:\Windows\Minidump
      2018-04-18 09:40 - 2018-04-18 09:40 - 000152656 _____ C:\Windows\Minidump\041818-29546-01.dmp
      2018-04-16 10:43 - 2018-03-31 04:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
      2018-04-16 10:43 - 2018-03-31 04:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-04-16 10:43 - 2018-03-31 04:39 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
      2018-04-16 10:43 - 2018-03-31 04:39 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
      2018-04-16 10:43 - 2018-03-31 04:39 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
      2018-04-16 10:43 - 2018-03-31 04:39 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
      2018-04-16 10:43 - 2018-03-31 04:39 - 000067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
      2018-04-16 10:43 - 2018-03-31 04:12 - 001310480 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
      2018-04-16 10:43 - 2018-03-31 03:51 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
      2018-04-16 10:43 - 2018-03-31 03:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
      2018-04-16 10:43 - 2018-03-31 03:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
      2018-04-16 10:43 - 2018-03-31 03:51 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
      2018-04-16 10:43 - 2018-03-31 03:51 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
      2018-04-16 10:43 - 2018-03-31 03:49 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
      2018-04-16 10:43 - 2018-03-31 03:49 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
      2018-04-16 10:43 - 2018-03-31 03:47 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
      2018-04-16 10:43 - 2018-03-31 03:47 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
      2018-04-16 10:43 - 2018-03-31 03:47 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
      2018-04-16 10:43 - 2018-03-31 03:47 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-04-16 10:43 - 2018-03-31 03:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
      2018-04-16 10:43 - 2018-03-31 03:47 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
      2018-04-16 10:43 - 2018-03-31 03:47 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
      2018-04-16 10:43 - 2018-03-28 10:18 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2018-04-16 10:43 - 2018-03-23 20:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-04-16 10:43 - 2018-03-23 00:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-04-16 10:43 - 2018-03-23 00:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-04-16 10:43 - 2018-03-23 00:04 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-04-16 10:43 - 2018-03-22 23:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-04-16 10:43 - 2018-03-22 23:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-04-16 10:43 - 2018-03-22 23:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-04-16 10:43 - 2018-03-22 23:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-04-16 10:43 - 2018-03-22 23:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-04-16 10:43 - 2018-03-22 23:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-04-16 10:43 - 2018-03-22 23:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-04-16 10:43 - 2018-03-22 23:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-04-16 10:43 - 2018-03-22 23:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-04-16 10:43 - 2018-03-22 23:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-04-16 10:43 - 2018-03-22 23:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-04-16 10:43 - 2018-03-22 23:42 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-04-16 10:43 - 2018-03-22 23:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-04-16 10:43 - 2018-03-22 23:36 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-04-16 10:43 - 2018-03-22 23:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-04-16 10:43 - 2018-03-22 23:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-04-16 10:43 - 2018-03-22 23:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-04-16 10:43 - 2018-03-22 23:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-04-16 10:43 - 2018-03-22 23:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-04-16 10:43 - 2018-03-22 23:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-04-16 10:43 - 2018-03-22 23:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-04-16 10:43 - 2018-03-22 23:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-04-16 10:43 - 2018-03-22 23:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-04-16 10:43 - 2018-03-22 23:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-04-16 10:43 - 2018-03-22 23:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-04-16 10:43 - 2018-03-22 23:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-04-16 10:43 - 2018-03-22 23:15 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-04-16 10:43 - 2018-03-22 23:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-04-16 10:43 - 2018-03-22 23:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-04-16 10:43 - 2018-03-22 22:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-04-16 10:43 - 2018-03-22 22:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-04-16 10:43 - 2018-03-22 22:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-04-16 10:43 - 2018-03-10 20:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
      2018-04-16 10:43 - 2018-03-09 21:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2018-04-16 10:43 - 2018-03-09 21:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2018-04-16 10:43 - 2018-03-09 21:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2018-04-16 10:43 - 2018-03-09 21:12 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2018-04-16 10:43 - 2018-03-09 21:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2018-04-16 10:43 - 2018-03-09 20:31 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2018-04-16 10:43 - 2018-03-06 21:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
      2018-04-16 10:43 - 2018-03-06 21:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
      2018-04-16 10:43 - 2018-03-06 21:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
