Премини към съдържанието

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

Препоръчан отговор


Здравейте, От няколко дни се опитвам да си изчистя компа от гореспоменатия вирус, но неуспешно. Ще Ви баде благодарен, ако ме посъветвате как да се справя с проблема. Нямам компакт диск за моята операционна система. Благодаря предварително. Ето ги логовете: DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29 Run by User at 0:38:46 on 2012-03-25 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2037.1075 [GMT 2:00] . AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Olympus\ib\olycamdetect.exe C:\WINDOWS\Datecs\Flex2K.exe C:\Program Files\Ovi Files\Ovi Files_agent.exe C:\Program Files\EDIMAX\Common\RaUI.exe C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://eu.ask.com?o=15573&l=dis uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [Olympus ib] "c:\program files\olympus\ib\olycamdetect.exe" /Startup uRun: [NokiaPCInternetAccess] "c:\program files\nokia\pc internet access\NPCIA.exe" /b mRun: [bCU] "c:\program files\devicevm\browser configuration utility\BCU.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [NWEReboot] <no file> dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [LClock] c:\program files\lclock\LClock.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flexty~1.lnk - c:\windows\datecs\Flex2K.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ovifil~1.lnk - c:\program files\ovi files\Ovi Files_agent.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\edimax\common\RaUI.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 10.10.10.1 212.39.90.42 TCP: Interfaces\{36E083A0-2E9C-4D7E-BD5B-20121C7118BB} : DHCPNameServer = 10.10.10.1 212.39.90.42 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\jwhh6y72.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/ FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll . ============= SERVICES / DRIVERS =============== . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2011-8-4 103112] R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2010-5-12 219360] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-20 652360] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2010-5-12 44032] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-20 20464] S2 gupdate;Ус»уі° Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 135664] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-12 1684736] S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 135664] S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [2011-7-17 21648] . =============== Created Last 30 ================ . 2012-03-24 20:53:01 54016 ----a-w- c:\windows\system32\drivers\ahgsbec.sys 2012-03-23 09:57:50 -------- d-----w- c:\documents and settings\user\application data\SPE 2012-03-22 18:34:36 -------- d-----w- c:\documents and settings\user\application data\TeamViewer 2012-03-22 18:34:32 -------- d-----w- c:\program files\TeamViewer 2012-03-20 23:46:01 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2012-03-20 23:46:00 835904 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe 2012-03-20 21:02:49 -------- d-----w- c:\documents and settings\user\application data\AVG7 2012-03-20 19:02:29 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes 2012-03-20 19:02:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-03-20 19:02:18 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-20 19:02:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-17 19:42:34 -------- d-----w- c:\documents and settings\user\local settings\application data\ESET 2012-03-17 19:35:09 -------- d-----w- c:\program files\ESET 2012-03-14 19:32:35 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd 2012-03-14 19:32:18 -------- d-sh--w- c:\documents and settings\user\local settings\application data\52940067 . ==================== Find3M ==================== . 2012-03-20 23:32:00 81984 ----a-w- c:\windows\system32\bdod.bin 2012-03-04 09:04:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 0:38:52,42 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-09-30.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12.5.2010 г. 20:21:06 System Uptime: 24.3.2012 г. 15:24:21 (9 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | G31M-ES2L Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz | Socket 775 | 2600/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 98 GiB total, 78,762 GiB free. D: is FIXED (NTFS) - 186 GiB total, 38,442 GiB free. E: is FIXED (NTFS) - 183 GiB total, 172,15 GiB free. F: is CDROM () G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP444: 27.12.2011 г. 09:43:30 - System Checkpoint RP445: 28.12.2011 г. 18:19:00 - System Checkpoint RP446: 29.12.2011 г. 19:41:59 - System Checkpoint RP447: 30.12.2011 г. 23:21:23 - System Checkpoint RP448: 01.1.2012 г. 10:13:27 - System Checkpoint RP449: 02.1.2012 г. 15:03:25 - System Checkpoint RP450: 03.1.2012 г. 18:50:50 - System Checkpoint RP451: 04.1.2012 г. 19:17:42 - System Checkpoint RP452: 06.1.2012 г. 21:33:28 - System Checkpoint RP453: 08.1.2012 г. 20:32:44 - System Checkpoint RP454: 10.1.2012 г. 18:45:40 - System Checkpoint RP455: 11.1.2012 г. 19:28:50 - System Checkpoint RP456: 12.1.2012 г. 20:09:13 - System Checkpoint RP457: 13.1.2012 г. 21:35:26 - System Checkpoint RP458: 15.1.2012 г. 00:18:49 - System Checkpoint RP459: 16.1.2012 г. 18:04:14 - System Checkpoint RP460: 17.1.2012 г. 21:16:31 - System Checkpoint RP461: 18.1.2012 г. 22:29:33 - System Checkpoint RP462: 20.1.2012 г. 11:45:42 - System Checkpoint RP463: 21.1.2012 г. 12:09:46 - System Checkpoint RP464: 22.1.2012 г. 12:13:11 - System Checkpoint RP465: 23.1.2012 г. 19:18:01 - System Checkpoint RP466: 24.1.2012 г. 22:04:14 - System Checkpoint RP467: 25.1.2012 г. 22:38:19 - System Checkpoint RP468: 27.1.2012 г. 13:01:09 - System Checkpoint RP469: 28.1.2012 г. 19:16:53 - System Checkpoint RP470: 29.1.2012 г. 23:42:38 - System Checkpoint RP471: 31.1.2012 г. 14:38:25 - System Checkpoint RP472: 01.2.2012 г. 19:23:29 - System Checkpoint RP473: 02.2.2012 г. 19:35:36 - System Checkpoint RP474: 04.2.2012 г. 08:25:00 - System Checkpoint RP475: 05.2.2012 г. 12:34:54 - System Checkpoint RP476: 06.2.2012 г. 18:04:26 - System Checkpoint RP477: 07.2.2012 г. 18:38:38 - System Checkpoint RP478: 08.2.2012 г. 20:13:47 - System Checkpoint RP479: 10.2.2012 г. 18:51:41 - System Checkpoint RP480: 11.2.2012 г. 20:17:38 - System Checkpoint RP481: 13.2.2012 г. 17:53:47 - System Checkpoint RP482: 15.2.2012 г. 18:52:34 - System Checkpoint RP483: 16.2.2012 г. 18:59:16 - System Checkpoint RP484: 18.2.2012 г. 11:04:58 - System Checkpoint RP485: 19.2.2012 г. 11:29:43 - System Checkpoint RP486: 20.2.2012 г. 18:35:09 - System Checkpoint RP487: 22.2.2012 г. 18:19:20 - System Checkpoint RP488: 23.2.2012 г. 23:38:15 - System Checkpoint RP489: 25.2.2012 г. 11:58:47 - System Checkpoint RP490: 26.2.2012 г. 18:54:06 - System Checkpoint RP491: 27.2.2012 г. 23:48:03 - System Checkpoint RP492: 01.3.2012 г. 00:21:02 - System Checkpoint RP493: 02.3.2012 г. 19:02:03 - System Checkpoint RP494: 03.3.2012 г. 20:18:04 - System Checkpoint RP495: 05.3.2012 г. 18:17:00 - System Checkpoint RP496: 06.3.2012 г. 20:21:40 - System Checkpoint RP497: 08.3.2012 г. 00:06:47 - System Checkpoint RP498: 09.3.2012 г. 12:51:32 - System Checkpoint RP499: 10.3.2012 г. 13:28:42 - System Checkpoint RP500: 11.3.2012 г. 19:01:31 - System Checkpoint RP501: 12.3.2012 г. 19:56:49 - System Checkpoint RP502: 14.3.2012 г. 19:22:11 - System Checkpoint RP503: 15.3.2012 г. 19:53:30 - System Checkpoint RP504: 17.3.2012 г. 09:20:48 - System Checkpoint RP505: 17.3.2012 г. 19:38:27 - Removed Skype Click to Call RP506: 18.3.2012 г. 20:11:09 - System Checkpoint RP507: 19.3.2012 г. 20:25:57 - System Checkpoint RP508: 20.3.2012 г. 22:13:17 - System Checkpoint RP509: 20.3.2012 г. 23:02:02 - Installed AVG 7.5 RP510: 20.3.2012 г. 23:34:09 - Removed AVG 7.5 RP511: 20.3.2012 г. 23:35:47 - Installed AVG 7.5 RP512: 21.3.2012 г. 01:31:50 - Removed BitDefender Free Edition v10 RP513: 21.3.2012 г. 23:15:46 - Restore Operation RP514: 21.3.2012 г. 23:18:22 - Restore Operation RP515: 21.3.2012 г. 23:21:41 - Restore Operation RP516: 21.3.2012 г. 23:35:59 - Restore Operation RP517: 21.3.2012 г. 23:39:32 - Restore Operation RP518: 21.3.2012 г. 23:51:39 - Restore Operation RP519: 23.3.2012 г. 00:31:33 - System Checkpoint RP520: 24.3.2012 г. 10:29:02 - System Checkpoint . ==== Installed Programs ====================== . %WS4_ARP_DISPLAY% Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.0 Alky for Applications (Windows XP) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Browser Configuration Utility Compatibility Pack for the 2007 Office system Cyrilla Correct Edimax Wireless LAN ESET NOD32 Antivirus Final Media Player 2010 FlexType 2K Google Chrome Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB954550-v5) Intel® Graphics Media Accelerator Driver Java Auto Updater Java™ 6 Update 29 Malwarebytes Anti-Malware version 1.60.1.1000 Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30304 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox 11.0 (x86 bg) MSVC80_x86_v2 MSVC90_x86 MSXML 4.0 SP2 (KB954430) MSXML 6.0 Parser (KB933579) Nero 7 Ultra Edition Nokia Connectivity Cable Driver Nokia PC Internet Access OLYMPUS ib Ovi Files PC Connectivity Solution PowerDVD Realtek High Definition Audio Driver SA Dictionary 2005 T2 Security Update for Windows XP (KB960715) Skype Click to Call Skype™ 5.8 TeamViewer 7 The KMPlayer Veetle TV 0.9.17 WebFldrs XP Winamp (remove only) Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) Windows Rights Management Client Backwards Compatibility SP2 Windows Rights Management Client with Service Pack 2 WinRAR archiver WinZip XP Codec Pack µTorrent . . ==== End Of File ===========================

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте!

Стъпка 1

Моля изтеглете последната версия на TDSSKiller оттук и я запазете на вашия декстоп.

  • Стартирайте TDSSKiller.exe за да стартирате приложението. След това кликнете върху бутона Change parameters.

    Публикувано изображение

  • Сложете отметки пред Verify Driver Digital Signature и Detect TDLFS file system и натиснете ОК.

    Публикувано изображение

  • Натиснете бутона Start Scan.

    Публикувано изображение

  • Ако подозрителен обект бъде засечен, действието по подразбиране ще бъде Skip, кликнете върху Continue.

    Публикувано изображение

  • Ако зловредни обекти бъдат намерени, тогава от падащото меню ще имате три възможности.

    Бъдете сигурни, че избраното действие е Cure и натиснете върху Continue > Рестартирайте за да бъде завършена поправката.

    Публикувано изображение

    Забележка: Ако Cure бутона не е наличен от възможностите, тогава моля изберете Skip бутона, не избирайте Delete освен ако не сте инструктирани затова.

  • Лог файл ще бъде създаден в свободната директория на дял C: . Потърсете за лог с името "TDSSKiller.[Version]_[Date]_[Time]_log.txt" и копирайте съдържанието му в следващия си пост.

Стъпка 2

Стартирайте Malwarebytes' Anti-Malware, обновете я и направете бързо сканиране на системата. Ако открие нещо, потвърдете да бъде премахнато и накрая публикувайте лог файла.

Включете в следващия си лог файл:

  • TDSSKiller лог
  • Malwarebytes' Anti-Malware лог
  • Нов свеж лог файл от DDS

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравеите отново, Мисля, че го отстранихме. Ето и логовете: 11:18:00.0296 2640 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00 11:18:00.0515 2640 ============================================================ 11:18:00.0515 2640 Current date / time: 2012/03/25 11:18:00.0515 11:18:00.0515 2640 SystemInfo: 11:18:00.0515 2640 11:18:00.0515 2640 OS Version: 5.1.2600 ServicePack: 3.0 11:18:00.0515 2640 Product type: Workstation 11:18:00.0515 2640 ComputerName: LG 11:18:00.0515 2640 UserName: User 11:18:00.0515 2640 Windows directory: C:\WINDOWS 11:18:00.0515 2640 System windows directory: C:\WINDOWS 11:18:00.0515 2640 Processor architecture: Intel x86 11:18:00.0515 2640 Number of processors: 2 11:18:00.0515 2640 Page size: 0x1000 11:18:00.0515 2640 Boot type: Normal boot 11:18:00.0515 2640 ============================================================ 11:18:01.0734 2640 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 11:18:01.0734 2640 \Device\Harddisk0\DR0: 11:18:01.0734 2640 MBR used 11:18:01.0734 2640 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D 11:18:01.0750 2640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x173198DF 11:18:01.0765 2640 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23668C29, BlocksNum 0x16D18157 11:18:01.0843 2640 Initialize success 11:18:01.0843 2640 ============================================================ 11:18:39.0953 3732 ============================================================ 11:18:39.0953 3732 Scan started 11:18:39.0953 3732 Mode: Manual; SigCheck; TDLFS; 11:18:39.0953 3732 ============================================================ 11:18:40.0250 3732 Abiosdsk - ok 11:18:40.0250 3732 abp480n5 - ok 11:18:40.0265 3732 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys 11:18:40.0265 3732 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17 11:18:40.0265 3732 ACPI ( Virus.Win32.Rloader.a ) - infected 11:18:40.0265 3732 ACPI - detected Virus.Win32.Rloader.a (0) 11:18:40.0296 3732 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 11:18:41.0468 3732 ACPIEC - ok 11:18:41.0531 3732 adpu160m - ok 11:18:41.0562 3732 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 11:18:41.0671 3732 aec - ok 11:18:41.0703 3732 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys 11:18:41.0718 3732 AegisP ( UnsignedFile.Multi.Generic ) - warning 11:18:41.0718 3732 AegisP - detected UnsignedFile.Multi.Generic (1) 11:18:41.0750 3732 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys 11:18:41.0796 3732 AFD - ok 11:18:41.0796 3732 Aha154x - ok 11:18:41.0796 3732 aic78u2 - ok 11:18:41.0812 3732 aic78xx - ok 11:18:41.0828 3732 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 11:18:41.0906 3732 Alerter - ok 11:18:41.0921 3732 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 11:18:41.0953 3732 ALG - ok 11:18:41.0968 3732 AliIde - ok 11:18:42.0015 3732 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys 11:18:42.0093 3732 Ambfilt - ok 11:18:42.0109 3732 amsint - ok 11:18:42.0125 3732 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 11:18:42.0171 3732 AppMgmt - ok 11:18:42.0187 3732 asc - ok 11:18:42.0203 3732 asc3350p - ok 11:18:42.0203 3732 asc3550 - ok 11:18:42.0265 3732 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 11:18:42.0281 3732 aspnet_state - ok 11:18:42.0296 3732 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 11:18:42.0390 3732 AsyncMac - ok 11:18:42.0421 3732 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 11:18:42.0515 3732 atapi - ok 11:18:42.0515 3732 Atdisk - ok 11:18:42.0531 3732 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 11:18:42.0609 3732 Atmarpc - ok 11:18:42.0625 3732 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 11:18:42.0703 3732 AudioSrv - ok 11:18:42.0734 3732 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 11:18:42.0812 3732 audstub - ok 11:18:42.0859 3732 BCUService (f29d375926e36e3a56af4805c7749302) C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe 11:18:42.0875 3732 BCUService - ok 11:18:42.0875 3732 bdfdll - ok 11:18:42.0890 3732 BDFsDrv - ok 11:18:42.0890 3732 BDRsDrv - ok 11:18:42.0921 3732 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 11:18:43.0000 3732 Beep - ok 11:18:43.0031 3732 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 11:18:43.0125 3732 BITS - ok 11:18:43.0171 3732 Browser (7e39a3edc13b076e70fdb9a6f6d7a4b4) C:\WINDOWS\System32\browser.dll 11:18:43.0203 3732 Browser - ok 11:18:43.0234 3732 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 11:18:43.0328 3732 cbidf2k - ok 11:18:43.0343 3732 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 11:18:43.0421 3732 CCDECODE - ok 11:18:43.0421 3732 cd20xrnt - ok 11:18:43.0453 3732 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 11:18:43.0515 3732 Cdaudio - ok 11:18:43.0531 3732 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 11:18:43.0625 3732 Cdfs - ok 11:18:43.0640 3732 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 11:18:43.0671 3732 Cdrom - ok 11:18:43.0671 3732 Changer - ok 11:18:43.0703 3732 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 11:18:43.0765 3732 CiSvc - ok 11:18:43.0796 3732 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 11:18:43.0875 3732 ClipSrv - ok 11:18:43.0906 3732 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:18:43.0921 3732 clr_optimization_v2.0.50727_32 - ok 11:18:43.0937 3732 CmdIde - ok 11:18:43.0937 3732 COMSysApp - ok 11:18:43.0953 3732 Cpqarray - ok 11:18:43.0984 3732 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 11:18:44.0062 3732 CryptSvc - ok 11:18:44.0093 3732 dac2w2k - ok 11:18:44.0093 3732 dac960nt - ok 11:18:44.0125 3732 DcomLaunch (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll 11:18:44.0218 3732 DcomLaunch - ok 11:18:44.0234 3732 Dhcp (c51de19619d50cbd03708647aca10e70) C:\WINDOWS\System32\dhcpcsvc.dll 11:18:44.0281 3732 Dhcp - ok 11:18:44.0296 3732 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys 11:18:44.0328 3732 Disk - ok 11:18:44.0328 3732 dmadmin - ok 11:18:44.0359 3732 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 11:18:44.0453 3732 dmboot - ok 11:18:44.0484 3732 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 11:18:44.0578 3732 dmio - ok 11:18:44.0593 3732 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 11:18:44.0656 3732 dmload - ok 11:18:44.0671 3732 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 11:18:44.0750 3732 dmserver - ok 11:18:44.0781 3732 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 11:18:44.0875 3732 DMusic - ok 11:18:44.0890 3732 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll 11:18:44.0953 3732 Dnscache - ok 11:18:44.0984 3732 Dot3svc (b4109c8c3d54c83246997a777724f318) C:\WINDOWS\System32\dot3svc.dll 11:18:45.0015 3732 Dot3svc - ok 11:18:45.0015 3732 dpti2o - ok 11:18:45.0046 3732 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 11:18:45.0156 3732 drmkaud - ok 11:18:45.0203 3732 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys 11:18:45.0234 3732 eamon - ok 11:18:45.0250 3732 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 11:18:45.0328 3732 EapHost - ok 11:18:45.0343 3732 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys 11:18:45.0343 3732 ehdrv - ok 11:18:45.0421 3732 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe 11:18:45.0453 3732 ekrn - ok 11:18:45.0484 3732 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys 11:18:45.0484 3732 epfwtdir - ok 11:18:45.0515 3732 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 11:18:45.0593 3732 ERSvc - ok 11:18:45.0609 3732 Eventlog (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe 11:18:45.0703 3732 Eventlog - ok 11:18:45.0718 3732 EventSystem (f17f6226bdc0cd5f0bef0daf84d29bec) C:\WINDOWS\system32\es.dll 11:18:45.0750 3732 EventSystem - ok 11:18:45.0796 3732 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys 11:18:45.0828 3732 exFat - ok 11:18:45.0828 3732 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 11:18:45.0906 3732 Fastfat - ok 11:18:45.0921 3732 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 11:18:46.0000 3732 FastUserSwitchingCompatibility - ok 11:18:46.0000 3732 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 11:18:46.0093 3732 Fdc - ok 11:18:46.0125 3732 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 11:18:46.0203 3732 Fips - ok 11:18:46.0203 3732 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 11:18:46.0281 3732 Flpydisk - ok 11:18:46.0328 3732 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 11:18:46.0406 3732 FltMgr - ok 11:18:46.0468 3732 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 11:18:46.0484 3732 FontCache3.0.0.0 - ok 11:18:46.0546 3732 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys 11:18:46.0562 3732 Fs_Rec - ok 11:18:46.0593 3732 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 11:18:46.0656 3732 Ftdisk - ok 11:18:46.0656 3732 gdrv - ok 11:18:46.0687 3732 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 11:18:46.0765 3732 Gpc - ok 11:18:46.0812 3732 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 11:18:46.0828 3732 gupdate - ok 11:18:46.0828 3732 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 11:18:46.0828 3732 gupdatem - ok 11:18:46.0843 3732 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 11:18:46.0921 3732 HDAudBus - ok 11:18:46.0968 3732 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 11:18:47.0046 3732 helpsvc - ok 11:18:47.0078 3732 HidServ - ok 11:18:47.0109 3732 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 11:18:47.0187 3732 hkmsvc - ok 11:18:47.0203 3732 hpn - ok 11:18:47.0218 3732 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 11:18:47.0296 3732 HTTP - ok 11:18:47.0328 3732 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 11:18:47.0406 3732 HTTPFilter - ok 11:18:47.0406 3732 i2omgmt - ok 11:18:47.0421 3732 i2omp - ok 11:18:47.0437 3732 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 11:18:47.0515 3732 i8042prt - ok 11:18:47.0640 3732 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 11:18:47.0812 3732 ialm - ok 11:18:47.0875 3732 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 11:18:47.0906 3732 idsvc - ok 11:18:47.0937 3732 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 11:18:48.0015 3732 Imapi - ok 11:18:48.0031 3732 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 11:18:48.0125 3732 ImapiService - ok 11:18:48.0125 3732 InCDFs - ok 11:18:48.0140 3732 InCDPass - ok 11:18:48.0140 3732 InCDRm - ok 11:18:48.0156 3732 ini910u - ok 11:18:48.0250 3732 IntcAzAudAddService (512cc914475348d774d1bb9f866396a5) C:\WINDOWS\system32\drivers\RtkHDAud.sys 11:18:48.0343 3732 IntcAzAudAddService - ok 11:18:48.0343 3732 IntelIde - ok 11:18:48.0359 3732 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 11:18:48.0437 3732 intelppm - ok 11:18:48.0468 3732 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 11:18:48.0546 3732 Ip6Fw - ok 11:18:48.0578 3732 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 11:18:48.0671 3732 IpFilterDriver - ok 11:18:48.0671 3732 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 11:18:48.0750 3732 IpInIp - ok 11:18:48.0765 3732 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 11:18:48.0828 3732 IpNat - ok 11:18:48.0843 3732 IPSec (8a66a3a236f0b7b72aa2fafcc0475fed) C:\WINDOWS\system32\DRIVERS\ipsec.sys 11:18:48.0859 3732 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 8a66a3a236f0b7b72aa2fafcc0475fed, Fake md5: 23c74d75e36e7158768dd63d92789a91 11:18:48.0859 3732 IPSec ( Virus.Win32.ZAccess.aml ) - infected 11:18:48.0859 3732 IPSec - detected Virus.Win32.ZAccess.aml (0) 11:18:48.0890 3732 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 11:18:48.0921 3732 IRENUM - ok 11:18:48.0953 3732 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 11:18:49.0031 3732 isapnp - ok 11:18:49.0109 3732 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe 11:18:49.0125 3732 JavaQuickStarterService - ok 11:18:49.0140 3732 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 11:18:49.0218 3732 Kbdclass - ok 11:18:49.0234 3732 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 11:18:49.0328 3732 kmixer - ok 11:18:49.0359 3732 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 11:18:49.0437 3732 KSecDD - ok 11:18:49.0468 3732 L1c (96478fe91c5a37c673ebe3da87c1a115) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys 11:18:49.0500 3732 L1c - ok 11:18:49.0515 3732 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll 11:18:49.0593 3732 LanmanServer - ok 11:18:49.0625 3732 lanmanworkstation (6b7698bde0817007d9494f1a91f4482d) C:\WINDOWS\System32\wkssvc.dll 11:18:49.0671 3732 lanmanworkstation - ok 11:18:49.0671 3732 lbrtfdc - ok 11:18:49.0703 3732 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 11:18:49.0781 3732 LmHosts - ok 11:18:49.0812 3732 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys 11:18:49.0812 3732 MBAMProtector - ok 11:18:49.0859 3732 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 11:18:49.0875 3732 MBAMService - ok 11:18:49.0921 3732 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 11:18:50.0000 3732 Messenger - ok 11:18:50.0046 3732 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 11:18:50.0109 3732 mnmdd - ok 11:18:50.0140 3732 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 11:18:50.0203 3732 mnmsrvc - ok 11:18:50.0218 3732 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 11:18:50.0296 3732 Modem - ok 11:18:50.0343 3732 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys 11:18:50.0406 3732 Monfilt - ok 11:18:50.0421 3732 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 11:18:50.0515 3732 Mouclass - ok 11:18:50.0531 3732 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 11:18:50.0609 3732 MountMgr - ok 11:18:50.0625 3732 mraid35x - ok 11:18:50.0625 3732 MRxDAV (65e818c473e220b6ab762e1966296fd1) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 11:18:50.0656 3732 MRxDAV - ok 11:18:50.0671 3732 MRxSmb (dacb333a5d3758e7117522c1361075c6) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 11:18:50.0734 3732 MRxSmb - ok 11:18:50.0765 3732 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 11:18:50.0828 3732 MSDTC - ok 11:18:50.0843 3732 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 11:18:50.0921 3732 Msfs - ok 11:18:50.0921 3732 MSIServer - ok 11:18:50.0953 3732 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 11:18:51.0031 3732 MSKSSRV - ok 11:18:51.0031 3732 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 11:18:51.0109 3732 MSPCLOCK - ok 11:18:51.0125 3732 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 11:18:51.0187 3732 MSPQM - ok 11:18:51.0218 3732 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 11:18:51.0281 3732 mssmbios - ok 11:18:51.0296 3732 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 11:18:51.0375 3732 MSTEE - ok 11:18:51.0375 3732 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys 11:18:51.0390 3732 Mup - ok 11:18:51.0390 3732 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 11:18:51.0484 3732 NABTSFEC - ok 11:18:51.0531 3732 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 11:18:51.0593 3732 napagent - ok 11:18:51.0625 3732 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys 11:18:51.0656 3732 NDIS - ok 11:18:51.0687 3732 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 11:18:51.0750 3732 NdisIP - ok 11:18:51.0765 3732 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 11:18:51.0843 3732 NdisTapi - ok 11:18:51.0843 3732 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 11:18:51.0906 3732 Ndisuio - ok 11:18:51.0921 3732 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 11:18:51.0937 3732 NdisWan - ok 11:18:51.0953 3732 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 11:18:52.0015 3732 NDProxy - ok 11:18:52.0031 3732 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 11:18:52.0109 3732 NetBIOS - ok 11:18:52.0125 3732 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 11:18:52.0218 3732 NetBT - ok 11:18:52.0234 3732 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 11:18:52.0296 3732 NetDDE - ok 11:18:52.0312 3732 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 11:18:52.0375 3732 NetDDEdsdm - ok 11:18:52.0406 3732 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 11:18:52.0484 3732 Netlogon - ok 11:18:52.0500 3732 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 11:18:52.0578 3732 Netman - ok 11:18:52.0625 3732 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 11:18:52.0625 3732 NetTcpPortSharing - ok 11:18:52.0640 3732 Nla (290c1a30defc723bbe10910ac2d6f6d0) C:\WINDOWS\System32\mswsock.dll 11:18:52.0671 3732 Nla - ok 11:18:52.0734 3732 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys 11:18:52.0843 3732 nmwcd - ok 11:18:52.0921 3732 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys 11:18:52.0968 3732 nmwcdc - ok 11:18:53.0000 3732 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 11:18:53.0062 3732 Npfs - ok 11:18:53.0062 3732 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys 11:18:53.0109 3732 Ntfs - ok 11:18:53.0125 3732 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 11:18:53.0187 3732 NtLmSsp - ok 11:18:53.0234 3732 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 11:18:53.0312 3732 NtmsSvc - ok 11:18:53.0359 3732 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 11:18:53.0437 3732 Null - ok 11:18:53.0453 3732 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 11:18:53.0531 3732 NwlnkFlt - ok 11:18:53.0546 3732 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 11:18:53.0625 3732 NwlnkFwd - ok 11:18:53.0640 3732 OlyCamComm (f4cb9c1991314b1352ddbd8a968e4471) C:\WINDOWS\system32\DRIVERS\OlyCamComm.sys 11:18:53.0640 3732 OlyCamComm - ok 11:18:53.0687 3732 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 11:18:53.0703 3732 ose - ok 11:18:53.0718 3732 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 11:18:53.0796 3732 Parport - ok 11:18:53.0812 3732 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 11:18:53.0875 3732 PartMgr - ok 11:18:53.0890 3732 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 11:18:53.0953 3732 ParVdm - ok 11:18:53.0968 3732 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 11:18:54.0000 3732 pccsmcfd - ok 11:18:54.0015 3732 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 11:18:54.0093 3732 PCI - ok 11:18:54.0093 3732 PCIDump - ok 11:18:54.0109 3732 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 11:18:54.0171 3732 PCIIde - ok 11:18:54.0171 3732 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 11:18:54.0250 3732 Pcmcia - ok 11:18:54.0250 3732 PDCOMP - ok 11:18:54.0265 3732 PDFRAME - ok 11:18:54.0265 3732 PDRELI - ok 11:18:54.0281 3732 PDRFRAME - ok 11:18:54.0281 3732 perc2 - ok 11:18:54.0296 3732 perc2hib - ok 11:18:54.0328 3732 PlugPlay (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe 11:18:54.0390 3732 PlugPlay - ok 11:18:54.0421 3732 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 11:18:54.0484 3732 PolicyAgent - ok 11:18:54.0515 3732 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 11:18:54.0578 3732 PptpMiniport - ok 11:18:54.0578 3732 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 11:18:54.0656 3732 ProtectedStorage - ok 11:18:54.0671 3732 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 11:18:54.0828 3732 PSched - ok 11:18:54.0859 3732 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 11:18:54.0937 3732 Ptilink - ok 11:18:54.0968 3732 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 11:18:54.0984 3732 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning 11:18:54.0984 3732 PxHelp20 - detected UnsignedFile.Multi.Generic (1) 11:18:54.0984 3732 ql1080 - ok 11:18:55.0000 3732 Ql10wnt - ok 11:18:55.0000 3732 ql12160 - ok 11:18:55.0015 3732 ql1240 - ok 11:18:55.0015 3732 ql1280 - ok 11:18:55.0031 3732 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 11:18:55.0093 3732 RasAcd - ok 11:18:55.0125 3732 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 11:18:55.0187 3732 RasAuto - ok 11:18:55.0203 3732 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 11:18:55.0265 3732 Rasl2tp - ok 11:18:55.0281 3732 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 11:18:55.0359 3732 RasMan - ok 11:18:55.0359 3732 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 11:18:55.0421 3732 RasPppoe - ok 11:18:55.0453 3732 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 11:18:55.0531 3732 Raspti - ok 11:18:55.0562 3732 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys 11:18:55.0578 3732 Rdbss - ok 11:18:55.0593 3732 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 11:18:55.0671 3732 RDPCDD - ok 11:18:55.0703 3732 rdpdr (c694a927eb7c354f7ae97955043a9641) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 11:18:55.0734 3732 rdpdr - ok 11:18:55.0765 3732 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys 11:18:55.0781 3732 RDPWD - ok 11:18:55.0812 3732 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 11:18:55.0890 3732 RDSessMgr - ok 11:18:55.0921 3732 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 11:18:56.0000 3732 redbook - ok 11:18:56.0015 3732 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 11:18:56.0109 3732 RemoteAccess - ok 11:18:56.0125 3732 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 11:18:56.0218 3732 RemoteRegistry - ok 11:18:56.0218 3732 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 11:18:56.0281 3732 RpcLocator - ok 11:18:56.0312 3732 RpcSs (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll 11:18:56.0390 3732 RpcSs - ok 11:18:56.0421 3732 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys 11:18:56.0453 3732 rspndr - ok 11:18:56.0453 3732 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 11:18:56.0531 3732 RSVP - ok 11:18:56.0640 3732 RT73 (c7bcf9808e2a1b4cabe16ff7fbce5fab) C:\WINDOWS\system32\DRIVERS\rt73.sys 11:18:56.0687 3732 RT73 - ok 11:18:56.0718 3732 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 11:18:56.0781 3732 SamSs - ok 11:18:56.0812 3732 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 11:18:56.0890 3732 SCardSvr - ok 11:18:56.0921 3732 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 11:18:57.0000 3732 Schedule - ok 11:18:57.0015 3732 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 11:18:57.0046 3732 Secdrv - ok 11:18:57.0062 3732 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 