Премини към съдържанието
Форумът в приложение

По-лесно сърфиране. Научи повече.
Kaldata.com - Форуми

Приложение на форума на цял екран с push известия, значки и други.

За да инсталирате това приложение на iOS и iPadOS
  1. Докоснете Иконата за споделяне в Safari
  2. Превъртете менюто и докоснете Добавяне към началния екран.
  3. Докоснете Добавяне в горния десен ъгъл.
За да инсталирате това приложение на Android
  1. Докоснете менюто с 3 точки (⋮) в горния десен ъгъл на браузъра.
  2. Докоснете Добавяне към началния екран или Инсталиране на приложение.
  3. Потвърдете, като докоснете Инсталиране.
Добави Kaldata.com в предпочитани източници в Google

Добре дошли!

Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

 

Открит Trojan.Agent [решен]

rock n roll
в Премахване на зловреден софтуер

Featured Replies

Всеки ден сканирам с MBAM и днес с последния ъпдейт сканирах и откри - Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6352 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/13/2011 8:18:46 AM mbam-log-2011-04-13 (08-18-46).txt Scan type: Quick scan Objects scanned: 151647 Time elapsed: 3 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\vb2008source.exe (Trojan.Agent) -> Quarantined and deleted successfully. Ето и DDS . DDS (Ver_11-03-05.01) - NTFSx86 Run by Insaneboy at 8:24:20.06 on ±°ї¤  04/13/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.2047.1242 [GMT -7:00] . AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Insaneboy\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\Program Files\Datecs\FlexType 2K\FType2K.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Insaneboy\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bigseekpro.com/hypercam/{DD2814B1-439C-4007-9DCC-07A75417A01E} uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = 64.8.190.49:3128 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll uRun: [bitComet] "c:\program files\bitcomet\BitComet.exe" /tray uRun: [Google Update] "c:\documents and settings\insaneboy\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice StartupFolder: c:\docume~1\insane~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\insane~1\startm~1\programs\startup\esetno~1.lnk - c:\program files\eset\eset nod32 antivirus\egui.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\esetno~1.lnk - c:\program files\eset\eset nod32 antivirus\egui.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flexty~1.lnk - c:\program files\datecs\flextype 2k\FType2K.exe IE: &С&валяне &с BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm IE: &С&валяне всички видео с BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm IE: &С&валяне всички с BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\insane~1\applic~1\mozilla\firefox\profiles\upnk4r34.default\ FF - prefs.js: browser.search.selectedEngine - BigSeekPro FF - prefs.js: browser.startup.homepage - hxxp://www.php-proxy.net/index.php?q=aHR0cDovL3phbXVuZGEubmV0L2Jyb3dzZS5waHA%3D FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\insaneboy\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-12 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-12 94360] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-12 731840] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 ATICDSDr;ATICDSDr;\??\e:\install pack\bin\atiicdxx.sys --> e:\install pack\bin\atiicdxx.sys [?] S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\docume~1\insane~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [2011-4-3 70144] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688] . =============== Created Last 30 ================ . 2011-04-05 04:03:07 -------- d-----w- c:\docume~1\insane~1\locals~1\applic~1\Temporary Projects 2011-04-04 06:47:08 -------- d-----w- c:\docume~1\insane~1\applic~1\f-secure 2011-04-02 20:56:46 -------- d-----w- c:\program files\Video Spin Blaster 2011-03-27 15:00:29 -------- d-----w- c:\program files\CPA Blaster . ==================== Find3M ==================== . 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll . ============= FINISH: 8:24:47.85 =============== Attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 9/3/2010 9:34:51 AM System Uptime: 4/13/2011 8:19:33 AM (0 hours ago) . Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7388 Processor: AMD Athlon 64 X2 Dual Core Processor 5000+ | CPU 1 | 2600/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 134 GiB total, 2.068 GiB free. D: is FIXED (NTFS) - 462 GiB total, 347.577 GiB free. E: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Audio Device on High Definition Audio Bus Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&AC286C1&0&0001 Manufacturer: Name: Audio Device on High Definition Audio Bus PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&AC286C1&0&0001 Service: . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: SM Bus Controller Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_73881462&REV_14\3&267A616A&0&A0 Manufacturer: Name: SM Bus Controller PNP Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_73881462&REV_14\3&267A616A&0&A0 Service: . ==== System Restore Points =================== . RP1: 3/29/2011 7:04:46 PM - System Checkpoint RP2: 3/30/2011 11:55:49 PM - System Checkpoint RP3: 4/2/2011 1:56:45 PM - Installed Video Spin Blaster RP4: 4/3/2011 4:09:06 PM - System Checkpoint RP5: 4/3/2011 10:48:09 PM - Software Distribution Service 3.0 RP6: 4/4/2011 11:45:13 PM - System Checkpoint RP7: 4/5/2011 11:48:42 PM - System Checkpoint RP8: 4/7/2011 12:37:32 AM - System Checkpoint RP9: 4/8/2011 1:14:07 AM - System Checkpoint RP10: 4/9/2011 1:43:42 AM - System Checkpoint RP11: 4/10/2011 6:49:44 PM - System Checkpoint RP12: 4/12/2011 12:10:52 AM - System Checkpoint RP13: 4/13/2011 3:26:04 AM - System Checkpoint . ==== Installed Programs ====================== . Adobe Bridge 1.0 Adobe Common File Installer Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Stock Photos 1.0 CPA Blaster ESET NOD32 Antivirus Google Chrome Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Mozilla Firefox (3.6.16) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2524375) Skype™ 3.8 Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Windows XP (KB971029) Video Spin Blaster . ==== Event Viewer Messages From Past Week ======== . 4/13/2011 8:20:16 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 4/12/2011 3:52:30 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001D9284B5A5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). . ==== End Of File ===========================

