Към съдържанието




Снимка
- - - - -

Mediashifting.com - скъса ми нервите!


  • Моля влезте за да отговорите
46 отговора в тази тема

#1 laker

laker

    Новобранец

  • Потребители
  • Pip
  • 23 мнения

Публикувано 18 януари 2012 - 11:05

Съжалявам ако вече някъде е обяснявано! Моля за помощ с този Mediashifting.com проблем. Всяко търсене в Google се пренасочвам към някъкви сайтове. Предварително благодаря! Ето DDS лога: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Ivailo Kunev at 11:27:36 on 2012-01-18 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3002.1404 [GMT 2:00] . AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331- BA19-698E-64816B6801A5} SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B- B597-533E-5FF310EF4B18} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44- DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support \AppleMobileDeviceService.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\WindowsMobile\wmdcBase.exe C:\Program Files\Common Files\Pure Networks Shared\Platform \nmctxth.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\hasplms.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\igfxsrvc.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.selfinvest.eu/ uInternet Settings,ProxyOverride = *.local uWinlogon: Shell=c:\users\ivailo kunev\appdata\local\c72fd8b1\X BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex \AcroIEHelperShim.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c: \program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c: \program files\microsoft\search enhancement pack\search helper \SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9- 0bbc1d38a37e} - c:\program files\microsoft office \office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc- 5164760863c6} - c:\program files\common files\microsoft shared \windows live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74- 9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray uRun: [mlfg8hkidd] c:\users\ivailo kunev\mlfg8hkidd.exe uRun: [Regedit32] c:\windows\system32\regedit.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes \virtualclonedrive\VCDDaemon.exe" /s mRun: [GrooveMonitor] "c:\program files\microsoft office \office12\GrooveMonitor.exe" mRun: [CNAP2 Launcher] c:\windows\system32\spool\drivers \w32x86\3\CNAP2LAK.EXE mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm \1.0\AdobeARM.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple \mobile device support\AppleSyncNotifier.exe mRun: [Windows Mobile-based device management] %windir% \WindowsMobile\wmdcBase.exe mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" mRun: [nmapp] "c:\program files\pure networks\network magic \nmapp.exe" -autorun -nosplash mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" - atboottime mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [XoftSpySE] "c:\program files\xoftspyse6\XoftSpySE.exe" -NM -hidesplash mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &?&???? &? BitComet - c:\program files\bitcomet \BitComet.exe/AddLink.htm IE: &?&???? ?????? ? BitComet - c:\program files\bitcomet \BitComet.exe/AddAllLink.htm IE: &?&???? ???????? ????? ? BitComet - c:\program files\bitcomet \BitComet.exe/AddVideo.htm IE: E&xport to Microsoft Excel - c: \progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206 LSP: mswsock.dll Trusted Zone: bulbank.bg\online Trusted Zone: rid.bg\test-impero DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.ca b DPF: {3CF8817B-58DF-4C4A-96BB-21C0A8D822D7} - hxxp://test- impero.rid.bg/Elements4.cab DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa. cab DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://online.bulbank.bg/capicom.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash .cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab TCP: DhcpNameServer = 91.191.208.34 TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9} : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9} : DhcpNameServer = 91.191.208.34 TCP: Interfaces\{EF99161E-C7A5-457F-9C41- C20C2B2D76A9}\24F425F465544535 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\35F6669616 : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\35F6669616 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{EF99161E-C7A5-457F-9C41- C20C2B2D76A9}\45F495F44514 : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{EF99161E-C7A5-457F-9C41- C20C2B2D76A9}\45F495F44514 : DhcpNameServer = 10.172.5.202 10.172.4.201 10.172.6.201 TCP: Interfaces\{EF99161E-C7A5-457F-9C41- C20C2B2D76A9}\5564D2435647 : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{EF99161E-C7A5-457F-9C41- C20C2B2D76A9}\5564D2435647 : DhcpNameServer = 62.44.118.1 62.44.96.1 TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\64C4F42514 : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\64C4F42514 : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office \office12\GrooveSystemServices.dll Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c: \program files\common files\pure networks shared\platform \puresp4.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c: \progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c: \program files\windows live\photo gallery \AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba- 52453494e6cd} - c:\program files\microsoft office \office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\ivailo kunev\appdata\roaming\mozilla \firefox\profiles\edq3203t.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.selfinvest.eu/ FF - plugin: c:\program files\adobe\reader 9.0\reader\air \nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin \npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight \4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins \npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery \NPWLPG.dll . ============= SERVICES / DRIVERS =============== . R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? ekrn;ESET Service R? GdmFilt;GCT USB Mass Storage Filter Service R? MdmUWm;MDM WiMAX USB Composite Device R? netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit R? qcusbser;Modem Interface USB Device for Legacy Serial Communication R? RdpVideoMiniport;Remote Desktop Video Miniport Driver R? Synth3dVsc;Synth3dVsc R? TsUsbFlt;TsUsbFlt R? tsusbhub;tsusbhub R? VGPU;VGPU R? vtigercrmApache530;vtigercrmApache530 R? vtigercrmMysql530;vtigercrmMysql530 R? WatAdminSvc;?????? ?? ???????????? ?? ?????????? ?? Windows R? WebTutorCorpServer;WebTutorCorpServer R? WSDPrintDevice;WSD Print Support via UMB R? XoftSpyService;XoftSpyService S? epfwwfp;epfwwfp S? hasplms;HASP License Manager S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20) S? NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit S? VWiFiFlt;Virtual WiFi Filter Driver S? vwifimp;Microsoft Virtual WiFi Miniport Service . =============== Created Last 30 ================ . 2012-01-18 07:57:10 -------- d-----w- c:\program files\ESET 2012-01-18 05:44:46 -------- d-----w- c: \programdata\ParetoLogic 2012-01-18 05:44:45 -------- d-----w- c:\program files\common files\ParetoLogic 2012-01-18 05:44:43 -------- d-----w- c: \programdata\XoftSpySE 2012-01-18 05:44:43 -------- d-----w- c:\program files\common files\XoftSpySE 2012-01-18 05:44:42 -------- d-----w- c:\program files\XoftSpySE6 2012-01-18 05:30:06 -------- d-----w- c:\users \ivailo kunev\Antivirus 2012-01-17 20:07:05 398848 ----a-w- c:\windows \system32\TVWizudlg.exe 2012-01-17 20:07:05 140288 ----a-w- c:\windows \system32\igfxtvcx.dll 2012-01-17 20:07:05 -------- d-----w- c: \windows\system32\Lang 2012-01-17 19:46:08 53160 ----a-w- c:\windows \system32\epfwdata.bin 2012-01-16 13:30:11 -------- d-sh--w- c: \windows\system32\%APPDATA% 2012-01-16 13:07:47 0 --sha-w- c:\windows \system32\dds_log_trash.cmd 2012-01-16 13:02:05 -------- d-sh--w- c:\users \ivailo kunev\appdata\local\c72fd8b1 2012-01-13 10:31:48 6823496 ----a-w- c:\programdata \microsoft\windows defender\definition updates\{ff3924b3-e2de- 47a6-9b6d-1003037fae12}\mpengine.dll 2012-01-11 13:16:54 224768 ----a-w- c:\windows \system32\schannel.dll 2012-01-11 13:16:53 134000 ----a-w- c:\windows \system32\drivers\ksecpkg.sys 2012-01-11 13:16:53 1038848 ----a-w- c:\windows \system32\lsasrv.dll 2012-01-11 13:16:52 369352 ----a-w- c:\windows \system32\drivers\cng.sys 2012-01-11 13:16:51 67440 ----a-w- c:\windows \system32\drivers\ksecdd.sys 2012-01-11 13:16:51 314880 ----a-w- c:\windows \system32\webio.dll 2012-01-11 13:16:51 22528 ----a-w- c:\windows \system32\lsass.exe 2012-01-11 13:16:50 22016 ----a-w- c:\windows \system32\secur32.dll 2012-01-11 13:16:50 15872 ----a-w- c:\windows \system32\sspisrv.dll 2012-01-11 13:16:50 100352 ----a-w- c:\windows \system32\sspicli.dll 2012-01-11 13:15:01 1288472 ----a-w- c:\windows \system32\ntdll.dll 2012-01-11 13:14:56 67072 ----a-w- c:\windows \system32\packager.dll 2012-01-11 13:14:53 1328128 ----a-w- c:\windows \system32\quartz.dll 2012-01-11 13:14:52 514560 ----a-w- c:\windows \system32\qdvd.dll 2012-01-08 13:43:14 479232 ----a-w- c:\program files \mozilla firefox\msvcm80.dll 2012-01-08 13:43:14 43992 ----a-w- c:\program files \mozilla firefox\mozutils.dll 2012-01-08 13:43:13 626688 ----a-w- c:\program files \mozilla firefox\msvcr80.dll 2012-01-08 13:43:13 548864 ----a-w- c:\program files \mozilla firefox\msvcp80.dll . ==================== Find3M ==================== . 2012-01-16 13:07:26 414368 ----a-w- c:\windows \system32\FlashPlayerCPLApp.cpl 2011-11-24 04:25:27 2342912 ----a-w- c:\windows \system32\win32k.sys 2011-11-05 04:26:03 2048 ----a-w- c:\windows \system32\tzres.dll 2011-10-26 04:47:40 3967856 ----a-w- c:\windows \system32\ntkrnlpa.exe 2011-10-26 04:47:40 3912560 ----a-w- c:\windows \system32\ntoskrnl.exe 2011-10-26 04:28:12 38912 ----a-w- c:\windows \system32\csrsrv.dll . ============= FINISH: 11:32:27.78 =============== Ето и Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 30-Sep-09 02:14:44 System Uptime: 18-Jan-12 10:05:21 (1 hours ago) . Motherboard: Acer | | Aspire 4810T Processor: Intel® Core™2 Solo CPU U3500 @ 1.40GHz | CPU | 1400/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 332.662 GiB free. D: is CDROM () E: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP377: 10-Jan-12 11:03:03 - Windows Update RP379: 13-Jan-12 11:26:27 - Windows Modules Installer RP380: 13-Jan-12 12:31:13 - Windows Update RP381: 17-Jan-12 16:54:04 - Removed Java™ 6 Update 22 RP382: 17-Jan-12 17:10:25 - Removed QlikView x86. RP383: 17-Jan-12 21:46:00 - Installed ESET Smart Security RP384: 17-Jan-12 22:12:17 - Installed ESET Smart Security RP385: 17-Jan-12 22:27:14 - Installed ESET Smart Security RP386: 17-Jan-12 22:46:51 - Installed ESET Smart Security RP387: 17-Jan-12 22:49:28 - Installed ESET Smart Security RP388: 18-Jan-12 09:51:44 - Installed ESET NOD32 Antivirus . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) ?????????? ???????? WebTutor 2 ??????????? ?? Windows Live ????????????????? WebTutor 2 2007 Microsoft Office Suite Service Pack 2 (SP2) Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.4.6 Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 1.3.9 (Unicode) BitComet 1.15 Bonjour Business Plan Pro 2007 Buzan's iMindMap V4 Canon LBP3010/LBP3018/LBP3050 CASHFLOW® 202 THE E-GAME CASHFLOW® THE E-GAME Cisco Network Magic CourseLab 2.4 D3DX10 Documents To Go Desktop for iPhone E-Staff Ðåêðóòåð Äåìî Favorite-Games 5.16 FileZilla Client 3.5.2 Football Manager 2009 FreeRIP v3.6 iCloud Intel® Graphics Media Accelerator Driver Intel® TV Wizard IrfanView (remove only) ItaEst - Taka e! iTunes Java Auto Updater Junk Mail filter update Marketing Plan Pro 9.0 MetaTrader 4 STS Finance 4.00 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft CAPICOM 2.1.0.2 SDK Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MobileMe Control Panel Mozilla Firefox 9.0.1 (x86 bg) MSVC80_x86_v2 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Network Magic Nokia Connectivity Cable Driver Nokia PC Suite OGA Notifier 2.0.0048.0 Palo Alto Software's Application Manager 8.2 PC Connectivity Solution Project KickStart 5 Pure Networks Platform QuickTime Realtek High Definition Audio Driver RichFLV Safari Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32- Bit Edition Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Groove 2007 (KB2552997) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Skype Toolbars Skype™ 4.2 The Bat! Professional v4.1.11 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VirtualCloneDrive Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4) Windows Driver Package - Nokia Modem (10/05/2009 4.2) Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Movie Maker 2.6 WinRAR archiver XoftSpySE . ==== Event Viewer Messages From Past Week ======== . 18-Jan-12 10:48:08, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 18-Jan-12 10:21:15, Error: Service Control Manager [7034] - The XoftSpyService service terminated unexpectedly. It has done this 1 time(s). 18-Jan-12 10:20:59, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 18-Jan-12 10:06:37, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 18-Jan-12 10:05:55, Error: Service Control Manager [7000] - The vtigercrmMysql530 service failed to start due to the following error: The system cannot find the file specified. 18-Jan-12 10:05:55, Error: Service Control Manager [7000] - The vtigercrmApache530 service failed to start due to the following error: The system cannot find the file specified. 18-Jan-12 10:05:51, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 18-Jan-12 10:05:50, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 18-Jan-12 10:05:47, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 18-Jan-12 10:04:42, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the RPC Endpoint Mapper service, but this action failed with the following error: An instance of the service is already running. 18-Jan-12 10:03:31, Error: Service Control Manager [7024] - The Remote Procedure Call (RPC) service terminated with service- specific error Access is denied.. 18-Jan-12 10:02:42, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Remote Procedure Call (RPC) service, but this action failed with the following error: A system shutdown has already been scheduled. 18-Jan-12 10:02:42, Error: Service Control Manager [7031] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 18-Jan-12 10:02:42, Error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 18-Jan-12 10:02:38, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled. 18-Jan-12 10:02:38, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled. 18-Jan-12 10:02:38, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time (s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 18-Jan-12 10:02:38, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 18-Jan-12 10:02:38, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 18-Jan-12 09:59:18, Error: Service Control Manager [7003] - The epfwwfpr service depends the following service: BFE. This service might not be installed. 18-Jan-12 09:42:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 18-Jan-12 09:41:14, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 18-Jan-12 09:41:14, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D- F52A-11D8-B9A5-505054503030} 18-Jan-12 09:41:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F- AC08-4F1F-BEB7-5C22C517CE39} 18-Jan-12 09:40:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 18-Jan-12 09:40:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 18-Jan-12 09:40:14, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv ElbyCDIO spldr Wanarpv6 18-Jan-12 09:40:13, Error: Microsoft-Windows-WER- SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xbfc29690, 0x00000002, 0x00000000, 0x8346eefd). A dump was saved in: C:\Windows \MEMORY.DMP. Report Id: 011812-25100-01. 18-Jan-12 09:40:10, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 18-Jan-12 07:10:38, Error: Service Control Manager [7030] - The Eset install launcher (31656) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 18-Jan-12 07:01:33, Error: Microsoft-Windows-WER- SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x00000003, 0x86084560, 0x83376ae0, 0x86128e00). A dump was saved in: C:\Windows \MEMORY.DMP. Report Id: 011812-20732-01. 17-Jan-12 22:35:57, Error: Service Control Manager [7030] - The Eset install launcher (29804) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 17-Jan-12 21:56:26, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Microsoft Office File Validation Add-in. 17-Jan-12 21:08:40, Error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: The system cannot find the file specified. 17-Jan-12 20:29:47, Error: Service Control Manager [7030] - The Eset install launcher (32383) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 17-Jan-12 19:33:42, Error: Service Control Manager [7030] - The Eset install launcher (16035) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 17-Jan-12 18:33:20, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 17-Jan-12 17:00:06, Error: Service Control Manager [7034] - The DeviceManager service terminated unexpectedly. It has done this 1 time(s). 17-Jan-12 16:20:08, Error: Service Control Manager [7000] - The epfwwfpr service failed to start due to the following error: There are no more endpoints available from the endpoint mapper. 13-Jan-12 11:19:28, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 13-Jan-12 10:59:43, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 12-Jan-12 20:33:55, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapiMgr service. 12-Jan-12 15:27:54, Error: bowser [8003] - The master browser has received a server announcement from the computer XP-EFA246F375DE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{EF99161E-C7A5-457F-9C41-C2. The master browser is stopping or an election is being forced. . ==== End Of File ===========================