11:18:57.0125 3732 seclogon - ok 11:18:57.0140 3732 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 11:18:57.0218 3732 SENS - ok 11:18:57.0234 3732 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 11:18:57.0296 3732 serenum - ok 11:18:57.0312 3732 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 11:18:57.0375 3732 Serial - ok 11:18:57.0437 3732 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 11:18:57.0468 3732 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning 11:18:57.0468 3732 ServiceLayer - detected UnsignedFile.Multi.Generic (1) 11:18:57.0500 3732 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 11:18:57.0578 3732 Sfloppy - ok 11:18:57.0609 3732 SharedAccess (4f10a2fa76b5bd54cd68afa94e8adb39) C:\WINDOWS\System32\ipnathlp.dll 11:18:57.0640 3732 SharedAccess - ok 11:18:57.0656 3732 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 11:18:57.0718 3732 ShellHWDetection - ok 11:18:57.0750 3732 Simbad - ok 11:18:57.0812 3732 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe 11:18:57.0828 3732 SkypeUpdate - ok 11:18:57.0859 3732 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 11:18:57.0937 3732 SLIP - ok 11:18:57.0937 3732 Sparrow - ok 11:18:57.0968 3732 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 11:18:58.0031 3732 splitter - ok 11:18:58.0062 3732 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe 11:18:58.0140 3732 Spooler - ok 11:18:58.0187 3732 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 11:18:58.0187 3732 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 11:18:58.0187 3732 sptd ( LockedFile.Multi.Generic ) - warning 11:18:58.0187 3732 sptd - detected LockedFile.Multi.Generic (1) 11:18:58.0218 3732 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 11:18:58.0250 3732 sr - ok 11:18:58.0265 3732 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 11:18:58.0312 3732 srservice - ok 11:18:58.0343 3732 Srv (e89b42b216bc86ada4345908284519cb) C:\WINDOWS\system32\DRIVERS\srv.sys 11:18:58.0375 3732 Srv - ok 11:18:58.0406 3732 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 11:18:58.0437 3732 SSDPSRV - ok 11:18:58.0578 3732 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 11:18:58.0656 3732 stisvc - ok 11:18:58.0671 3732 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 11:18:58.0750 3732 streamip - ok 11:18:58.0781 3732 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 11:18:58.0859 3732 swenum - ok 11:18:58.0875 3732 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 11:18:58.0953 3732 swmidi - ok 11:18:58.0968 3732 SwPrv - ok 11:18:58.0968 3732 symc810 - ok 11:18:58.0984 3732 symc8xx - ok 11:18:58.0984 3732 sym_hi - ok 11:18:58.0984 3732 sym_u3 - ok 11:18:59.0015 3732 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 11:18:59.0078 3732 sysaudio - ok 11:18:59.0093 3732 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 11:18:59.0156 3732 SysmonLog - ok 11:18:59.0187 3732 TapiSrv (e2b32b10acc5d97623275aafb67e5f03) C:\WINDOWS\System32\tapisrv.dll 11:18:59.0218 3732 TapiSrv - ok 11:18:59.0234 3732 Tcpip (25a740d70e8007814a48d3fa1b34fa34) C:\WINDOWS\system32\DRIVERS\tcpip.sys 11:18:59.0250 3732 Tcpip ( UnsignedFile.Multi.Generic ) - warning 11:18:59.0250 3732 Tcpip - detected UnsignedFile.Multi.Generic (1) 11:18:59.0281 3732 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 11:18:59.0359 3732 TDPIPE - ok 11:18:59.0375 3732 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 11:18:59.0437 3732 TDTCP - ok 11:18:59.0515 3732 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 11:18:59.0578 3732 TermDD - ok 11:18:59.0625 3732 TermService (37981a741ad7b04258e87129ffe79ab9) C:\WINDOWS\System32\termsrv.dll 11:18:59.0640 3732 TermService - ok 11:18:59.0671 3732 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 11:18:59.0734 3732 Themes - ok 11:18:59.0750 3732 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 11:18:59.0796 3732 TlntSvr - ok 11:18:59.0796 3732 TosIde - ok 11:18:59.0812 3732 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 11:18:59.0890 3732 TrkWks - ok 11:18:59.0906 3732 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 11:18:59.0968 3732 Udfs - ok 11:18:59.0984 3732 ultra - ok 11:19:00.0015 3732 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 11:19:00.0078 3732 Update - ok 11:19:00.0109 3732 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 11:19:00.0140 3732 upnphost - ok 11:19:00.0171 3732 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 11:19:00.0218 3732 upperdev - ok 11:19:00.0234 3732 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 11:19:00.0296 3732 UPS - ok 11:19:00.0328 3732 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 11:19:00.0343 3732 usbccgp - ok 11:19:00.0375 3732 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys 11:19:00.0406 3732 usbehci - ok 11:19:00.0437 3732 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 11:19:00.0500 3732 usbhub - ok 11:19:00.0546 3732 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 11:19:00.0609 3732 usbscan - ok 11:19:00.0625 3732 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys 11:19:00.0687 3732 usbser - ok 11:19:00.0703 3732 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 11:19:00.0750 3732 UsbserFilt - ok 11:19:00.0750 3732 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 11:19:00.0828 3732 USBSTOR - ok 11:19:00.0859 3732 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 11:19:00.0921 3732 usbuhci - ok 11:19:00.0953 3732 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 11:19:01.0031 3732 usbvideo - ok 11:19:01.0062 3732 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 11:19:01.0140 3732 VgaSave - ok 11:19:01.0140 3732 ViaIde - ok 11:19:01.0171 3732 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 11:19:01.0234 3732 VolSnap - ok 11:19:01.0265 3732 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 11:19:01.0296 3732 VSS - ok 11:19:01.0312 3732 W32Time (9f8a0d0cbb2fa265a754516128c00e22) C:\WINDOWS\system32\w32time.dll 11:19:01.0359 3732 W32Time - ok 11:19:01.0390 3732 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 11:19:01.0453 3732 Wanarp - ok 11:19:01.0515 3732 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 11:19:01.0531 3732 Wdf01000 - ok 11:19:01.0531 3732 WDICA - ok 11:19:01.0578 3732 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 11:19:01.0656 3732 wdmaud - ok 11:19:01.0671 3732 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 11:19:01.0750 3732 WebClient - ok 11:19:01.0781 3732 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 11:19:01.0843 3732 winmgmt - ok 11:19:01.0875 3732 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 11:19:01.0921 3732 WmdmPmSN - ok 11:19:01.0953 3732 Wmi (bab489a5fe26f2d0c910cf7af7e4cf92) C:\WINDOWS\System32\advapi32.dll 11:19:02.0031 3732 Wmi - ok 11:19:02.0046 3732 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 11:19:02.0125 3732 WmiApSrv - ok 11:19:02.0218 3732 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 11:19:02.0281 3732 WMPNetworkSvc - ok 11:19:02.0359 3732 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 11:19:02.0359 3732 WpdUsb - ok 11:19:02.0406 3732 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 11:19:02.0484 3732 WS2IFSL - ok 11:19:02.0531 3732 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 11:19:02.0609 3732 wscsvc - ok 11:19:02.0625 3732 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 11:19:02.0687 3732 WSTCODEC - ok 11:19:02.0718 3732 wuauserv (aae1a6ffba2b0436e91795120f48c461) C:\WINDOWS\system32\wuauserv.dll 11:19:02.0718 3732 wuauserv - ok 11:19:02.0734 3732 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 11:19:02.0765 3732 WudfPf - ok 11:19:02.0781 3732 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 11:19:02.0781 3732 WudfRd - ok 11:19:02.0812 3732 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 11:19:02.0812 3732 WudfSvc - ok 11:19:02.0843 3732 WZCSVC (349b8d2bb755e8c3b0e3e82a87663e55) C:\WINDOWS\System32\wzcsvc.dll 11:19:02.0906 3732 WZCSVC - ok 11:19:02.0921 3732 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 11:19:02.0984 3732 xmlprov - ok 11:19:03.0015 3732 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 11:19:03.0203 3732 \Device\Harddisk0\DR0 - ok 11:19:03.0203 3732 Boot (0x1200) (2af4fe01936d5ecd56b1adc75b6afd4a) \Device\Harddisk0\DR0\Partition0 11:19:03.0203 3732 \Device\Harddisk0\DR0\Partition0 - ok 11:19:03.0234 3732 Boot (0x1200) (f93326c93b90b1bd214801b20cb1bdfb) \Device\Harddisk0\DR0\Partition1 11:19:03.0234 3732 \Device\Harddisk0\DR0\Partition1 - ok 11:19:03.0250 3732 Boot (0x1200) (a1896c11720f5fb3e84354b56237ea1c) \Device\Harddisk0\DR0\Partition2 11:19:03.0250 3732 \Device\Harddisk0\DR0\Partition2 - ok 11:19:03.0250 3732 ============================================================ 11:19:03.0250 3732 Scan finished 11:19:03.0250 3732 ============================================================ 11:19:03.0375 1272 Detected object count: 7 11:19:03.0375 1272 Actual detected object count: 7 11:21:04.0453 1272 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine 11:21:04.0703 1272 Backup copy found, using it.. 11:21:04.0734 1272 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot 11:21:04.0734 1272 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure 11:21:04.0734 1272 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 11:21:04.0734 1272 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:21:04.0781 1272 C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine 11:21:05.0093 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\@ - copied to quarantine 11:21:05.0109 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\L\tdijvqao - copied to quarantine 11:21:05.0109 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\loader.tlb - copied to quarantine 11:21:05.0109 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\U\@00000001 - copied to quarantine 11:21:05.0406 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\U\@000000c0 - copied to quarantine 11:21:05.0687 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\U\@000000cb - copied to quarantine 11:21:06.0031 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\U\@000000cf - copied to quarantine 11:21:06.0312 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\U\@80000000 - copied to quarantine 11:21:06.0625 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\U\@800000c0 - copied to quarantine 11:21:06.0937 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\U\@800000cb - copied to quarantine 11:21:07.0234 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\U\@800000cf - copied to quarantine 11:21:07.0640 1272 Backup copy found, using it.. 11:21:07.0656 1272 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot 11:21:08.0765 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\@ - will be deleted on reboot 11:21:08.0765 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\loader.tlb - will be deleted on reboot 11:21:08.0765 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\U\@00000001 - will be deleted on reboot 11:21:08.0765 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\U\@000000c0 - will be deleted on reboot 11:21:08.0765 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\U\@000000cb - will be deleted on reboot 11:21:08.0765 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\U\@000000cf - will be deleted on reboot 11:21:08.0765 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\U\@80000000 - will be deleted on reboot 11:21:08.0765 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\U\@800000c0 - will be deleted on reboot 11:21:08.0765 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\U\@800000cb - will be deleted on reboot 11:21:08.0765 1272 C:\WINDOWS\$NtUninstallKB44300$\1385431143\U\@800000cf - will be deleted on reboot 11:21:08.0765 1272 C:\WINDOWS\$NtUninstallKB44300$\4115941358 - will be deleted on reboot 11:21:08.0765 1272 IPSec ( Virus.Win32.ZAccess.aml ) - User select action: Cure 11:21:08.0765 1272 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user 11:21:08.0765 1272 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:21:08.0781 1272 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user 11:21:08.0781 1272 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:21:08.0781 1272 sptd ( LockedFile.Multi.Generic ) - skipped by user 11:21:08.0781 1272 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 11:21:08.0781 1272 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user 11:21:08.0781 1272 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:21:13.0281 2040 Deinitialize success Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.25.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 User :: LG [administrator] Protection: Enabled 25.3.2012 г. 13:04:16 mbam-log-2012-03-25 (13-04-16).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 180696 Time elapsed: 7 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29 Run by User at 13:42:13 on 2012-03-25 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2037.1048 [GMT 3:00] . AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Olympus\ib\olycamdetect.exe C:\Program Files\Nokia\PC Internet Access\NPCIA.exe C:\WINDOWS\Datecs\Flex2K.exe C:\Program Files\Ovi Files\Ovi Files_agent.exe C:\Program Files\EDIMAX\Common\RaUI.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://eu.ask.com?o=15573&l=dis uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [Olympus ib] "c:\program files\olympus\ib\olycamdetect.exe" /Startup uRun: [NokiaPCInternetAccess] "c:\program files\nokia\pc internet access\NPCIA.exe" /b mRun: [bCU] "c:\program files\devicevm\browser configuration utility\BCU.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [NWEReboot] <no file> dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [LClock] c:\program files\lclock\LClock.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flexty~1.lnk - c:\windows\datecs\Flex2K.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ovifil~1.lnk - c:\program files\ovi files\Ovi Files_agent.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\edimax\common\RaUI.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 10.10.10.1 212.39.90.42 TCP: Interfaces\{36E083A0-2E9C-4D7E-BD5B-20121C7118BB} : DHCPNameServer = 10.10.10.1 212.39.90.42 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\jwhh6y72.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/ FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll . ============= SERVICES / DRIVERS =============== . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2011-8-4 103112] R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2010-5-12 219360] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-20 652360] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2010-5-12 44032] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-20 20464] S2 gupdate;Ус»уі° Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 135664] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-12 1684736] S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 135664] S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [2011-7-17 21648] . =============== Created Last 30 ================ . 2012-03-25 08:21:04 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-23 09:57:50 -------- d-----w- c:\documents and settings\user\application data\SPE 2012-03-22 18:34:36 -------- d-----w- c:\documents and settings\user\application data\TeamViewer 2012-03-22 18:34:32 -------- d-----w- c:\program files\TeamViewer 2012-03-20 23:46:01 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2012-03-20 23:46:00 835904 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe 2012-03-20 21:02:49 -------- d-----w- c:\documents and settings\user\application data\AVG7 2012-03-20 19:02:29 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes 2012-03-20 19:02:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-03-20 19:02:18 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-20 19:02:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-17 19:42:34 -------- d-----w- c:\documents and settings\user\local settings\application data\ESET 2012-03-17 19:35:09 -------- d-----w- c:\program files\ESET 2012-03-14 19:32:35 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd 2012-03-14 19:32:18 -------- d-sh--w- c:\documents and settings\user\local settings\application data\52940067 . ==================== Find3M ==================== . 2012-03-25 08:21:57 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2012-03-25 08:21:57 187776 ----a-w- c:\windows\system32\drivers\acpi.sys 2012-03-20 23:32:00 81984 ----a-w- c:\windows\system32\bdod.bin 2012-03-04 09:04:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 13:42:25,07 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-09-30.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12.5.2010 г. 20:21:06 System Uptime: 25.3.2012 г. 13:00:13 (0 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | G31M-ES2L Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz | Socket 775 | 2599/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 98 GiB total, 79,538 GiB free. D: is FIXED (NTFS) - 186 GiB total, 38,456 GiB free. E: is FIXED (NTFS) - 183 GiB total, 172,15 GiB free. F: is CDROM () G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP444: 27.12.2011 г. 09:43:30 - System Checkpoint RP445: 28.12.2011 г. 18:19:00 - System Checkpoint RP446: 29.12.2011 г. 19:41:59 - System Checkpoint RP447: 30.12.2011 г. 23:21:23 - System Checkpoint RP448: 01.1.2012 г. 10:13:27 - System Checkpoint RP449: 02.1.2012 г. 15:03:25 - System Checkpoint RP450: 03.1.2012 г. 18:50:50 - System Checkpoint RP451: 04.1.2012 г. 19:17:42 - System Checkpoint RP452: 06.1.2012 г. 21:33:28 - System Checkpoint RP453: 08.1.2012 г. 20:32:44 - System Checkpoint RP454: 10.1.2012 г. 18:45:40 - System Checkpoint RP455: 11.1.2012 г. 19:28:50 - System Checkpoint RP456: 12.1.2012 г. 20:09:13 - System Checkpoint RP457: 13.1.2012 г. 21:35:26 - System Checkpoint RP458: 15.1.2012 г. 00:18:49 - System Checkpoint RP459: 16.1.2012 г. 18:04:14 - System Checkpoint RP460: 17.1.2012 г. 21:16:31 - System Checkpoint RP461: 18.1.2012 г. 22:29:33 - System Checkpoint RP462: 20.1.2012 г. 11:45:42 - System Checkpoint RP463: 21.1.2012 г. 12:09:46 - System Checkpoint RP464: 22.1.2012 г. 12:13:11 - System Checkpoint RP465: 23.1.2012 г. 19:18:01 - System Checkpoint RP466: 24.1.2012 г. 22:04:14 - System Checkpoint RP467: 25.1.2012 г. 22:38:19 - System Checkpoint RP468: 27.1.2012 г. 13:01:09 - System Checkpoint RP469: 28.1.2012 г. 19:16:53 - System Checkpoint RP470: 29.1.2012 г. 23:42:38 - System Checkpoint RP471: 31.1.2012 г. 14:38:25 - System Checkpoint RP472: 01.2.2012 г. 19:23:29 - System Checkpoint RP473: 02.2.2012 г. 19:35:36 - System Checkpoint RP474: 04.2.2012 г. 08:25:00 - System Checkpoint RP475: 05.2.2012 г. 12:34:54 - System Checkpoint RP476: 06.2.2012 г. 18:04:26 - System Checkpoint RP477: 07.2.2012 г. 18:38:38 - System Checkpoint RP478: 08.2.2012 г. 20:13:47 - System Checkpoint RP479: 10.2.2012 г. 18:51:41 - System Checkpoint RP480: 11.2.2012 г. 20:17:38 - System Checkpoint RP481: 13.2.2012 г. 17:53:47 - System Checkpoint RP482: 15.2.2012 г. 18:52:34 - System Checkpoint RP483: 16.2.2012 г. 18:59:16 - System Checkpoint RP484: 18.2.2012 г. 11:04:58 - System Checkpoint RP485: 19.2.2012 г. 11:29:43 - System Checkpoint RP486: 20.2.2012 г. 18:35:09 - System Checkpoint RP487: 22.2.2012 г. 18:19:20 - System Checkpoint RP488: 23.2.2012 г. 23:38:15 - System Checkpoint RP489: 25.2.2012 г. 11:58:47 - System Checkpoint RP490: 26.2.2012 г. 18:54:06 - System Checkpoint RP491: 27.2.2012 г. 23:48:03 - System Checkpoint RP492: 01.3.2012 г. 00:21:02 - System Checkpoint RP493: 02.3.2012 г. 19:02:03 - System Checkpoint RP494: 03.3.2012 г. 20:18:04 - System Checkpoint RP495: 05.3.2012 г. 18:17:00 - System Checkpoint RP496: 06.3.2012 г. 20:21:40 - System Checkpoint RP497: 08.3.2012 г. 00:06:47 - System Checkpoint RP498: 09.3.2012 г. 12:51:32 - System Checkpoint RP499: 10.3.2012 г. 13:28:42 - System Checkpoint RP500: 11.3.2012 г. 19:01:31 - System Checkpoint RP501: 12.3.2012 г. 19:56:49 - System Checkpoint RP502: 14.3.2012 г. 19:22:11 - System Checkpoint RP503: 15.3.2012 г. 19:53:30 - System Checkpoint RP504: 17.3.2012 г. 09:20:48 - System Checkpoint RP505: 17.3.2012 г. 19:38:27 - Removed Skype Click to Call RP506: 18.3.2012 г. 20:11:09 - System Checkpoint RP507: 19.3.2012 г. 20:25:57 - System Checkpoint RP508: 20.3.2012 г. 22:13:17 - System Checkpoint RP509: 20.3.2012 г. 23:02:02 - Installed AVG 7.5 RP510: 20.3.2012 г. 23:34:09 - Removed AVG 7.5 RP511: 20.3.2012 г. 23:35:47 - Installed AVG 7.5 RP512: 21.3.2012 г. 01:31:50 - Removed BitDefender Free Edition v10 RP513: 21.3.2012 г. 23:15:46 - Restore Operation RP514: 21.3.2012 г. 23:18:22 - Restore Operation RP515: 21.3.2012 г. 23:21:41 - Restore Operation RP516: 21.3.2012 г. 23:35:59 - Restore Operation RP517: 21.3.2012 г. 23:39:32 - Restore Operation RP518: 21.3.2012 г. 23:51:39 - Restore Operation RP519: 23.3.2012 г. 00:31:33 - System Checkpoint RP520: 24.3.2012 г. 10:29:02 - System Checkpoint . ==== Installed Programs ====================== . %WS4_ARP_DISPLAY% Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.0 Alky for Applications (Windows XP) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Browser Configuration Utility Compatibility Pack for the 2007 Office system Cyrilla Correct Edimax Wireless LAN ESET NOD32 Antivirus Final Media Player 2010 FlexType 2K Google Chrome Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB954550-v5) Intel® Graphics Media Accelerator Driver Java Auto Updater Java 6 Update 29 Malwarebytes Anti-Malware version 1.60.1.1000 Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30304 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox 11.0 (x86 bg) MSVC80_x86_v2 MSVC90_x86 MSXML 4.0 SP2 (KB954430) MSXML 6.0 Parser (KB933579) Nero 7 Ultra Edition Nokia Connectivity Cable Driver Nokia PC Internet Access OLYMPUS ib Ovi Files PC Connectivity Solution PowerDVD Realtek High Definition Audio Driver SA Dictionary 2005 T2 Security Update for Windows XP (KB960715) Skype Click to Call Skype™ 5.8 TeamViewer 7 The KMPlayer Veetle TV 0.9.17 WebFldrs XP Winamp (remove only) Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) Windows Rights Management Client Backwards Compatibility SP2 Windows Rights Management Client with Service Pack 2 WinRAR archiver WinZip XP Codec Pack µTorrent