Редактирано от nologo (преглед на промените)

  • Цитирай

    Привет, следвайте инструкцията за работа с OTL:

    • Изтеглете OTL.exe или OTL.scr го запазете на десктопа.
    • Стартирайте файла Публикувано изображение с двукратен клик на мишката.
    • Направете следните настройки:
    Публикувано изображение

    • Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):
    netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\*.scr
%systemroot%\*._sy
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\system32\*.jpg
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%APPDATA%\Update\*.*
%APPDATA%\Microsoft\*.*
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%PROGRAMFILES%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    • Натиснете маркираният в синьо бутон: Публикувано изображение.
    • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията "прикачени файлове", когато публикувате мнение).
  • Цитирай
    • Автор

    Ето ги

    между другото освен на тази снимка при мен има още едно място за тик тук No Company

    Публикувано изображение което беше маркирано и така го оставих...

    OTL.Txt

    Extras.Txt

    Редактирано от rock n roll (преглед на промените)

  • Цитирай

    Стартирайте пак OTL и с Copy/ Paste под колонката Custom Scans/Fixes въведете скриптовия текст от текстовото поле по-долу, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта!

    :files
autorun.inf /alldrives
autorun.exe /alldrives
recycler /alldrives
ipconfig /flushdns /c

:commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

    Ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

    P.S. Имам въпрос: използваш ли прокси?

  • Цитирай
    • Автор

    P.S. Имам въпрос: използваш ли прокси?

    Да.

    All processes killed

    ========== FILES ==========

    C:\autorun.inf folder moved successfully.

    autorun.inf not found in D:\

    autorun.exe not found in C:\

    autorun.exe not found in D:\

    C:\RECYCLER\S-1-5-21-1078081533-926492609-682003330-1003 folder moved successfully.

    C:\RECYCLER folder moved successfully.

    D:\RECYCLER\S-1-5-21-1078081533-926492609-682003330-1003 folder moved successfully.

    D:\RECYCLER folder moved successfully.

    < ipconfig /flushdns /c >

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    C:\Documents and Settings\Insaneboy\Desktop\cmd.bat deleted successfully.

    C:\Documents and Settings\Insaneboy\Desktop\cmd.txt deleted successfully.

    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Insaneboy

    ->Temp folder emptied: 769868134 bytes

    ->Temporary Internet Files folder emptied: 5952378 bytes

    ->Java cache emptied: 179014 bytes

    ->FireFox cache emptied: 110580762 bytes

    ->Google Chrome cache emptied: 26336919 bytes

    ->Flash cache emptied: 120494 bytes

    User: LocalService

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Tonya

    %systemdrive% .tmp files removed: 0 bytes

    %systemroot% .tmp files removed: 0 bytes

    %systemroot%\System32 .tmp files removed: 0 bytes

    %systemroot%\System32\dllcache .tmp files removed: 0 bytes

    %systemroot%\System32\drivers .tmp files removed: 0 bytes

    Windows Temp folder emptied: 849563 bytes

    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 2285546 bytes

    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 874.00 mb

    [EMPTYFLASH]

    User: All Users

    User: Default User

    User: Insaneboy

    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Tonya

    Total Flash Files Cleaned = 0.00 mb

    OTL by OldTimer - Version 3.2.22.3 log created on 04132011_101519

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

  • Цитирай

    О.К. Нека да направим още една проверка:

    Следвайте следната инструкция за работа с RootRepeal:

    • Изтеглете ZIP архив на RootRepeal, ето два миръра:geekstogo или psikotick
    • Разархивирайте RootRepeal.zip на вашия десктоп, стартирайте RootRepeal.exe и направете следните настройки:
    • Кликнете на таба Report в долната част на прозореца.
    • Кликнете на бутона Scan
    • Сложете отметки пред следното:

    • Drivers
    FilesProcessesSSDTStealth ObjectsHidden ServicesShadow SSDT
    • Кликнете на бутона OK
    • На следващия диалогов прозорец, сложете отметки преди всички дялове (C:\ , D:\ ....)
    • Кликнете на OK, за да започне процеса на сканиране

    Забележка: Процеса на сканиране може да отнеме време. Моля, не стартирайте никакви програми, докато програмата сканира.

    • Когато сканирането завърши успешно ще се появи бутона Save Report
    • Кликнете върху Save Report и запишете лог файла на вашия десктоп, с име RootRepeal.txt
    • Отворете File, след което Exit, за да затворите програмата.
    • Копирайте и поставете съдържанието на RootRepeal.txt в следващия си коментар.
  • Цитирай
    • Автор

    ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2011/04/13 10:26 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xA8E0F000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA5D0000 Size: 8192 File Visible: No Signed: - Status: - Name: PCI_PNP0738 Image Path: \Driver\PCI_PNP0738 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA53AC000 Size: 49152 File Visible: No Signed: - Status: - Name: speg.sys Image Path: speg.sys Address: 0xB9EB4000 Size: 995328 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\log\log_122.trc Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\log\log_125.trc Status: Allocation size mismatch (API: 4096, Raw: 0) SSDT ------------------- #: 019 Function Name: NtAssignProcessToJobObject Status: Hooked by "<unknown>" at address 0x891c4c90 #: 041 Function Name: NtCreateKey Status: Hooked by "speg.sys" at address 0xb9eb50e0 #: 057 Function Name: NtDebugActiveProcess Status: Hooked by "<unknown>" at address 0x891c5200 #: 068 Function Name: NtDuplicateObject Status: Hooked by "<unknown>" at address 0x891c52f0 #: 071 Function Name: NtEnumerateKey Status: Hooked by "speg.sys" at address 0xb9ecdda4 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "speg.sys" at address 0xb9ece132 #: 119 Function Name: NtOpenKey Status: Hooked by "speg.sys" at address 0xb9eb50c0 #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0x891c4590 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0x891c4800 #: 137 Function Name: NtProtectVirtualMemory Status: Hooked by "<unknown>" at address 0x891c4fd0 #: 160 Function Name: NtQueryKey Status: Hooked by "speg.sys" at address 0xb9ece20a #: 177 Function Name: NtQueryValueKey Status: Hooked by "speg.sys" at address 0xb9ece08a #: 180 Function Name: NtQueueApcThread Status: Hooked by "<unknown>" at address 0x891c50e0 #: 213 Function Name: NtSetContextThread Status: Hooked by "<unknown>" at address 0x891c4ec0 #: 229 Function Name: NtSetInformationThread Status: Hooked by "<unknown>" at address 0x891c4d90 #: 237 Function Name: NtSetSecurityObject Status: Hooked by "<unknown>" at address 0x891c1da0 #: 247 Function Name: NtSetValueKey Status: Hooked by "speg.sys" at address 0xb9ece29c #: 253 Function Name: NtSuspendProcess Status: Hooked by "<unknown>" at address 0x891c4b90 #: 254 Function Name: NtSuspendThread Status: Hooked by "<unknown>" at address 0x891c4a80 #: 257 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0x891c46e0 #: 258 Function Name: NtTerminateThread Status: Hooked by "<unknown>" at address 0x891c4a50 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "<unknown>" at address 0x891c56d0 Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x89e541f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x89aa1500 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_READ] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_POWER] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_PNP] Process: System Address: 0x89de41f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE] Process: System Address: 0x89a9e500 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE] Process: System Address: 0x89a9e500 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89a9e500 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89a9e500 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER] Process: System Address: 0x89a9e500 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89a9e500 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP] Process: System Address: 0x89a9e500 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x89e561f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x89a9b500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x89a9b500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89a9b500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89a9b500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x89a9b500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x89a9b500 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x89b59500 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x89b59500 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89b59500 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89b59500 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x89b59500 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89b59500 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x89b59500 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_CREATE] Process: System Address: 0x89a17500 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_CLOSE] Process: System Address: 0x89a17500 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89a17500 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89a17500 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_POWER] Process: System Address: 0x89a17500 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89a17500 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_PNP] Process: System Address: 0x89a17500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x8913f1f8 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_CREATE] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_CLOSE] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_READ] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_SET_INFORMATION] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_SHUTDOWN] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_CLEANUP] Process: System Address: 0x89a5d500 Size: 121 Object: Hidden Code [Driver: Cdfsȅఉ瑎捦܉@考, IRP_MJ_PNP] Process: System Address: 0x89a5d500 Size: 121 ==EOF==