Този пост е редактиран от laker: 18 януари 2012 - 11:27


#2 B-boy[StyLe]

B-boy[StyLe]

    FFreestyleRR

  • HJT Team
  • 16193 мнения
  • Пол:Мъжки
  • Град:Electric City

Публикувано 18 януари 2012 - 11:49

1. Изтеглете ComboFix от BleepingComputer
и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:
Публикувано изображение
След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:
Публикувано изображение

2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива.


3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.


4. Ако получите предупреждение от UAC, съгласете се.


5 ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на Combofix, моля да прочетете това: Manually restoring the Internet connection section.


6 Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:
Публикувано изображение

Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

Забележка: Ако се появи следното съобщение при отварянето на различни програми след завършване на сканирането с Combofix - "illegal operation on a registry key that has been marked for deletion." просто рестартирайте компютъра още веднъж и то ще изчезне.
По време на сканирането не използвайте компютъра си !

Георги Петков
Kaldata HJT Team

 

cXfZ4wS.png


#3 laker

laker

    Новобранец

  • Потребители
  • Pip
  • 23 мнения

Публикувано 18 януари 2012 - 18:06

Съжалявам, че пиша чак сега, но докато се добра до друг компютър! Въпреки всичките си опити не успях да стартирам ComboFix.exe! За секунди се появява черен прозорец, които веднга се затваря. Програмата се сваля на Desktop иконата не е същата. Опитиах всичко което ми е в рамките на компетеноста! Очевидно доста ниска компетеност :)

#4 B-boy[StyLe]

B-boy[StyLe]

    FFreestyleRR

  • HJT Team
  • 16193 мнения
  • Пол:Мъжки
  • Град:Electric City

Публикувано 18 януари 2012 - 18:12

Нали затворихте всички защитни програми преди да я стартирате...
Наличните защитни програми ще попречат на изпълнението на програмата.
Спрете ESET NOD32, Windows Defender и всички останали програми.
Ако не се получи - изтеглете този файл и направете проверката (това е преименуван Combofix).
Ако пак не стане, ще мислим други варианти...Имате си rootkit.ZeroAccess...

