Пробив в системата ми, моля помогнете

gilberto · Март 18, 2010

Здравейте!

Един непознат предложил на сестра ми приятелство във Facebook преди няколко месеца и тя го приела.Преди няколки дни въпросния непознат, който е някакъв арабин започва да качва в профила си снимки на сестра ми, които тя има само на компютъра си. И започва да й пише и да й иска скайпа. Аз и казах да му даде моя скайп и след като си писах малко с него(той разбира само френски), той ми звънна и ми показа на камерата си много снимки на сестра ми на мен и на наши приятели,които тя има само на компютъра си.До колкото успях да му проследя IP разбрах ,че е от един град в Тунис. Просто останах потресен от къде може да ги има и как е успял да и влезне в компютъра. След като го докладвахме във Facebook му изтриха профила. След това пак се опитах да си пиша с него, за да разбера от къде има снимките, но нищо не разбирам от френски и той пак ми се обади по скайп и ми пусна на камерата някакво клипче на сестра ми (как тя стои пред лаптопа си). Преди известно време сестра ми получава един файл по скайп (my picture sexy.jpg.scr) от един общ познат и тя го е приела и започнало да и свети камерата, след известно време го изтрила. Този наш познат се опита и на мен да го изпрати но аз не го приех. И сега като си писах с арабина той се опита да ми изпрати същия файл и още един (my picture.jpg.exe) но не ги приех,но не виждам никаква връзка между двамата (арабина от Тунис и нашия приятел от България) и всичко е много странно и объркано. И незнам тези файлови, които са май вируси с тях ли е проникнал в компютъра й и търся компетентно мнение. Много е гадно чуството да знаеш, че някой ти има лични снимки и злоупотребява с тях и че може би е наблюдавал с камерата и правил клипове.

Nicky · Март 18, 2010

Правило едно - не приемай файлове от непознати.

Правило две - не приемай файлове от познати, ако са изпълними (ехе, cmd, bat, pif...)

Правило три - лампичката на камерата ако ти свети и ти се си пускал камера, значи нещо не е наред

Правило четири - не приемай непознати хора където и да е било

Препоръка едно - имаш вирус (троянец, кий логър или и трити), колегите по-запознати с вирусологията ще ти помогнат да махнеш зловредния код от компютър. Данните, които са на отдалечен компютър, няма да можеш да си ги получиш или изтриеш...

ЕДИТ:

Всъщност аз ще се опитам да помогна

Изтеглете OTL.exe и го запазете на десктопа.

Стартирайте файла http://billy-oneal.com/forums/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png с двукратен клик на мишката.

Направете следните настройки:

http://i47.tinypic.com/f1a78i.jpg

Под "Custom Scans/Fixes" с copy/paste въведете следната информация:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
sfcfiles.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%PROGRAMFILES%\*.
%userprofile%\Desktop\*.*
%userprofile%\Desktop\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Натиснете Run Scan.

Като приключи проверката публикувайте двата лог файла - OTL.Txt и Extras.Txt.

Night_Raven · Март 18, 2010

Може би ще прозвуча грубо, но когато някой човек не се грижи за сигурността на системата си, общо взето заслужава това, което му се случва. Защитните програми са за това, да се ползват. Да не и говорим, че тук са нарушени абсолютно базови правила, които всеки потребител, сърфиращ в интернет, би трябвало да знае.

Ето какво бих добавил аз...

Сканирай с Malwarebytes' Anti-Malware и SUPERAntiSpyware Free. Ако вече имаш програмите, провери дали имаш последните версии и ако нямаш, премахни твоите и инсталирай най-новите. Ако тепърва инсталираш програмите, след инсталацията те ще предложат да се обновят автоматично, съгласи се. В противен случай обнови дефинициите им ръчно.

За Malwarebytes' Anti-Malware:

- стартирай програмата;

- избери Perform quick scan (Бързо сканиране) и кликни бутон Scan (Сканирай);

- като приключи сканирането кликни бутон OK и после Show results (Покажи резултатите);

- кликни бутон Remove Selected (Премахни избраните);

- ще се появи текстов файл (лог), копирай съдържанието му тук.

