Към съдържанието




Снимка
- - - - -

Mediashifting.com - скъса ми нервите!


  • Моля влезте за да отговорите
46 отговора в тази тема

#1 laker

laker

    Новобранец

  • Потребители
  • Pip
  • 23 мнения

Публикувано 18 януари 2012 - 11:05

Съжалявам ако вече някъде е обяснявано! Моля за помощ с този Mediashifting.com проблем. Всяко търсене в Google се пренасочвам към някъкви сайтове.
Предварително благодаря!

Ето DDS лога:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Ivailo Kunev at 11:27:36 on 2012-01-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3002.1404

[GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-

BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-

B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-

DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform

\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\hasplms.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.selfinvest.eu/
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=c:\users\ivailo kunev\appdata\local\c72fd8b1\X
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3}

- c:\program files\common files\adobe\acrobat\activex

\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:

\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:

\program files\microsoft\search enhancement pack\search helper

\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-

0bbc1d38a37e} - c:\program files\microsoft office

\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-

5164760863c6} - c:\program files\common files\microsoft shared

\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-

9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash

/minimized
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite

7\PCSuite.exe" -onlytray
uRun: [mlfg8hkidd] c:\users\ivailo kunev\mlfg8hkidd.exe
uRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

-s
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes

\virtualclonedrive\VCDDaemon.exe" /s
mRun: [GrooveMonitor] "c:\program files\microsoft office

\office12\GrooveMonitor.exe"
mRun: [CNAP2 Launcher] c:\windows\system32\spool\drivers

\w32x86\3\CNAP2LAK.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader

9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm

\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple

\mobile device support\AppleSyncNotifier.exe
mRun: [Windows Mobile-based device management] %windir%

\WindowsMobile\wmdcBase.exe
mRun: [nmctxth] "c:\program files\common files\pure networks

shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic

\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -

atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple

application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [XoftSpySE] "c:\program files\xoftspyse6\XoftSpySE.exe" -NM

-hidesplash
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &?&???? &? BitComet - c:\program files\bitcomet

\BitComet.exe/AddLink.htm
IE: &?&???? ?????? ? BitComet - c:\program files\bitcomet

\BitComet.exe/AddAllLink.htm
IE: &?&???? ???????? ????? ? BitComet - c:\program files\bitcomet

\BitComet.exe/AddVideo.htm
IE: E&xport to Microsoft Excel - c:

\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program

files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
LSP: mswsock.dll
Trusted Zone: bulbank.bg\online
Trusted Zone: rid.bg\test-impero
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -

hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.ca

b
DPF: {3CF8817B-58DF-4C4A-96BB-21C0A8D822D7} - hxxp://test-

impero.rid.bg/Elements4.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -

hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.

cab
DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} -

hxxps://online.bulbank.bg/capicom.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash

.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} -

hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
TCP: DhcpNameServer = 91.191.208.34
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9} :

NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9} :

DhcpNameServer = 91.191.208.34
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-

C20C2B2D76A9}\24F425F465544535 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\35F6669616

: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\35F6669616

: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-

C20C2B2D76A9}\45F495F44514 : NameServer =

208.67.222.222,208.67.220.220
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-

C20C2B2D76A9}\45F495F44514 : DhcpNameServer = 10.172.5.202

10.172.4.201 10.172.6.201
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-

C20C2B2D76A9}\5564D2435647 : NameServer =

208.67.222.222,208.67.220.220
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-

C20C2B2D76A9}\5564D2435647 : DhcpNameServer = 62.44.118.1

62.44.96.1
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\64C4F42514

: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\64C4F42514

: DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

c:\program files\microsoft office

\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:

\program files\common files\pure networks shared\platform

\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:

\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:

\program files\windows live\photo gallery

\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-

52453494e6cd} - c:\program files\microsoft office

\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ivailo kunev\appdata\roaming\mozilla

\firefox\profiles\edq3203t.default\
FF - prefs.js: browser.startup.homepage -

hxxp://www.selfinvest.eu/
FF - plugin: c:\program files\adobe\reader 9.0\reader\air

\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin

\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight

\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins

\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery

\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86
R? ekrn;ESET Service
R? GdmFilt;GCT USB Mass Storage Filter Service
R? MdmUWm;MDM WiMAX USB Composite Device
R? netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver

for Windows Vista 32 Bit
R? qcusbser;Modem Interface USB Device for Legacy Serial

Communication
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? Synth3dVsc;Synth3dVsc
R? TsUsbFlt;TsUsbFlt
R? tsusbhub;tsusbhub
R? VGPU;VGPU
R? vtigercrmApache530;vtigercrmApache530
R? vtigercrmMysql530;vtigercrmMysql530
R? WatAdminSvc;?????? ?? ???????????? ?? ?????????? ?? Windows
R? WebTutorCorpServer;WebTutorCorpServer
R? WSDPrintDevice;WSD Print Support via UMB
R? XoftSpyService;XoftSpyService
S? epfwwfp;epfwwfp
S? hasplms;HASP License Manager
S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E

Ethernet Controller (NDIS 6.20)
S? NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver

for Windows 7 - 32 Bit
S? VWiFiFlt;Virtual WiFi Filter Driver
S? vwifimp;Microsoft Virtual WiFi Miniport Service
.
=============== Created Last 30 ================
.
2012-01-18 07:57:10 -------- d-----w- c:\program

files\ESET
2012-01-18 05:44:46 -------- d-----w- c:

\programdata\ParetoLogic
2012-01-18 05:44:45 -------- d-----w- c:\program

files\common files\ParetoLogic
2012-01-18 05:44:43 -------- d-----w- c:

\programdata\XoftSpySE
2012-01-18 05:44:43 -------- d-----w- c:\program

files\common files\XoftSpySE
2012-01-18 05:44:42 -------- d-----w- c:\program

files\XoftSpySE6
2012-01-18 05:30:06 -------- d-----w- c:\users

\ivailo kunev\Antivirus
2012-01-17 20:07:05 398848 ----a-w- c:\windows

\system32\TVWizudlg.exe
2012-01-17 20:07:05 140288 ----a-w- c:\windows

\system32\igfxtvcx.dll
2012-01-17 20:07:05 -------- d-----w- c:

\windows\system32\Lang
2012-01-17 19:46:08 53160 ----a-w- c:\windows

\system32\epfwdata.bin
2012-01-16 13:30:11 -------- d-sh--w- c:

\windows\system32\%APPDATA%
2012-01-16 13:07:47 0 --sha-w- c:\windows

\system32\dds_log_trash.cmd
2012-01-16 13:02:05 -------- d-sh--w- c:\users

\ivailo kunev\appdata\local\c72fd8b1
2012-01-13 10:31:48 6823496 ----a-w- c:\programdata

\microsoft\windows defender\definition updates\{ff3924b3-e2de-

47a6-9b6d-1003037fae12}\mpengine.dll
2012-01-11 13:16:54 224768 ----a-w- c:\windows

\system32\schannel.dll
2012-01-11 13:16:53 134000 ----a-w- c:\windows

\system32\drivers\ksecpkg.sys
2012-01-11 13:16:53 1038848 ----a-w- c:\windows

\system32\lsasrv.dll
2012-01-11 13:16:52 369352 ----a-w- c:\windows

\system32\drivers\cng.sys
2012-01-11 13:16:51 67440 ----a-w- c:\windows

\system32\drivers\ksecdd.sys
2012-01-11 13:16:51 314880 ----a-w- c:\windows

\system32\webio.dll
2012-01-11 13:16:51 22528 ----a-w- c:\windows

\system32\lsass.exe
2012-01-11 13:16:50 22016 ----a-w- c:\windows

\system32\secur32.dll
2012-01-11 13:16:50 15872 ----a-w- c:\windows

\system32\sspisrv.dll
2012-01-11 13:16:50 100352 ----a-w- c:\windows

\system32\sspicli.dll
2012-01-11 13:15:01 1288472 ----a-w- c:\windows

\system32\ntdll.dll
2012-01-11 13:14:56 67072 ----a-w- c:\windows

\system32\packager.dll
2012-01-11 13:14:53 1328128 ----a-w- c:\windows

\system32\quartz.dll
2012-01-11 13:14:52 514560 ----a-w- c:\windows

\system32\qdvd.dll
2012-01-08 13:43:14 479232 ----a-w- c:\program files

\mozilla firefox\msvcm80.dll
2012-01-08 13:43:14 43992 ----a-w- c:\program files

\mozilla firefox\mozutils.dll
2012-01-08 13:43:13 626688 ----a-w- c:\program files

\mozilla firefox\msvcr80.dll
2012-01-08 13:43:13 548864 ----a-w- c:\program files

\mozilla firefox\msvcp80.dll
.
==================== Find3M ====================
.
2012-01-16 13:07:26 414368 ----a-w- c:\windows

\system32\FlashPlayerCPLApp.cpl
2011-11-24 04:25:27 2342912 ----a-w- c:\windows

\system32\win32k.sys
2011-11-05 04:26:03 2048 ----a-w- c:\windows

\system32\tzres.dll
2011-10-26 04:47:40 3967856 ----a-w- c:\windows

\system32\ntkrnlpa.exe
2011-10-26 04:47:40 3912560 ----a-w- c:\windows

\system32\ntoskrnl.exe
2011-10-26 04:28:12 38912 ----a-w- c:\windows

\system32\csrsrv.dll
.
============= FINISH: 11:32:27.78 ===============


Ето и Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 30-Sep-09 02:14:44
System Uptime: 18-Jan-12 10:05:21 (1 hours ago)
.
Motherboard: Acer | | Aspire 4810T
Processor: Intel® Core™2 Solo CPU U3500 @ 1.40GHz | CPU |