Георги Петков
Kaldata HJT Team

 

cXfZ4wS.png


#5 laker

laker

    Новобранец

  • Потребители
  • Pip
  • 23 мнения

Публикувано 18 януари 2012 - 22:01

Както се казва: докторе пациента е много зле! След послдния рестарт компютъра няма достъп до интернет. След опитите ми да поправя връзкат изписва: Windows could not automatically detect this network's proxy settings. Дали ще живее? Относно ComboFix, когато за пръв път пробвах да го стартирам бяха затворени всичко програми ( за които аз знам как се спират) ,но не се получи! Трябва да бъда честен, че инсалирах и деинсталирах панически антивирусни програми. И сега като чета за тази гад, че пробутва фалшиви антивируси - може да съм прецакал нещата! Дано се оправи :)

#6 B-boy[StyLe]

B-boy[StyLe]

    FFreestyleRR

  • HJT Team
  • 16193 мнения
  • Пол:Мъжки
  • Град:Electric City

Публикувано 18 януари 2012 - 22:05

Интернет няма да има, докато не го изчистим. Рууткита прецаква някои драйвъри и winsock записите. Пробвайте да стартирате Combofix в Safe Mode. Знаете ли как да стигнете до там ? Натискайте F8 по време на рестарт и изберете Safe Mode. Стартирайте Combofix и ако успее да стартира и да сканира, той автоматично ще рестартира компютъра. После трябва да заредите отново в Safe Mode за да може Combofix да завърши проверката. За финал просто рестартирайте нормално и когато сте вече в Normal Mode, публикувайте лог файла в следващия си пост. Ако не сработи ще трябва да го чистим ръчно (именно затова държа на автоматичния режим на Combofix), но ако няма какво друго да се направи ще прибегнем до ръчно почистване.

Георги Петков
Kaldata HJT Team

 

cXfZ4wS.png


#7 laker

laker

    Новобранец

  • Потребители
  • Pip
  • 23 мнения

Публикувано 18 януари 2012 - 22:23

Не се стартра и в Safe Mode! Ебати гада е този вирус! Сега псувам на глас един ъпдейт на Addobe!

#8 B-boy[StyLe]

B-boy[StyLe]

    FFreestyleRR

  • HJT Team
  • 16193 мнения
  • Пол:Мъжки
  • Град:Electric City

Публикувано 18 януари 2012 - 22:32

Какво изписва при опит за влизане в Safe Mode ?
И изобщо не е бил ъпдейт на Adobe...а бацила е бил прикрит с иконата на Adobe.

Моля изтеглете последната версия на TDSSKiller оттук и я запазете на вашия декстоп.

  • Стартирайте TDSSKiller.exe за да стартирате приложението. След това кликнете върху бутона Change parameters.

    Публикувано изображение
  • Сложете отметки пред Verify Driver Digital Signature и Detect TDLFS file system и натиснете ОК.

    Публикувано изображение
  • Натиснете бутона Start Scan.

    Публикувано изображение
  • Ако подозрителен обект бъде засечен, действието по подразбиране ще бъде Skip, кликнете върху Continue.

    Публикувано изображение
  • Ако зловредни обекти бъдат намерени, тогава от падащото меню ще имате три възможности.
    Бъдете сигурни, че избраното действие е Cure и натиснете върху Continue > Рестартирайте за да бъде завършена поправката.

    Публикувано изображение

    Забележка: Ако Cure бутона не е наличен от възможностите, тогава моля изберете Skip бутона, не избирайте Delete освен ако не сте инструктирани затова.
  • Лог файл ще бъде създаден в свободната директория на дял C:\ . Потърсете за лог с името "TDSSKiller.[Version]_[Date]_[Time]_log.txt" и копирайте съдържанието му в следващия си пост.

Георги Петков
Kaldata HJT Team

 