За SUPERAntiSpyware:

- стартирай програмата;

- кликни бутон Scan your Computer (Сканиране на компютъра);

- вляво избери само дял C:, а вдясно избери Perform Complete Scan (Извърши пълно сканиране);

- кликни Next и изчакай програмата да сканира;

- ако има засечени заплахи, кликни OK на съобщението;

- кликни Next, за да се премахнат гадинките, OK на потвърждението и накрая Finish;

- кликни бутон Preferences... (Настройки) и иди на подпрозорец Statistics/Logs (Дневници), маркирай последния лог по дата и кликни бутон View Log... (Покажи дневника);

- копирай съдържанието му тук.

Ако е нужен рестарт при някое от сканиранията, се съгласи и рестартирай веднага.

gilberto · Март 19, 2010

За Nicky и благодаря за вниманието!

OTL logfile created on: 19.3.2010 г. 15:19:29 - Run 2

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Teodor\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: d.M.yyyy 'г.'

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 174,56 Gb Total Space | 65,91 Gb Free Space | 37,76% Space Free | Partition Type: NTFS

Drive D: | 11,75 Gb Total Space | 1,99 Gb Free Space | 16,92% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ZARA

Current User Name: Teodor

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Teodor\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\Teodor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()

PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)

PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe ()

PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe ()

PRC - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe (Time Information Services Ltd.)

PRC - C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe (Nokia Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Teodor\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()

SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)

SRV - (LiveUpdate Notice) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)

========== Driver Services (SafeList) ==========

DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100312.001\IDSvix86.sys (Symantec Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100318.040\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100318.040\NAVENG.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)

DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)

DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)

DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (CO_Mon) -- C:\Windows\System32\drivers\CO_Mon.sys (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)

DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)

DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (COH_Mon) -- C:\Windows\System32\drivers\COH_Mon.sys (Symantec Corporation)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)

DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)

DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)

DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3562250878-1493143731-1499282963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKU\S-1-5-21-3562250878-1493143731-1499282963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-3562250878-1493143731-1499282963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3562250878-1493143731-1499282963-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-3562250878-1493143731-1499282963-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll (BitComet)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-3562250878-1493143731-1499282963-1000\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [HP Health Check Scheduler] File not found

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation)

O4 - HKLM..\Run: [uCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3562250878-1493143731-1499282963-1000..\Run: [{AF3934A9-5805-AF1B-6CED-C174FD64CAC6}] C:\Users\Teodor\AppData\Roaming\server.exe ()

O4 - HKU\S-1-5-21-3562250878-1493143731-1499282963-1000..\Run: [bitComet] C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O4 - HKU\S-1-5-21-3562250878-1493143731-1499282963-1000..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

O4 - HKU\S-1-5-21-3562250878-1493143731-1499282963-1000..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe (Time Information Services Ltd.)

O4 - HKU\S-1-5-21-3562250878-1493143731-1499282963-1000..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

O4 - Startup: C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll (BitComet)

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-21-3562250878-1493143731-1499282963-1000\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ZaRa

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Teodor\Pictures\moreto2009\P1000463.JPG

O24 - Desktop BackupWallPaper: C:\Users\Teodor\Pictures\moreto2009\P1000463.JPG

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.04.25 04:23:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias [2008.01.21 04:34:27 | 000,000,000 | ---D | M]

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010.03.19 14:49:48 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Teodor\Desktop\OTL.exe

[2010.03.17 16:49:54 | 000,000,000 | ---D | C] -- C:\Users\Teodor\Documents\Downloads

========== Files - Modified Within 30 Days ==========

[2010.03.19 15:23:38 | 003,932,160 | -HS- | M] () -- C:\Users\Teodor\ntuser.dat

[2010.03.19 15:17:58 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010.03.19 15:17:58 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010.03.19 15:05:22 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010.03.19 15:02:32 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2FF02674-B369-43D2-9A9E-0973FDF672B7}.job

[2010.03.19 14:49:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Teodor\Desktop\OTL.exe

[2010.03.19 14:48:34 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010.03.19 14:48:34 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010.03.19 14:48:34 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010.03.19 14:44:34 | 000,000,262 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2010.03.19 14:42:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010.03.19 14:42:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.03.19 14:42:03 | 3152,986,112 | -HS- | M] () -- C:\hiberfil.sys