1400/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 332.662 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP377: 10-Jan-12 11:03:03 - Windows Update
RP379: 13-Jan-12 11:26:27 - Windows Modules Installer
RP380: 13-Jan-12 12:31:13 - Windows Update
RP381: 17-Jan-12 16:54:04 - Removed Java™ 6 Update 22
RP382: 17-Jan-12 17:10:25 - Removed QlikView x86.
RP383: 17-Jan-12 21:46:00 - Installed ESET Smart Security
RP384: 17-Jan-12 22:12:17 - Installed ESET Smart Security
RP385: 17-Jan-12 22:27:14 - Installed ESET Smart Security
RP386: 17-Jan-12 22:46:51 - Installed ESET Smart Security
RP387: 17-Jan-12 22:49:28 - Installed ESET Smart Security
RP388: 18-Jan-12 09:51:44 - Installed ESET NOD32 Antivirus
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
?????????? ???????? WebTutor 2
??????????? ?? Windows Live
????????????????? WebTutor 2
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.9 (Unicode)
BitComet 1.15
Bonjour
Business Plan Pro 2007
Buzan's iMindMap V4
Canon LBP3010/LBP3018/LBP3050
CASHFLOW® 202 THE E-GAME
CASHFLOW® THE E-GAME
Cisco Network Magic
CourseLab 2.4
D3DX10
Documents To Go Desktop for iPhone
E-Staff Ðåêðóòåð Äåìî
Favorite-Games 5.16
FileZilla Client 3.5.2
Football Manager 2009
FreeRIP v3.6
iCloud
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
IrfanView (remove only)
ItaEst - Taka e!
iTunes
Java Auto Updater
Junk Mail filter update
Marketing Plan Pro 9.0
MetaTrader 4 STS Finance 4.00
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft CAPICOM 2.1.0.2 SDK
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86

9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mozilla Firefox 9.0.1 (x86 bg)
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Magic
Nokia Connectivity Cable Driver
Nokia PC Suite
OGA Notifier 2.0.0048.0
Palo Alto Software's Application Manager 8.2
PC Connectivity Solution
Project KickStart 5
Pure Networks Platform
QuickTime
Realtek High Definition Audio Driver
RichFLV
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-

Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764)

32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912)

32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705)

32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 4.2
The Bat! Professional v4.1.11
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features

(KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VirtualCloneDrive
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Movie Maker 2.6
WinRAR archiver
XoftSpySE
.
==== Event Viewer Messages From Past Week ========
.
18-Jan-12 10:48:08, Error: Service Control Manager [7031] - The

Print Spooler service terminated unexpectedly. It has done this 2

time(s). The following corrective action will be taken in 60000

milliseconds: Restart the service.
18-Jan-12 10:21:15, Error: Service Control Manager [7034] - The

XoftSpyService service terminated unexpectedly. It has done this

1 time(s).
18-Jan-12 10:20:59, Error: Service Control Manager [7031] - The

Print Spooler service terminated unexpectedly. It has done this 1

time(s). The following corrective action will be taken in 60000

milliseconds: Restart the service.
18-Jan-12 10:06:37, Error: Service Control Manager [7024] - The

HomeGroup Listener service terminated with service-specific error

%%-2147023143.
18-Jan-12 10:05:55, Error: Service Control Manager [7000] - The

vtigercrmMysql530 service failed to start due to the following

error: The system cannot find the file specified.
18-Jan-12 10:05:55, Error: Service Control Manager [7000] - The

vtigercrmApache530 service failed to start due to the following

error: The system cannot find the file specified.
18-Jan-12 10:05:51, Error: Service Control Manager [7003] - The

IPsec Policy Agent service depends the following service: BFE.

This service might not be installed.
18-Jan-12 10:05:50, Error: Service Control Manager [7003] - The

IKE and AuthIP IPsec Keying Modules service depends the following

service: BFE. This service might not be installed.
18-Jan-12 10:05:47, Error: Service Control Manager [7023] - The

Computer Browser service terminated with the following error: The

specified service does not exist as an installed service.
18-Jan-12 10:04:42, Error: Service Control Manager [7032] - The

Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the RPC Endpoint

Mapper service, but this action failed with the following error:

An instance of the service is already running.
18-Jan-12 10:03:31, Error: Service Control Manager [7024] - The

Remote Procedure Call (RPC) service terminated with service-

specific error Access is denied..
18-Jan-12 10:02:42, Error: Service Control Manager [7032] - The

Service Control Manager tried to take a corrective action (Reboot

the machine) after the unexpected termination of the Remote

Procedure Call (RPC) service, but this action failed with the

following error: A system shutdown has already been scheduled.
18-Jan-12 10:02:42, Error: Service Control Manager [7031] - The

RPC Endpoint Mapper service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in

120000 milliseconds: Restart the service.
18-Jan-12 10:02:42, Error: Service Control Manager [7031] - The

Remote Procedure Call (RPC) service terminated unexpectedly. It

has done this 1 time(s). The following corrective action will be

taken in 60000 milliseconds: Reboot the machine.
18-Jan-12 10:02:38, Error: Service Control Manager [7032] - The

Service Control Manager tried to take a corrective action (Reboot

the machine) after the unexpected termination of the Power

service, but this action failed with the following error: A

system shutdown has already been scheduled.
18-Jan-12 10:02:38, Error: Service Control Manager [7032] - The

Service Control Manager tried to take a corrective action (Reboot

the machine) after the unexpected termination of the Plug and Play

service, but this action failed with the following error: A

system shutdown has already been scheduled.
18-Jan-12 10:02:38, Error: Service Control Manager [7031] - The

Power service terminated unexpectedly. It has done this 1 time

(s). The following corrective action will be taken in 60000

milliseconds: Reboot the machine.
18-Jan-12 10:02:38, Error: Service Control Manager [7031] - The

Plug and Play service terminated unexpectedly. It has done this 1

time(s). The following corrective action will be taken in 60000

milliseconds: Reboot the machine.
18-Jan-12 10:02:38, Error: Service Control Manager [7031] - The

DCOM Server Process Launcher service terminated unexpectedly. It

has done this 1 time(s). The following corrective action will be

taken in 60000 milliseconds: Reboot the machine.
18-Jan-12 09:59:18, Error: Service Control Manager [7003] - The

epfwwfpr service depends the following service: BFE. This service

might not be installed.
18-Jan-12 09:42:49, Error: Microsoft-Windows-DistributedCOM

[10005] - DCOM got error "1084" attempting to start the service

MSIServer with arguments "" in order to run the server:

{000C101C-0000-0000-C000-000000000046}
18-Jan-12 09:41:14, Error: Service Control Manager [7001] - The

HomeGroup Provider service depends on the Function Discovery

Provider Host service which failed to start because of the

following error: The dependency service or group failed to start.
18-Jan-12 09:41:14, Error: Microsoft-Windows-DistributedCOM

[10005] - DCOM got error "1084" attempting to start the service

WSearch with arguments "" in order to run the server: {9E175B6D-

F52A-11D8-B9A5-505054503030}
18-Jan-12 09:41:02, Error: Microsoft-Windows-DistributedCOM

[10005] - DCOM got error "1084" attempting to start the service

WSearch with arguments "" in order to run the server: {7D096C5F-

AC08-4F1F-BEB7-5C22C517CE39}
18-Jan-12 09:40:59, Error: Microsoft-Windows-DistributedCOM

[10005] - DCOM got error "1084" attempting to start the service

EventSystem with arguments "" in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}
18-Jan-12 09:40:40, Error: Microsoft-Windows-DistributedCOM

[10005] - DCOM got error "1084" attempting to start the service

ShellHWDetection with arguments "" in order to run the server:

{DD522ACC-F821-461A-A407-50B198B896DC}
18-Jan-12 09:40:14, Error: Service Control Manager [7026] - The

following boot-start or system-start driver(s) failed to load:

discache ehdrv ElbyCDIO spldr Wanarpv6
18-Jan-12 09:40:13, Error: Microsoft-Windows-WER-

SystemErrorReporting [1001] - The computer has rebooted from a

bugcheck. The bugcheck was: 0x0000000a (0xbfc29690, 0x00000002,

0x00000000, 0x8346eefd). A dump was saved in: C:\Windows

\MEMORY.DMP. Report Id: 011812-25100-01.
18-Jan-12 09:40:10, Error: Service Control Manager [7001] - The

Computer Browser service depends on the Server service which

failed to start because of the following error: The dependency

service or group failed to start.
18-Jan-12 07:10:38, Error: Service Control Manager [7030] - The

Eset install launcher (31656) service is marked as an interactive

service. However, the system is configured to not allow

interactive services. This service may not function properly.
18-Jan-12 07:01:33, Error: Microsoft-Windows-WER-

SystemErrorReporting [1001] - The computer has rebooted from a

bugcheck. The bugcheck was: 0x0000009f (0x00000003, 0x86084560,

0x83376ae0, 0x86128e00). A dump was saved in: C:\Windows

\MEMORY.DMP. Report Id: 011812-20732-01.
17-Jan-12 22:35:57, Error: Service Control Manager [7030] - The

Eset install launcher (29804) service is marked as an interactive

service. However, the system is configured to not allow

interactive services. This service may not function properly.
17-Jan-12 21:56:26, Error: Microsoft-Windows-WindowsUpdateClient

[20] - Installation Failure: Windows failed to install the

following update with error 0x80070652: Microsoft Office File

Validation Add-in.
17-Jan-12 21:08:40, Error: Service Control Manager [7000] - The

ESET Service service failed to start due to the following error:

The system cannot find the file specified.
17-Jan-12 20:29:47, Error: Service Control Manager [7030] - The

Eset install launcher (32383) service is marked as an interactive

service. However, the system is configured to not allow

interactive services. This service may not function properly.
17-Jan-12 19:33:42, Error: Service Control Manager [7030] - The

Eset install launcher (16035) service is marked as an interactive

service. However, the system is configured to not allow

interactive services. This service may not function properly.
17-Jan-12 18:33:20, Error: Service Control Manager [7030] - The

ESET Service service is marked as an interactive service.