cXfZ4wS.png


#9 laker

laker

    Новобранец

  • Потребители
  • Pip
  • 23 мнения

Публикувано 18 януари 2012 - 22:52

Спазих инструкциите - нямаше бутон Cure. Това е log файла: 22:55:52.0284 3408 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24 22:55:52.0316 3408 ============================================================ 22:55:52.0316 3408 Current date / time: 2012/01/18 22:55:52.0316 22:55:52.0316 3408 SystemInfo: 22:55:52.0316 3408 22:55:52.0316 3408 OS Version: 6.1.7601 ServicePack: 1.0 22:55:52.0316 3408 Product type: Workstation 22:55:52.0316 3408 ComputerName: IVAILOKUNEV-PC 22:55:52.0316 3408 UserName: Ivailo Kunev 22:55:52.0316 3408 Windows directory: C:\Windows 22:55:52.0316 3408 System windows directory: C:\Windows 22:55:52.0316 3408 Processor architecture: Intel x86 22:55:52.0316 3408 Number of processors: 1 22:55:52.0316 3408 Page size: 0x1000 22:55:52.0316 3408 Boot type: Normal boot 22:55:52.0316 3408 ============================================================ 22:55:57.0526 3408 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 22:55:57.0542 3408 Drive \Device\Harddisk1\DR1 - Size: 0x3EB3F000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 22:55:57.0713 3408 Initialize success 22:56:20.0567 3652 ============================================================ 22:56:20.0567 3652 Scan started 22:56:20.0567 3652 Mode: Manual; SigCheck; TDLFS; 22:56:20.0567 3652 ============================================================ 22:56:22.0517 3652 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 22:56:22.0736 3652 1394ohci - ok 22:56:22.0814 3652 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 22:56:22.0861 3652 ACPI - ok 22:56:22.0892 3652 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 22:56:22.0985 3652 AcpiPmi - ok 22:56:23.0126 3652 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 22:56:23.0157 3652 adp94xx - ok 22:56:23.0204 3652 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 22:56:23.0251 3652 adpahci - ok 22:56:23.0297 3652 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 22:56:23.0329 3652 adpu320 - ok 22:56:23.0391 3652 AFD - ok 22:56:23.0438 3652 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 22:56:23.0485 3652 agp440 - ok 22:56:23.0516 3652 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 22:56:23.0531 3652 aic78xx - ok 22:56:23.0609 3652 aksfridge (730e9d3bb324fb1899005aea63c6782d) C:\Windows\system32\DRIVERS\aksfridge.sys 22:56:23.0656 3652 aksfridge ( UnsignedFile.Multi.Generic ) - warning 22:56:23.0656 3652 aksfridge - detected UnsignedFile.Multi.Generic (1) 22:56:23.0703 3652 akshasp (64fc197d24a2b240598f29ce0a6660c0) C:\Windows\system32\DRIVERS\akshasp.sys 22:56:23.0750 3652 akshasp ( UnsignedFile.Multi.Generic ) - warning 22:56:23.0750 3652 akshasp - detected UnsignedFile.Multi.Generic (1) 22:56:23.0812 3652 akshhl (147b61b81be1ffc38939ea47e5cfb51f) C:\Windows\system32\DRIVERS\akshhl.sys 22:56:23.0828 3652 akshhl ( UnsignedFile.Multi.Generic ) - warning 22:56:23.0828 3652 akshhl - detected UnsignedFile.Multi.Generic (1) 22:56:23.0843 3652 aksusb (cce6c56f18d214de8d66f3f2a774cd5b) C:\Windows\system32\DRIVERS\aksusb.sys 22:56:23.0890 3652 aksusb ( UnsignedFile.Multi.Generic ) - warning 22:56:23.0890 3652 aksusb - detected UnsignedFile.Multi.Generic (1) 22:56:23.0984 3652 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 22:56:24.0015 3652 aliide - ok 22:56:24.0062 3652 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 22:56:24.0093 3652 amdagp - ok 22:56:24.0109 3652 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 22:56:24.0124 3652 amdide - ok 22:56:24.0187 3652 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 22:56:24.0374 3652 AmdK8 - ok 22:56:24.0483 3652 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 22:56:24.0561 3652 AmdPPM - ok 22:56:24.0764 3652 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 22:56:24.0811 3652 amdsata - ok 22:56:25.0091 3652 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 22:56:25.0107 3652 amdsbs - ok 22:56:25.0185 3652 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 22:56:25.0201 3652 amdxata - ok 22:56:25.0263 3652 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 22:56:25.0341 3652 AppID - ok 22:56:25.0747 3652 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 22:56:25.0762 3652 arc - ok 22:56:25.0793 3652 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 22:56:25.0809 3652 arcsas - ok 22:56:25.0840 3652 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 22:56:25.0949 3652 AsyncMac - ok 22:56:25.0996 3652 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 22:56:26.0012 3652 atapi - ok 22:56:26.0121 3652 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 22:56:26.0152 3652 b06bdrv - ok 22:56:26.0199 3652 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 22:56:26.0246 3652 b57nd60x - ok 22:56:26.0324 3652 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 22:56:26.0386 3652 Beep - ok 22:56:26.0433 3652 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 22:56:26.0464 3652 blbdrive - ok 22:56:26.0542 3652 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 22:56:26.0573 3652 bowser - ok 22:56:26.0589 3652 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 22:56:26.0683 3652 BrFiltLo - ok 22:56:26.0729 3652 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 22:56:26.0807 3652 BrFiltUp - ok 22:56:26.0885 3652 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 22:56:26.0932 3652 Brserid - ok 22:56:26.0948 3652 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 22:56:26.0979 3652 BrSerWdm - ok 22:56:27.0041 3652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 22:56:27.0073 3652 BrUsbMdm - ok 22:56:27.0119 3652 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 22:56:27.0135 3652 BrUsbSer - ok 22:56:27.0182 3652 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys 22:56:27.0229 3652 BthEnum - ok 22:56:27.0260 3652 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 22:56:27.0291 3652 BTHMODEM - ok 22:56:27.0338 3652 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 22:56:27.0385 3652 BthPan - ok 22:56:27.0416 3652 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys 22:56:27.0463 3652 BTHPORT - ok 22:56:27.0509 3652 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys 22:56:27.0541 3652 BTHUSB - ok 22:56:27.0587 3652 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 22:56:27.0650 3652 cdfs - ok 22:56:27.0697 3652 cdrom - ok 22:56:27.0743 3652 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 22:56:27.0790 3652 circlass - ok 22:56:27.0853 3652 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 22:56:27.0868 3652 CLFS - ok 22:56:27.0946 3652 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 22:56:27.0962 3652 CmBatt - ok 22:56:28.0024 3652 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 22:56:28.0024 3652 cmdide - ok 22:56:28.0087 3652 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 22:56:28.0118 3652 CNG - ok 22:56:28.0149 3652 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 22:56:28.0165 3652 Compbatt - ok 22:56:28.0211 3652 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 22:56:28.0243 3652 CompositeBus - ok 22:56:28.0289 3652 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 22:56:28.0305 3652 crcdisk - ok 22:56:28.0336 3652 CSC - ok 22:56:28.0367 3652 DfsC - ok 22:56:28.0399 3652 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 22:56:28.0492 3652 discache - ok 22:56:28.0539 3652 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 22:56:28.0555 3652 Disk - ok 22:56:28.0633 3652 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 22:56:28.0679 3652 drmkaud - ok 22:56:28.0726 3652 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 22:56:28.0757 3652 DXGKrnl - ok 22:56:28.0898 3652 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 22:56:29.0116 3652 ebdrv - ok 22:56:29.0350 3652 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys 22:56:29.0428 3652 ElbyCDIO - ok 22:56:29.0537 3652 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 22:56:29.0584 3652 elxstor - ok 22:56:29.0693 3652 epfw (5ba193ca0ae31209aaa39939ce6736b2) C:\Windows\system32\DRIVERS\epfw.sys 22:56:29.0709 3652 epfw - ok 22:56:29.0787 3652 epfwwfp (7144a06ac105a2a7302944602e415ec1) C:\Windows\system32\DRIVERS\epfwwfp.sys 22:56:29.0818 3652 epfwwfp - ok 22:56:29.0865 3652 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 22:56:29.0896 3652 ErrDev - ok 22:56:30.0037 3652 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 22:56:30.0083 3652 exfat - ok 22:56:30.0161 3652 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 22:56:30.0224 3652 fastfat - ok 22:56:30.0286 3652 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 22:56:30.0317 3652 fdc - ok 22:56:30.0364 3652 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 22:56:30.0380 3652 FileInfo - ok 22:56:30.0395 3652 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 22:56:30.0458 3652 Filetrace - ok 22:56:30.0489 3652 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 22:56:30.0505 3652 flpydisk - ok 22:56:30.0583 3652 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 22:56:30.0614 3652 FltMgr - ok 22:56:30.0661 3652 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 22:56:30.0676 3652 FsDepends - ok 22:56:30.0707 3652 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 22:56:30.0707 3652 Fs_Rec - ok 22:56:30.0785 3652 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 22:56:30.0801 3652 fvevol - ok 22:56:30.0863 3652 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 22:56:30.0879 3652 gagp30kx - ok 22:56:30.0926 3652 GdmFilt - ok 22:56:30.0973 3652 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 22:56:30.0988 3652 GEARAspiWDM - ok 22:56:31.0066 3652 hardlock (a9d587e31dbee3e9bd97fefece0ba874) C:\Windows\system32\drivers\hardlock.sys 22:56:31.0113 3652 hardlock ( UnsignedFile.Multi.Generic ) - warning 22:56:31.0113 3652 hardlock - detected UnsignedFile.Multi.Generic (1) 22:56:31.0144 3652 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 22:56:31.0175 3652 hcw85cir - ok 22:56:31.0269 3652 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 22:56:31.0347 3652 HdAudAddService - ok 22:56:31.0378 3652 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 22:56:31.0425 3652 HDAudBus - ok 22:56:31.0456 3652 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 22:56:31.0487 3652 HidBatt - ok 22:56:31.0503 3652 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 22:56:31.0550 3652 HidBth - ok 22:56:31.0597 3652 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 22:56:31.0628 3652 HidIr - ok 22:56:31.0690 3652 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys 22:56:31.0737 3652 HidUsb - ok 22:56:31.0784 3652 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 22:56:31.0799 3652 HpSAMD - ok 22:56:31.0846 3652 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 22:56:31.0924 3652 HTTP - ok 22:56:31.0971 3652 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 22:56:31.0987 3652 hwpolicy - ok 22:56:32.0049 3652 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 22:56:32.0080 3652 i8042prt - ok 22:56:32.0158 3652 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 22:56:32.0174 3652 iaStorV - ok 22:56:32.0470 3652 igfx (36cc40b02ae593d6152ac8bd657720af) C:\Windows\system32\DRIVERS\igdkmd32.sys 22:56:32.0782 3652 igfx - ok 22:56:32.0923 3652 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 22:56:32.0938 3652 iirsp - ok 22:56:33.0094 3652 IntcAzAudAddService (6927a442beed2b68a3d35cae7a951913) C:\Windows\system32\drivers\RTKVHDA.sys 22:56:33.0172 3652 IntcAzAudAddService - ok 22:56:33.0219 3652 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 22:56:33.0235 3652 intelide - ok 22:56:33.0313 3652 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 22:56:33.0359 3652 intelppm - ok 22:56:33.0391 3652 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:56:33.0469 3652 IpFilterDriver - ok 22:56:33.0500 3652 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 22:56:33.0531 3652 IPMIDRV - ok 22:56:33.0578 3652 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 22:56:33.0625 3652 IPNAT - ok 22:56:33.0718 3652 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 22:56:33.0749 3652 IRENUM - ok 22:56:33.0812 3652 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 22:56:33.0827 3652 isapnp - ok 22:56:33.0859 3652 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 22:56:33.0890 3652 iScsiPrt - ok 22:56:33.0937 3652 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 22:56:33.0952 3652 kbdclass - ok 22:56:33.0999 3652 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys 22:56:34.0015 3652 kbdhid - ok 22:56:34.0077 3652 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 22:56:34.0093 3652 KSecDD - ok 22:56:34.0124 3652 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 22:56:34.0139 3652 KSecPkg - ok 22:56:34.0217 3652 L1C (77f2ae3e32c2e647180ef3d71308e6ee) C:\Windows\system32\DRIVERS\L1C62x86.sys 22:56:34.0280 3652 L1C - ok 22:56:34.0358 3652 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 22:56:34.0405 3652 lltdio - ok 22:56:34.0483 3652 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 22:56:34.0498 3652 LSI_FC - ok 22:56:34.0514 3652 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 22:56:34.0545 3652 LSI_SAS - ok 22:56:34.0576 3652 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 22:56:34.0607 3652 LSI_SAS2 - ok 22:56:34.0654 3652 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 22:56:34.0670 3652 LSI_SCSI - ok 22:56:34.0717 3652 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 22:56:34.0779 3652 luafv - ok 22:56:34.0826 3652 MdmUWm - ok 22:56:34.0841 3652 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 22:56:34.0857 3652 megasas - ok 22:56:34.0904 3652 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 22:56:34.0919 3652 MegaSR - ok 22:56:34.0951 3652 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 22:56:35.0013 3652 Modem - ok 22:56:35.0044 3652 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 22:56:35.0075 3652 monitor - ok 22:56:35.0138 3652 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 22:56:35.0169 3652 mouclass - ok 22:56:35.0185 3652 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 22:56:35.0216 3652 mouhid - ok 22:56:35.0263 3652 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 22:56:35.0278 3652 mountmgr - ok 22:56:35.0341 3652 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 22:56:35.0356 3652 mpio - ok 22:56:35.0387 3652 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 22:56:35.0434 3652 mpsdrv - ok 22:56:35.0465 3652 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 22:56:35.0497 3652 MRxDAV - ok 22:56:35.0543 3652 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 22:56:35.0575 3652 mrxsmb - ok 22:56:35.0637 3652 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:56:35.0653 3652 mrxsmb10 - ok 22:56:35.0684 3652 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:56:35.0715 3652 mrxsmb20 - ok 22:56:35.0762 3652 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 22:56:35.0777 3652 msahci - ok 22:56:35.0840 3652 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 22:56:35.0855 3652 msdsm - ok 22:56:35.0902 3652 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 22:56:35.0949 3652 Msfs - ok 22:56:35.0965 3652 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 22:56:36.0027 3652 mshidkmdf - ok 22:56:36.0043 3652 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 22:56:36.0058 3652 msisadrv - ok 22:56:36.0105 3652 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 22:56:36.0152 3652 MSKSSRV - ok 22:56:36.0183 3652 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 22:56:36.0245 3652 MSPCLOCK - ok 22:56:36.0261 3652 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 22:56:36.0308 3652 MSPQM - ok 22:56:36.0355 3652 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 22:56:36.0370 3652 MsRPC - ok 22:56:36.0433 3652 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 22:56:36.0448 3652 mssmbios - ok 22:56:36.0479 3652 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 22:56:36.0526 3652 MSTEE - ok 22:56:36.0573 3652 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 22:56:36.0620 3652 MTConfig - ok 22:56:36.0635 3652 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 22:56:36.0651 3652 Mup - ok 22:56:36.0713 3652 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 22:56:36.0760 3652 NativeWifiP - ok 22:56:36.0823 3652 