[2010.03.19 04:07:44 | 000,524,288 | -HS- | M] () -- C:\Users\Teodor\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

[2010.03.19 04:07:44 | 000,065,536 | -HS- | M] () -- C:\Users\Teodor\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2010.03.19 04:07:26 | 002,531,474 | -H-- | M] () -- C:\Users\Teodor\AppData\Local\IconCache.db

[2010.03.19 03:40:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3562250878-1493143731-1499282963-1000UA.job

[2010.03.19 02:55:24 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010.03.18 13:40:00 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3562250878-1493143731-1499282963-1000Core.job

[2010.03.18 03:35:43 | 000,002,047 | ---- | M] () -- C:\Users\Teodor\Desktop\Google Chrome.lnk

[2010.03.17 13:32:09 | 000,000,000 | -H-- | M] () -- C:\Users\Teodor\Documents\Default.rdp

[2010.03.17 12:29:43 | 000,030,575 | ---- | M] () -- C:\Users\Teodor\AppData\Roaming\UserTile.png

[2010.03.17 10:52:02 | 000,044,032 | ---- | M] () -- C:\Users\Teodor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.03.15 11:40:47 | 000,175,000 | ---- | M] () -- C:\Users\Teodor\Documents\creepy-baby.jpg

[2010.03.11 14:28:01 | 000,002,377 | ---- | M] () -- C:\Users\Teodor\Desktop\Skype.lnk

[2010.02.27 19:12:22 | 000,023,430 | ---- | M] () -- C:\Users\Teodor\8.jpg

[2010.02.27 19:12:22 | 000,021,049 | ---- | M] () -- C:\Users\Teodor\7.jpg

[2010.02.27 18:42:27 | 000,006,944 | ---- | M] () -- C:\Users\Teodor\AppData\Local\d3d9caps.dat

[2010.02.25 22:11:48 | 008,793,916 | ---- | M] () -- C:\Users\Teodor\Documents\Milko Kalaidjiev ft.Pepi Hristozova -100 godini samota.mp3

[2010.02.25 04:37:43 | 000,077,136 | ---- | M] () -- C:\Users\Teodor\AppData\Local\GDIPFONTCACHEV1.DAT

[2010.02.25 04:15:09 | 000,315,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010.02.24 23:12:43 | 000,104,317 | ---- | M] () -- C:\Users\Teodor\AppData\Roaming\server.exe

[2010.02.23 14:09:27 | 003,279,487 | ---- | M] () -- C:\Users\Teodor\Documents\DSC00752.JPG

[2010.02.22 03:20:47 | 007,696,306 | ---- | M] () -- C:\Users\Teodor\Documents\Tuesley farm 2009 10 karavana_1.wmv

[2010.02.21 20:30:14 | 000,796,493 | ---- | M] () -- C:\Users\Teodor\Documents\IMG_8289.JPG

[2010.02.18 16:30:44 | 000,872,208 | ---- | M] () -- C:\Users\Teodor\Documents\HPIM3478.jpg

========== Files Created - No Company Name ==========

[2010.03.17 13:32:09 | 000,000,000 | -H-- | C] () -- C:\Users\Teodor\Documents\Default.rdp

[2010.03.17 12:29:43 | 000,030,575 | ---- | C] () -- C:\Users\Teodor\AppData\Roaming\UserTile.png

[2010.03.15 11:40:33 | 000,175,000 | ---- | C] () -- C:\Users\Teodor\Documents\creepy-baby.jpg

[2010.02.27 19:12:19 | 000,023,430 | ---- | C] () -- C:\Users\Teodor\8.jpg

[2010.02.27 19:12:19 | 000,021,049 | ---- | C] () -- C:\Users\Teodor\7.jpg

[2010.02.25 22:10:35 | 008,793,916 | ---- | C] () -- C:\Users\Teodor\Documents\Milko Kalaidjiev ft.Pepi Hristozova -100 godini samota.mp3

[2010.02.24 23:14:05 | 000,104,317 | ---- | C] () -- C:\Users\Teodor\AppData\Roaming\server.exe