  • Цитирай

    Следвайте следната инструкция за работа с TDSSKiller (по-подробна инструкция на английски език: TDSSKiller):

    • Изтеглете TDSSKiller и го разархивирайте на десктопa.
    • Стартирайте TDSSKiller.exe, след това Start Scan.
    • Ако бъде открит инфектиран (infected) файл, проверете дали е избрана опцията Cure (по подразбиране). Ако е избрана Cure - натиснете Continue, снимка:

      Публикувано изображение

    • Ако бъде открит подозрителен (suspicious) файл, проверете дали е избрана опцията Skip (по подразбиране). Ако е избрана Skip - натиснете Continue.
    • Възможно е програмата да изиска рестарт. Ако е така - потвърдете с Reboot Now.

      -Ако няма рестартиране, отидете на Report. Ще се появи лог файл. Копирайте и поставете съдържанието му в следващия си коментар.

      -Ако има рестартиране, отидете на в системната директория. Там трябва да има файл с формат: TDSSKiller.[Version]_[Date]_[Time]_log.txt. Отворете го, копирайте и поставете съдържанието му в следващия си коментар.

      Забележка: За sptd.sys натиснете Skip.

  • Цитирай
    • Харесване 1
    • Автор

    2011/04/14 03:14:45.0546 2248 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/14 03:14:46.0046 2248 ================================================================================ 2011/04/14 03:14:46.0046 2248 SystemInfo: 2011/04/14 03:14:46.0046 2248 2011/04/14 03:14:46.0046 2248 OS Version: 5.1.2600 ServicePack: 3.0 2011/04/14 03:14:46.0046 2248 Product type: Workstation 2011/04/14 03:14:46.0046 2248 ComputerName: INSANEBO-191771 2011/04/14 03:14:46.0046 2248 UserName: Insaneboy 2011/04/14 03:14:46.0046 2248 Windows directory: C:\WINDOWS 2011/04/14 03:14:46.0046 2248 System windows directory: C:\WINDOWS 2011/04/14 03:14:46.0046 2248 Processor architecture: Intel x86 2011/04/14 03:14:46.0046 2248 Number of processors: 2 2011/04/14 03:14:46.0046 2248 Page size: 0x1000 2011/04/14 03:14:46.0046 2248 Boot type: Normal boot 2011/04/14 03:14:46.0046 2248 ================================================================================ 2011/04/14 03:14:46.0390 2248 Initialize success 2011/04/14 03:14:53.0078 1236 ================================================================================ 2011/04/14 03:14:53.0078 1236 Scan started 2011/04/14 03:14:53.0078 1236 Mode: Manual; 2011/04/14 03:14:53.0078 1236 ================================================================================ 2011/04/14 03:14:53.0781 1236 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/04/14 03:14:53.0812 1236 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/04/14 03:14:53.0859 1236 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/04/14 03:14:53.0890 1236 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 2011/04/14 03:14:53.0968 1236 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 2011/04/14 03:14:54.0046 1236 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/04/14 03:14:54.0062 1236 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/04/14 03:14:54.0187 1236 ati2mtag (eb0531822aabcf843a0940d4ca8a90a9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/04/14 03:14:54.0250 1236 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys 2011/04/14 03:14:54.0265 1236 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/04/14 03:14:54.0296 1236 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/04/14 03:14:54.0328 1236 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/04/14 03:14:54.0343 1236 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys 2011/04/14 03:14:54.0375 1236 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys 2011/04/14 03:14:54.0390 1236 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys 2011/04/14 03:14:54.0421 1236 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys 2011/04/14 03:14:54.0468 1236 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys 2011/04/14 03:14:54.0500 1236 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/04/14 03:14:54.0531 1236 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/04/14 03:14:54.0546 1236 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/04/14 03:14:54.0562 1236 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/04/14 03:14:54.0656 1236 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/04/14 03:14:54.0703 1236 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/04/14 03:14:54.0718 1236 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/04/14 03:14:54.0718 1236 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/04/14 03:14:54.0765 1236 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/04/14 03:14:54.0812 1236 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/04/14 03:14:54.0843 1236 eamon (ba6c651acca50abbb27d463658fff01c) C:\WINDOWS\system32\DRIVERS\eamon.sys 2011/04/14 03:14:54.0875 1236 ehdrv (820c19b966c0e419e2e860128397060d) C:\WINDOWS\system32\DRIVERS\ehdrv.sys 2011/04/14 03:14:54.0906 1236 epfwtdir (a034d7390880924e6eff8d6a1d0edec4) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys 2011/04/14 03:14:55.0031 1236 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/04/14 03:14:55.0046 1236 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/04/14 03:14:55.0062 1236 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/04/14 03:14:55.0062 1236 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/04/14 03:14:55.0109 1236 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/04/14 03:14:55.0140 1236 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/04/14 03:14:55.0156 1236 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/04/14 03:14:55.0171 1236 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/04/14 03:14:55.0187 1236 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/04/14 03:14:55.0218 1236 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/04/14 03:14:55.0250 1236 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys 2011/04/14 03:14:55.0281 1236 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/04/14 03:14:55.0328 1236 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/04/14 03:14:55.0375 1236 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/04/14 03:14:55.0390 1236 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/04/14 03:14:55.0500 1236 IntcAzAudAddService (8f924588c272fdaa28cf31a9bbc21a72) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/04/14 03:14:55.0562 1236 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/04/14 03:14:55.0578 1236 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/04/14 03:14:55.0593 1236 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/04/14 03:14:55.0609 1236 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/04/14 03:14:55.0625 1236 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/04/14 03:14:55.0656 1236 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/04/14 03:14:55.0671 1236 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/04/14 03:14:55.0687 1236 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/04/14 