      2018-04-16 10:43 - 2018-02-22 06:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
      2018-04-16 10:43 - 2018-02-19 00:34 - 000535616 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
      2018-04-16 10:43 - 2018-02-10 21:49 - 000162496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000154304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000104640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
      2018-04-16 10:43 - 2018-02-10 21:49 - 000057024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
      2018-04-16 10:43 - 2018-02-10 21:49 - 000053440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VIAAGP.SYS
      2018-04-16 10:43 - 2018-02-10 21:49 - 000051904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SISAGP.SYS
      2018-04-16 10:43 - 2018-02-10 21:49 - 000046272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000032448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000027840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000021696 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
      2018-04-16 10:43 - 2018-02-10 21:49 - 000013504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000011840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
      2018-04-16 10:43 - 2018-02-10 21:48 - 000274624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
      2018-04-16 10:43 - 2018-02-10 21:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AMDAGP.SYS
      2018-04-16 10:43 - 2018-02-10 21:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
      2018-04-16 10:43 - 2018-02-10 21:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
      2018-04-16 10:43 - 2018-02-10 21:23 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
      2018-04-16 10:43 - 2018-02-10 21:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
      2018-04-16 10:43 - 2018-02-10 21:23 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
      2018-04-16 10:43 - 2018-02-10 20:36 - 000537600 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
      2018-04-16 10:43 - 2018-02-10 20:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
      2018-04-16 10:43 - 2018-02-10 20:36 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
      2018-04-16 10:43 - 2018-02-10 20:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
      2018-04-16 10:43 - 2018-02-10 20:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
      2018-04-16 10:43 - 2018-02-02 21:54 - 000105152 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
      2018-04-16 10:43 - 2018-02-02 21:29 - 002365952 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
      2018-04-16 10:43 - 2018-02-02 21:29 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
      2018-04-16 10:43 - 2018-02-02 21:29 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
      2018-04-16 10:43 - 2018-02-02 21:28 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
      2018-04-16 10:43 - 2018-02-02 21:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
      2018-04-16 10:43 - 2018-02-02 20:46 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
      2018-04-16 10:43 - 2018-01-25 17:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
      2018-04-16 10:43 - 2018-01-15 22:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
      2018-04-16 10:43 - 2018-01-12 19:29 - 001309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-04-16 10:43 - 2018-01-12 19:29 - 000250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
      2018-04-16 10:43 - 2018-01-12 19:29 - 000240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-04-16 10:43 - 2018-01-12 19:29 - 000187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-04-16 10:43 - 2018-01-12 19:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
      2018-04-16 10:43 - 2018-01-12 19:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
      2018-04-16 10:43 - 2018-01-12 19:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
      2018-04-16 10:43 - 2018-01-12 19:05 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
      2018-04-16 10:43 - 2018-01-12 19:05 - 000025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
      2018-04-16 10:43 - 2018-01-12 19:05 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
      2018-04-16 10:43 - 2018-01-11 19:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001155584 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001004032 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000139776 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:54 - 001214184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
      2018-04-16 10:43 - 2018-01-01 04:54 - 000712936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
      2018-04-16 10:43 - 2018-01-01 04:54 - 000201960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
      2018-04-16 10:43 - 2018-01-01 04:54 - 000173288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
      2018-04-16 10:43 - 2018-01-01 04:50 - 000317952 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
      2018-04-16 10:43 - 2018-01-01 04:44 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
      2018-04-16 10:43 - 2018-01-01 04:43 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
      2018-04-16 10:43 - 2018-01-01 04:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
      2018-04-16 10:43 - 2018-01-01 04:43 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
      2018-04-16 10:43 - 2018-01-01 04:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
      2018-04-16 10:43 - 2018-01-01 04:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
      2018-04-16 10:43 - 2018-01-01 04:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
      2018-04-16 10:43 - 2018-01-01 04:38 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-04-16 10:43 - 2018-01-01 04:38 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
      2018-04-16 10:43 - 2018-01-01 04:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
      2018-04-16 10:43 - 2018-01-01 04:38 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
      2018-04-16 10:43 - 2018-01-01 04:36 - 000314368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