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 22:56:36.0869 3652 NDIS - ok 22:56:36.0932 3652 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 22:56:36.0963 3652 NdisCap - ok 22:56:36.0994 3652 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 22:56:37.0041 3652 NdisTapi - ok 22:56:37.0103 3652 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 22:56:37.0150 3652 Ndisuio - ok 22:56:37.0213 3652 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 22:56:37.0244 3652 NdisWan - ok 22:56:37.0291 3652 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 22:56:37.0337 3652 NDProxy - ok 22:56:37.0400 3652 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 22:56:37.0462 3652 NetBIOS - ok 22:56:37.0478 3652 NetBT - ok 22:56:37.0774 3652 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys 22:56:38.0071 3652 NETw5s32 - ok 22:56:38.0242 3652 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys 22:56:38.0429 3652 netw5v32 - ok 22:56:38.0492 3652 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 22:56:38.0507 3652 nfrd960 - ok 22:56:38.0585 3652 nmwcd (712bc0c22ba00b2ba324c6b8df668ee7) C:\Windows\system32\drivers\ccdcmb.sys 22:56:38.0663 3652 nmwcd - ok 22:56:38.0726 3652 nmwcdc (025c54f9f8c8bc1894ea38529c742c54) C:\Windows\system32\drivers\ccdcmbo.sys 22:56:38.0773 3652 nmwcdc - ok 22:56:38.0804 3652 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 22:56:38.0866 3652 Npfs - ok 22:56:38.0882 3652 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 22:56:38.0929 3652 nsiproxy - ok 22:56:39.0007 3652 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 22:56:39.0069 3652 Ntfs - ok 22:56:39.0100 3652 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 22:56:39.0131 3652 Null - ok 22:56:39.0178 3652 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 22:56:39.0194 3652 nvraid - ok 22:56:39.0241 3652 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 22:56:39.0256 3652 nvstor - ok 22:56:39.0272 3652 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 22:56:39.0287 3652 nv_agp - ok 22:56:39.0350 3652 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 22:56:39.0381 3652 ohci1394 - ok 22:56:39.0428 3652 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 22:56:39.0459 3652 Parport - ok 22:56:39.0506 3652 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 22:56:39.0506 3652 partmgr - ok 22:56:39.0537 3652 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 22:56:39.0553 3652 Parvdm - ok 22:56:39.0646 3652 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys 22:56:39.0677 3652 pccsmcfd - ok 22:56:39.0709 3652 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 22:56:39.0724 3652 pci - ok 22:56:39.0755 3652 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 22:56:39.0771 3652 pciide - ok 22:56:39.0802 3652 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 22:56:39.0818 3652 pcmcia - ok 22:56:39.0833 3652 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 22:56:39.0849 3652 pcw - ok 22:56:39.0880 3652 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 22:56:39.0958 3652 PEAUTH - ok 22:56:40.0052 3652 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\Windows\system32\drivers\pfc.sys 22:56:40.0052 3652 pfc ( UnsignedFile.Multi.Generic ) - warning 22:56:40.0052 3652 pfc - detected UnsignedFile.Multi.Generic (1) 22:56:40.0130 3652 pnarp (8092d881311b313c99099870f663f888) C:\Windows\system32\DRIVERS\pnarp.sys 22:56:40.0145 3652 pnarp - ok 22:56:40.0223 3652 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 22:56:40.0270 3652 PptpMiniport - ok 22:56:40.0333 3652 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 22:56:40.0364 3652 Processor - ok 22:56:40.0426 3652 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 22:56:40.0473 3652 Psched - ok 22:56:40.0551 3652 purendis (9715050608550825b23507213cae0208) C:\Windows\system32\DRIVERS\purendis.sys 22:56:40.0567 3652 purendis - ok 22:56:40.0629 3652 qcusbser (9ccf89372c5a04e97cd89b58ae697796) C:\Windows\system32\DRIVERS\qcusbser.sys 22:56:40.0660 3652 qcusbser - ok 22:56:40.0738 3652 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 22:56:40.0801 3652 ql2300 - ok 22:56:40.0832 3652 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 22:56:40.0847 3652 ql40xx - ok 22:56:40.0879 3652 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 22:56:40.0894 3652 QWAVEdrv - ok 22:56:40.0925 3652 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 22:56:40.0972 3652 RasAcd - ok 22:56:41.0019 3652 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 22:56:41.0066 3652 RasAgileVpn - ok 22:56:41.0097 3652 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 22:56:41.0144 3652 Rasl2tp - ok 22:56:41.0175 3652 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 22:56:41.0222 3652 RasPppoe - ok 22:56:41.0237 3652 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 22:56:41.0284 3652 RasSstp - ok 22:56:41.0300 3652 rdbss - ok 22:56:41.0331 3652 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 22:56:41.0347 3652 rdpbus - ok 22:56:41.0409 3652 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 22:56:41.0456 3652 RDPCDD - ok 22:56:41.0503 3652 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 22:56:41.0534 3652 RDPDR - ok 22:56:41.0581 3652 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 22:56:41.0612 3652 RDPENCDD - ok 22:56:41.0643 3652 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 22:56:41.0690 3652 RDPREFMP - ok 22:56:41.0768 3652 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys 22:56:41.0799 3652 RdpVideoMiniport - ok 22:56:41.0846 3652 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys 22:56:41.0893 3652 RDPWD - ok 22:56:41.0955 3652 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 22:56:41.0971 3652 rdyboost - ok 22:56:42.0033 3652 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 22:56:42.0064 3652 RFCOMM - ok 22:56:42.0173 3652 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 22:56:42.0236 3652 rspndr - ok 22:56:42.0267 3652 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 22:56:42.0283 3652 s3cap - ok 22:56:42.0345 3652 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 22:56:42.0361 3652 sbp2port - ok 22:56:42.0407 3652 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 22:56:42.0454 3652 scfilter - ok 22:56:42.0563 3652 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 22:56:42.0610 3652 secdrv - ok 22:56:42.0657 3652 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 22:56:42.0673 3652 Serenum - ok 22:56:42.0688 3652 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 22:56:42.0735 3652 Serial - ok 22:56:42.0782 3652 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 22:56:42.0829 3652 sermouse - ok 22:56:42.0922 3652 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 22:56:42.0953 3652 sffdisk - ok 22:56:42.0985 3652 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 22:56:43.0016 3652 sffp_mmc - ok 22:56:43.0031 3652 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 22:56:43.0078 3652 sffp_sd - ok 22:56:43.0125 3652 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 22:56:43.0156 3652 sfloppy - ok 22:56:43.0187 3652 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 22:56:43.0203 3652 sisagp - ok 22:56:43.0234 3652 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 22:56:43.0250 3652 SiSRaid2 - ok 22:56:43.0265 3652 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 22:56:43.0281 3652 SiSRaid4 - ok 22:56:43.0328 3652 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 22:56:43.0375 3652 Smb - ok 22:56:43.0421 3652 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 22:56:43.0437 3652 spldr - ok 22:56:43.0515 3652 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 22:56:43.0546 3652 srv - ok 22:56:43.0577 3652 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 22:56:43.0609 3652 srv2 - ok 22:56:43.0655 3652 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 22:56:43.0687 3652 srvnet - ok 22:56:43.0765 3652 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 22:56:43.0780 3652 stexstor - ok 22:56:43.0858 3652 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 22:56:43.0874 3652 storflt - ok 22:56:43.0905 3652 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 22:56:43.0921 3652 storvsc - ok 22:56:43.0936 3652 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 22:56:43.0952 3652 swenum - ok 22:56:43.0983 3652 Synth3dVsc - ok 22:56:44.0077 3652 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys 22:56:44.0139 3652 Tcpip - ok 22:56:44.0201 3652 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys 22:56:44.0233 3652 TCPIP6 - ok 22:56:44.0295 3652 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 22:56:44.0342 3652 tcpipreg - ok 22:56:44.0389 3652 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 22:56:44.0435 3652 TDPIPE - ok 22:56:44.0467 3652 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys 22:56:44.0513 3652 TDTCP - ok 22:56:44.0545 3652 tdx - ok 22:56:44.0560 3652 TermDD - ok 22:56:44.0638 3652 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 22:56:44.0685 3652 tssecsrv - ok 22:56:44.0779 3652 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 22:56:44.0810 3652 TsUsbFlt - ok 22:56:44.0825 3652 tsusbhub - ok 22:56:44.0888 3652 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 22:56:44.0935 3652 tunnel - ok 22:56:44.0981 3652 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 22:56:44.0997 3652 uagp35 - ok 22:56:45.0044 3652 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 22:56:45.0106 3652 udfs - ok 22:56:45.0169 3652 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 22:56:45.0184 3652 uliagpkx - ok 22:56:45.0231 3652 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 22:56:45.0278 3652 umbus - ok 22:56:45.0325 3652 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 22:56:45.0356 3652 UmPass - ok 22:56:45.0403 3652 upperdev (78b74af8727a28c128e164e9b53a5413) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 22:56:45.0465 3652 upperdev - ok 22:56:45.0512 3652 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 22:56:45.0527 3652 USBAAPL - ok 22:56:45.0590 3652 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 22:56:45.0605 3652 usbccgp - ok 22:56:45.0637 3652 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 22:56:45.0652 3652 usbcir - ok 22:56:45.0683 3652 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 22:56:45.0715 3652 usbehci - ok 22:56:45.0777 3652 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 22:56:45.0808 3652 usbhub - ok 22:56:45.0824 3652 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys 22:56:45.0855 3652 usbohci - ok 22:56:45.0917 3652 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 22:56:45.0949 3652 usbprint - ok 22:56:46.0011 3652 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys 22:56:46.0027 3652 usbser - ok 22:56:46.0058 3652 UsbserFilt (4f8fbc51a1c0a17310846b417a447f91) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 22:56:46.0105 3652 UsbserFilt - ok 22:56:46.0151 3652 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:56:46.0183 3652 USBSTOR - ok 22:56:46.0229 3652 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys 22:56:46.0245 3652 usbuhci - ok 22:56:46.0339 3652 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys 22:56:46.0370 3652 usbvideo - ok 22:56:46.0432 3652 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys 22:56:46.0479 3652 usb_rndisx - ok 22:56:46.0526 3652 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys 22:56:46.0573 3652 VClone - ok 22:56:46.0635 3652 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 22:56:46.0651 3652 vdrvroot - ok 22:56:46.0697 3652 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 22:56:46.0729 3652 vga - ok 22:56:46.0791 3652 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 22:56:46.0822 3652 VgaSave - ok 22:56:46.0838 3652 VGPU - ok 22:56:46.0885 3652 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 22:56:46.0916 3652 vhdmp - ok 22:56:46.0947 3652 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 22:56:46.0963 3652 viaagp - ok 22:56:46.0994 3652 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 22:56:47.0025 3652 ViaC7 - ok 22:56:47.0056 3652 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 22:56:47.0072 3652 viaide - ok 22:56:47.0103 3652 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 22:56:47.0119 3652 vmbus - ok 22:56:47.0134 3652 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 22:56:47.0150 3652 VMBusHID - ok 22:56:47.0181 3652 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 22:56:47.0197 3652 volmgr - ok 22:56:47.0259 3652 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 22:56:47.0290 3652 volmgrx - ok 22:56:47.0306 3652 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 22:56:47.0321 3652 volsnap - ok 22:56:47.0353 3652 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 22:56:47.0368 3652 vsmraid - ok 22:56:47.0587 3652 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 22:56:47.0618 3652 vwifibus - ok 22:56:47.0649 3652 VWiFiFlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 22:56:47.0680 3652 VWiFiFlt - ok 22:56:47.0727 3652 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 22:56:47.0774 3652 vwifimp - ok 22:56:47.0805 3652 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 22:56:47.0836 3652 WacomPen - ok 22:56:47.0899 3652 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 22:56:47.0930 3652 WANARP - ok 22:56:47.0945 3652 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 22:56:47.0977 3652 Wanarpv6 - ok 22:56:48.0039 3652 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 22:56:48.0055 3652 Wd - ok 22:56:48.0086 3652 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 22:56:48.0133 3652 Wdf01000 - ok 22:56:48.0226 3652 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 22:56:48.0273 3652 WfpLwf - ok 22:56:48.0304 3652 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 22:56:48.0320 3652 WIMMount - ok 22:56:48.0413 3652 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 22:56:48.0445 3652 WinUsb - ok 22:56:48.0507 3652 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 22:56:48.0538 3652 WmiAcpi - ok 22:56:48.0632 3652 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 22:56:48.0679 3652 ws2ifsl - ok 22:56:48.0757 3652 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys 22:56:48.0788 3652 WSDPrintDevice - ok 22:56:48.0866 3652 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 22:56:48.0928 3652 WudfPf - ok 22:56:48.0959 3652 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 22:56:49.0022 3652 WUDFRd - ok 22:56:49.0115 3652 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 22:56:49.0240 3652 \Device\Harddisk0\DR0 - ok 22:56:49.0240 3652 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1 22:56:53.0343 3652 \Device\Harddisk1\DR1 - ok 22:56:53.0359 3652 Boot (0x1200) (7dce60bc209e9c4a51032ad62b466ca8) \Device\Harddisk0\DR0\Partition0 22:56:53.0359 3652 \Device\Harddisk0\DR0\Partition0 - ok 22:56:53.0390 3652 Boot (0x1200) (f7c1a2b7b51488dae040479dfd0a1357) \Device\Harddisk0\DR0\Partition1 22:56:53.0390 3652 \Device\Harddisk0\DR0\Partition1 - ok 22:56:53.0405 3652 Boot (0x1200) (ae458f85dc8aee12632bb8309186999a) \Device\Harddisk1\DR1\Partition0 22:56:53.0405 3652 \Device\Harddisk1\DR1\Partition0 - ok 22:56:53.0405 3652 ============================================================ 22:56:53.0405 3652 Scan finished 22:56:53.0405 3652 ============================================================ 22:56:53.0421 3604 Detected object count: 6 22:56:53.0421 3604 Actual detected object count: 6 22:58:03.0699 3604 aksfridge ( UnsignedFile.Multi.Generic ) - skipped by user 22:58:03.0699 3604 aksfridge ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:58:03.0699 3604 akshasp ( UnsignedFile.Multi.Generic ) - skipped by user 22:58:03.0699 3604 akshasp ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:58:03.0699 3604 akshhl ( UnsignedFile.Multi.Generic ) - skipped by user 22:58:03.0699 3604 akshhl ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:58:03.0699 3604 aksusb ( UnsignedFile.Multi.Generic ) - skipped by user 22:58:03.0699 3604 aksusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:58:03.0699 3604 hardlock ( UnsignedFile.Multi.Generic ) - skipped by user 22:58:03.0699 3604 hardlock ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:58:03.0715 3604 pfc ( UnsignedFile.Multi.Generic ) - skipped by user 22:58:03.0715 3604 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip

#10 B-boy[StyLe]

B-boy[StyLe]

    FFreestyleRR

  • HJT Team
  • 16193 мнения
  • Пол:Мъжки
  • Град:Electric City

Публикувано 18 януари 2012 - 23:07

Ок...поне няма инфектиран драйвър. Ще може ли да генерирате нов лог от DDS, защото този е доста труден за разчитане... Отделно разполагате ли с инсталационен диск на Windows? (спокойно - не е свързано с форматиране или преинсталиране).

Георги Петков
Kaldata HJT Team

 

cXfZ4wS.png


#11 laker

laker

    Новобранец

  • Потребители
  • Pip
  • 23 мнения

Публикувано 18 януари 2012 - 23:27

За съжаление нямам диск! това е dds.txt. Ще шо трябва ли и attach? . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Ivailo Kunev at 23:21:59 on 2012-01-18 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3002.2071 [GMT 2:00] . AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5} SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\WindowsMobile\wmdcBase.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\igfxsrvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Users\Ivailo Kunev\Desktop\tdsskiller.exe C:\Windows\system32\prevhost.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.selfinvest.eu/ uInternet Settings,ProxyOverride = *.local uWinlogon: Shell=c:\users\ivailo kunev\appdata\local\c72fd8b1\X BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray uRun: [mlfg8hkidd] c:\users\ivailo kunev\mlfg8hkidd.exe uRun: [Regedit32] c:\windows\system32\regedit.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [CNAP2 Launcher] c:\windows\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe StartupFolder: c:\users\ivailo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\paloal~2.lnk - c:\program files\common files\palo alto software\8.0\PAS8_Update.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\paloal~1.lnk - c:\program files\common files\palo alto software\9.0\PAS9_Update.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &?&???? &? BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm IE: &?&???? ?????? ? BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: &?&???? ???????? ????? ? BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206 Trusted Zone: bulbank.bg\online Trusted Zone: rid.bg\test-impero DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {3CF8817B-58DF-4C4A-96BB-21C0A8D822D7} - hxxp://test-impero.rid.bg/Elements4.cab DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://online.bulbank.bg/capicom.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab TCP: DhcpNameServer = 91.191.208.34 TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9} : NameServer = 192.168.1.1 TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9} : DhcpNameServer = 91.191.208.34 TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\24F425F465544535 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\35F6669616 : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\35F6669616 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\45F495F44514 : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\45F495F44514 : DhcpNameServer = 10.172.5.202 10.172.4.201 10.172.6.201 TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\5564D2435647 : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\5564D2435647 : DhcpNameServer = 62.44.118.1 62.44.96.1 TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\64C4F42514 : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{EF99161E-C7A5-457F-9C41-C20C2B2D76A9}\64C4F42514 : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\ivailo kunev\appdata\roaming\mozilla\firefox\profiles\edq3203t.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.selfinvest.eu/ FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll . ============= SERVICES / DRIVERS =============== . R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2011-8-4 50624] R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-9-4 54784] R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] S2 vtigercrmApache530;vtigercrmApache530;"c:\program files\vtigercrm-5.3.0\apache\bin\apache.exe" -k runservice --> c:\program files\vtigercrm-5.3.0\apache\bin\Apache.exe [?] S2 vtigercrmMysql530;vtigercrmMysql530;"c:\program files\vtigercrm-5.3.0\mysql\bin\mysqld-nt" "--defaults-file=c:\program files\vtigercrm-5.3.0\mysql\my.ini" vtigercrmmysql530 --> c:\program files\vtigercrm-5.3.0\mysql\bin\mysqld-nt [?] S2 WebTutorCorpServer;WebTutorCorpServer;c:\program files\webtutorcorpserver\xHttp.exe [2009-11-11 1724416] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 ekrn;ESET Service;"c:\program files\eset\eset smart security\ekrn.exe" --> c:\program files\eset\eset smart security\ekrn.exe [?] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2011-10-11 103552] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-3 15872] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-3 52224] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920] SUnknown tsusbhub;tsusbhub; [x] . =============== Created Last 30 ================ . 2012-01-18 07:57:10 -------- d-----w- c:\program files\ESET 2012-01-18 05:44:43 -------- d-----w- c:\programdata\XoftSpySE 2012-01-18 05:30:06 -------- d-----w- c:\users\ivailo kunev\Antivirus 2012-01-17 20:07:05 398848 ----a-w- c:\windows\system32\TVWizudlg.exe 2012-01-17 20:07:05 140288 ----a-w- c:\windows\system32\igfxtvcx.dll 2012-01-17 20:07:05 -------- d-----w- c:\windows\system32\Lang 2012-01-17 19:46:08 53160 ----a-w- c:\windows\system32\epfwdata.bin 2012-01-16 13:30:11 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-01-16 13:07:47 0 --sha-w- c:\windows\system32\dds_log_trash.cmd 2012-01-16 13:02:05 -------- d-sh--w- c:\users\ivailo kunev\appdata\local\c72fd8b1 2012-01-13 10:31:48 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ff3924b3-e2de-47a6-9b6d-1003037fae12}\mpengine.dll 2012-01-11 13:16:54 224768 ----a-w- c:\windows\system32\schannel.dll 2012-01-11 13:16:53 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-01-11 13:16:53 1038848 ----a-w- c:\windows\system32\lsasrv.dll 2012-01-11 13:16:52 369352 ----a-w- c:\windows\system32\drivers\cng.sys 2012-01-11 13:16:51 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-01-11 13:16:51 314880 ----a-w- c:\windows\system32\webio.dll 2012-01-11 13:16:51 22528 ----a-w- c:\windows\system32\lsass.exe 2012-01-11 13:16:50 22016 ----a-w- c:\windows\system32\secur32.dll 2012-01-11 13:16:50 15872 ----a-w- c:\windows\system32\sspisrv.dll 2012-01-11 13:16:50 100352 ----a-w- c:\windows\system32\sspicli.dll 2012-01-11 13:15:01 1288472 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 13:14:56 67072 ----a-w- c:\windows\system32\packager.dll 2012-01-11 13:14:53 1328128 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 13:14:52 514560 ----a-w- c:\windows\system32\qdvd.dll 2012-01-08 13:43:14 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll 2012-01-08 13:43:14 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll 2012-01-08 13:43:13 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll 2012-01-08 13:43:13 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll . ==================== Find3M ==================== . 2012-01-16 13:07:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys 2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll 2011-10-26 04:47:40 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-26 04:47:40 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 04:28:12 38912 ----a-w- c:\windows\system32\csrsrv.dll . ============= FINISH: 23:22:36.77 =============== Сега Успях да сваля и стартирам ComboFix. Да го стартирам ли?