However, the system is configured to not allow interactive

services. This service may not function properly.
17-Jan-12 17:00:06, Error: Service Control Manager [7034] - The

DeviceManager service terminated unexpectedly. It has done this 1

time(s).
17-Jan-12 16:20:08, Error: Service Control Manager [7000] - The

epfwwfpr service failed to start due to the following error:

There are no more endpoints available from the endpoint mapper.
13-Jan-12 11:19:28, Error: Service Control Manager [7009] - A

timeout was reached (30000 milliseconds) while waiting for the

Windows Error Reporting Service service to connect.
13-Jan-12 10:59:43, Error: Service Control Manager [7011] - A

timeout (30000 milliseconds) was reached while waiting for a

transaction response from the Wlansvc service.
12-Jan-12 20:33:55, Error: Service Control Manager [7011] - A

timeout (30000 milliseconds) was reached while waiting for a

transaction response from the RapiMgr service.
12-Jan-12 15:27:54, Error: bowser [8003] - The master browser has

received a server announcement from the computer XP-EFA246F375DE

that believes that it is the master browser for the domain on

transport NetBT_Tcpip_{EF99161E-C7A5-457F-9C41-C2. The master

browser is stopping or an election is being forced.
.
==== End Of File ===========================

Този пост е редактиран от laker: 18 януари 2012 - 11:27


#2 B-boy[StyLe]

B-boy[StyLe]

    FFreestyleRR

  • HJT Team
  • 14398 мнения
  • Пол:Мъжки
  • Град:Electric City

Публикувано 18 януари 2012 - 11:49

1. Изтеглете ComboFix от BleepingComputer
и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:
Публикувано изображение
След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:
Публикувано изображение

2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива.


3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.


4. Ако получите предупреждение от UAC, съгласете се.


5 ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на Combofix, моля да прочетете това: Manually restoring the Internet connection section.


6 Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:
Публикувано изображение

Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

Забележка: Ако се появи следното съобщение при отварянето на различни програми след завършване на сканирането с Combofix - "illegal operation on a registry key that has been marked for deletion." просто рестартирайте компютъра още веднъж и то ще изчезне.
По време на сканирането не използвайте компютъра си !
Георги Петков
Kaldata HJT Team


Публикувано изображение

#3 laker

laker

    Новобранец

  • Потребители
  • Pip
  • 23 мнения

Публикувано 18 януари 2012 - 18:06

Съжалявам, че пиша чак сега, но докато се добра до друг компютър! Въпреки всичките си опити не успях да стартирам ComboFix.exe! За секунди се появява черен прозорец, които веднга се затваря. Програмата се сваля на Desktop иконата не е същата. Опитиах всичко което ми е в рамките на компетеноста! Очевидно доста ниска компетеност :)



#4 B-boy[StyLe]

B-boy[StyLe]

    FFreestyleRR

  • HJT Team
  • 14398 мнения
  • Пол:Мъжки
  • Град:Electric City

Публикувано 18 януари 2012 - 18:12

Нали затворихте всички защитни програми преди да я стартирате...
Наличните защитни програми ще попречат на изпълнението на програмата.
Спрете ESET NOD32, Windows Defender и всички останали програми.
Ако не се получи - изтеглете този файл и направете проверката (това е преименуван Combofix).
Ако пак не стане, ще мислим други варианти...Имате си rootkit.ZeroAccess...
Георги Петков
Kaldata HJT Team


Публикувано изображение

#5 laker

laker

    Новобранец

  • Потребители
  • Pip
  • 23 мнения

Публикувано 18 януари 2012 - 22:01

Както се казва: докторе пациента е много зле! След послдния рестарт компютъра няма достъп до интернет. След опитите ми да поправя връзкат изписва: Windows could not automatically detect this network's proxy settings. Дали ще живее? Относно ComboFix, когато за пръв път пробвах да го стартирам бяха затворени всичко програми ( за които аз знам как се спират) ,но не се получи! Трябва да бъда честен, че инсалирах и деинсталирах панически антивирусни програми. И сега като чета за тази гад, че пробутва фалшиви антивируси - може да съм прецакал нещата! Дано се оправи :)


#6 B-boy[StyLe]

B-boy[StyLe]

    FFreestyleRR

  • HJT Team
  • 14398 мнения
  • Пол:Мъжки
  • Град:Electric City

Публикувано 18 януари 2012 - 22:05

Интернет няма да има, докато не го изчистим. Рууткита прецаква някои драйвъри и winsock записите.
Пробвайте да стартирате Combofix в Safe Mode. Знаете ли как да стигнете до там ?
Натискайте F8 по време на рестарт и изберете Safe Mode.
Стартирайте Combofix и ако успее да стартира и да сканира, той автоматично ще рестартира компютъра.
После трябва да заредите отново в Safe Mode за да може Combofix да завърши проверката.
За финал просто рестартирайте нормално и когато сте вече в Normal Mode, публикувайте лог файла в следващия си пост.
Ако не сработи ще трябва да го чистим ръчно (именно затова държа на автоматичния режим на Combofix), но ако няма какво друго да се направи ще прибегнем до ръчно почистване.
Георги Петков
Kaldata HJT Team


Публикувано изображение

#7 laker

laker

    Новобранец

  • Потребители
  • Pip
  • 23 мнения

Публикувано 18 януари 2012 - 22:23

Не се стартра и в Safe Mode! Ебати гада е този вирус! Сега псувам на глас един ъпдейт на Addobe!

#8 B-boy[StyLe]

B-boy[StyLe]

    FFreestyleRR

  • HJT Team
  • 14398 мнения
  • Пол:Мъжки
  • Град:Electric City

Публикувано 18 януари 2012 - 22:32

Какво изписва при опит за влизане в Safe Mode ?
И изобщо не е бил ъпдейт на Adobe...а бацила е бил прикрит с иконата на Adobe.

Моля изтеглете последната версия на TDSSKiller оттук и я запазете на вашия декстоп.

  • Стартирайте TDSSKiller.exe за да стартирате приложението. След това кликнете върху бутона Change parameters.

    Публикувано изображение
  • Сложете отметки пред Verify Driver Digital Signature и Detect TDLFS file system и натиснете ОК.

    Публикувано изображение
  • Натиснете бутона Start Scan.

    Публикувано изображение
  • Ако подозрителен обект бъде засечен, действието по подразбиране ще бъде Skip, кликнете върху Continue.

    Публикувано изображение
  • Ако зловредни обекти бъдат намерени, тогава от падащото меню ще имате три възможности.
    Бъдете сигурни, че избраното действие е Cure и натиснете върху Continue > Рестартирайте за да бъде завършена поправката.

    Публикувано изображение

    Забележка: Ако Cure бутона не е наличен от възможностите, тогава моля изберете Skip бутона, не избирайте Delete освен ако не сте инструктирани затова.
  • Лог файл ще бъде създаден в свободната директория на дял C:\ . Потърсете за лог с името "TDSSKiller.[Version]_[Date]_[Time]_log.txt" и копирайте съдържанието му в следващия си пост.

Георги Петков
Kaldata HJT Team


Публикувано изображение

#9 laker

laker

    Новобранец

  • Потребители
  • Pip
  • 23 мнения

Публикувано 18 януари 2012 - 22:52

Спазих инструкциите - нямаше бутон Cure.

Това е log файла:

22:55:52.0284 3408 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
22:55:52.0316 3408 ============================================================
22:55:52.0316 3408 Current date / time: 2012/01/18 22:55:52.0316
22:55:52.0316 3408 SystemInfo:
22:55:52.0316 3408
22:55:52.0316 3408 OS Version: 6.1.7601 ServicePack: 1.0
22:55:52.0316 3408 Product type: Workstation
22:55:52.0316 3408 ComputerName: IVAILOKUNEV-PC
22:55:52.0316 3408 UserName: Ivailo Kunev
22:55:52.0316 3408 Windows directory: C:\Windows
22:55:52.0316 3408 System windows directory: C:\Windows
22:55:52.0316 3408 Processor architecture: Intel x86
22:55:52.0316 3408 Number of processors: 1
22:55:52.0316 3408 Page size: 0x1000
22:55:52.0316 3408 Boot type: Normal boot
22:55:52.0316 3408 ============================================================
22:55:57.0526 3408 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:55:57.0542 3408 Drive \Device\Harddisk1\DR1 - Size: 0x3EB3F000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:55:57.0713 3408 Initialize success
22:56:20.0567 3652 ============================================================
22:56:20.0567 3652 Scan started
22:56:20.0567 3652 Mode: Manual; SigCheck; TDLFS;
22:56:20.0567 3652 ============================================================
22:56:22.0517 3652 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:56:22.0736 3652 1394ohci - ok
22:56:22.0814 3652 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:56:22.0861 3652 ACPI - ok
22:56:22.0892 3652 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:56:22.0985 3652 AcpiPmi - ok
22:56:23.0126 3652 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:56:23.0157 3652 adp94xx - ok
22:56:23.0204 3652 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:56:23.0251 3652 adpahci - ok
22:56:23.0297 3652 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:56:23.0329 3652 adpu320 - ok
22:56:23.0391 3652 AFD - ok
22:56:23.0438 3652 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:56:23.0485 3652 agp440 - ok
22:56:23.0516 3652 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:56:23.0531 3652 aic78xx - ok
22:56:23.0609 3652 aksfridge (730e9d3bb324fb1899005aea63c6782d) C:\Windows\system32\DRIVERS\aksfridge.sys
22:56:23.0656 3652 aksfridge ( UnsignedFile.Multi.Generic ) - warning
22:56:23.0656 3652 aksfridge - detected UnsignedFile.Multi.Generic (1)
22:56:23.0703 3652 akshasp (64fc197d24a2b240598f29ce0a6660c0) C:\Windows\system32\DRIVERS\akshasp.sys
22:56:23.0750 3652 akshasp ( UnsignedFile.Multi.Generic ) - warning
22:56:23.0750 3652 akshasp - detected UnsignedFile.Multi.Generic (1)
22:56:23.0812 3652 akshhl (147b61b81be1ffc38939ea47e5cfb51f) C:\Windows\system32\DRIVERS\akshhl.sys
22:56:23.0828 3652 akshhl ( UnsignedFile.Multi.Generic ) - warning
22:56:23.0828 3652 akshhl - detected UnsignedFile.Multi.Generic (1)
22:56:23.0843 3652 aksusb (cce6c56f18d214de8d66f3f2a774cd5b) C:\Windows\system32\DRIVERS\aksusb.sys
22:56:23.0890 3652 aksusb ( UnsignedFile.Multi.Generic ) - warning
22:56:23.0890 3652 aksusb - detected UnsignedFile.Multi.Generic (1)
22:56:23.0984 3652 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:56:24.0015 3652 aliide - ok
22:56:24.0062 3652 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:56:24.0093 3652 amdagp - ok
22:56:24.0109 3652 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:56:24.0124 3652 amdide - ok
22:56:24.0187 3652 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:56:24.0374 3652 AmdK8 - ok
22:56:24.0483 3652 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:56:24.0561 3652 AmdPPM - ok
22:56:24.0764 3652 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:56:24.0811 3652 amdsata - ok
22:56:25.0091 3652 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:56:25.0107 3652 amdsbs - ok
22:56:25.0185 3652 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:56:25.0201 3652 amdxata - ok
22:56:25.0263 3652 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:56:25.0341 3652 AppID - ok
22:56:25.0747 3652 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:56:25.0762 3652 arc - ok
22:56:25.0793 3652 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:56:25.0809 3652 arcsas - ok
22:56:25.0840 3652 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:56:25.0949 3652 AsyncMac - ok
22:56:25.0996 3652 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:56:26.0012 3652 atapi - ok
22:56:26.0121 3652 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:56:26.0152 3652 b06bdrv - ok
22:56:26.0199 3652 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:56:26.0246 3652 b57nd60x - ok
22:56:26.0324 3652 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:56:26.0386 3652 Beep - ok
22:56:26.0433 3652 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:56:26.0464 3652 blbdrive - ok
22:56:26.0542 3652 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:56:26.0573 3652 bowser - ok
22:56:26.0589 3652 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:56:26.0683 3652 BrFiltLo - ok
22:56:26.0729 3652 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:56:26.0807 3652 BrFiltUp - ok
22:56:26.0885 3652 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:56:26.0932 3652 Brserid - ok
22:56:26.0948 3652 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:56:26.0979 3652 BrSerWdm - ok
22:56:27.0041 3652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:56:27.0073 3652 BrUsbMdm - ok
22:56:27.0119 3652 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:56:27.0135 3652 BrUsbSer - ok
22:56:27.0182 3652 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
22:56:27.0229 3652 BthEnum - ok
22:56:27.0260 3652 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:56:27.0291 3652 BTHMODEM - ok
22:56:27.0338 3652 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
22:56:27.0385 3652 BthPan - ok
22:56:27.0416 3652 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
22:56:27.0463 3652 BTHPORT - ok
22:56:27.0509 3652 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
22:56:27.0541 3652 BTHUSB - ok
22:56:27.0587 3652 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:56:27.0650 3652 cdfs - ok
22:56:27.0697 3652 cdrom - ok
22:56:27.0743 3652 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:56:27.0790 3652 circlass - ok
22:56:27.0853 3652 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:56:27.0868 3652 CLFS - ok
22:56:27.0946 3652 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:56:27.0962 3652 CmBatt - ok
22:56:28.0024 3652 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:56:28.0024 3652 cmdide - ok
22:56:28.0087 3652 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
22:56:28.0118 3652 CNG - ok
22:56:28.0149 3652 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:56:28.0165 3652 Compbatt - ok
22:56:28.0211 3652 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:56:28.0243 3652 CompositeBus - ok
22:56:28.0289 3652 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:56:28.0305 3652 crcdisk - ok
22:56:28.0336 3652 CSC - ok
22:56:28.0367 3652 DfsC - ok
22:56:28.0399 3652 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:56:28.0492 3652 discache - ok
22:56:28.0539 3652 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:56:28.0555 3652 Disk - ok
22:56:28.0633 3652 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:56:28.0679 3652 drmkaud - ok
22:56:28.0726 3652 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:56:28.0757 3652 DXGKrnl - ok
22:56:28.0898 3652 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:56:29.0116 3652 ebdrv - ok
22:56:29.0350 3652 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
22:56:29.0428 3652 ElbyCDIO - ok
22:56:29.0537 3652 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:56:29.0584 3652 elxstor - ok
22:56:29.0693 3652 epfw (5ba193ca0ae31209aaa39939ce6736b2) C:\Windows\system32\DRIVERS\epfw.sys
22:56:29.0709 3652 epfw - ok
22:56:29.0787 3652 epfwwfp (7144a06ac105a2a7302944602e415ec1) C:\Windows\system32\DRIVERS\epfwwfp.sys
22:56:29.0818 3652 epfwwfp - ok
22:56:29.0865 3652 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:56:29.0896 3652 ErrDev - ok
22:56:30.0037 3652 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:56:30.0083 3652 exfat - ok
22:56:30.0161 3652 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:56:30.0224 3652 fastfat - ok
22:56:30.0286 3652 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:56:30.0317 3652 fdc - ok
22:56:30.0364 3652 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:56:30.0380 3652 FileInfo - ok
22:56:30.0395 3652 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:56:30.0458 3652 Filetrace - ok
22:56:30.0489 3652 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:56:30.0505 3652 flpydisk - ok
22:56:30.0583 3652 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:56:30.0614 3652 FltMgr - ok
22:56:30.0661 3652 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:56:30.0676 3652 FsDepends - ok
22:56:30.0707 3652 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
22:56:30.0707 3652 Fs_Rec - ok
22:56:30.0785 3652 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:56:30.0801 3652 fvevol - ok
22:56:30.0863 3652 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:56:30.0879 3652 gagp30kx - ok
22:56:30.0926 3652 GdmFilt - ok
22:56:30.0973 3652 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:56:30.0988 3652 GEARAspiWDM - ok
22:56:31.0066 3652 hardlock (a9d587e31dbee3e9bd97fefece0ba874) C:\Windows\system32\drivers\hardlock.sys
22:56:31.0113 3652 hardlock ( UnsignedFile.Multi.Generic ) - warning
22:56:31.0113 3652 hardlock - detected UnsignedFile.Multi.Generic (1)
22:56:31.0144 3652 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:56:31.0175 3652 hcw85cir - ok
22:56:31.0269 3652 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:56:31.0347 3652 HdAudAddService - ok
22:56:31.0378 3652 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:56:31.0425 3652 HDAudBus - ok
22:56:31.0456 3652 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:56:31.0487 3652 HidBatt - ok
22:56:31.0503 3652 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:56:31.0550 3652 HidBth - ok
22:56:31.0597 3652 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:56:31.0628 3652 HidIr - ok
22:56:31.0690 3652 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
22:56:31.0737 3652 HidUsb - ok
22:56:31.0784 3652 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:56:31.0799 3652 HpSAMD - ok
22:56:31.0846 3652 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:56:31.0924 3652 HTTP - ok
22:56:31.0971 3652 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:56:31.0987 3652 hwpolicy - ok
22:56:32.0049 3652 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:56:32.0080 3652 i8042prt - ok