[2010.02.23 14:08:18 | 003,279,487 | ---- | C] () -- C:\Users\Teodor\Documents\DSC00752.JPG

[2010.02.22 03:18:32 | 007,696,306 | ---- | C] () -- C:\Users\Teodor\Documents\Tuesley farm 2009 10 karavana_1.wmv

[2010.02.21 20:30:00 | 000,796,493 | ---- | C] () -- C:\Users\Teodor\Documents\IMG_8289.JPG

[2010.02.18 16:30:07 | 000,872,208 | ---- | C] () -- C:\Users\Teodor\Documents\HPIM3478.jpg

[2009.02.18 11:00:44 | 000,027,934 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009.02.18 11:00:41 | 000,027,934 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2008.12.20 15:31:32 | 000,001,016 | ---- | C] () -- C:\Users\Teodor\AppData\Roaming\NMM-MetaData.db

[2008.12.10 21:57:50 | 000,022,823 | ---- | C] () -- C:\Users\Teodor\AppData\Roaming\addon.dat

[2008.09.27 09:24:43 | 000,000,119 | ---- | C] () -- C:\Users\Teodor\AppData\Roaming\default.pls

[2008.09.21 02:13:27 | 000,027,430 | ---- | C] () -- C:\Users\Teodor\AppData\Roaming\nvModes.001

[2008.09.21 02:13:05 | 000,027,430 | ---- | C] () -- C:\Users\Teodor\AppData\Roaming\nvModes.dat

[2008.09.17 09:03:29 | 000,044,032 | ---- | C] () -- C:\Users\Teodor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.08.26 10:18:33 | 000,000,000 | ---- | C] () -- C:\Users\Teodor\AppData\Local\QSwitch.txt

[2008.08.26 10:18:33 | 000,000,000 | ---- | C] () -- C:\Users\Teodor\AppData\Local\DSwitch.txt

[2008.08.26 10:18:33 | 000,000,000 | ---- | C] () -- C:\Users\Teodor\AppData\Local\AtStart.txt

[2008.08.26 07:06:58 | 000,006,944 | ---- | C] () -- C:\Users\Teodor\AppData\Local\d3d9caps.dat

[2008.08.26 06:37:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008.08.05 11:05:43 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2008.04.25 04:38:18 | 000,000,372 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2007.03.29 23:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2004.06.05 11:56:16 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2003.03.25 05:49:02 | 000,152,064 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2001.09.17 12:20:02 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll

========== LOP Check ==========

[2008.12.20 15:31:40 | 000,000,000 | ---D | M] -- C:\Users\Teodor\AppData\Roaming\Nokia

[2009.04.15 12:42:47 | 000,000,000 | ---D | M] -- C:\Users\Teodor\AppData\Roaming\PC Suite

[2008.09.21 02:13:02 | 000,000,000 | ---D | M] -- C:\Users\Teodor\AppData\Roaming\PlayFirst

[2009.01.30 19:32:30 | 000,000,000 | ---D | M] -- C:\Users\Teodor\AppData\Roaming\WildTangent

[2010.03.19 04:07:36 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010.03.19 15:02:32 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2FF02674-B369-43D2-9A9E-0973FDF672B7}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2008.04.25 04:23:11 | 000,000,074 | ---- | M] () -- C:\autoexec.bat

[2008.01.21 04:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr

[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2010.03.19 14:42:03 | 3152,986,112 | -HS- | M] () -- C:\hiberfil.sys

[2008.04.25 04:00:19 | 000,000,385 | -H-- | M] () -- C:\IPH.PH

[2010.03.19 14:42:01 | 3466,776,576 | -HS- | M] () -- C:\pagefile.sys

< MD5 for: AGP440.SYS >

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >

[2007.01.13 07:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2008.01.21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2008.01.21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %PROGRAMFILES%\*. >

[2008.09.21 04:07:28 | 000,000,000 | ---D | M] -- C:\Program Files\ACE Mega CoDecS Pack