#12 B-boy[StyLe]

B-boy[StyLe]

    FFreestyleRR

  • HJT Team
  • 16193 мнения
  • Пол:Мъжки
  • Град:Electric City

Публикувано 18 януари 2012 - 23:30

Преди да пробваме почистване искам още малко информация:
  • Изтеглете Junction.zip и го разархивирайте в папка на десктопа.
    Копирайте файла Junction.exe в C:Windows
  • Отидете до Start => Run... => въведете командата отдолу с Copy/Paste и натиснете OK
    cmd /c junction -s c: >log.txt&log.txt& del log.txt
  • Изчакайте проверката да завърши и да се появи лог файла.
  • Копирайте съдържанието му в следващия си пост.

Георги Петков
Kaldata HJT Team

 

cXfZ4wS.png


#13 laker

laker

    Новобранец

  • Потребители
  • Pip
  • 23 мнения

Публикувано 18 януари 2012 - 23:49

Спазвам инсрукциите точно, но проверка не започва. Поне аз не виждам нещо да се променя или да се показва след като натисна ОК!

#14 B-boy[StyLe]

B-boy[StyLe]

    FFreestyleRR

  • HJT Team
  • 16193 мнения
  • Пол:Мъжки
  • Град:Electric City

Публикувано 18 януари 2012 - 23:53

Да опитаме по този начин:
  • Моля изтеглете Junction.zip и го запазете на вашия десктоп.
  • Разархивирайте архива и копирайте файла junction.exe в C:Windows.
  • Отворете notepad и въведете следния код:
    @ECHO OFF
    junction -s c: > log.txt
    start log.txt
    del %0
    
  • Запазете файла с иметo - Check.bat и го стартирайте с десен бутон => Run as administrator.
  • Изчакайте проверката да завърши и да се появи лог файла.
  • Копирайте съдържанието му в следващия си пост.

Георги Петков
Kaldata HJT Team

 

cXfZ4wS.png


#15 laker

laker

    Новобранец

  • Потребители
  • Pip
  • 23 мнения

Публикувано 19 януари 2012 - 00:02

Така се получи: Junction v1.06 - Windows junction creator and reparse point viewer Copyright © 2000-2010 Mark Russinovich Sysinternals - www.sysinternals.com ... ... ...\\?\C:\Windows\system32\config\systemprofile\Application Data: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming \\?\C:\Windows\system32\config\systemprofile\Cookies: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies \\?\C:\Windows\system32\config\systemprofile\Local Settings: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Local Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local \\?\C:\Windows\system32\config\systemprofile\My Documents: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\Documents Substitute Name: C:\Windows\system32\config\systemprofile\Documents \\?\C:\Windows\system32\config\systemprofile\NetHood: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts \\?\C:\Windows\system32\config\systemprofile\PrintHood: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts \\?\C:\Windows\system32\config\systemprofile\Recent: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent \\?\C:\Windows\system32\config\systemprofile\SendTo: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo \\?\C:\Windows\system32\config\systemprofile\Start Menu: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu \\?\C:\Windows\system32\config\systemprofile\Templates: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates \\?\C:\Windows\system32\config\systemprofile\AppData\Local\Application Data: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Local Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local \\?\C:\Windows\system32\config\systemprofile\AppData\Local\History: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History \\?\C:\Windows\system32\config\systemprofile\AppData\Local\Temporary Internet Files: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files ... \\?\C:\Windows\system32\config\systemprofile\Documents\My Music: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\Music Substitute Name: C:\Windows\system32\config\systemprofile\Music \\?\C:\Windows\system32\config\systemprofile\Documents\My Pictures: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\Pictures Substitute Name: C:\Windows\system32\config\systemprofile\Pictures \\?\C:\Windows\system32\config\systemprofile\Documents\My Videos: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\Videos Substitute Name: C:\Windows\system32\config\systemprofile\Videos ... ... ... ... ... . Failed to open \\?\C:\Windows\system32\LogFiles\WMI\RtBackup: ???????? ? ???????. .. ...

#16 B-boy[StyLe]

B-boy[StyLe]

    FFreestyleRR

  • HJT Team
  • 16193 мнения
  • Пол:Мъжки
  • Град:Electric City

Публикувано 19 януари 2012 - 00:05

Ако това е целия лог файла...липсва важна информация.
Ок...нов опит и почваме почистването:

Публикувано изображение Изтеглете Gmer
  • Временно спрете Интернета си,всички работещи програми,както и антивирусната си програма.
  • Стартирате програмата.
  • След завършването на автоматичната проверка,махнете отметките от следните позиции:

    - IAT/EAT
    - Show all
    - махнете отметките от всички локални дискове. Маркирайте само системния дял (обикновенно това е C:\ )

    Публикувано изображение
  • Натиснете бутона Scan
  • Изчакайте програмата да завърши сканирането,след което натиснете бутона Save и запишете (save as) резултатите на десктопа с име Gmer.log.
  • Включете Интернета си и прикачете Gmer.log в следващия си коментар.

    Забележка:
  • Не предприемайте никакви действия върху редовете маркирани с "<--- ROOТKIT" ,защото това може да доведе до проблеми с Windows.

Георги Петков
Kaldata HJT Team

 

cXfZ4wS.png


#17 laker

laker

    Новобранец

  • Потребители
  • Pip
  • 23 мнения

Публикувано 19 януари 2012 - 09:37

Извинявам се за 12 часовото забавяне:

Опитах се да прикача файла, но форума не ми позволи.

Публикувам съдаржанието! Дано свърши работа:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-19 09:38:48
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD5000BEVT-22ZAT0 rev.01.01A01
Running: gmer.exe; Driver: C:\Users\IVAILO~1\AppData\Local\Temp\agdcyaoc.sys

---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x83245FF1]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [83245FF1] ZwCreateKey [0x83245FF1]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x83245FF6]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [83245FF6] ZwOpenKey [0x83245FF6]
INT 0x03 \SystemRoot\system32\ntkrnlpa.exe[unknown section] 83245FFB
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13D1 83283369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832BCD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 832C3E74 3 Bytes [F1, 5F, 24]
.text ntkrnlpa.exe!KeRemoveQueueEx + 137F 832C4034 3 Bytes [F6, 5F, 24] {NEG BYTE [EDI+0x24]}
.text C:\Windows\system32\DRIVERS\aksfridge.sys section is writeable [0x9B412000, 0x47E35, 0xE0000020]
.init C:\Windows\system32\DRIVERS\aksfridge.sys entry point in ".init" section [0x9B466224]
.init C:\Windows\system32\DRIVERS\aksfridge.sys unknown last code section [0x9B466000, 0x4000, 0xE20000E0]
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0x9B46A400, 0x6E6E2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9B4F4820] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9B4F4820]
.protectÿÿÿÿhardlockunknown last code section [0x9B4F4600, 0x512A, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0x9B4F4600, 0x512A, 0xE0000020]
.text peauth.sys 9B529C9D 28 Bytes [DE, EA, FD, F3, A6, 59, 5C, ...]
.text peauth.sys 9B529CC1 28 Bytes [DE, EA, FD, F3, A6, 59, 5C, ...]
? C:\Users\IVAILO~1\AppData\Local\Temp\mbr.sys ????????? ?? ???? ?? ?????? ???????? ????. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Disk \Device\Harddisk1\DR6 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cd0fd2b
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cd0fd2b (not active ControlSet)
---- Files - GMER 1.0.15 ----
File C:\Windows\$NtUninstallKB57441$\1727096717 0 bytes
File C:\Windows\$NtUninstallKB57441$\3341801649 0 bytes
File C:\Windows\$NtUninstallKB57441$\3341801649\L 0 bytes
File C:\Windows\$NtUninstallKB57441$\3341801649\U 0 bytes
---- EOF - GMER 1.0.15 ----