22:56:32.0158 3652 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:56:32.0174 3652 iaStorV - ok
22:56:32.0470 3652 igfx (36cc40b02ae593d6152ac8bd657720af) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:56:32.0782 3652 igfx - ok
22:56:32.0923 3652 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:56:32.0938 3652 iirsp - ok
22:56:33.0094 3652 IntcAzAudAddService (6927a442beed2b68a3d35cae7a951913) C:\Windows\system32\drivers\RTKVHDA.sys
22:56:33.0172 3652 IntcAzAudAddService - ok
22:56:33.0219 3652 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:56:33.0235 3652 intelide - ok
22:56:33.0313 3652 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:56:33.0359 3652 intelppm - ok
22:56:33.0391 3652 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:56:33.0469 3652 IpFilterDriver - ok
22:56:33.0500 3652 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:56:33.0531 3652 IPMIDRV - ok
22:56:33.0578 3652 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:56:33.0625 3652 IPNAT - ok
22:56:33.0718 3652 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:56:33.0749 3652 IRENUM - ok
22:56:33.0812 3652 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:56:33.0827 3652 isapnp - ok
22:56:33.0859 3652 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:56:33.0890 3652 iScsiPrt - ok
22:56:33.0937 3652 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:56:33.0952 3652 kbdclass - ok
22:56:33.0999 3652 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
22:56:34.0015 3652 kbdhid - ok
22:56:34.0077 3652 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
22:56:34.0093 3652 KSecDD - ok
22:56:34.0124 3652 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
22:56:34.0139 3652 KSecPkg - ok
22:56:34.0217 3652 L1C (77f2ae3e32c2e647180ef3d71308e6ee) C:\Windows\system32\DRIVERS\L1C62x86.sys
22:56:34.0280 3652 L1C - ok
22:56:34.0358 3652 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:56:34.0405 3652 lltdio - ok
22:56:34.0483 3652 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:56:34.0498 3652 LSI_FC - ok
22:56:34.0514 3652 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:56:34.0545 3652 LSI_SAS - ok
22:56:34.0576 3652 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:56:34.0607 3652 LSI_SAS2 - ok
22:56:34.0654 3652 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:56:34.0670 3652 LSI_SCSI - ok
22:56:34.0717 3652 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:56:34.0779 3652 luafv - ok
22:56:34.0826 3652 MdmUWm - ok
22:56:34.0841 3652 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:56:34.0857 3652 megasas - ok
22:56:34.0904 3652 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:56:34.0919 3652 MegaSR - ok
22:56:34.0951 3652 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:56:35.0013 3652 Modem - ok
22:56:35.0044 3652 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:56:35.0075 3652 monitor - ok
22:56:35.0138 3652 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:56:35.0169 3652 mouclass - ok
22:56:35.0185 3652 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:56:35.0216 3652 mouhid - ok
22:56:35.0263 3652 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:56:35.0278 3652 mountmgr - ok
22:56:35.0341 3652 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:56:35.0356 3652 mpio - ok
22:56:35.0387 3652 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:56:35.0434 3652 mpsdrv - ok
22:56:35.0465 3652 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:56:35.0497 3652 MRxDAV - ok
22:56:35.0543 3652 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:56:35.0575 3652 mrxsmb - ok
22:56:35.0637 3652 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:56:35.0653 3652 mrxsmb10 - ok
22:56:35.0684 3652 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:56:35.0715 3652 mrxsmb20 - ok
22:56:35.0762 3652 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:56:35.0777 3652 msahci - ok
22:56:35.0840 3652 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:56:35.0855 3652 msdsm - ok
22:56:35.0902 3652 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:56:35.0949 3652 Msfs - ok
22:56:35.0965 3652 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:56:36.0027 3652 mshidkmdf - ok
22:56:36.0043 3652 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:56:36.0058 3652 msisadrv - ok
22:56:36.0105 3652 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:56:36.0152 3652 MSKSSRV - ok
22:56:36.0183 3652 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:56:36.0245 3652 MSPCLOCK - ok
22:56:36.0261 3652 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:56:36.0308 3652 MSPQM - ok
22:56:36.0355 3652 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:56:36.0370 3652 MsRPC - ok
22:56:36.0433 3652 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:56:36.0448 3652 mssmbios - ok
22:56:36.0479 3652 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:56:36.0526 3652 MSTEE - ok
22:56:36.0573 3652 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:56:36.0620 3652 MTConfig - ok
22:56:36.0635 3652 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:56:36.0651 3652 Mup - ok
22:56:36.0713 3652 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:56:36.0760 3652 NativeWifiP - ok
22:56:36.0823 3652 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:56:36.0869 3652 NDIS - ok
22:56:36.0932 3652 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:56:36.0963 3652 NdisCap - ok
22:56:36.0994 3652 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:56:37.0041 3652 NdisTapi - ok
22:56:37.0103 3652 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:56:37.0150 3652 Ndisuio - ok
22:56:37.0213 3652 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:56:37.0244 3652 NdisWan - ok
22:56:37.0291 3652 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:56:37.0337 3652 NDProxy - ok
22:56:37.0400 3652 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:56:37.0462 3652 NetBIOS - ok
22:56:37.0478 3652 NetBT - ok
22:56:37.0774 3652 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
22:56:38.0071 3652 NETw5s32 - ok
22:56:38.0242 3652 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
22:56:38.0429 3652 netw5v32 - ok
22:56:38.0492 3652 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:56:38.0507 3652 nfrd960 - ok
22:56:38.0585 3652 nmwcd (712bc0c22ba00b2ba324c6b8df668ee7) C:\Windows\system32\drivers\ccdcmb.sys
22:56:38.0663 3652 nmwcd - ok
22:56:38.0726 3652 nmwcdc (025c54f9f8c8bc1894ea38529c742c54) C:\Windows\system32\drivers\ccdcmbo.sys
22:56:38.0773 3652 nmwcdc - ok
22:56:38.0804 3652 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:56:38.0866 3652 Npfs - ok
22:56:38.0882 3652 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:56:38.0929 3652 nsiproxy - ok
22:56:39.0007 3652 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:56:39.0069 3652 Ntfs - ok
22:56:39.0100 3652 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:56:39.0131 3652 Null - ok
22:56:39.0178 3652 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:56:39.0194 3652 nvraid - ok
22:56:39.0241 3652 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:56:39.0256 3652 nvstor - ok
22:56:39.0272 3652 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:56:39.0287 3652 nv_agp - ok
22:56:39.0350 3652 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:56:39.0381 3652 ohci1394 - ok
22:56:39.0428 3652 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:56:39.0459 3652 Parport - ok
22:56:39.0506 3652 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
22:56:39.0506 3652 partmgr - ok
22:56:39.0537 3652 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:56:39.0553 3652 Parvdm - ok
22:56:39.0646 3652 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
22:56:39.0677 3652 pccsmcfd - ok
22:56:39.0709 3652 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:56:39.0724 3652 pci - ok
22:56:39.0755 3652 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:56:39.0771 3652 pciide - ok
22:56:39.0802 3652 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:56:39.0818 3652 pcmcia - ok
22:56:39.0833 3652 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:56:39.0849 3652 pcw - ok
22:56:39.0880 3652 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:56:39.0958 3652 PEAUTH - ok
22:56:40.0052 3652 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\Windows\system32\drivers\pfc.sys
22:56:40.0052 3652 pfc ( UnsignedFile.Multi.Generic ) - warning
22:56:40.0052 3652 pfc - detected UnsignedFile.Multi.Generic (1)
22:56:40.0130 3652 pnarp (8092d881311b313c99099870f663f888) C:\Windows\system32\DRIVERS\pnarp.sys
22:56:40.0145 3652 pnarp - ok
22:56:40.0223 3652 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:56:40.0270 3652 PptpMiniport - ok
22:56:40.0333 3652 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:56:40.0364 3652 Processor - ok
22:56:40.0426 3652 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:56:40.0473 3652 Psched - ok
22:56:40.0551 3652 purendis (9715050608550825b23507213cae0208) C:\Windows\system32\DRIVERS\purendis.sys
22:56:40.0567 3652 purendis - ok
22:56:40.0629 3652 qcusbser (9ccf89372c5a04e97cd89b58ae697796) C:\Windows\system32\DRIVERS\qcusbser.sys
22:56:40.0660 3652 qcusbser - ok
22:56:40.0738 3652 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:56:40.0801 3652 ql2300 - ok
22:56:40.0832 3652 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:56:40.0847 3652 ql40xx - ok
22:56:40.0879 3652 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:56:40.0894 3652 QWAVEdrv - ok
22:56:40.0925 3652 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:56:40.0972 3652 RasAcd - ok
22:56:41.0019 3652 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:56:41.0066 3652 RasAgileVpn - ok
22:56:41.0097 3652 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:56:41.0144 3652 Rasl2tp - ok
22:56:41.0175 3652 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:56:41.0222 3652 RasPppoe - ok
22:56:41.0237 3652 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:56:41.0284 3652 RasSstp - ok
22:56:41.0300 3652 rdbss - ok
22:56:41.0331 3652 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:56:41.0347 3652 rdpbus - ok
22:56:41.0409 3652 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:56:41.0456 3652 RDPCDD - ok
22:56:41.0503 3652 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
22:56:41.0534 3652 RDPDR - ok
22:56:41.0581 3652 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:56:41.0612 3652 RDPENCDD - ok
22:56:41.0643 3652 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:56:41.0690 3652 RDPREFMP - ok
22:56:41.0768 3652 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
22:56:41.0799 3652 RdpVideoMiniport - ok