03:14:55.0734 1236 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/04/14 03:14:55.0765 1236 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/04/14 03:14:55.0796 1236 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/04/14 03:14:55.0843 1236 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys 2011/04/14 03:14:55.0875 1236 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/04/14 03:14:55.0890 1236 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/04/14 03:14:55.0906 1236 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/04/14 03:14:55.0937 1236 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/04/14 03:14:55.0937 1236 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/04/14 03:14:55.0968 1236 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/04/14 03:14:56.0000 1236 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/04/14 03:14:56.0031 1236 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/04/14 03:14:56.0062 1236 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/04/14 03:14:56.0093 1236 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/04/14 03:14:56.0109 1236 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/04/14 03:14:56.0140 1236 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/04/14 03:14:56.0171 1236 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/04/14 03:14:56.0187 1236 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/04/14 03:14:56.0203 1236 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/04/14 03:14:56.0218 1236 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/04/14 03:14:56.0234 1236 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/04/14 03:14:56.0265 1236 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/04/14 03:14:56.0281 1236 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/04/14 03:14:56.0296 1236 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/04/14 03:14:56.0359 1236 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys 2011/04/14 03:14:56.0375 1236 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys 2011/04/14 03:14:56.0390 1236 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/04/14 03:14:56.0421 1236 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/04/14 03:14:56.0437 1236 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/04/14 03:14:56.0453 1236 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/04/14 03:14:56.0484 1236 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/04/14 03:14:56.0500 1236 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/04/14 03:14:56.0515 1236 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/04/14 03:14:56.0546 1236 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/04/14 03:14:56.0562 1236 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 2011/04/14 03:14:56.0593 1236 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/04/14 03:14:56.0625 1236 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/04/14 03:14:56.0656 1236 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/04/14 03:14:56.0765 1236 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/04/14 03:14:56.0781 1236 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/04/14 03:14:56.0796 1236 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/04/14 03:14:56.0828 1236 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/04/14 03:14:56.0906 1236 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/04/14 03:14:56.0921 1236 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/04/14 03:14:56.0937 1236 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/04/14 03:14:56.0937 1236 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/04/14 03:14:56.0968 1236 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/04/14 03:14:56.0984 1236 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/04/14 03:14:57.0000 1236 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/04/14 03:14:57.0015 1236 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/04/14 03:14:57.0031 1236 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/04/14 03:14:57.0062 1236 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys 2011/04/14 03:14:57.0109 1236 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys 2011/04/14 03:14:57.0125 1236 RTLE8023xp (3400495f5b219d5153c770a95499579c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 2011/04/14 03:14:57.0156 1236 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/04/14 03:14:57.0171 1236 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/04/14 03:14:57.0203 1236 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/04/14 03:14:57.0234 1236 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/04/14 03:14:57.0296 1236 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/04/14 03:14:57.0343 1236 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 2011/04/14 03:14:57.0343 1236 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/04/14 03:14:57.0343 1236 sptd - detected Locked file (1) 2011/04/14 03:14:57.0375 1236 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/04/14 03:14:57.0406 1236 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/04/14 03:14:57.0437 1236 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/04/14 03:14:57.0468 1236 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/04/14 03:14:57.0546 1236 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/04/14 03:14:57.0593 1236 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/04/14 03:14:57.0625 1236 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/04/14 03:14:57.0656 1236 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/04/14 03:14:57.0687 1236 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/04/14 03:14:57.0734 1236 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/04/14 03:14:57.0781 1236 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/04/14 03:14:57.0796 1236 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 2011/04/14 03:14:57.0843 1236 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/04/14 03:14:57.0843 1236 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/04/14 03:14:57.0859 1236 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/04/14 03:14:57.0875 1236 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/04/14 03:14:57.0906 1236 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/04/14 03:14:57.0921 1236 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys 2011/04/14 03:14:57.0937 1236 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 2011/04/14 03:14:57.0968 1236 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/04/14 03:14:57.0984 1236 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/04/14 03:14:58.0031 1236 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/04/14 03:14:58.0078 1236 w800bus (b8c182df79ac8938311ac8e193d52762) C:\WINDOWS\system32\DRIVERS\w800bus.sys 2011/04/14 03:14:58.0109 1236 w800mdfl (3af69f28c17e1e03bb894f00d905add8) C:\WINDOWS\system32\DRIVERS\w800mdfl.sys 