#18 B-boy[StyLe]

B-boy[StyLe]

    FFreestyleRR

  • HJT Team
  • 16193 мнения
  • Пол:Мъжки
  • Град:Electric City

Публикувано 19 януари 2012 - 11:13

Изтеглете GrantPerms.zip и го разархивирайте в папка по избор. Стартирайте GrantPerms.exe и въведете следната информация:

C:Windows$NtUninstallKB57441$1727096717
C:Windows$NtUninstallKB57441$3341801649
C:Windows$NtUninstallKB57441$3341801649L
C:Windows$NtUninstallKB57441$3341801649U
C:Windows$NtUninstallKB57441$
c:usersivailo kunevappdatalocalc72fd8b1X
c:usersivailo kunevappdatalocalc72fd8b1
c:windowssystem32regedit.exe
c:usersivailo kunevmlfg8hkidd.exe

Натиснете Unlock и след това List Permissions. Публикувайте лог файла в следващия си пост.




  • Изтеглете OTL.exe и го запазете на десктопа.
  • Стартирайте файла Публикувано изображение с двукратен клик на мишката.
  • Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):
:files
C:Windows$NtUninstallKB57441$3341801649L
C:Windows$NtUninstallKB57441$3341801649U
C:Windows$NtUninstallKB57441$3341801649
C:Windows$NtUninstallKB57441$1727096717
C:Windows$NtUninstallKB57441$
c:usersivailo kunevappdatalocalc72fd8b1X
c:usersivailo kunevappdatalocalc72fd8b1
c:windowssystem32regedit.exe
c:usersivailo kunevmlfg8hkidd.exe
ipconfig /flushdns /c
netsh winsock reset catalog /c
netsh interface ipv4 reset /c
:reg
[HKEY_CURRENT_USERsoftwaremicrosoftwindows ntcurrentversionwinlogon]
"Shell"="Explorer.exe"
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"mlfg8hkidd"=-
"Regedit32"=-
:commands
[reboot]
След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix
Windows ще се рестартира и ще се създаде лог файл - OTL fix log. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

Георги Петков
Kaldata HJT Team

 

cXfZ4wS.png


#19 laker

laker

    Новобранец

  • Потребители
  • Pip
  • 23 мнения

Публикувано 19 януари 2012 - 12:10

Ето лога на GRand Prems:

GrantPerms by Farbar
Ran by Ivailo Kunev (administrator) at 2012-01-19 12:11:53

===============================================
ERROR: Parsing the SD of <\\?\C:\Windows\$NtUninstallKB57441$\1727096717> failed with: ????????? ?? ???? ?? ?????? ???????? ????.


Operating system error message: ????????? ?? ???? ?? ?????? ???????? ????.
\\?\C:\Windows\$NtUninstallKB57441$\3341801649

Owner: BUILTIN\Administrators

DACL((NP)+(AI):
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)


\\?\C:\Windows\$NtUninstallKB57441$\3341801649\L

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(I)


\\?\C:\Windows\$NtUninstallKB57441$\3341801649\U

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(I)


\\?\C:\Windows\$NtUninstallKB57441$

Owner: BUILTIN\Administrators

DACL(P)(AI):
NT SERVICE\TrustedInstaller FULL ALLOW container_inherit
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Administrators FULL ALLOW (CI)(OI)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)


ERROR: Parsing the SD of <\\?\c:\users\ivailo kunev\appdata\local\c72fd8b1\X> failed with: ????????? ?? ???? ?? ?????? ???????? ????.


Operating system error message: ????????? ?? ???? ?? ?????? ???????? ????.
\\?\c:\users\ivailo kunev\appdata\local\c72fd8b1

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(I)
BUILTIN\Administrators FULL ALLOW (CI)(OI)(I)
IvailoKunev-PC\Ivailo Kunev FULL ALLOW (CI)(OI)(I)


ERROR: Parsing the SD of <\\?\c:\windows\system32\regedit.exe> failed with: ????????? ?? ???? ?? ?????? ???????? ????.


Operating system error message: ????????? ?? ???? ?? ?????? ???????? ????.
ERROR: Parsing the SD of <\\?\c:\users\ivailo kunev\mlfg8hkidd.exe> failed with: ????????? ?? ???? ?? ?????? ???????? ????.


Operating system error message: ????????? ?? ???? ?? ?????? ???????? ????.

Етои лога на OTL:

========== FILES ==========
C:\Windows\$NtUninstallKB57441$\3341801649\L folder moved successfully.
C:\Windows\$NtUninstallKB57441$\3341801649\U folder moved successfully.
File\Folder C:\Windows\$NtUninstallKB57441$\3341801649 not found.
File\Folder C:\Windows\$NtUninstallKB57441$\1727096717 not found.
Folder move failed. C:\Windows\$NtUninstallKB57441$\TxR scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB57441$\systemprofile\Videos folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Templates folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Start Menu folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\SendTo folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Searches folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Saved Games folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Recent folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\PrintHood folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Pictures\Slide Shows folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Pictures folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\NetHood folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\My Documents folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Music\Playlists folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Music folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Local Settings folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Links folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Favorites folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Downloads folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Documents\My Videos folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Documents\My Pictures folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Documents\My Music folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Documents folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Desktop folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Cookies folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Contacts folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\Application Data folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\Templates folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\Recent folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\Libraries folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Windows folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production\temp folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\McAfee\sacore folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\McAfee folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Apple Computer\Logs folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Apple Computer folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache\7EYTDC3E folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Adobe\Flash Player folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Adobe folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun\Java folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Sun folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Microsoft\Silverlight folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Apple Computer\QuickTime folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow\Apple Computer folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Temporary Internet Files folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Programs\Common folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Programs folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows Sidebar\Gadgets folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows Sidebar folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows Photo Gallery\Original Images folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows Photo Gallery folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWJCYRU9 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJAF4SPH folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IY31THIY folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3AYP90YT folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\Ringtones folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\History folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\GameExplorer folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\Caches folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\Burn\Burn folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows\Burn folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Windows folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Portable Devices folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZB02UFH6 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOE5LKA7 folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\FLN9TWJK folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\1Y916S5C folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\Internet Explorer folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\IdentityCRL\production\temp folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\IdentityCRL\production folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft\IdentityCRL folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\History folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\ESET\ESET Smart Security\Antispam folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\ESET\ESET Smart Security folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\ESET\ESET NOD32 Antivirus\Quarantine folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\ESET\ESET NOD32 Antivirus folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\ESET folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local\Application Data folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\RegBack scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB57441$\Journal folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB57441$ scheduled to be moved on reboot.
File\Folder c:\users\ivailo kunev\appdata\local\c72fd8b1\X not found.
c:\users\ivailo kunev\appdata\local\c72fd8b1\U folder moved successfully.
c:\users\ivailo kunev\appdata\local\c72fd8b1 folder moved successfully.
File\Folder c:\windows\system32\regedit.exe not found.
File\Folder c:\users\ivailo kunev\mlfg8hkidd.exe not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\Ivailo Kunev\Desktop\cmd.bat deleted successfully.
C:\Users\Ivailo Kunev\Desktop\cmd.txt deleted successfully.
< netsh winsock reset catalog /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Ivailo Kunev\Desktop\cmd.bat deleted successfully.
C:\Users\Ivailo Kunev\Desktop\cmd.txt deleted successfully.
< netsh interface ipv4 reset /c >
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Restart the computer to complete this action.
C:\Users\Ivailo Kunev\Desktop\cmd.bat deleted successfully.
C:\Users\Ivailo Kunev\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon\\"Shell"|"Explorer.exe" /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mlfg8hkidd deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 01192012_121620

Files\Folders moved on Reboot...
Folder move failed. C:\Windows\$NtUninstallKB57441$\TxR scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production\temp folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Apple Computer\Logs folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Apple Computer folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\LocalLow folder moved successfully.
C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Local folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\TxR scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB57441$ scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#20 B-boy[StyLe]

B-boy[StyLe]

    FFreestyleRR

  • HJT Team
  • 16193 мнения
  • Пол:Мъжки
  • Град:Electric City

Публикувано 19 януари 2012 - 12:34

Хммм...за първи път се получава така. Явно папката C:Windows$NtUninstallKB57441$ е играла ролята на Junction Point и е пренасочила триенето на някои неща. Дано да греша, но май ще се наложи да възстановяваме на някои папки... Пробвайте вече да изтеглите и стартирате Combofix по-описания по-нагоре начин. Би трябвало да се получи, защото rootkit loader-a беше изтрит.

Георги Петков
Kaldata HJT Team

 

cXfZ4wS.png





0 потребител(и) четат тази тема

0 потребители, 0 гости, 0 анонимни