22:56:41.0846 3652 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
22:56:41.0893 3652 RDPWD - ok
22:56:41.0955 3652 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:56:41.0971 3652 rdyboost - ok
22:56:42.0033 3652 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
22:56:42.0064 3652 RFCOMM - ok
22:56:42.0173 3652 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:56:42.0236 3652 rspndr - ok
22:56:42.0267 3652 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
22:56:42.0283 3652 s3cap - ok
22:56:42.0345 3652 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:56:42.0361 3652 sbp2port - ok
22:56:42.0407 3652 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:56:42.0454 3652 scfilter - ok
22:56:42.0563 3652 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:56:42.0610 3652 secdrv - ok
22:56:42.0657 3652 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:56:42.0673 3652 Serenum - ok
22:56:42.0688 3652 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:56:42.0735 3652 Serial - ok
22:56:42.0782 3652 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:56:42.0829 3652 sermouse - ok
22:56:42.0922 3652 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:56:42.0953 3652 sffdisk - ok
22:56:42.0985 3652 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:56:43.0016 3652 sffp_mmc - ok
22:56:43.0031 3652 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:56:43.0078 3652 sffp_sd - ok
22:56:43.0125 3652 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:56:43.0156 3652 sfloppy - ok
22:56:43.0187 3652 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:56:43.0203 3652 sisagp - ok
22:56:43.0234 3652 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:56:43.0250 3652 SiSRaid2 - ok
22:56:43.0265 3652 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:56:43.0281 3652 SiSRaid4 - ok
22:56:43.0328 3652 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:56:43.0375 3652 Smb - ok
22:56:43.0421 3652 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:56:43.0437 3652 spldr - ok
22:56:43.0515 3652 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:56:43.0546 3652 srv - ok
22:56:43.0577 3652 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:56:43.0609 3652 srv2 - ok
22:56:43.0655 3652 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:56:43.0687 3652 srvnet - ok
22:56:43.0765 3652 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:56:43.0780 3652 stexstor - ok
22:56:43.0858 3652 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
22:56:43.0874 3652 storflt - ok
22:56:43.0905 3652 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
22:56:43.0921 3652 storvsc - ok
22:56:43.0936 3652 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:56:43.0952 3652 swenum - ok
22:56:43.0983 3652 Synth3dVsc - ok
22:56:44.0077 3652 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
22:56:44.0139 3652 Tcpip - ok
22:56:44.0201 3652 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
22:56:44.0233 3652 TCPIP6 - ok
22:56:44.0295 3652 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:56:44.0342 3652 tcpipreg - ok
22:56:44.0389 3652 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:56:44.0435 3652 TDPIPE - ok
22:56:44.0467 3652 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
22:56:44.0513 3652 TDTCP - ok
22:56:44.0545 3652 tdx - ok
22:56:44.0560 3652 TermDD - ok
22:56:44.0638 3652 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:56:44.0685 3652 tssecsrv - ok
22:56:44.0779 3652 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:56:44.0810 3652 TsUsbFlt - ok
22:56:44.0825 3652 tsusbhub - ok
22:56:44.0888 3652 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:56:44.0935 3652 tunnel - ok
22:56:44.0981 3652 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:56:44.0997 3652 uagp35 - ok
22:56:45.0044 3652 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:56:45.0106 3652 udfs - ok
22:56:45.0169 3652 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:56:45.0184 3652 uliagpkx - ok
22:56:45.0231 3652 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
22:56:45.0278 3652 umbus - ok
22:56:45.0325 3652 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:56:45.0356 3652 UmPass - ok
22:56:45.0403 3652 upperdev (78b74af8727a28c128e164e9b53a5413) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
22:56:45.0465 3652 upperdev - ok
22:56:45.0512 3652 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
22:56:45.0527 3652 USBAAPL - ok
22:56:45.0590 3652 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:56:45.0605 3652 usbccgp - ok
22:56:45.0637 3652 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:56:45.0652 3652 usbcir - ok
22:56:45.0683 3652 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:56:45.0715 3652 usbehci - ok
22:56:45.0777 3652 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:56:45.0808 3652 usbhub - ok
22:56:45.0824 3652 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
22:56:45.0855 3652 usbohci - ok
22:56:45.0917 3652 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:56:45.0949 3652 usbprint - ok
22:56:46.0011 3652 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
22:56:46.0027 3652 usbser - ok
22:56:46.0058 3652 UsbserFilt (4f8fbc51a1c0a17310846b417a447f91) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
22:56:46.0105 3652 UsbserFilt - ok
22:56:46.0151 3652 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:56:46.0183 3652 USBSTOR - ok
22:56:46.0229 3652 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:56:46.0245 3652 usbuhci - ok
22:56:46.0339 3652 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
22:56:46.0370 3652 usbvideo - ok
22:56:46.0432 3652 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
22:56:46.0479 3652 usb_rndisx - ok
22:56:46.0526 3652 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
22:56:46.0573 3652 VClone - ok
22:56:46.0635 3652 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:56:46.0651 3652 vdrvroot - ok
22:56:46.0697 3652 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:56:46.0729 3652 vga - ok
22:56:46.0791 3652 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:56:46.0822 3652 VgaSave - ok
22:56:46.0838 3652 VGPU - ok
22:56:46.0885 3652 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:56:46.0916 3652 vhdmp - ok
22:56:46.0947 3652 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:56:46.0963 3652 viaagp - ok
22:56:46.0994 3652 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:56:47.0025 3652 ViaC7 - ok
22:56:47.0056 3652 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:56:47.0072 3652 viaide - ok
22:56:47.0103 3652 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
22:56:47.0119 3652 vmbus - ok
22:56:47.0134 3652 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
22:56:47.0150 3652 VMBusHID - ok
22:56:47.0181 3652 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:56:47.0197 3652 volmgr - ok
22:56:47.0259 3652 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:56:47.0290 3652 volmgrx - ok
22:56:47.0306 3652 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:56:47.0321 3652 volsnap - ok
22:56:47.0353 3652 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:56:47.0368 3652 vsmraid - ok
22:56:47.0587 3652 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
22:56:47.0618 3652 vwifibus - ok
22:56:47.0649 3652 VWiFiFlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
22:56:47.0680 3652 VWiFiFlt - ok
22:56:47.0727 3652 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
22:56:47.0774 3652 vwifimp - ok
22:56:47.0805 3652 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:56:47.0836 3652 WacomPen - ok
22:56:47.0899 3652 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:56:47.0930 3652 WANARP - ok
22:56:47.0945 3652 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:56:47.0977 3652 Wanarpv6 - ok
22:56:48.0039 3652 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:56:48.0055 3652 Wd - ok
22:56:48.0086 3652 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:56:48.0133 3652 Wdf01000 - ok
22:56:48.0226 3652 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:56:48.0273 3652 WfpLwf - ok
22:56:48.0304 3652 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:56:48.0320 3652 WIMMount - ok
22:56:48.0413 3652 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
22:56:48.0445 3652 WinUsb - ok
22:56:48.0507 3652 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:56:48.0538 3652 WmiAcpi - ok
22:56:48.0632 3652 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:56:48.0679 3652 ws2ifsl - ok
22:56:48.0757 3652 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:56:48.0788 3652 WSDPrintDevice - ok
22:56:48.0866 3652 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:56:48.0928 3652 WudfPf - ok
22:56:48.0959 3652 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:56:49.0022 3652 WUDFRd - ok
22:56:49.0115 3652 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:56:49.0240 3652 \Device\Harddisk0\DR0 - ok
22:56:49.0240 3652 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
22:56:53.0343 3652 \Device\Harddisk1\DR1 - ok
22:56:53.0359 3652 Boot (0x1200) (7dce60bc209e9c4a51032ad62b466ca8) \Device\Harddisk0\DR0\Partition0
22:56:53.0359 3652 \Device\Harddisk0\DR0\Partition0 - ok
22:56:53.0390 3652 Boot (0x1200) (f7c1a2b7b51488dae040479dfd0a1357) \Device\Harddisk0\DR0\Partition1
22:56:53.0390 3652 \Device\Harddisk0\DR0\Partition1 - ok
22:56:53.0405 3652 Boot (0x1200) (ae458f85dc8aee12632bb8309186999a) \Device\Harddisk1\DR1\Partition0
22:56:53.0405 3652 \Device\Harddisk1\DR1\Partition0 - ok
22:56:53.0405 3652 ============================================================
22:56:53.0405 3652 Scan finished
22:56:53.0405 3652 ============================================================
22:56:53.0421 3604 Detected object count: 6
22:56:53.0421 3604 Actual detected object count: 6
22:58:03.0699 3604 aksfridge ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:03.0699 3604 aksfridge ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:03.0699 3604 akshasp ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:03.0699 3604 akshasp ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:03.0699 3604 akshhl ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:03.0699 3604 akshhl ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:03.0699 3604 aksusb ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:03.0699 3604 aksusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:03.0699 3604 hardlock ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:03.0699 3604 hardlock ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:03.0715 3604 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:03.0715 3604 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip

#10 B-boy[StyLe]

B-boy[StyLe]

    FFreestyleRR

  • HJT Team
  • 14398 мнения
  • Пол:Мъжки
  • Град:Electric City

Публикувано 18 януари 2012 - 23:07

Ок...поне няма инфектиран драйвър.
Ще може ли да генерирате нов лог от DDS, защото този е доста труден за разчитане...
Отделно разполагате ли с инсталационен диск на Windows? (спокойно - не е свързано с форматиране или преинсталиране).
Георги Петков
Kaldata HJT Team


Публикувано изображение

#11 laker

laker

    Новобранец

  • Потребители
  • Pip
  • 23 мнения

Публикувано 18 януари 2012 - 23:27

За съжаление нямам диск!

това е dds.txt. Ще шо трябва ли и attach?

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Ivailo Kunev at 23:21:59 on 2012-01-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3002.2071 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Ivailo Kunev\Desktop\tdsskiller.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.selfinvest.eu/
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=c:\users\ivailo kunev\appdata\local\c72fd8b1\X
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [mlfg8hkidd] c:\users\ivailo kunev\mlfg8hkidd.exe
uRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CNAP2 Launcher] c:\windows\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\users\ivailo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\paloal~2.lnk - c:\program files\common files\palo alto software\8.0\PAS8_Update.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\paloal~1.lnk - c:\program files\common files\palo alto software\9.0\PAS9_Update.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &?&???? &? BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &?&???? ?????? ? BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &?&???? ???????? ????? ? BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
Trusted Zone: bulbank.bg\online
Trusted Zone: rid.bg\test-impero
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3CF8817B-58DF-4C4A-96BB-21C0A8D822D7} - hxxp://test-impero.rid.bg/Elements4.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://online.bulbank.bg/capicom.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
TCP: DhcpNameServer = 91.191.208.34
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9} : NameServer = 192.168.1.1
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9} : DhcpNameServer = 91.191.208.34
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\24F425F465544535 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\35F6669616 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\35F6669616 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\45F495F44514 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\45F495F44514 : DhcpNameServer = 10.172.5.202 10.172.4.201 10.172.6.201
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\5564D2435647 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\5564D2435647 : DhcpNameServer = 62.44.118.1 62.44.96.1
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\64C4F42514 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\64C4F42514 : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ivailo kunev\appdata\roaming\mozilla\firefox\profiles\edq3203t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.selfinvest.eu/
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2011-8-4 50624]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-9-4 54784]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S2 vtigercrmApache530;vtigercrmApache530;"c:\program files\vtigercrm-5.3.0\apache\bin\apache.exe" -k runservice --> c:\program files\vtigercrm-5.3.0\apache\bin\Apache.exe [?]
S2 vtigercrmMysql530;vtigercrmMysql530;"c:\program files\vtigercrm-5.3.0\mysql\bin\mysqld-nt" "--defaults-file=c:\program files\vtigercrm-5.3.0\mysql\my.ini" vtigercrmmysql530 --> c:\program files\vtigercrm-5.3.0\mysql\bin\mysqld-nt [?]
S2 WebTutorCorpServer;WebTutorCorpServer;c:\program files\webtutorcorpserver\xHttp.exe [2009-11-11 1724416]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ekrn;ESET Service;"c:\program files\eset\eset smart security\ekrn.exe" --> c:\program files\eset\eset smart security\ekrn.exe [?]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2011-10-11 103552]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-3 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-3 52224]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2012-01-18 07:57:10 -------- d-----w- c:\program files\ESET
2012-01-18 05:44:43 -------- d-----w- c:\programdata\XoftSpySE
2012-01-18 05:30:06 -------- d-----w- c:\users\ivailo kunev\Antivirus
2012-01-17 20:07:05 398848 ----a-w- c:\windows\system32\TVWizudlg.exe
2012-01-17 20:07:05 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2012-01-17 20:07:05 -------- d-----w- c:\windows\system32\Lang
2012-01-17 19:46:08 53160 ----a-w- c:\windows\system32\epfwdata.bin
2012-01-16 13:30:11 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-01-16 13:07:47 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-01-16 13:02:05 -------- d-sh--w- c:\users\ivailo kunev\appdata\local\c72fd8b1
2012-01-13 10:31:48 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ff3924b3-e2de-47a6-9b6d-1003037fae12}\mpengine.dll
2012-01-11 13:16:54 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-11 13:16:53 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-11 13:16:53 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-11 13:16:52 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-11 13:16:51 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-11 13:16:51 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-11 13:16:51 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-11 13:16:50 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-11 13:16:50 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-11 13:16:50 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-11 13:15:01 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 13:14:56 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 13:14:53 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 13:14:52 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-08 13:43:14 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-08 13:43:14 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-08 13:43:13 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-08 13:43:13 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
.
==================== Find3M ====================
.
2012-01-16 13:07:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-26 04:47:40 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:47:40 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 04:28:12 38912 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 23:22:36.77 ===============

Сега Успях да сваля и стартирам ComboFix. Да го стартирам ли?


#12 B-boy[StyLe]

B-boy[StyLe]

    FFreestyleRR

  • HJT Team
  • 14398 мнения
  • Пол:Мъжки
  • Град:Electric City

Публикувано 18 януари 2012 - 23:30

Преди да пробваме почистване искам още малко информация:
  • Изтеглете Junction.zip и го разархивирайте в папка на десктопа.
    Копирайте файла Junction.exe в C:\Windows
  • Отидете до Start => Run... => въведете командата отдолу с Copy/Paste и натиснете OK
    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt
  • Изчакайте проверката да завърши и да се появи лог файла.
  • Копирайте съдържанието му в следващия си пост.

Георги Петков
Kaldata HJT Team


Публикувано изображение

#13 laker

laker

    Новобранец

  • Потребители
  • Pip
  • 23 мнения

Публикувано 18 януари 2012 - 23:49

Спазвам инсрукциите точно, но проверка не започва. Поне аз не виждам нещо да се променя или да се показва след като натисна ОК!

#14 B-boy[StyLe]

B-boy[StyLe]

    FFreestyleRR

  • HJT Team
  • 14398 мнения
  • Пол:Мъжки
  • Град:Electric City

Публикувано 18 януари 2012 - 23:53

Да опитаме по този начин:
  • Моля изтеглете Junction.zip и го запазете на вашия десктоп.
  • Разархивирайте архива и копирайте файла junction.exe в C:Windows.
  • Отворете notepad и въведете следния код:
    @ECHO OFF
    junction -s c: > log.txt
    start log.txt
    del %0
    
  • Запазете файла с иметo - Check.bat и го стартирайте с десен бутон => Run as administrator.
  • Изчакайте проверката да завърши и да се появи лог файла.
  • Копирайте съдържанието му в следващия си пост.

Георги Петков
Kaldata HJT Team


Публикувано изображение

#15 laker

laker

    Новобранец

  • Потребители
  • Pip
  • 23 мнения

Публикувано 19 януари 2012 - 00:02

Така се получи:


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

...

...

...\\?\C:\Windows\system32\config\systemprofile\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming

\\?\C:\Windows\system32\config\systemprofile\Cookies: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies

\\?\C:\Windows\system32\config\systemprofile\Local Settings: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\C:\Windows\system32\config\systemprofile\My Documents: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Documents
Substitute Name: C:\Windows\system32\config\systemprofile\Documents

\\?\C:\Windows\system32\config\systemprofile\NetHood: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\C:\Windows\system32\config\systemprofile\PrintHood: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\C:\Windows\system32\config\systemprofile\Recent: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent

\\?\C:\Windows\system32\config\systemprofile\SendTo: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo

\\?\C:\Windows\system32\config\systemprofile\Start Menu: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\C:\Windows\system32\config\systemprofile\Templates: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates

\\?\C:\Windows\system32\config\systemprofile\AppData\Local\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\C:\Windows\system32\config\systemprofile\AppData\Local\History: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History

\\?\C:\Windows\system32\config\systemprofile\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files



...

\\?\C:\Windows\system32\config\systemprofile\Documents\My Music: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Music
Substitute Name: C:\Windows\system32\config\systemprofile\Music

\\?\C:\Windows\system32\config\systemprofile\Documents\My Pictures: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Pictures
Substitute Name: C:\Windows\system32\config\systemprofile\Pictures

\\?\C:\Windows\system32\config\systemprofile\Documents\My Videos: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Videos
Substitute Name: C:\Windows\system32\config\systemprofile\Videos

...

...

...

...

...

.
Failed to open \\?\C:\Windows\system32\LogFiles\WMI\RtBackup: ???????? ? ???????.
..

...

#16 B-boy[StyLe]

B-boy[StyLe]

    FFreestyleRR

  • HJT Team
  • 14398 мнения
  • Пол:Мъжки
  • Град:Electric City

Публикувано 19 януари 2012 - 00:05

Ако това е целия лог файла...липсва важна информация.
Ок...нов опит и почваме почистването:

Публикувано изображение Изтеглете Gmer
  • Временно спрете Интернета си,всички работещи програми,както и антивирусната си програма.
  • Стартирате програмата.
  • След завършването на автоматичната проверка,махнете отметките от следните позиции:

    - IAT/EAT
    - Show all
    - махнете отметките от всички локални дискове. Маркирайте само системния дял (обикновенно това е C:\ )

    Публикувано изображение
  • Натиснете бутона Scan
  • Изчакайте програмата да завърши сканирането,след което натиснете бутона Save и запишете (save as) резултатите на десктопа с име Gmer.log.
  • Включете Интернета си и прикачете Gmer.log в следващия си коментар.

    Забележка:
  • Не предприемайте никакви действия върху редовете маркирани с "<--- ROOТKIT" ,защото това може да доведе до проблеми с Windows.

Георги Петков
Kaldata HJT Team


Публикувано изображение

#17 laker

laker

    Новобранец

  • Потребители
  • Pip
  • 23 мнения

Публикувано 19 януари 2012 - 09:37

Извинявам се за 12 часовото забавяне:

Опитах се да прикача файла, но форума не ми позволи.

Публикувам съдаржанието! Дано свърши работа:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-19 09:38:48
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD5000BEVT-22ZAT0 rev.01.01A01
Running: gmer.exe; Driver: C:\Users\IVAILO~1\AppData\Local\Temp\agdcyaoc.sys

---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x83245FF1]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [83245FF1] ZwCreateKey [0x83245FF1]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x83245FF6]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [83245FF6] ZwOpenKey [0x83245FF6]
INT 0x03 \SystemRoot\system32\ntkrnlpa.exe[unknown section] 83245FFB
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13D1 83283369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832BCD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 832C3E74 3 Bytes [F1, 5F, 24]
.text ntkrnlpa.exe!KeRemoveQueueEx + 137F 832C4034 3 Bytes [F6, 5F, 24] {NEG BYTE [EDI+0x24]}
.text C:\Windows\system32\DRIVERS\aksfridge.sys section is writeable [0x9B412000, 0x47E35, 0xE0000020]
.init C:\Windows\system32\DRIVERS\aksfridge.sys entry point in ".init" section [0x9B466224]
.init C:\Windows\system32\DRIVERS\aksfridge.sys unknown last code section [0x9B466000, 0x4000, 0xE20000E0]
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0x9B46A400, 0x6E6E2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9B4F4820] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9B4F4820]
.protectÿÿÿÿhardlockunknown last code section [0x9B4F4600, 0x512A, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0x9B4F4600, 0x512A, 0xE0000020]
.text peauth.sys 9B529C9D 28 Bytes [DE, EA, FD, F3, A6, 59, 5C, ...]
.text peauth.sys 9B529CC1 28 Bytes [DE, EA, FD, F3, A6, 59, 5C, ...]
? C:\Users\IVAILO~1\AppData\Local\Temp\mbr.sys ????????? ?? ???? ?? ?????? ???????? ????. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Disk \Device\Harddisk1\DR6 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cd0fd2b
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cd0fd2b (not active ControlSet)
---- Files - GMER 1.0.15 ----
File C:\Windows\$NtUninstallKB57441$\1727096717 0 bytes
File C:\Windows\$NtUninstallKB57441$\3341801649 0 bytes
File C:\Windows\$NtUninstallKB57441$\3341801649\L 0 bytes
File C:\Windows\$NtUninstallKB57441$\3341801649\U 0 bytes
---- EOF - GMER 1.0.15 ----