[2008.04.25 04:36:15 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites

[2008.04.25 04:39:57 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe

[2008.04.25 04:00:19 | 000,000,000 | ---D | M] -- C:\Program Files\AIM6

[2008.08.05 11:07:38 | 000,000,000 | ---D | M] -- C:\Program Files\Atheros

[2008.04.25 04:52:50 | 000,000,000 | ---D | M] -- C:\Program Files\AWS

[2008.08.26 07:13:17 | 000,000,000 | ---D | M] -- C:\Program Files\BitComet

[2008.12.20 15:29:00 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files

[2008.08.05 11:07:06 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT

[2008.08.05 11:18:06 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink

[2008.12.20 15:28:45 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX

[2008.04.25 04:51:48 | 000,000,000 | ---D | M] -- C:\Program Files\earthlink totalaccess

[2008.08.26 10:12:58 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts

[2008.09.21 02:40:06 | 000,000,000 | ---D | M] -- C:\Program Files\GRETECH

[2008.08.05 11:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard

[2008.08.05 11:11:08 | 000,000,000 | ---D | M] -- C:\Program Files\HP

[2008.08.05 11:21:31 | 000,000,000 | ---D | M] -- C:\Program Files\HP Games

[2008.08.26 10:08:07 | 000,000,000 | ---D | M] -- C:\Program Files\HPQ

[2008.08.26 10:13:04 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information

[2010.01.23 03:19:29 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer

[2008.12.18 14:27:41 | 000,000,000 | ---D | M] -- C:\Program Files\Java

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games

[2008.04.25 04:35:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office

[2008.04.25 04:11:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works

[2008.04.25 04:34:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET

[2010.03.11 14:28:15 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild

[2008.08.26 06:29:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0

[2008.04.25 04:22:47 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies

[2008.09.21 03:22:01 | 000,000,000 | ---D | M] -- C:\Program Files\Nero

[2008.08.05 11:05:29 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting

[2008.12.20 15:28:58 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia

[2009.04.20 14:21:24 | 000,000,000 | ---D | M] -- C:\Program Files\Norton 360

[2008.08.26 10:14:45 | 000,000,000 | R--D | M] -- C:\Program Files\Online Services

[2008.12.20 15:27:49 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies

[2008.10.27 19:24:41 | 000,000,000 | R--D | M] -- C:\Program Files\Skype

[2008.04.25 04:37:19 | 000,000,000 | ---D | M] -- C:\Program Files\Sling Media

[2009.01.07 21:14:40 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec

[2008.08.05 11:04:05 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics

[2006.11.02 15:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information

[2008.04.25 04:00:18 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint

[2008.08.26 07:24:51 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp

[2008.01.21 04:35:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar

[2008.01.21 04:35:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration

[2008.01.21 04:35:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender

[2008.01.21 04:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal

[2010.03.11 14:28:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail

[2009.11.01 22:02:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT

[2008.01.21 04:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery

[2008.01.21 04:35:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

[2008.08.05 11:08:02 | 000,000,000 | ---D | M] -- C:\Program Files\WinTV

[2008.08.26 10:14:27 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %userprofile%\Desktop\*.* >

[2008.08.26 10:17:58 | 000,000,282 | -HS- | M] () -- C:\Users\Teodor\Desktop\desktop.ini

[2010.03.18 03:35:43 | 000,002,047 | ---- | M] () -- C:\Users\Teodor\Desktop\Google Chrome.lnk

[2010.03.19 14:49:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Teodor\Desktop\OTL.exe

[2010.03.11 14:28:01 | 000,002,377 | ---- | M] () -- C:\Users\Teodor\Desktop\Skype.lnk

< %userprofile%\Desktop\*. >

[2008.12.20 15:34:02 | 000,000,000 | ---D | M] -- C:\Users\Teodor\Desktop\New Folder

[2008.12.18 15:51:16 | 000,000,000 | ---D | M] -- C:\Users\Teodor\Desktop\Programs

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-11 12:27:26

========== Files - Unicode (All) ==========

[2010.03.16 19:15:04 | 000,129,821 | ---- | M] ()(C:\Users\Teodor\Documents\Ecia?a?aiea375.jpg) -- C:\Users\Teodor\Documents\Èçîáðàæåíèå375.jpg

[2010.03.16 19:15:01 | 000,129,821 | ---- | C] ()(C:\Users\Teodor\Documents\Ecia?a?aiea375.jpg) -- C:\Users\Teodor\Documents\Èçîáðàæåíèå375.jpg

< End of report >

OTL Extras logfile created on: 19.3.2010 г. 15:19:29 - Run 2

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Teodor\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: d.M.yyyy 'г.'