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

До тук добре!

1. Изтеглете ComboFix от BleepingComputer

и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:

Публикувано изображение

След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:

Публикувано изображение

2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива.

3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.

4. ComboFix ще провери дали Windows Recovery Console e инсталиранa.

*Ако Windows Recovery Console не е инсталирана, ще е необходимо да използвате YES за инсталация на Windows Recovery Console

*Ако Windows Recovery Console е инсталирана, ComboFix ще продължи работата си.

Публикувано изображение

Забележка: Необходимо е да сте свързани към Интернет за да може Windows Recovery Console да се изтегли.

След инсталация на Windows Recovery Console потвърдете с YES, за да продължите напред. Снимка:

Публикувано изображение

5. ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на ComboFix, моля да прочетете това: Manually restoring the Internet connection section.

6. Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:

Публикувано изображение

Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Zdraveite, Pri puskaneto na Combofix mi izpisa che sam infected with Rootkit.ZeroAccess. ComboFix 12-03-22.01 - User 03.2012 г. 16:07:09.1.2 - x86 Running from: d:\my documents\Downloads\ComboFix.exe AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe c:\documents and settings\User\WINDOWS c:\windows\system32\dds_log_ad13.cmd c:\windows\system32\drivers\etc\hosts.txt . . ((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 ))))))))))))))))))))))))))))))) . . 2012-03-25 08:21 . 2012-03-25 08:21 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-24 17:48 . 2012-03-24 17:48 -------- d-----w- c:\program files\Common Files\Skype 2012-03-23 09:57 . 2012-03-23 09:57 -------- d-----w- c:\documents and settings\User\Application Data\SPE 2012-03-22 18:34 . 2012-03-22 18:34 -------- d-----w- c:\documents and settings\User\Application Data\TeamViewer 2012-03-22 18:34 . 2012-03-22 18:34 -------- d-----w- c:\program files\TeamViewer 2012-03-20 23:46 . 2012-03-13 04:38 97208 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2012-03-20 23:46 . 2012-03-13 07:49 835904 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe 2012-03-20 21:02 . 2012-03-20 21:34 -------- d-----w- c:\documents and settings\User\Application Data\AVG7 2012-03-20 21:02 . 2012-03-20 21:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG7 2012-03-20 21:02 . 2012-03-20 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg7 2012-03-20 19:02 . 2012-03-20 19:02 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes 2012-03-20 19:02 . 2012-03-20 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-03-20 19:02 . 2012-03-20 19:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-20 19:02 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-17 19:43 . 2012-03-17 19:43 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2012-03-17 19:42 . 2012-03-17 19:42 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\ESET 2012-03-17 19:35 . 2012-03-17 19:35 -------- d-----w- c:\program files\ESET 2012-03-17 19:35 . 2012-03-17 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2012-03-14 19:32 . 2012-03-14 19:32 -------- d-sh--w- c:\documents and settings\User\Local Settings\Application Data\52940067 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-25 08:21 . 2008-04-13 21:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2012-03-25 08:21 . 2008-04-13 21:06 187776 ----a-w- c:\windows\system32\drivers\acpi.sys 2012-03-04 09:04 . 2011-12-04 08:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-13 04:38 . 2012-03-20 23:46 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-02-12 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys . [-] 2009-02-12 . F2DF0FDBD41B34112EE05ED04258F052 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-10-16 328056] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208] "Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-02-04 93376] "NokiaPCInternetAccess"="c:\program files\Nokia\PC Internet Access\NPCIA.exe" [2009-09-17 663552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656] "RTHDCPL"="RTHDCPL.EXE" [2009-06-25 17887232] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2010-5-13 151552] Ovi Files Connector.lnk - c:\program files\Ovi Files\Ovi Files_agent.exe [2010-7-17 1447280] Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2010-5-27 716800] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-02-12 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.5.2010 і. 10:27 691696] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [04.8.2011 і. 10:20 118104] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [04.8.2011 і. 10:20 103112] R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [12.5.2010 і. 20:34 219360] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 і. 13:03 974944] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20.3.2012 і. 22:02 652360] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [12.5.2010 і. 20:40 44032] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.3.2012 і. 22:02 20464] S2 gupdate;Ус»уі° Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.5.2010 і. 10:13 135664] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 і. 09:50 158856] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.5.2010 і. 20:37 1684736] S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.5.2010 і. 10:13 135664] S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [17.7.2011 і. 15:49 21648] . Contents of the 'Scheduled Tasks' folder . 2012-03-25 c:\windows\Tasks\Final Media Player Update Checker.job - c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-01-15 09:25] . 2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 07:13] . 2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 07:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://eu.ask.com?o=15573&l=dis IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.10.10.1 212.39.90.42 FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\jwhh6y72.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/ . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-NWEReboot - (no file) HKLM-Run-Ovi Files Update - c:\program files\Ovi Files\updater.exe HKU-Default-Run-LClock - c:\program files\LClock\LClock.exe SafeBoot-98032613.sys MSConfigStartUp-LClock - c:\program files\LClock\LClock.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-25 16:10 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2012-03-25 16:11:44 ComboFix-quarantined-files.txt 2012-03-25 13:11 . Pre-Run: 85 193 904 128 bytes free Post-Run: 88 575 356 928 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 923FCEDB99AAC6BAE506681EA2D020F3


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Моля, влезте в www.virustotal.com и качете един по един следните файлове:

c:windowssystem32driverstcpip.sys

c:windowssystem32sfcfiles.dll

Нека се сканират успешно и след това, копирайте линковете и ги публикувайте в следващия си пост в тази тема.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Супер!