#18 B-boy[StyLe]

B-boy[StyLe]

    FFreestyleRR

  • HJT Team
  • 14398 мнения
  • Пол:Мъжки
  • Град:Electric City

Публикувано 19 януари 2012 - 11:13

Изтеглете GrantPerms.zip и го разархивирайте в папка по избор. Стартирайте GrantPerms.exe и въведете следната информация:

C:\Windows\$NtUninstallKB57441$\1727096717
C:\Windows\$NtUninstallKB57441$\3341801649
C:\Windows\$NtUninstallKB57441$\3341801649\L
C:\Windows\$NtUninstallKB57441$\3341801649\U
C:\Windows\$NtUninstallKB57441$
c:\users\ivailo kunev\appdata\local\c72fd8b1\X
c:\users\ivailo kunev\appdata\local\c72fd8b1
c:\windows\system32\regedit.exe
c:\users\ivailo kunev\mlfg8hkidd.exe

Натиснете Unlock и след това List Permissions. Публикувайте лог файла в следващия си пост.




  • Изтеглете OTL.exe и го запазете на десктопа.
  • Стартирайте файла Публикувано изображение с двукратен клик на мишката.
  • Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):
:files
C:\Windows\$NtUninstallKB57441$\3341801649\L
C:\Windows\$NtUninstallKB57441$\3341801649\U
C:\Windows\$NtUninstallKB57441$\3341801649
C:\Windows\$NtUninstallKB57441$\1727096717
C:\Windows\$NtUninstallKB57441$
c:\users\ivailo kunev\appdata\local\c72fd8b1\X
c:\users\ivailo kunev\appdata\local\c72fd8b1
c:\windows\system32\regedit.exe
c:\users\ivailo kunev\mlfg8hkidd.exe
ipconfig /flushdns /c
netsh winsock reset catalog /c
netsh interface ipv4 reset /c
:reg
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mlfg8hkidd"=-
"Regedit32"=-
:commands
[reboot]
След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix
Windows ще се рестартира и ще се създаде лог файл - OTL fix log. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.
Георги Петков
Kaldata HJT Team


Публикувано изображение

#19 laker

laker

    Новобранец

  • Потребители
  • Pip
  • 23 мнения

Публикувано 19 януари 2012 - 12:10

Ето лога на GRand Prems:

GrantPerms by Farbar
Ran by Ivailo Kunev (administrator) at 2012-01-19 12:11:53

===============================================
ERROR: Parsing the SD of <\\?\C:\Windows\$NtUninstallKB57441$\1727096717> failed with: ????????? ?? ???? ?? ?????? ???????? ????.


Operating system error message: ????????? ?? ???? ?? ?????? ???????? ????.
\\?\C:\Windows\$NtUninstallKB57441$\3341801649

Owner: BUILTIN\Administrators

DACL((NP)+(AI):
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)


\\?\C:\Windows\$NtUninstallKB57441$\3341801649\L

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(I)


\\?\C:\Windows\$NtUninstallKB57441$\3341801649\U

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(I)


\\?\C:\Windows\$NtUninstallKB57441$

Owner: BUILTIN\Administrators

DACL(P)(AI):
NT SERVICE\TrustedInstaller FULL ALLOW container_inherit
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Administrators FULL ALLOW (CI)(OI)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)


ERROR: Parsing the SD of <\\?\c:\users\ivailo kunev\appdata\local\c72fd8b1\X> failed with: ????????? ?? ???? ?? ?????? ???????? ????.


Operating system error message: ????????? ?? ???? ?? ?????? ???????? ????.
\\?\c:\users\ivailo kunev\appdata\local\c72fd8b1

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(I)
BUILTIN\Administrators FULL ALLOW (CI)(OI)(I)
IvailoKunev-PC\Ivailo Kunev FULL ALLOW (CI)(OI)(I)


ERROR: Parsing the SD of <\\?\c:\windows\system32\regedit.exe> failed with: ????????? ?? ???? ?? ?????? ???????? ????.


Operating system error message: ????????? ?? ???? ?? ?????? ???????? ????.
ERROR: Parsing the SD of <\\?\c:\users\ivailo kunev\mlfg8hkidd.exe> failed with: ????????? ?? ???? ?? ?????? ???????? ????.


Operating system error message: ????????? ?? ???? ?? ?????? ???????? ????.

Етои лога на OTL:

========== FILES ==========
C:\Windows\$NtUninstallKB57441$\3341801649\L folder moved successfully.
C:\Windows\$NtUninstallKB57441$\3341801649\U folder moved successfully.
File\Folder C:\Windows\$NtUninstallKB57441$\3341801649 not found.
File\Folder C:\Windows\$NtUninstallKB57441$\1727096717 not found.
Folder move failed. C:\Windows\$NtUninstallKB57441$\TxR scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB57441$\systemprofile\Videos folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Templates folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Start Menu folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\SendTo folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Searches folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Saved Games folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Recent folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\PrintHood folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Pictures\Slide Shows folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Pictures folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\NetHood folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\My Documents folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Music\Playlists folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Music folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Local Settings folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Links folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Favorites folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Downloads folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Documents\My Videos folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Documents\My Pictures folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Documents\My Music folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Documents folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Desktop folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Cookies folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Contacts folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Application Data folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\Templates folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\Recent folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\Libraries folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production\temp folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\McAfee\sacore folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\McAfee folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Apple Computer\Logs folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Apple Computer folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache\7EYTDC3E folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Adobe\Flash Player folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Adobe folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Microsoft\Silverlight folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Apple Computer\QuickTime folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Apple Computer folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Temporary Internet Files folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Programs\Common folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Programs folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows Sidebar\Gadgets folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows Sidebar folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows Photo Gallery\Original Images folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows Photo Gallery folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWJCYRU9 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJAF4SPH folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IY31THIY folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3AYP90YT folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\Ringtones folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\History folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\GameExplorer folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\Caches folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\Burn\Burn folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\Burn folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Portable Devices folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZB02UFH6 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOE5LKA7 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\FLN9TWJK folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\1Y916S5C folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Internet Explorer folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\IdentityCRL\production\temp folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\IdentityCRL\production folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\IdentityCRL folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\History folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\ESET\ESET Smart Security\Antispam folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\ESET\ESET Smart Security folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\ESET\ESET NOD32 Antivirus\Quarantine folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\ESET\ESET NOD32 Antivirus folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\ESET folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Application Data folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\RegBack scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB57441$\Journal folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB57441$ scheduled to be moved on reboot.
File\Folder c:\users\ivailo kunev\appdata\local\c72fd8b1\X not found.
c:\users\ivailo kunev\appdata\local\c72fd8b1\U folder moved successfully.
c:\users\ivailo kunev\appdata\local\c72fd8b1 folder moved successfully.
File\Folder c:\windows\system32\regedit.exe not found.
File\Folder c:\users\ivailo kunev\mlfg8hkidd.exe not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\Ivailo Kunev\Desktop\cmd.bat deleted successfully.
C:\Users\Ivailo Kunev\Desktop\cmd.txt deleted successfully.
< netsh winsock reset catalog /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Ivailo Kunev\Desktop\cmd.bat deleted successfully.
C:\Users\Ivailo Kunev\Desktop\cmd.txt deleted successfully.
< netsh interface ipv4 reset /c >
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Restart the computer to complete this action.
C:\Users\Ivailo Kunev\Desktop\cmd.bat deleted successfully.
C:\Users\Ivailo Kunev\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon\\"Shell"|"Explorer.exe" /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mlfg8hkidd deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 01192012_121620

Files\Folders moved on Reboot...
Folder move failed. C:\Windows\$NtUninstallKB57441$\TxR scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production\temp folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Apple Computer\Logs folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Apple Computer folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\TxR scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$ scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#20 B-boy[StyLe]

B-boy[StyLe]

    FFreestyleRR

  • HJT Team
  • 14398 мнения
  • Пол:Мъжки
  • Град:Electric City

Публикувано 19 януари 2012 - 12:34

Хммм...за първи път се получава така.
Явно папката C:\Windows\$NtUninstallKB57441$ е играла ролята на Junction Point и е пренасочила триенето на някои неща.
Дано да греша, но май ще се наложи да възстановяваме на някои папки...

Пробвайте вече да изтеглите и стартирате Combofix по-описания по-нагоре начин.
Би трябвало да се получи, защото rootkit loader-a беше изтрит.
Георги Петков
Kaldata HJT Team


Публикувано изображение





0 потребител(и) четат тази тема

0 потребители, 0 гости, 0 анонимни