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 174,56 Gb Total Space | 65,91 Gb Free Space | 37,76% Space Free | Partition Type: NTFS

Drive D: | 11,75 Gb Total Space | 1,99 Gb Free Space | 16,92% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ZARA

Current User Name: Teodor

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{11C8DC70-3736-4C5E-AA43-D49EAA46E75F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{11CF649A-B94A-4777-BBC2-B29FB89F961F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{4F8FE39B-E3A0-4D90-83AD-83D645F2240B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{5BAF8BBA-9BCA-4716-866F-2299D6B76166}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{6435A5D5-321F-405F-AB32-F4CDD8884A4F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{71E69720-498E-4AC0-B143-D5C5E53EA1E4}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{7DAAA77D-D339-4C00-A7D1-42881E692799}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{7EB085B8-344E-41CB-9D92-AB651F064199}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{AF92B6E9-02ED-485F-8196-528D4296F852}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{B45744D4-86A4-4417-A215-719ED5DE9E9A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{CEB005FC-A593-403D-9E0F-B5D6D6CB7B01}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{D02CD799-219B-4062-A6DD-FDB1E25FCD3A}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{D1D6E669-9DD7-4B12-8B84-4A3DF994AD90}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{F5FD2F6C-4959-4877-8963-91D77D16EACE}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"TCP Query User{BB832808-05D7-4596-A72C-57B4027A9D7E}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |

"UDP Query User{9198D151-EB71-4A92-BC77-7561CCF68E28}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing

"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp

"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1

"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution

"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs

"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360

"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ Beta 4.0

"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup

"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program

"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support

"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1

"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360

"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087

"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit

"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4

"{891D0B03-05DF-4CD1-B267-268FDA1C1033}" = Nero 8

"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1

"{8FB6F97F-5EDB-41AA-A875-86874FE36202}" = SymNet

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend

"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1

"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin

"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor

"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon

"{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}" = Nokia Connectivity Cable Driver

"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs

"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant

"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update

"{D5577624-0626-4C4B-87AA-D966DA1739D6}" = Nokia PC Suite

"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component

"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)

"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore

"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link

"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo

"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack

"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)

"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AIM_6" = AIM 6

"BitComet" = BitComet 1.03

"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)

"CNXT_AUDIO_HDA" = Conexant HD Audio

"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"GOM Player" = GOM Player

"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"HP Smart Web Printing" = HP Smart Web Printing

"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Nokia PC Suite" = Nokia PC Suite

"NVIDIA Drivers" = NVIDIA Drivers

"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)

"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6

"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"ViewpointMediaPlayer" = Viewpoint Media Player

"WildTangent hp Master Uninstall" = My HP Games

"Winamp" = Winamp

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3562250878-1493143731-1499282963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 17.3.2010 г. 02:59:51 | Computer Name = ZaRa.ZaRa | Source = WinMgmt | ID = 10

Description =

Error - 17.3.2010 г. 03:01:01 | Computer Name = ZaRa.ZaRa | Source = Application Error | ID = 1000

Description = Faulting application NMIndexStoreSvr.exe, version 3.3.8.0, time stamp

0x4860cce5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception

code 0xc0000096, fault offset 0x02020202, process id 0xf8c, application start time

0x01cac59f6dad1030.

Error - 17.3.2010 г. 05:13:39 | Computer Name = ZaRa.ZaRa | Source = WinMgmt | ID = 10

Description =

Error - 17.3.2010 г. 05:15:05 | Computer Name = ZaRa.ZaRa | Source = Application Error | ID = 1000

Description = Faulting application NMIndexStoreSvr.exe, version 3.3.8.0, time stamp

0x4860cce5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception

code 0xc0000005, fault offset 0x07070707, process id 0x83c, application start time

0x01cac5b21d3de508.