Стъпка 1

Вие сте използвали AVG 7, който е оставил следи след себе си, след като е бил деинсталиран. Нека ги почистим. Изтеглете AVG Remover:

http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2012_1796.exe

Стартирайте го и следвайте иструкциите.

Стъпка 2

  • Отворете notepad.exe и с copy/paste въведете следната информация:

    DirLook::
    c:documents and settingsUserApplication DataSPE
    
    Folder::
    c:documents and settingsUserApplication DataAVG7
    c:documents and settingsLocalServiceApplication DataAVG7
    c:documents and settingsAll UsersApplication Dataavg7
    c:documents and settingsUserLocal SettingsApplication Data52940067
    
    JavaClearCache::
    
  • Запазете файла с име CFScript и го провлачете и пуснете в Combofix (както е показано на картинката отдолу).

    Публикувано изображение

  • По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !
  • Публикувайте лог файла, който ще се създаде след рестарта на компютъра в следващия си пост.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
Борка , извинява че се бъркам във вашия раздел , НО към адаша ... тук пишем на български език !

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте, По долу е лога, но при пускането на ComboFix, отново ми изписа, че съм инферктиран с Rootkit.ZeroAccess. ComboFix 12-03-22.01 - User 03.2012 г. 19:42:17.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2037.1618 [GMT 3:00] Running from: d:\my documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\avg7 c:\documents and settings\All Users\Application Data\avg7\Log\emc.log c:\documents and settings\LocalService\Application Data\AVG7 c:\documents and settings\User\Application Data\AVG7 c:\documents and settings\User\Local Settings\Application Data\52940067 c:\documents and settings\User\Local Settings\Application Data\52940067\@ . . ((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 ))))))))))))))))))))))))))))))) . . 2012-03-25 08:21 . 2012-03-25 08:21 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-24 17:48 . 2012-03-24 17:48 -------- d-----w- c:\program files\Common Files\Skype 2012-03-23 09:57 . 2012-03-23 09:57 -------- d-----w- c:\documents and settings\User\Application Data\SPE 2012-03-22 18:34 . 2012-03-22 18:34 -------- d-----w- c:\documents and settings\User\Application Data\TeamViewer 2012-03-22 18:34 . 2012-03-22 18:34 -------- d-----w- c:\program files\TeamViewer 2012-03-20 23:46 . 2012-03-13 04:38 97208 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2012-03-20 23:46 . 2012-03-13 07:49 835904 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe 2012-03-20 19:02 . 2012-03-20 19:02 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes 2012-03-20 19:02 . 2012-03-20 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-03-20 19:02 . 2012-03-20 19:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-20 19:02 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-17 19:43 . 2012-03-17 19:43 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2012-03-17 19:42 . 2012-03-17 19:42 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\ESET 2012-03-17 19:35 . 2012-03-17 19:35 -------- d-----w- c:\program files\ESET 2012-03-17 19:35 . 2012-03-17 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-25 08:21 . 2008-04-13 21:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2012-03-25 08:21 . 2008-04-13 21:06 187776 ----a-w- c:\windows\system32\drivers\acpi.sys 2012-03-04 09:04 . 2011-12-04 08:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-13 04:38 . 2012-03-20 23:46 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\User\Application Data\SPE ---- . 2012-03-23 10:00 . 2012-03-23 10:00 1047 ----a-w- c:\documents and settings\User\Application Data\SPE\remediate_2012_03_23_12_00_07_r1.dat . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-02-12 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys . [-] 2009-02-12 . F2DF0FDBD41B34112EE05ED04258F052 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2012-03-25_13.10.52 ))))))))))))))))))))))))))))))))))))))))) . + 2012-03-25 16:41 . 2012-03-25 16:41 16384 c:\windows\Temp\Perflib_Perfdata_7dc.dat + 2001-08-23 11:00 . 2012-03-25 13:25 72040 c:\windows\system32\perfc009.dat - 2001-08-23 11:00 . 2012-03-25 10:04 72040 c:\windows\system32\perfc009.dat + 2001-08-23 11:00 . 2012-03-25 13:25 444164 c:\windows\system32\perfh009.dat - 2001-08-23 11:00 . 2012-03-25 10:04 444164 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-10-16 328056] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208] "Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-02-04 93376] "NokiaPCInternetAccess"="c:\program files\Nokia\PC Internet Access\NPCIA.exe" [2009-09-17 663552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656] "RTHDCPL"="RTHDCPL.EXE" [2009-06-25 17887232] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2010-5-13 151552] Ovi Files Connector.lnk - c:\program files\Ovi Files\Ovi Files_agent.exe [2010-7-17 1447280] Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2010-5-27 716800] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-02-12 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.5.2010 і. 10:27 691696] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [04.8.2011 і. 10:20 118104] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [04.8.2011 і. 10:20 103112] R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [12.5.2010 і. 20:34 219360] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 і. 13:03 974944] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20.3.2012 і. 22:02 652360] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [12.5.2010 і. 20:40 44032] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.3.2012 і. 22:02 20464] S2 gupdate;Ус»уі° Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.5.2010 і. 10:13 135664] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 і. 09:50 158856] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.5.2010 і. 20:37 1684736] S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.5.2010 і. 10:13 135664] S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [17.7.2011 і. 15:49 21648] . Contents of the 'Scheduled Tasks' folder . 2012-03-25 c:\windows\Tasks\Final Media Player Update Checker.job - c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-01-15 09:25] . 2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 07:13] . 2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 07:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://eu.ask.com?o=15573&l=dis IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.10.10.1 212.39.90.42 FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\jwhh6y72.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-25 19:45 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2012-03-25 19:45:53 ComboFix-quarantined-files.txt 2012-03-25 16:45 ComboFix2.txt 2012-03-25 13:11 . Pre-Run: 88 651 993 088 bytes free Post-Run: 88 651 984 896 bytes free . - - End Of File - - FA06EAC476850EF7399A3987FC0F2472

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Моля, повторете процедурата с TDSSKiller и след това:

Моля, изтеглете aswMBR и го запазете на вашия десктоп.

  • Кликнете с двоен клин на мишката върху файла aswMBR.exe за да го стартирате.
  • Изчакайте да изтегли дефинициите на avast!
  • От падащото меню посочете дял C: както е на снимката:
Публикувано изображение
  • Изберете Scan бутона, за да започне проверката.
  • Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му в следващия си коментар.