2011/04/14 03:14:58.0140 1236 w800mdm (0d12afd1e1c95226b4268c1777625d05) C:\WINDOWS\system32\DRIVERS\w800mdm.sys 2011/04/14 03:14:58.0171 1236 w800mgmt (36ad2eb4a6376d08555864eb4cfd2508) C:\WINDOWS\system32\DRIVERS\w800mgmt.sys 2011/04/14 03:14:58.0187 1236 w800obex (7905915006febbf0f137af36a3fd6429) C:\WINDOWS\system32\DRIVERS\w800obex.sys 2011/04/14 03:14:58.0203 1236 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/04/14 03:14:58.0250 1236 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 2011/04/14 03:14:58.0296 1236 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/04/14 03:14:58.0343 1236 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/04/14 03:14:58.0500 1236 ================================================================================ 2011/04/14 03:14:58.0500 1236 Scan finished 2011/04/14 03:14:58.0500 1236 ================================================================================ 2011/04/14 03:14:58.0515 3612 Detected object count: 1 2011/04/14 03:15:31.0015 3612 Locked file(sptd) - User select action: Skip 2011/04/14 03:15:36.0437 1448 ================================================================================ 2011/04/14 03:15:36.0437 1448 Scan started 2011/04/14 03:15:36.0437 1448 Mode: Manual; 2011/04/14 03:15:36.0437 1448 ================================================================================ 2011/04/14 03:15:36.0765 1448 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/04/14 03:15:36.0796 1448 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/04/14 03:15:36.0843 1448 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/04/14 03:15:36.0875 1448 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 2011/04/14 03:15:36.0953 1448 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 2011/04/14 03:15:37.0031 1448 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/04/14 03:15:37.0046 1448 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/04/14 03:15:37.0156 1448 ati2mtag (eb0531822aabcf843a0940d4ca8a90a9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/04/14 03:15:37.0218 1448 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys 2011/04/14 03:15:37.0250 1448 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/04/14 03:15:37.0265 1448 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/04/14 03:15:37.0296 1448 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/04/14 03:15:37.0328 1448 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys 2011/04/14 03:15:37.0343 1448 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys 2011/04/14 03:15:37.0359 1448 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys 2011/04/14 03:15:37.0406 1448 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys 2011/04/14 03:15:37.0437 1448 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys 2011/04/14 03:15:37.0453 1448 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/04/14 03:15:37.0484 1448 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/04/14 03:15:37.0500 1448 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/04/14 03:15:37.0515 1448 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/04/14 03:15:37.0625 1448 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/04/14 03:15:37.0640 1448 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/04/14 03:15:37.0656 1448 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/04/14 03:15:37.0671 1448 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/04/14 03:15:37.0718 1448 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/04/14 03:15:37.0765 1448 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/04/14 03:15:37.0796 1448 eamon (ba6c651acca50abbb27d463658fff01c) C:\WINDOWS\system32\DRIVERS\eamon.sys 2011/04/14 03:15:37.0828 1448 ehdrv (820c19b966c0e419e2e860128397060d) C:\WINDOWS\system32\DRIVERS\ehdrv.sys 2011/04/14 03:15:37.0859 1448 epfwtdir (a034d7390880924e6eff8d6a1d0edec4) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys 2011/04/14 03:15:37.0968 1448 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/04/14 03:15:37.0984 1448 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/04/14 03:15:38.0000 1448 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/04/14 03:15:38.0015 1448 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/04/14 03:15:38.0046 1448 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/04/14 03:15:38.0078 1448 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/04/14 03:15:38.0078 1448 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/04/14 03:15:38.0109 1448 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/04/14 03:15:38.0125 1448 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/04/14 03:15:38.0156 1448 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/04/14 03:15:38.0187 1448 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys 2011/04/14 03:15:38.0218 1448 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/04/14 03:15:38.0265 1448 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/04/14 03:15:38.0328 1448 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/04/14 03:15:38.0343 1448 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/04/14 03:15:38.0453 1448 IntcAzAudAddService (8f924588c272fdaa28cf31a9bbc21a72) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/04/14 03:15:38.0515 1448 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/04/14 03:15:38.0546 1448 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/04/14 03:15:38.0562 1448 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/04/14 03:15:38.0578 1448 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/04/14 03:15:38.0593 1448 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/04/14 03:15:38.0625 1448 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/04/14 03:15:38.0640 1448 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/04/14 03:15:38.0656 1448 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/04/14 03:15:38.0703 1448 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/04/14 03:15:38.0734 1448 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/04/14 03:15:38.0765 1448 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/04/14 03:15:38.0812 1448 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys 2011/04/14 03:15:38.0843 1448 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/04/14 03:15:38.0859 1448 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/04/14 03:15:38.0875 1448 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/04/14 03:15:38.0890 1448 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/04/14 03:15:38.0906 1448 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/04/14 03:15:38.0937 1448 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/04/14 03:15:38.0968 1448 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/04/14 03:15:39.0000 1448 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/04/14 03:15:39.0031 1448 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/04/14 03:15:39.0062 