Error - 17.3.2010 г. 21:24:37 | Computer Name = ZaRa.ZaRa | Source = WinMgmt | ID = 10

Description =

Error - 17.3.2010 г. 21:25:40 | Computer Name = ZaRa.ZaRa | Source = Application Error | ID = 1000

Description = Faulting application NMIndexStoreSvr.exe, version 3.3.8.0, time stamp

0x4860cce5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception

code 0xc0000005, fault offset 0x02020202, process id 0xf64, application start time

0x01cac639c30b21cd.

Error - 18.3.2010 г. 06:58:28 | Computer Name = ZaRa.ZaRa | Source = WinMgmt | ID = 10

Description =

Error - 18.3.2010 г. 06:59:37 | Computer Name = ZaRa.ZaRa | Source = Application Error | ID = 1000

Description = Faulting application NMIndexStoreSvr.exe, version 3.3.8.0, time stamp

0x4860cce5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception

code 0xc0000096, fault offset 0x02020202, process id 0xfe4, application start time

0x01cac689eab714b4.

Error - 18.3.2010 г. 13:42:47 | Computer Name = ZaRa.ZaRa | Source = WinMgmt | ID = 10

Description =

Error - 18.3.2010 г. 13:43:29 | Computer Name = ZaRa.ZaRa | Source = Application Error | ID = 1000

Description = Faulting application NMIndexStoreSvr.exe, version 3.3.8.0, time stamp

0x4860cce5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception

code 0xc0000096, fault offset 0x02020202, process id 0xf30, application start time

0x01cac6c26b232b3f.

[ Media Center Events ]

Error - 30.10.2009 г. 03:54:03 | Computer Name = ZaRa.ZaRa | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]

Error - 17.3.2010 г. 05:12:04 | Computer Name = ZaRa.ZaRa | Source = HTTP | ID = 15016

Description =

Error - 17.3.2010 г. 05:13:39 | Computer Name = ZaRa.ZaRa | Source = Service Control Manager | ID = 7000

Description =

Error - 17.3.2010 г. 21:23:46 | Computer Name = ZaRa.ZaRa | Source = HTTP | ID = 15016

Description =

Error - 17.3.2010 г. 21:24:37 | Computer Name = ZaRa.ZaRa | Source = Service Control Manager | ID = 7000

Description =

Error - 18.3.2010 г. 06:56:55 | Computer Name = ZaRa.ZaRa | Source = HTTP | ID = 15016

Description =

Error - 18.3.2010 г. 06:58:29 | Computer Name = ZaRa.ZaRa | Source = Service Control Manager | ID = 7000

Description =

Error - 18.3.2010 г. 13:41:54 | Computer Name = ZaRa.ZaRa | Source = HTTP | ID = 15016

Description =

Error - 18.3.2010 г. 13:42:48 | Computer Name = ZaRa.ZaRa | Source = Service Control Manager | ID = 7000

Description =

Error - 19.3.2010 г. 08:42:11 | Computer Name = ZaRa.ZaRa | Source = HTTP | ID = 15016

Description =

Error - 19.3.2010 г. 08:43:49 | Computer Name = ZaRa.ZaRa | Source = Service Control Manager | ID = 7000

Description =

< End of report >

За Night_Raven и благодаря!

Malwarebytes' Anti-Malware 1.44

Версия на базата от данни: 3885

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

19.3.2010 г. 15:47:02

mbam-log-2010-03-19 (15-47-02).txt

Тип сканиране: Бързо сканиране

Сканирани обекти: 107600

Изминало време: 4 minute(s), 52 second(s)

Заразени процеси в паметта: 0

Заразени модули в паметта: 0

Заразени ключове в регистратурата: 2

Заразени стойности в регистратурата: 1

Заразени информационни обекти в регистратурата: 0

Заразени папки: 0

Заразени файлове: 2

Заразени процеси в паметта:

(Не бяха открити заплахи)

Заразени модули в паметта:

(Не бяха открити заплахи)

Заразени ключове в регистратурата:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\bifrost (Bifrose.Trace) -> Quarantined and deleted successfully.