Накрая, публикувайте и двата лог файла.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте, Ето и логовете: 20:05:23.0921 3196 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00 20:05:24.0265 3196 ============================================================ 20:05:24.0265 3196 Current date / time: 2012/03/25 20:05:24.0265 20:05:24.0265 3196 SystemInfo: 20:05:24.0265 3196 20:05:24.0265 3196 OS Version: 5.1.2600 ServicePack: 3.0 20:05:24.0265 3196 Product type: Workstation 20:05:24.0265 3196 ComputerName: LG 20:05:24.0265 3196 UserName: User 20:05:24.0265 3196 Windows directory: C:\WINDOWS 20:05:24.0265 3196 System windows directory: C:\WINDOWS 20:05:24.0265 3196 Processor architecture: Intel x86 20:05:24.0265 3196 Number of processors: 2 20:05:24.0265 3196 Page size: 0x1000 20:05:24.0265 3196 Boot type: Normal boot 20:05:24.0265 3196 ============================================================ 20:05:25.0468 3196 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 20:05:25.0468 3196 \Device\Harddisk0\DR0: 20:05:25.0468 3196 MBR used 20:05:25.0468 3196 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D 20:05:25.0484 3196 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x173198DF 20:05:25.0500 3196 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23668C29, BlocksNum 0x16D18157 20:05:25.0750 3196 Initialize success 20:05:25.0750 3196 ============================================================ 20:05:34.0109 2208 ============================================================ 20:05:34.0109 2208 Scan started 20:05:34.0109 2208 Mode: Manual; SigCheck; TDLFS; 20:05:34.0109 2208 ============================================================ 20:05:34.0453 2208 Abiosdsk - ok 20:05:34.0468 2208 abp480n5 - ok 20:05:34.0484 2208 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:05:35.0703 2208 ACPI - ok 20:05:35.0781 2208 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 20:05:35.0890 2208 ACPIEC - ok 20:05:35.0890 2208 adpu160m - ok 20:05:35.0937 2208 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 20:05:36.0015 2208 aec - ok 20:05:36.0046 2208 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys 20:05:36.0078 2208 AegisP ( UnsignedFile.Multi.Generic ) - warning 20:05:36.0078 2208 AegisP - detected UnsignedFile.Multi.Generic (1) 20:05:36.0109 2208 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys 20:05:36.0171 2208 AFD - ok 20:05:36.0218 2208 Aha154x - ok 20:05:36.0218 2208 aic78u2 - ok 20:05:36.0234 2208 aic78xx - ok 20:05:36.0250 2208 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 20:05:36.0343 2208 Alerter - ok 20:05:36.0359 2208 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 20:05:36.0406 2208 ALG - ok 20:05:36.0421 2208 AliIde - ok 20:05:36.0484 2208 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys 20:05:36.0562 2208 Ambfilt - ok 20:05:36.0562 2208 amsint - ok 20:05:36.0593 2208 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 20:05:36.0640 2208 AppMgmt - ok 20:05:36.0656 2208 asc - ok 20:05:36.0656 2208 asc3350p - ok 20:05:36.0671 2208 asc3550 - ok 20:05:36.0750 2208 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 20:05:36.0796 2208 aspnet_state - ok 20:05:36.0812 2208 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:05:36.0937 2208 AsyncMac - ok 20:05:37.0078 2208 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 20:05:37.0171 2208 atapi - ok 20:05:37.0171 2208 Atdisk - ok 20:05:37.0203 2208 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:05:37.0281 2208 Atmarpc - ok 20:05:37.0296 2208 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 20:05:37.0375 2208 AudioSrv - ok 20:05:37.0406 2208 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 20:05:37.0484 2208 audstub - ok 20:05:37.0515 2208 BCUService (f29d375926e36e3a56af4805c7749302) C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe 20:05:37.0531 2208 BCUService - ok 20:05:37.0531 2208 bdfdll - ok 20:05:37.0531 2208 BDFsDrv - ok 20:05:37.0531 2208 BDRsDrv - ok 20:05:37.0593 2208 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 20:05:37.0687 2208 Beep - ok 20:05:37.0703 2208 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 20:05:37.0796 2208 BITS - ok 20:05:37.0859 2208 Browser (7e39a3edc13b076e70fdb9a6f6d7a4b4) C:\WINDOWS\System32\browser.dll 20:05:37.0953 2208 Browser - ok 20:05:38.0000 2208 catchme - ok 20:05:38.0109 2208 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 20:05:38.0234 2208 cbidf2k - ok 20:05:38.0250 2208 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 20:05:38.0343 2208 CCDECODE - ok 20:05:38.0343 2208 cd20xrnt - ok 20:05:38.0375 2208 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 20:05:38.0453 2208 Cdaudio - ok 20:05:38.0468 2208 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 20:05:38.0562 2208 Cdfs - ok 20:05:38.0734 2208 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:05:38.0796 2208 Cdrom - ok 20:05:38.0843 2208 Changer - ok 20:05:38.0875 2208 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 20:05:38.0968 2208 CiSvc - ok 20:05:39.0093 2208 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 20:05:39.0171 2208 ClipSrv - ok 20:05:39.0375 2208 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:05:39.0562 2208 clr_optimization_v2.0.50727_32 - ok 20:05:39.0765 2208 CmdIde - ok 20:05:39.0906 2208 COMSysApp - ok 20:05:40.0000 2208 Cpqarray - ok 20:05:40.0109 2208 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 20:05:40.0218 2208 CryptSvc - ok 20:05:40.0390 2208 dac2w2k - ok 20:05:40.0546 2208 dac960nt - ok 20:05:40.0843 2208 DcomLaunch (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll 20:05:40.0968 2208 DcomLaunch - ok 20:05:41.0375 2208 Dhcp (c51de19619d50cbd03708647aca10e70) C:\WINDOWS\System32\dhcpcsvc.dll 20:05:41.0953 2208 Dhcp - ok 20:05:42.0234 2208 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys 20:05:42.0343 2208 Disk - ok 20:05:42.0468 2208 dmadmin - ok 20:05:42.0781 2208 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 20:05:42.0890 2208 dmboot - ok 20:05:43.0140 2208 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 20:05:43.0250 2208 dmio - ok 20:05:43.0562 2208 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 20:05:43.0703 2208 dmload - ok 20:05:43.0953 2208 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 20:05:44.0046 2208 dmserver - ok 20:05:44.0281 2208 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 20:05:44.0375 2208 DMusic - ok 20:05:44.0609 2208 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll 20:05:44.0703 2208 Dnscache - ok 20:05:44.0953 2208 Dot3svc (b4109c8c3d54c83246997a777724f318) C:\WINDOWS\System32\dot3svc.dll 20:05:45.0031 2208 Dot3svc - ok 20:05:45.0109 2208 dpti2o - ok 20:05:45.0125 2208 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 20:05:45.0218 2208 drmkaud - ok 20:05:45.0281 2208 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys 20:05:45.0312 2208 eamon - ok 20:05:45.0328 2208 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 20:05:45.0421 2208 EapHost - ok 20:05:45.0437 2208 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys 20:05:45.0437 2208 ehdrv - ok 20:05:45.0515 2208 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe 20:05:45.0546 2208 ekrn - ok 20:05:45.0578 2208 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys 20:05:45.0578 2208 epfwtdir - ok 20:05:45.0609 2208 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 20:05:45.0703 2208 ERSvc - ok 20:05:45.0718 2208 Eventlog (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe 20:05:45.0796 2208 Eventlog - ok 20:05:45.0828 2208 EventSystem (f17f6226bdc0cd5f0bef0daf84d29bec) C:\WINDOWS\system32\es.dll 20:05:45.0875 2208 EventSystem - ok 20:05:45.0921 2208 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys 20:05:45.0937 2208 exFat - ok 20:05:45.0953 2208 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 20:05:46.0031 2208 Fastfat - ok 20:05:46.0062 2208 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 20:05:46.0156 2208 FastUserSwitchingCompatibility - ok 20:05:46.0156 2208 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 20:05:46.0265 2208 Fdc - ok 20:05:46.0281 2208 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 20:05:46.0375 2208 Fips - ok 20:05:46.0390 2208 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20:05:46.0484 2208 Flpydisk - ok 20:05:46.0515 2208 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 20:05:46.0593 2208 FltMgr - ok 20:05:46.0625 2208 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 20:05:46.0640 2208 FontCache3.0.0.0 - ok 20:05:46.0687 2208 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:05:46.0703 2208 Fs_Rec - ok 20:05:46.0718 2208 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:05:46.0781 2208 Ftdisk - ok 20:05:46.0812 2208 gdrv - ok 20:05:46.0875 2208 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:05:46.0953 2208 Gpc - ok 20:05:47.0000 2208 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 20:05:47.0015 2208 gupdate - ok 20:05:47.0015 2208 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 20:05:47.0031 2208 gupdatem - ok 20:05:47.0046 2208 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 20:05:47.0125 2208 HDAudBus - ok 20:05:47.0156 2208 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 20:05:47.0234 2208 helpsvc - ok 20:05:47.0250 2208 HidServ - ok 20:05:47.0265 2208 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 20:05:47.0343 2208 hkmsvc - ok 20:05:47.0359 2208 hpn - ok 20:05:47.0375 2208 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 20:05:47.0453 2208 HTTP - ok 20:05:47.0484 2208 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 20:05:47.0562 2208 HTTPFilter - ok 20:05:47.0593 2208 i2omgmt - ok 20:05:47.0625 2208 i2omp - ok 20:05:47.0640 2208 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 20:05:47.0734 2208 i8042prt - ok 20:05:47.0843 2208 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 20:05:48.0031 2208 ialm - ok 20:05:48.0093 2208 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:05:48.0125 2208 idsvc - ok 20:05:48.0171 2208 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 20:05:48.0265 2208 Imapi - ok 20:05:48.0281 2208 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 20:05:48.0375 2208 ImapiService - ok 20:05:48.0390 2208 InCDFs - ok 20:05:48.0406 2208 InCDPass - ok 20:05:48.0406 2208 InCDRm - ok 20:05:48.0421 2208 ini910u - ok 20:05:48.0515 2208 IntcAzAudAddService (512cc914475348d774d1bb9f866396a5) C:\WINDOWS\system32\drivers\RtkHDAud.sys 20:05:48.0625 2208 IntcAzAudAddService - ok 20:05:48.0640 2208 IntelIde - ok 20:05:48.0687 2208 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 20:05:48.0750 2208 intelppm - ok 20:05:48.0781 2208 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 20:05:48.0890 2208 Ip6Fw - ok 20:05:48.0921 2208 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:05:49.0000 2208 IpFilterDriver - ok 20:05:49.0015 2208 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:05:49.0078 2208 IpInIp - ok 20:05:49.0109 2208 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:05:49.0187 2208 IpNat - ok 20:05:49.0234 2208 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:05:49.0312 2208 IPSec - ok 20:05:49.0328 2208 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 20:05:49.0359 2208 IRENUM - ok 20:05:49.0375 2208 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:05:49.0468 2208 isapnp - ok 20:05:49.0546 2208 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe 20:05:49.0546 2208 JavaQuickStarterService - ok 20:05:49.0562 2208 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:05:49.0656 2208 Kbdclass - ok 20:05:49.0703 2208 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 20:05:49.0781 2208 kmixer - ok 20:05:49.0812 2208 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 20:05:49.0906 2208 KSecDD - ok 20:05:49.0921 2208 L1c (96478fe91c5a37c673ebe3da87c1a115) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys 20:05:49.0953 2208 L1c - ok 20:05:49.0984 2208 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll 20:05:50.0078 2208 LanmanServer - ok 20:05:50.0093 2208 lanmanworkstation (6b7698bde0817007d9494f1a91f4482d) C:\WINDOWS\System32\wkssvc.dll 20:05:50.0140 2208 lanmanworkstation - ok 20:05:50.0156 2208 lbrtfdc - ok 20:05:50.0218 2208 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 20:05:50.0312 2208 LmHosts - ok 20:05:50.0359 2208 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys 20:05:50.0359 2208 MBAMProtector - ok 20:05:50.0406 2208 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 20:05:50.0421 2208 MBAMService - ok 20:05:50.0453 2208 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 20:05:50.0531 2208 Messenger - ok 20:05:50.0562 2208 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 20:05:50.0640 2208 mnmdd - ok 20:05:50.0671 2208 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 20:05:50.0750 2208 mnmsrvc - ok 20:05:50.0750 2208 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 20:05:50.0843 2208 Modem - ok 20:05:50.0890 2208 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys 20:05:50.0937 2208 Monfilt - ok 20:05:50.0953 2208 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:05:51.0046 2208 Mouclass - ok 20:05:51.0062 2208 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 20:05:51.0187 2208 MountMgr - ok 20:05:51.0187 2208 mraid35x - ok 20:05:51.0203 2208 MRxDAV (65e818c473e220b6ab762e1966296fd1) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:05:51.0218 2208 MRxDAV - ok 20:05:51.0234 2208 MRxSmb (dacb333a5d3758e7117522c1361075c6) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:05:51.0328 2208 MRxSmb - ok 20:05:51.0390 2208 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 20:05:51.0468 2208 MSDTC - ok 20:05:51.0484 2208 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 20:05:51.0562 2208 Msfs - ok 20:05:51.0562 2208 MSIServer - ok 20:05:51.0593 2208 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:05:51.0671 2208 MSKSSRV - ok 20:05:51.0671 2208 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:05:51.0750 2208 MSPCLOCK - ok 20:05:51.0750 2208 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 20:05:51.0843 2208 MSPQM - ok 20:05:51.0859 2208 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:05:51.0937 2208 mssmbios - ok 20:05:51.0953 2208 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 20:05:52.0015 2208 MSTEE - ok 20:05:52.0031 2208 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys 20:05:52.0046 2208 Mup - ok 20:05:52.0046 2208 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 20:05:52.0140 2208 NABTSFEC - ok 20:05:52.0187 2208 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 20:05:52.0265 2208 napagent - ok 20:05:52.0296 2208 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys 20:05:52.0328 2208 NDIS - ok 20:05:52.0343 2208 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 20:05:52.0421 2208 NdisIP - ok 20:05:52.0437 2208 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:05:52.0515 2208 NdisTapi - ok 20:05:52.0515 2208 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:05:52.0593 2208 Ndisuio - ok 20:05:52.0625 2208 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:05:52.0625 2208 NdisWan - ok 20:05:52.0640 2208 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 20:05:52.0718 2208 NDProxy - ok 20:05:52.0718 2208 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 20:05:52.0796 2208 NetBIOS - ok 20:05:52.0812 2208 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 20:05:52.0906 2208 NetBT - ok 20:05:52.0921 2208 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 20:05:53.0000 2208 NetDDE - ok 20:05:53.0015 2208 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 20:05:53.0078 2208 NetDDEdsdm - ok 20:05:53.0109 2208 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:05:53.0203 2208 Netlogon - ok 20:05:53.0218 2208 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 20:05:53.0296 2208 Netman - ok 20:05:53.0343 2208 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:05:53.0343 2208 NetTcpPortSharing - ok 20:05:53.0375 2208 Nla (290c1a30defc723bbe10910ac2d6f6d0) C:\WINDOWS\System32\mswsock.dll 20:05:53.0406 2208 Nla - ok 20:05:53.0437 2208 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys 20:05:53.0546 2208 nmwcd - ok 20:05:53.0625 2208 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys 20:05:53.0671 2208 nmwcdc - ok 20:05:53.0687 2208 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 20:05:53.0765 2208 Npfs - ok 20:05:53.0765 2208 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys 20:05:53.0796 2208 Ntfs - ok 20:05:53.0828 2208 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:05:53.0906 2208 NtLmSsp - ok 20:05:53.0953 2208 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 20:05:54.0046 2208 NtmsSvc - ok 20:05:54.0062 2208 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 20:05:54.0156 2208 Null - ok 20:05:54.0171 2208 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:05:54.0250 2208 NwlnkFlt - ok 20:05:54.0265 2208 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:05:54.0328 2208 NwlnkFwd - ok 20:05:54.0359 2208 OlyCamComm (f4cb9c1991314b1352ddbd8a968e4471) C:\WINDOWS\system32\DRIVERS\OlyCamComm.sys 20:05:54.0375 2208 OlyCamComm - ok 20:05:54.0421 2208 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:05:54.0421 2208 ose - ok 20:05:54.0453 2208 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 20:05:54.0546 2208 Parport - ok 20:05:54.0562 2208 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 20:05:54.0640 2208 PartMgr - ok 20:05:54.0671 2208 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 20:05:54.0765 2208 ParVdm - ok 20:05:54.0781 2208 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 20:05:54.0812 2208 pccsmcfd - ok 20:05:54.0828 2208 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 20:05:54.0906 2208 PCI - ok 20:05:54.0906 2208 PCIDump - ok 20:05:54.0921 2208 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 20:05:55.0156 2208 PCIIde - ok 20:05:55.0171 2208 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 20:05:55.0265 2208 Pcmcia - ok 20:05:55.0281 2208 PDCOMP - ok 20:05:55.0296 2208 PDFRAME - ok 20:05:55.0296 2208 PDRELI - ok 20:05:55.0312 2208 PDRFRAME - ok 20:05:55.0328 2208 perc2 - ok 20:05:55.0343 2208 perc2hib - ok 20:05:55.0375 2208 PlugPlay (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe 20:05:55.0437 2208 PlugPlay - ok 