1448 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/04/14 03:15:39.0062 1448 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/04/14 03:15:39.0093 1448 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/04/14 03:15:39.0125 1448 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/04/14 03:15:39.0156 1448 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/04/14 03:15:39.0156 1448 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/04/14 03:15:39.0171 1448 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/04/14 03:15:39.0187 1448 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/04/14 03:15:39.0218 1448 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/04/14 03:15:39.0234 1448 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/04/14 03:15:39.0250 1448 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/04/14 03:15:39.0296 1448 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys 2011/04/14 03:15:39.0328 1448 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys 2011/04/14 03:15:39.0343 1448 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/04/14 03:15:39.0359 1448 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/04/14 03:15:39.0406 1448 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/04/14 03:15:39.0406 1448 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/04/14 03:15:39.0437 1448 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/04/14 03:15:39.0468 1448 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/04/14 03:15:39.0468 1448 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/04/14 03:15:39.0500 1448 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/04/14 03:15:39.0531 1448 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 2011/04/14 03:15:39.0546 1448 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/04/14 03:15:39.0578 1448 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/04/14 03:15:39.0609 1448 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/04/14 03:15:39.0718 1448 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/04/14 03:15:39.0734 1448 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/04/14 03:15:39.0750 1448 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/04/14 03:15:39.0781 1448 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/04/14 03:15:39.0859 1448 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/04/14 03:15:39.0875 1448 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/04/14 03:15:39.0890 1448 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/04/14 03:15:39.0890 1448 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/04/14 03:15:39.0921 1448 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/04/14 03:15:39.0921 1448 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/04/14 03:15:39.0937 1448 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/04/14 03:15:39.0953 1448 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/04/14 03:15:39.0968 1448 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/04/14 03:15:40.0015 1448 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys 2011/04/14 03:15:40.0062 1448 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys 2011/04/14 03:15:40.0078 1448 RTLE8023xp (3400495f5b219d5153c770a95499579c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 2011/04/14 03:15:40.0125 1448 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/04/14 03:15:40.0140 1448 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/04/14 03:15:40.0156 1448 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/04/14 03:15:40.0203 1448 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/04/14 03:15:40.0265 1448 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/04/14 03:15:40.0312 1448 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 2011/04/14 03:15:40.0312 1448 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/04/14 03:15:40.0312 1448 sptd - detected Locked file (1) 2011/04/14 03:15:40.0343 1448 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/04/14 03:15:40.0390 1448 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/04/14 03:15:40.0406 1448 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/04/14 03:15:40.0453 1448 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/04/14 03:15:40.0531 1448 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/04/14 03:15:40.0562 1448 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/04/14 03:15:40.0593 1448 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/04/14 03:15:40.0625 1448 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/04/14 03:15:40.0656 1448 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/04/14 03:15:40.0718 1448 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/04/14 03:15:40.0750 1448 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/04/14 03:15:40.0781 1448 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 2011/04/14 03:15:40.0812 1448 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/04/14 03:15:40.0828 1448 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/04/14 03:15:40.0843 1448 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/04/14 03:15:40.0843 1448 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/04/14 03:15:40.0875 1448 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/04/14 03:15:40.0890 1448 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys 2011/04/14 03:15:40.0906 1448 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 2011/04/14 03:15:40.0937 1448 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/04/14 03:15:40.0968 1448 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/04/14 03:15:41.0000 1448 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/04/14 03:15:41.0046 1448 w800bus (b8c182df79ac8938311ac8e193d52762) C:\WINDOWS\system32\DRIVERS\w800bus.sys 2011/04/14 03:15:41.0062 1448 w800mdfl (3af69f28c17e1e03bb894f00d905add8) C:\WINDOWS\system32\DRIVERS\w800mdfl.sys 2011/04/14 03:15:41.0093 1448 w800mdm (0d12afd1e1c95226b4268c1777625d05) C:\WINDOWS\system32\DRIVERS\w800mdm.sys 2011/04/14 03:15:41.0109 1448 w800mgmt (36ad2eb4a6376d08555864eb4cfd2508) C:\WINDOWS\system32\DRIVERS\w800mgmt.sys 2011/04/14 03:15:41.0140 1448 w800obex (7905915006febbf0f137af36a3fd6429) C:\WINDOWS\system32\DRIVERS\w800obex.sys 2011/04/14 03:15:41.0156 1448 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/04/14 03:15:41.0171 1448 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 2011/04/14 03:15:41.0234 1448 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/04/14 03:15:41.0281 1448 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/04/14 03:15:41.0437 1448 ================================================================================ 2011/04/14 03:15:41.0437 1448 Scan finished 2011/04/14 03:15:41.0437 1448 ================================================================================ 2011/04/14 03:15:41.0453 1892 Detected object count: 1 2011/04/14 03:15:44.0265 1892 Locked file(sptd) - User select action: Skip