Заразени стойности в регистратурата:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{af3934a9-5805-af1b-6ced-c174fd64cac6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Заразени информационни обекти в регистратурата:

(Не бяха открити заплахи)

Заразени папки:

(Не бяха открити заплахи)

Заразени файлове:

C:\Users\Teodor\AppData\Roaming\server.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Teodor\AppData\Roaming\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 03/19/2010 at 04:43 PM

Application Version : 4.34.1000

Core Rules Database Version : 4596

Trace Rules Database Version: 1978

Scan type : Complete Scan

Total Scan Time : 00:47:45

Memory items scanned : 716

Memory threats detected : 0

Registry items scanned : 8507

Registry threats detected : 0

File items scanned : 33914

File threats detected : 91

Adware.Tracking Cookie

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@www.socialtrack[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@adv.novinar[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@lfstmedia[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.ibox[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@account.impulse[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@account-bg[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@bghotelite[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ad.investor[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.blackboardstudio[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@sextvbg[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@www.free-counter[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@adv.bb-team[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ad.orbitel[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@adv.gamerzhut[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@bgteens[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@zodiak.bg-sex[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@mywebsearch[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@femalehabits[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.stara-zagora[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@www.googleadservices[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@www.googleadservices[6].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.novsport[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@socialmedia[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@porno-bg-sex[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.standartnews[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@sexuragan[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads2.zonastop[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.premiership[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@members.bg-sex[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.playboy[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.ookla[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ad.biscom[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@dartikurvi.sexuragan[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.pimdesign[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@media.causes[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@teenproblem[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@specificmedia[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@media.exchange[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@adinterax[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.fema-bg[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@delivery.usermedia[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@naiadsystems[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@zahotelite[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@invitemedia[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@onlinemedia[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ad.httpool[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@media6degrees[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@sex.bg-sex[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.mucunki[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.viecorp[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@serw.clicksor[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@interclick[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@chernomorets.bghotelite[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@adv.helikon[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@adv.zarata[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@adv.famous[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.teleint[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@galabovo.bghotelite[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@www.teenproblem[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@bg-sex[3].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@bg-sex[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@www.pornhub[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@pornhublive[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@sexsale[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@www.teenspace-bg[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.onmedia[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.ehhaa[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@sexvek[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@banner.mymedia[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ad.krasivi[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@pornbg[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@bgteen[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@sex4bg[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@rem.rezonmedia[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@www.sex4bg[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.blitz[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@eas.apm.emediate[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@counter.search[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@yourfuckbook[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.kaldata[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.btv[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.neg[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.adultadvertising[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@www.pornhublive[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.4shared[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.gay[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ad-bg[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.gamesbannernet[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@ads.pop[2].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@zanox-affiliate[1].txt

C:\Users\Teodor\AppData\Roaming\Microsoft\Windows\Cookies\Low\teodor@pornhub[2].txt

Pe6o · Март 19, 2010

gilberto,

Един непознат предложил на сестра ми приятелство във Facebook преди няколко месеца и тя го приела.Преди няколки дни въпросния непознат, който е някакъв арабин започва да качва в профила си снимки на сестра ми, които тя има само на компютъра си

Така описаният проблем предполага работа без активирана защитна стена. При това положение злоумишленик може много лесно да влезе в компютъра и да прави каквото си поиска, в случая "вашият приятел" е изтеглил снимките.

VY 73!

Nicky · Март 22, 2010

Здравей, пробвай този фикс:

Отвори OTL и в колонката под Custom Scans/Fixes въведи

:OTL
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKU\S-1-5-21-3562250878-1493143731-1499282963-1000..\Run: [{AF3934A9-5805-AF1B-6CED-C174FD64CAC6}] C:\Users\Teodor\AppData\Roaming\server.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab  (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
:files
C:\WINDOWS\system32\eventlog.dll|C:\WINDOWS\system32\logevent.dll /replace

след това натисни Run Fix и докладвай как е положението.

Влез

Пробив в системата ми, моля помогнете

Препоръчан пост

gilberto

Link to comment

Сподели другаде

Nicky

Link to comment

Сподели другаде

Night_Raven

Link to comment

Сподели другаде

gilberto

Link to comment

Сподели другаде

Pe6o

Link to comment

Сподели другаде

Nicky

Link to comment

Сподели другаде

Join the conversation

Разгледай

Какво ново?