      2018-04-16 10:43 - 2018-01-01 04:36 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
      2018-04-16 10:43 - 2018-01-01 04:35 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
      2018-04-16 10:43 - 2018-01-01 04:35 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
      2018-04-16 10:43 - 2018-01-01 04:35 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
      2018-04-16 10:43 - 2018-01-01 04:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
      2018-04-16 10:43 - 2017-12-05 18:54 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
      2018-04-16 10:43 - 2017-12-05 18:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
      2018-04-14 17:05 - 2018-04-15 21:31 - 000003238 _____ C:\Users\IvailoCOMP\Desktop\Стражева Кула 14.04.2018.txt
      2018-04-14 14:36 - 2016-06-18 07:13 - 039293587 ____N C:\Users\IvailoCOMP\Desktop\MPS-temi.pdf
      2018-04-11 21:09 - 2018-04-15 22:57 - 000000340 _____ C:\Users\IvailoCOMP\Desktop\Програма за четене на Библията.txt
      2018-04-11 20:05 - 2018-04-11 20:05 - 000724759 _____ C:\Users\IvailoCOMP\Desktop\sbr_BL.pdf
      2018-04-11 02:08 - 2018-03-14 20:18 - 000116928 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
      2018-04-11 02:08 - 2018-03-14 20:14 - 000535040 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 001893376 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
      2018-04-11 02:08 - 2018-03-14 16:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000507392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
      2018-04-09 21:55 - 2018-04-09 21:55 - 000003743 _____ C:\Users\IvailoCOMP\Desktop\Ще бъде ли тя добра съпруга.txt
      2018-04-01 23:39 - 2018-04-01 23:39 - 010353227 _____ C:\Users\IvailoCOMP\Desktop\yp2_BL.pdf
      2018-03-23 22:10 - 2018-03-23 22:10 - 002276028 _____ C:\Users\IvailoCOMP\Desktop\Илиянка.rar
      2018-03-23 22:02 - 2018-03-23 22:14 - 000000000 ____D C:\Users\IvailoCOMP\Desktop\Илиянка
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-04-18 19:00 - 2010-11-21 00:01 - 000785704 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-04-18 19:00 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
      2018-04-18 18:57 - 2016-11-18 12:35 - 000000000 ____D C:\Users\IvailoCOMP\AppData\LocalLow\Mozilla
      2018-04-18 18:51 - 2013-11-21 16:12 - 000000000 ____D C:\ProgramData\NVIDIA
      2018-04-18 18:51 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-04-18 18:06 - 2014-10-30 10:05 - 000000000 ____D C:\Windows\pss
      2018-04-18 17:58 - 2017-11-23 09:54 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Local\LogMeIn Hamachi
      2018-04-18 10:38 - 2013-11-21 16:17 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\BitComet
      2018-04-18 10:34 - 2013-11-21 16:05 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\Ashampoo
      2018-04-18 10:34 - 2013-11-21 16:05 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Local\Ashampoo
      2018-04-18 10:32 - 2013-11-21 16:00 - 000000000 ____D C:\Program Files\Ashampoo
      2018-04-18 10:19 - 2013-11-22 16:19 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\DAEMON Tools Lite
      2018-04-18 01:15 - 2009-07-14 07:34 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-04-18 01:15 - 2009-07-14 07:34 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-04-18 01:09 - 2013-12-23 20:48 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\Skype
      2018-04-17 23:11 - 2016-02-29 01:23 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Local\CrashDumps
      2018-04-17 10:17 - 2009-07-14 07:33 - 000452024 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-04-17 10:13 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\PolicyDefinitions
      2018-04-16 22:13 - 2013-11-21 17:15 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\vlc
      2018-04-15 10:51 - 2013-11-21 16:04 - 000000000 ____D C:\Windows\system32\Macromed
      2018-04-12 19:52 - 2016-07-07 19:51 - 000000000 ____D C:\Program Files\Common Files\Overwolf
      2018-04-12 19:52 - 2013-12-14 11:50 - 000000000 ____D C:\Program Files\Overwolf
      2018-04-12 01:04 - 2014-12-11 09:05 - 000000000 ____D C:\Windows\system32\appraiser
      2018-04-11 11:04 - 2017-07-31 12:21 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2018-04-11 11:04 - 2017-07-31 12:21 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2018-04-11 03:13 - 2014-07-15 11:08 - 000000000 ____D C:\Windows\system32\MRT
      2018-04-11 03:06 - 2017-10-11 01:18 - 133987696 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
      2018-04-11 03:06 - 2014-07-15 11:08 - 133987696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2018-04-08 17:50 - 2018-03-01 23:22 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\.minecraft
      2018-03-29 09:46 - 2013-12-21 10:14 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
      2018-03-28 11:20 - 2016-11-16 21:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2018-03-26 12:53 - 2018-02-26 10:26 - 000000000 ____D C:\Users\IvailoCOMP\Desktop\Songs
      ==================== Files in the root of some directories =======
      2016-03-26 15:29 - 2016-03-28 23:17 - 000000646 _____ () C:\Users\IvailoCOMP\AppData\Roaming\MPQEditor.ini
      2013-11-21 17:59 - 2017-11-03 12:59 - 000007599 _____ () C:\Users\IvailoCOMP\AppData\Local\Resmon.ResmonCfg
      Some files in TEMP:
      ====================
      2017-09-29 10:49 - 2017-10-30 16:41 - 000000000 _____ () C:\Users\IvailoCOMP\AppData\Local\Temp\88653d972532a3bfb1eacaae78f1f650.dll
      2017-09-29 10:49 - 2017-10-30 14:33 - 000000088 _____ () C:\Users\IvailoCOMP\AppData\Local\Temp\a4c3de51ada6927383f066bdc8c54e16.dll
      2018-04-08 08:12 - 2018-04-08 08:12 - 058834376 _____ (Skype Technologies S.A.) C:\Users\IvailoCOMP\AppData\Local\Temp\SkypeSetup.exe
      2018-03-01 23:34 - 2018-03-01 23:23 - 000069259 _____ () C:\Users\IvailoCOMP\AppData\Local\Temp\Uninstall.exe
      2017-08-13 10:55 - 2017-08-13 10:55 - 000750560 _____ (adaware) C:\Users\IvailoCOMP\AppData\Local\Temp\WCU002.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2016-05-09 08:13
      ==================== End of FRST.txt ============================
      Addition.txt
  • Дарение

×