  • Цитирай

    • Обновете и стартирайте MalwareBytes' Anti-Malware и изберете Perform Quick Scan, след това кликнете на Scan.
    • Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
    • Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
    • Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
    • Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.

    Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

  • Цитирай
    • Харесване 1
    • Автор

    Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6362 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/14/2011 6:09:53 AM mbam-log-2011-04-14 (06-09-53).txt Scan type: Quick scan Objects scanned: 147371 Time elapsed: 2 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

  • Цитирай

    Стартирайте OTL още веднъж и натиснете бутона CleanUp.

    Публикувано изображение

    При дeинсталацията на OTL ще бъдат почистени инструменти и файлове, които използвахме в темата (може да оставите Malwarebytes' Anti-Malware Free за периодично сканиране). Програмата не пречи на другите приложения за сигурност. Ще последва рестарт на Windows.

    Сега има ли някакви други проблеми с Windows?

  • Цитирай

    • Добавете отговор

    Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
    Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

    Гост
    Публикацията ви съдържа термини, които не допускаме! Моля, редактирайте съдържанието си и премахнете подчертаните думи по-долу. Ако замените букви от думата със звездички или друго, за да заобиколите това предупреждение, профилът ви ще бъде блокиран и наказан!
    Напишете отговор в тази тема...
    Назад

    Разглеждащи това в момента 0

    • Няма регистрирани потребители разглеждащи тази страница.

    Дарение

    • Подкрепи съществуването на форума - направи дарение
      25%
      Дарени 252.69 EUR от нужните 1,000.00 EUR

    Бюлетин

    Получавайте известие, когато има важна промяна или новина свързана с форума.
    Абонирайте се

    Профил

    Навигация

    Търсене

    Търсене

    Конфигуриране на push известия в браузъра
    Chrome (Android)
    1. Докоснете иконата на катинар до адресната лента.
    2. Докоснете Разрешения → Известия.
    3. Променете предпочитанията си.
    Chrome (Desktop)
    1. Кликнете върху иконата на катинар в адресната лента.
    2. Изберете Настройки на сайта.
    3. Намерете Известия и коригирайте предпочитанията си.