20:05:55.0484 2208 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:05:55.0562 2208 PolicyAgent - ok 20:05:55.0640 2208 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:05:55.0718 2208 PptpMiniport - ok 20:05:55.0718 2208 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:05:55.0796 2208 ProtectedStorage - ok 20:05:55.0796 2208 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 20:05:55.0859 2208 PSched - ok 20:05:55.0906 2208 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:05:56.0000 2208 Ptilink - ok 20:05:56.0031 2208 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 20:05:56.0031 2208 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning 20:05:56.0031 2208 PxHelp20 - detected UnsignedFile.Multi.Generic (1) 20:05:56.0046 2208 ql1080 - ok 20:05:56.0046 2208 Ql10wnt - ok 20:05:56.0062 2208 ql12160 - ok 20:05:56.0062 2208 ql1240 - ok 20:05:56.0062 2208 ql1280 - ok 20:05:56.0078 2208 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:05:56.0156 2208 RasAcd - ok 20:05:56.0187 2208 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 20:05:56.0265 2208 RasAuto - ok 20:05:56.0296 2208 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:05:56.0359 2208 Rasl2tp - ok 20:05:56.0546 2208 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 20:05:56.0703 2208 RasMan - ok 20:05:56.0750 2208 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:05:56.0843 2208 RasPppoe - ok 20:05:56.0906 2208 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 20:05:57.0000 2208 Raspti - ok 20:05:57.0593 2208 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:05:57.0656 2208 Rdbss - ok 20:05:57.0765 2208 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:05:57.0828 2208 RDPCDD - ok 20:05:57.0921 2208 rdpdr (c694a927eb7c354f7ae97955043a9641) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 20:05:57.0937 2208 rdpdr - ok 20:05:57.0968 2208 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys 20:05:58.0000 2208 RDPWD - ok 20:05:58.0046 2208 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 20:05:58.0140 2208 RDSessMgr - ok 20:05:58.0656 2208 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 20:05:58.0750 2208 redbook - ok 20:05:58.0843 2208 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 20:05:58.0921 2208 RemoteAccess - ok 20:05:59.0046 2208 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 20:05:59.0125 2208 RemoteRegistry - ok 20:05:59.0203 2208 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 20:05:59.0281 2208 RpcLocator - ok 20:05:59.0281 2208 RpcSs (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\System32\rpcss.dll 20:05:59.0359 2208 RpcSs - ok 20:05:59.0375 2208 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys 20:05:59.0406 2208 rspndr - ok 20:05:59.0437 2208 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 20:05:59.0500 2208 RSVP - ok 20:05:59.0546 2208 RT73 (c7bcf9808e2a1b4cabe16ff7fbce5fab) C:\WINDOWS\system32\DRIVERS\rt73.sys 20:05:59.0609 2208 RT73 - ok 20:05:59.0640 2208 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:05:59.0703 2208 SamSs - ok 20:05:59.0781 2208 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 20:05:59.0859 2208 SCardSvr - ok 20:05:59.0937 2208 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 20:06:00.0031 2208 Schedule - ok 20:06:00.0062 2208 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:06:00.0093 2208 Secdrv - ok 20:06:00.0109 2208 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 20:06:00.0187 2208 seclogon - ok 20:06:00.0203 2208 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 20:06:00.0265 2208 SENS - ok 20:06:00.0296 2208 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 20:06:00.0359 2208 serenum - ok 20:06:00.0359 2208 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 20:06:00.0437 2208 Serial - ok 20:06:00.0484 2208 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 20:06:00.0515 2208 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning 20:06:00.0515 2208 ServiceLayer - detected UnsignedFile.Multi.Generic (1) 20:06:00.0593 2208 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 20:06:00.0671 2208 Sfloppy - ok 20:06:00.0703 2208 SharedAccess (4f10a2fa76b5bd54cd68afa94e8adb39) C:\WINDOWS\System32\ipnathlp.dll 20:06:00.0734 2208 SharedAccess - ok 20:06:00.0750 2208 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 20:06:00.0828 2208 ShellHWDetection - ok 20:06:00.0875 2208 Simbad - ok 20:06:00.0921 2208 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe 20:06:00.0953 2208 SkypeUpdate - ok 20:06:00.0984 2208 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 20:06:01.0062 2208 SLIP - ok 20:06:01.0062 2208 Sparrow - ok 20:06:01.0093 2208 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 20:06:01.0156 2208 splitter - ok 20:06:01.0171 2208 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe 20:06:01.0250 2208 Spooler - ok 20:06:01.0296 2208 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 20:06:01.0296 2208 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 20:06:01.0296 2208 sptd ( LockedFile.Multi.Generic ) - warning 20:06:01.0296 2208 sptd - detected LockedFile.Multi.Generic (1) 20:06:01.0312 2208 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 20:06:01.0359 2208 sr - ok 20:06:01.0375 2208 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 20:06:01.0421 2208 srservice - ok 20:06:01.0437 2208 Srv (e89b42b216bc86ada4345908284519cb) C:\WINDOWS\system32\DRIVERS\srv.sys 20:06:01.0468 2208 Srv - ok 20:06:01.0500 2208 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 20:06:01.0531 2208 SSDPSRV - ok 20:06:01.0562 2208 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 20:06:01.0625 2208 stisvc - ok 20:06:01.0671 2208 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 20:06:01.0765 2208 streamip - ok 20:06:01.0796 2208 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 20:06:01.0875 2208 swenum - ok 20:06:01.0921 2208 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 20:06:02.0000 2208 swmidi - ok 20:06:02.0015 2208 SwPrv - ok 20:06:02.0015 2208 symc810 - ok 20:06:02.0031 2208 symc8xx - ok 20:06:02.0031 2208 sym_hi - ok 20:06:02.0046 2208 sym_u3 - ok 20:06:02.0062 2208 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 20:06:02.0156 2208 sysaudio - ok 20:06:02.0187 2208 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 20:06:02.0265 2208 SysmonLog - ok 20:06:02.0296 2208 TapiSrv (e2b32b10acc5d97623275aafb67e5f03) C:\WINDOWS\System32\tapisrv.dll 20:06:02.0328 2208 TapiSrv - ok 20:06:02.0343 2208 Tcpip (25a740d70e8007814a48d3fa1b34fa34) C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:06:02.0390 2208 Tcpip ( UnsignedFile.Multi.Generic ) - warning 20:06:02.0390 2208 Tcpip - detected UnsignedFile.Multi.Generic (1) 20:06:02.0437 2208 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 20:06:02.0515 2208 TDPIPE - ok 20:06:02.0531 2208 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 20:06:02.0609 2208 TDTCP - ok 20:06:02.0687 2208 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 20:06:02.0765 2208 TermDD - ok 20:06:02.0796 2208 TermService (37981a741ad7b04258e87129ffe79ab9) C:\WINDOWS\System32\termsrv.dll 20:06:02.0828 2208 TermService - ok 20:06:02.0843 2208 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 20:06:02.0906 2208 Themes - ok 20:06:02.0968 2208 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 20:06:03.0015 2208 TlntSvr - ok 20:06:03.0031 2208 TosIde - ok 20:06:03.0046 2208 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 20:06:03.0109 2208 TrkWks - ok 20:06:03.0140 2208 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 20:06:03.0218 2208 Udfs - ok 20:06:03.0218 2208 ultra - ok 20:06:03.0250 2208 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 20:06:03.0328 2208 Update - ok 20:06:03.0375 2208 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 20:06:03.0421 2208 upnphost - ok 20:06:03.0453 2208 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 20:06:03.0500 2208 upperdev - ok 20:06:03.0515 2208 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 20:06:03.0578 2208 UPS - ok 20:06:03.0609 2208 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 20:06:03.0640 2208 usbccgp - ok 20:06:03.0671 2208 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:06:03.0703 2208 usbehci - ok 20:06:03.0734 2208 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:06:03.0796 2208 usbhub - ok 20:06:03.0812 2208 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 20:06:03.0875 2208 usbscan - ok 20:06:03.0906 2208 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys 20:06:03.0968 2208 usbser - ok 20:06:03.0984 2208 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 20:06:04.0031 2208 UsbserFilt - ok 20:06:04.0031 2208 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:06:04.0109 2208 USBSTOR - ok 20:06:04.0140 2208 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20:06:04.0203 2208 usbuhci - ok 20:06:04.0218 2208 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 20:06:04.0296 2208 usbvideo - ok 20:06:04.0296 2208 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 20:06:04.0375 2208 VgaSave - ok 20:06:04.0390 2208 ViaIde - ok 20:06:04.0406 2208 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 20:06:04.0468 2208 VolSnap - ok 20:06:04.0500 2208 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 20:06:04.0546 2208 VSS - ok 20:06:04.0578 2208 W32Time (9f8a0d0cbb2fa265a754516128c00e22) C:\WINDOWS\system32\w32time.dll 20:06:04.0609 2208 W32Time - ok 20:06:04.0640 2208 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:06:04.0718 2208 Wanarp - ok 20:06:04.0750 2208 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 20:06:04.0765 2208 Wdf01000 - ok 20:06:04.0812 2208 WDICA - ok 20:06:04.0843 2208 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 20:06:04.0921 2208 wdmaud - ok 20:06:04.0953 2208 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 20:06:05.0031 2208 WebClient - ok 20:06:05.0062 2208 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 20:06:05.0125 2208 winmgmt - ok 20:06:05.0156 2208 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 20:06:05.0187 2208 WmdmPmSN - ok 20:06:05.0234 2208 Wmi (bab489a5fe26f2d0c910cf7af7e4cf92) C:\WINDOWS\System32\advapi32.dll 20:06:05.0328 2208 Wmi - ok 20:06:05.0359 2208 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 20:06:05.0437 2208 WmiApSrv - ok 20:06:05.0531 2208 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 20:06:05.0593 2208 WMPNetworkSvc - ok 20:06:05.0671 2208 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 20:06:05.0687 2208 WpdUsb - ok 20:06:05.0718 2208 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 20:06:05.0796 2208 WS2IFSL - ok 20:06:05.0812 2208 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 20:06:05.0890 2208 wscsvc - ok 20:06:05.0921 2208 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 20:06:05.0984 2208 WSTCODEC - ok 20:06:06.0015 2208 wuauserv (aae1a6ffba2b0436e91795120f48c461) C:\WINDOWS\system32\wuauserv.dll 20:06:06.0015 2208 wuauserv - ok 20:06:06.0031 2208 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 20:06:06.0062 2208 WudfPf - ok 20:06:06.0062 2208 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 20:06:06.0078 2208 WudfRd - ok 20:06:06.0093 2208 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 20:06:06.0109 2208 WudfSvc - ok 20:06:06.0140 2208 WZCSVC (349b8d2bb755e8c3b0e3e82a87663e55) C:\WINDOWS\System32\wzcsvc.dll 20:06:06.0187 2208 WZCSVC - ok 20:06:06.0203 2208 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 20:06:06.0281 2208 xmlprov - ok 20:06:06.0312 2208 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 20:06:06.0500 2208 \Device\Harddisk0\DR0 - ok 20:06:06.0500 2208 Boot (0x1200) (2af4fe01936d5ecd56b1adc75b6afd4a) \Device\Harddisk0\DR0\Partition0 20:06:06.0515 2208 \Device\Harddisk0\DR0\Partition0 - ok 20:06:06.0531 2208 Boot (0x1200) (f93326c93b90b1bd214801b20cb1bdfb) \Device\Harddisk0\DR0\Partition1 20:06:06.0531 2208 \Device\Harddisk0\DR0\Partition1 - ok 20:06:06.0546 2208 Boot (0x1200) (a1896c11720f5fb3e84354b56237ea1c) \Device\Harddisk0\DR0\Partition2 20:06:06.0546 2208 \Device\Harddisk0\DR0\Partition2 - ok 20:06:06.0546 2208 ============================================================ 20:06:06.0546 2208 Scan finished 20:06:06.0546 2208 ============================================================ 20:06:06.0671 1008 Detected object count: 5 20:06:06.0671 1008 Actual detected object count: 5 20:06:25.0375 1008 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 20:06:25.0375 1008 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:06:25.0375 1008 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user 20:06:25.0375 1008 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:06:25.0375 1008 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user 20:06:25.0375 1008 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:06:25.0375 1008 sptd ( LockedFile.Multi.Generic ) - skipped by user 20:06:25.0375 1008 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 20:06:25.0375 1008 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user 20:06:25.0375 1008 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:06:36.0453 0532 ============================================================ 20:06:36.0453 0532 Scan started 20:06:36.0453 0532 Mode: Manual; SigCheck; TDLFS; 20:06:36.0453 0532 ============================================================ 20:06:36.0656 0532 Abiosdsk - ok 20:06:36.0671 0532 abp480n5 - ok 20:06:36.0687 0532 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:06:36.0796 0532 ACPI - ok 20:06:36.0828 0532 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 20:06:36.0890 0532 ACPIEC - ok 20:06:36.0906 0532 adpu160m - ok 20:06:36.0937 0532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 20:06:37.0015 0532 aec - ok 20:06:37.0046 0532 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys 20:06:37.0062 0532 AegisP ( UnsignedFile.Multi.Generic ) - warning 20:06:37.0062 0532 AegisP - detected UnsignedFile.Multi.Generic (1) 20:06:37.0093 0532 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys 20:06:37.0109 0532 AFD - ok 20:06:37.0109 0532 Aha154x - ok 20:06:37.0125 0532 aic78u2 - ok 20:06:37.0125 0532 aic78xx - ok 20:06:37.0156 0532 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 20:06:37.0250 0532 Alerter - ok 20:06:37.0265 0532 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 20:06:37.0296 0532 ALG - ok 20:06:37.0312 0532 AliIde - ok 20:06:37.0359 0532 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys 20:06:37.0406 0532 Ambfilt - ok 20:06:37.0406 0532 amsint - ok 20:06:37.0421 0532 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 20:06:37.0468 0532 AppMgmt - ok 20:06:37.0484 0532 asc - ok 20:06:37.0500 0532 asc3350p - ok 20:06:37.0500 0532 asc3550 - ok 20:06:37.0578 0532 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 20:06:37.0578 0532 aspnet_state - ok 20:06:37.0593 0532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:06:37.0671 0532 AsyncMac - ok 20:06:37.0718 0532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 20:06:37.0796 0532 atapi - ok 20:06:37.0812 0532 Atdisk - ok 20:06:37.0828 0532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:06:37.0921 0532 Atmarpc - ok 20:06:37.0937 0532 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 20:06:38.0015 0532 AudioSrv - ok 20:06:38.0046 0532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 20:06:38.0125 0532 audstub - ok 20:06:38.0187 0532 BCUService (f29d375926e36e3a56af4805c7749302) C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe 20:06:38.0187 0532 BCUService - ok 20:06:38.0203 0532 bdfdll - ok 20:06:38.0203 0532 BDFsDrv - ok 20:06:38.0203 0532 BDRsDrv - ok 20:06:38.0234 0532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 20:06:38.0312 0532 Beep - ok 20:06:38.0343 0532 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 20:06:38.0421 0532 BITS - ok 20:06:38.0468 0532 Browser (7e39a3edc13b076e70fdb9a6f6d7a4b4) C:\WINDOWS\System32\browser.dll 20:06:38.0484 0532 Browser - ok 20:06:38.0531 0532 catchme - ok 20:06:38.0562 0532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 20:06:38.0640 0532 cbidf2k - ok 20:06:38.0671 0532 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 20:06:38.0750 0532 CCDECODE - ok 20:06:38.0750 0532 cd20xrnt - ok 20:06:38.0781 0532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 20:06:38.0859 0532 Cdaudio - ok 20:06:38.0906 0532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 20:06:38.0984 0532 Cdfs - ok 20:06:39.0000 0532 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:06:39.0015 0532 Cdrom - ok 20:06:39.0015 0532 Changer - ok 20:06:39.0031 0532 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 20:06:39.0125 0532 CiSvc - ok 20:06:39.0156 0532 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 20:06:39.0234 0532 ClipSrv - ok 20:06:39.0281 0532 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:06:39.0296 0532 clr_optimization_v2.0.50727_32 - ok 20:06:39.0328 0532 CmdIde - ok 20:06:39.0343 0532 COMSysApp - ok 20:06:39.0343 0532 Cpqarray - ok 20:06:39.0375 0532 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 20:06:39.0453 0532 CryptSvc - ok 20:06:39.0484 0532 dac2w2k - ok 20:06:39.0500 0532 dac960nt - ok 20:06:39.0578 0532 DcomLaunch (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll 20:06:39.0781 0532 DcomLaunch - ok 20:06:39.0812 0532 Dhcp (c51de19619d50cbd03708647aca10e70) C:\WINDOWS\System32\dhcpcsvc.dll 20:06:39.0812 0532 Dhcp - ok 20:06:39.0828 0532 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys 20:06:39.0843 0532 Disk - ok 20:06:39.0859 0532 dmadmin - ok 20:06:39.0953 0532 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 20:06:40.0046 0532 dmboot - ok 20:06:40.0062 0532 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 20:06:40.0140 0532 dmio - ok 20:06:40.0156 0532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 20:06:40.0234 0532 dmload - ok 20:06:40.0265 0532 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 20:06:40.0343 0532 dmserver - ok 20:06:40.0390 0532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 20:06:40.0468 0532 DMusic - ok 20:06:40.0484 0532 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll 20:06:40.0562 0532 Dnscache - ok 20:06:40.0578 0532 Dot3svc (b4109c8c3d54c83246997a777724f318) C:\WINDOWS\System32\dot3svc.dll 20:06:40.0593 0532 Dot3svc - ok 20:06:40.0593 0532 dpti2o - ok 20:06:40.0609 0532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 20:06:40.0671 0532 drmkaud - ok 20:06:40.0718 0532 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys 20:06:40.0734 0532 eamon - ok 20:06:40.0750 0532 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 20:06:40.0828 0532 EapHost - ok 20:06:40.0843 0532 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys 20:06:40.0859 0532 ehdrv - ok 20:06:40.0921 0532 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe 20:06:40.0953 0532 ekrn - ok 20:06:41.0000 0532 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys 20:06:41.0000 0532 epfwtdir - ok 20:06:41.0031 0532 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 20:06:41.0109 0532 ERSvc - ok 20:06:41.0140 0532 Eventlog (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe 20:06:41.0218 0532 Eventlog - ok 20:06:41.0234 0532 EventSystem (f17f6226bdc0cd5f0bef0daf84d29bec) C:\WINDOWS\system32\es.dll 20:06:41.0250 0532 EventSystem - ok 20:06:41.0281 0532 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys 20:06:41.0281 0532 exFat - ok 20:06:41.0296 0532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 20:06:41.0359 0532 Fastfat - ok 20:06:41.0390 0532 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 20:06:41.0468 0532 FastUserSwitchingCompatibility - ok 20:06:41.0468 0532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 20:06:41.0562 0532 Fdc - ok 20:06:41.0578 0532 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 20:06:41.0656 0532 Fips - ok 20:06:41.0656 0532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20:06:41.0750 0532 Flpydisk - ok 20:06:41.0796 0532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 20:06:41.0859 0532 FltMgr - ok 20:06:41.0906 0532 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 20:06:41.0906 0532 FontCache3.0.0.0 - ok 20:06:41.0953 0532 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:06:41.0968 0532 Fs_Rec - ok 20:06:41.0984 0532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:06:42.0046 0532 Ftdisk - ok 20:06:42.0062 0532 gdrv - ok 20:06:42.0093 0532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:06:42.0156 0532 Gpc - ok 20:06:42.0234 0532 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 20:06:42.0234 0532 gupdate - ok 20:06:42.0234 0532 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 20:06:42.0250 0532 gupdatem - ok 20:06:42.0296 0532 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 20:06:42.0359 0532 HDAudBus - ok 20:06:42.0390 0532 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 20:06:42.0484 0532 helpsvc - ok 20:06:42.0500 0532 HidServ - ok 20:06:42.0515 0532 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 20:06:42.0593 0532 hkmsvc - ok 20:06:42.0609 0532 hpn - ok 20:06:42.0625 0532 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 20:06:42.0703 0532 HTTP - ok 20:06:42.0734 0532 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 20:06:42.0812 0532 HTTPFilter - ok 20:06:42.0812 0532 i2omgmt - ok 20:06:42.0828 0532 i2omp - ok 20:06:42.0843 0532 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 20:06:42.0937 0532 i8042prt - ok 20:06:43.0078 0532 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 20:06:43.0203 0532 ialm - ok 20:06:43.0250 0532 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:06:43.0265 0532 idsvc - ok 20:06:43.0328 0532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 20:06:43.0406 0532 Imapi - ok 20:06:43.0437 0532 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 20:06:43.0515 0532 ImapiService - ok 20:06:43.0531 0532 InCDFs - ok 20:06:43.0531 0532 InCDPass - ok 20:06:43.0546 0532 InCDRm - ok 20:06:43.0546 0532 ini910u - ok 20:06:43.0687 0532 IntcAzAudAddService (512cc914475348d774d1bb9f866396a5) C:\WINDOWS\system32\drivers\RtkHDAud.sys 20:06:43.0781 0532 IntcAzAudAddService - ok 20:06:43.0796 0532 IntelIde - ok 20:06:43.0828 0532 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 20:06:43.0890 0532 intelppm - ok 20:06:43.0906 0532 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 20:06:44.0000 0532 Ip6Fw - ok 20:06:44.0046 0532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:06:44.0125 0532 IpFilterDriver - ok 20:06:44.0140 0532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:06:44.0218 0532 IpInIp - ok 20:06:44.0234 0532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:06:44.0312 0532 IpNat - ok 20:06:44.0343 0532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:06:44.0421 0532 IPSec - ok 20:06:44.0437 0532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 20:06:44.0484 0532 IRENUM - ok 20:06:44.0515 0532 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:06:44.0609 0532 isapnp - ok 20:06:44.0687 0532 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe 20:06:44.0703 0532 JavaQuickStarterService - ok 20:06:44.0734 0532 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:06:44.0828 0532 Kbdclass - ok 20:06:44.0875 0532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 20:06:44.0953 0532 kmixer - ok 20:06:44.0984 0532 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 20:06:45.0062 0532 KSecDD - ok 20:06:45.0078 0532 L1c (96478fe91c5a37c673ebe3da87c1a115) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys 20:06:45.0109 0532 L1c - ok 20:06:45.0125 0532 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll 20:06:45.0203 0532 LanmanServer - ok 20:06:45.0234 0532 lanmanworkstation (6b7698bde0817007d9494f1a91f4482d) C:\WINDOWS\System32\wkssvc.dll 20:06:45.0250 0532 lanmanworkstation - ok 20:06:45.0250 0532 lbrtfdc - ok 20:06:45.0312 0532 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 20:06:45.0390 0532 LmHosts - ok 20:06:45.0421 0532 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys 20:06:45.0421 0532 MBAMProtector - ok 20:06:45.0468 0532 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 20:06:45.0500 0532 MBAMService - ok 20:06:45.0531 0532 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 20:06:45.0609 0532 Messenger - ok 20:06:45.0656 0532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 20:06:45.0750 0532 mnmdd - ok 20:06:45.0765 0532 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 20:06:45.0843 0532 mnmsrvc - ok 20:06:45.0875 0532 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 20:06:45.0953 0532 Modem - ok 20:06:46.0000 0532 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys 20:06:46.0046 0532 Monfilt - ok 20:06:46.0062 0532 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:06:46.0156 0532 Mouclass - ok 20:06:46.0203 0532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 20:06:46.0281 0532 MountMgr - ok 20:06:46.0296 0532 mraid35x - ok 20:06:46.0328 0532 MRxDAV (65e818c473e220b6ab762e1966296fd1) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:06:46.0328 0532 MRxDAV - ok 20:06:46.0359 0532 MRxSmb (dacb333a5d3758e7117522c1361075c6) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:06:46.0390 0532 MRxSmb - ok 20:06:46.0453 0532 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 20:06:46.0515 0532 MSDTC - ok 20:06:46.0531 0532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 20:06:46.0625 0532 Msfs - ok 20:06:46.0625 0532 MSIServer - ok 20:06:46.0656 0532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:06:46.0734 0532 MSKSSRV - ok 20:06:46.0750 0532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:06:46.0812 0532 MSPCLOCK - ok 20:06:46.0812 0532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 20:06:46.0906 0532 MSPQM - ok 20:06:46.0984 0532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:06:47.0078 0532 mssmbios - ok 20:06:47.0109 0532 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 20:06:47.0171 0532 MSTEE - ok 20:06:47.0218 0532 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys 20:06:47.0218 0532 Mup - ok 20:06:47.0234 0532 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 20:06:47.0312 0532 NABTSFEC - ok 20:06:47.0359 0532 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 20:06:47.0437 0532 napagent - ok 20:06:47.0484 0532 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys 20:06:47.0500 0532 NDIS - ok 20:06:47.0515 0532 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 20:06:47.0593 0532 NdisIP - ok 20:06:47.0609 0532 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:06:47.0687 0532 NdisTapi - ok 20:06:47.0687 0532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:06:47.0765 0532 Ndisuio - ok 20:06:47.0781 0532 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:06:47.0781 0532 NdisWan - ok 20:06:47.0812 0532 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 20:06:47.0875 0532 NDProxy - ok 20:06:47.0890 0532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 20:06:47.0984 0532 NetBIOS - ok 20:06:48.0015 0532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 20:06:48.0093 0532 NetBT - ok 20:06:48.0109 0532 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 20:06:48.0187 0532 NetDDE - ok 20:06:48.0203 0532 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 20:06:48.0265 0532 NetDDEdsdm - ok 20:06:48.0312 0532 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:06:48.0375 0532 Netlogon - ok 20:06:48.0406 0532 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 20:06:48.0500 0532 Netman - ok 20:06:48.0531 0532 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:06:48.0546 0532 NetTcpPortSharing - ok 20:06:48.0562 0532 Nla (290c1a30defc723bbe10910ac2d6f6d0) C:\WINDOWS\System32\mswsock.dll 20:06:48.0578 0532 Nla - ok 20:06:48.0609 0532 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys 20:06:48.0656 0532 nmwcd - ok 20:06:48.0687 0532 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys 20:06:48.0718 0532 nmwcdc - ok 20:06:48.0765 0532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 20:06:48.0906 0532 Npfs - ok 20:06:48.0921 0532 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys 20:06:48.0937 0532 Ntfs - ok 20:06:48.0953 0532 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:06:49.0031 0532 NtLmSsp - ok 20:06:49.0062 0532 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 20:06:49.0140 0532 NtmsSvc - ok 20:06:49.0171 0532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 20:06:49.0265 0532 Null - ok 20:06:49.0281 0532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:06:49.0359 0532 NwlnkFlt - ok 20:06:49.0375 0532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:06:49.0453 0532 NwlnkFwd - ok 20:06:49.0656 0532 OlyCamComm (f4cb9c1991314b1352ddbd8a968e4471) C:\WINDOWS\system32\DRIVERS\OlyCamComm.sys 20:06:49.0671 0532 OlyCamComm - ok 20:06:49.0703 0532 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:06:49.0718 0532 ose - ok 20:06:49.0796 0532 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 20:06:49.0875 0532 Parport - ok 20:06:49.0890 0532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 20:06:49.0984 0532 PartMgr - ok 20:06:50.0015 0532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 20:06:50.0156 0532 ParVdm - ok 20:06:50.0203 0532 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 20:06:50.0203 0532 pccsmcfd - ok 20:06:50.0234 0532 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 20:06:50.0312 0532 PCI - ok 20:06:50.0328 0532 PCIDump - ok 20:06:50.0343 0532 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 20:06:50.0453 0532 PCIIde - ok 20:06:50.0484 0532 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 20:06:50.0687 0532 Pcmcia - ok 20:06:50.0703 0532 PDCOMP - ok 20:06:50.0718 0532 PDFRAME - ok 20:06:50.0734 0532 PDRELI - ok 20:06:50.0734 0532 PDRFRAME - ok 20:06:50.0750 0532 perc2 - ok 20:06:50.0765 0532 perc2hib - ok 20:06:50.0828 0532 PlugPlay (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe 20:06:50.0906 0532 PlugPlay - ok 20:06:50.0921 0532 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:06:51.0000 0532 PolicyAgent - ok 20:06:51.0015 0532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:06:51.0109 0532 PptpMiniport - ok 20:06:51.0125 0532 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:06:51.0203 0532 ProtectedStorage - ok 20:06:51.0203 0532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 20:06:51.0281 0532 PSched - ok 20:06:51.0312 0532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:06:51.0406 0532 Ptilink - ok 20:06:51.0437 0532 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 20:06:51.0437 0532 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning 20:06:51.0437 0532 PxHelp20 - detected UnsignedFile.Multi.Generic (1) 20:06:51.0453 0532 ql1080 - ok 20:06:51.0453 0532 Ql10wnt - ok 20:06:51.0468 0532 ql12160 - ok 20:06:51.0468 0532 ql1240 - ok 20:06:51.0484 0532 ql1280 - ok 20:06:51.0500 0532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:06:51.0578 0532 RasAcd - ok 20:06:51.0593 0532 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 20:06:51.0687 0532 RasAuto - ok 20:06:51.0718 0532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:06:51.0812 0532 Rasl2tp - ok 20:06:51.0828 0532 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 20:06:51.0906 0532 RasMan - ok 20:06:51.0921 0532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:06:52.0000 0532 RasPppoe - ok 20:06:52.0031 0532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 20:06:52.0109 0532 Raspti - ok 20:06:52.0140 0532 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:06:52.0156 0532 Rdbss - ok 20:06:52.0187 0532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:06:52.0265 0532 RDPCDD - ok 20:06:52.0328 0532 rdpdr (c694a927eb7c354f7ae97955043a9641) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 20:06:52.0328 0532 rdpdr - ok 20:06:52.0359 0532 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys 20:06:52.0375 0532 RDPWD - ok 20:06:52.0421 0532 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 20:06:52.0484 0532 RDSessMgr - ok 20:06:52.0546 0532 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 20:06:52.0625 0532 redbook - ok 20:06:52.0656 0532 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 20:06:52.0750 0532 RemoteAccess - ok 20:06:52.0796 0532 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 20:06:52.0875 0532 RemoteRegistry - ok 20:06:52.0921 0532 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 20:06:53.0000 0532 RpcLocator - ok 20:06:53.0015 0532 RpcSs (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\System32\rpcss.dll 20:06:53.0093 0532 RpcSs - ok 20:06:53.0140 0532 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys 20:06:53.0156 0532 rspndr - ok 20:06:53.0187 0532 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 20:06:53.0265 0532 RSVP - ok 20:06:53.0312 0532 RT73 (c7bcf9808e2a1b4cabe16ff7fbce5fab) C:\WINDOWS\system32\DRIVERS\rt73.sys 20:06:53.0343 0532 RT73 - ok 20:06:53.0375 0532 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:06:53.0437 0532 SamSs - ok 20:06:53.0546 0532 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 20:06:53.0640 0532 SCardSvr - ok 20:06:53.0671 0532 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 20:06:53.0750 0532 Schedule - ok 20:06:53.0765 0532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:06:53.0875 0532 Secdrv - ok 20:06:53.0890 0532 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 20:06:53.0984 0532 seclogon - ok 20:06:54.0000 0532 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 20:06:54.0078 0532 SENS - ok 20:06:54.0125 0532 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 20:06:54.0187 0532 serenum - ok 20:06:54.0203 0532 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 20:06:54.0281 0532 Serial - ok 20:06:54.0359 0532 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 20:06:54.0390 0532 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning 20:06:54.0390 0532 ServiceLayer - detected UnsignedFile.Multi.Generic (1) 20:06:54.0484 0532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 20:06:54.0562 0532 Sfloppy - ok 20:06:54.0593 0532 SharedAccess (4f10a2fa76b5bd54cd68afa94e8adb39) C:\WINDOWS\System32\ipnathlp.dll 20:06:54.0625 0532 SharedAccess - ok 20:06:54.0656 0532 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 20:06:54.0718 0532 ShellHWDetection - ok 20:06:54.0750 0532 Simbad - ok 20:06:54.0812 0532 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe 20:06:54.0828 0532 SkypeUpdate - ok 20:06:54.0875 0532 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 20:06:54.0937 0532 SLIP - ok 20:06:54.0953 0532 Sparrow - ok 20:06:55.0000 0532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 20:06:55.0078 0532 splitter - ok 20:06:55.0125 0532 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe 20:06:55.0218 0532 Spooler - ok 20:06:55.0265 0532 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 20:06:55.0265 0532 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 20:06:55.0265 0532 sptd ( LockedFile.Multi.Generic ) - warning 20:06:55.0265 0532 sptd - detected LockedFile.Multi.Generic (1) 20:06:55.0296 0532 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 20:06:55.0328 0532 sr - ok 20:06:55.0343 0532 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 20:06:55.0390 0532 srservice - ok 20:06:55.0421 0532 Srv (e89b42b216bc86ada4345908284519cb) C:\WINDOWS\system32\DRIVERS\srv.sys 20:06:55.0437 0532 Srv - ok 20:06:55.0453 0532 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 20:06:55.0515 0532 SSDPSRV - ok 20:06:55.0578 0532 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 20:06:55.0640 0532 stisvc - ok 20:06:55.0671 0532 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 20:06:55.0765 0532 streamip - ok 20:06:55.0796 0532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 20:06:55.0875 0532 swenum - ok 20:06:55.0906 0532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 20:06:56.0000 0532 swmidi - ok 20:06:56.0000 0532 SwPrv - ok 20:06:56.0015 0532 symc810 - ok 20:06:56.0015 0532 symc8xx - ok 20:06:56.0031 0532 sym_hi - ok 20:06:56.0046 0532 sym_u3 - ok 20:06:56.0062 0532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 20:06:56.0140 0532 sysaudio - ok 20:06:56.0187 0532 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 20:06:56.0265 0532 SysmonLog - ok 20:06:56.0296 0532 TapiSrv (e2b32b10acc5d97623275aafb67e5f03) C:\WINDOWS\System32\tapisrv.dll 20:06:56.0296 0532 TapiSrv - ok 20:06:56.0328 0532 Tcpip (25a740d70e8007814a48d3fa1b34fa34) C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:06:56.0328 0532 Tcpip ( UnsignedFile.Multi.Generic ) - warning 20:06:56.0328 0532 Tcpip - detected UnsignedFile.Multi.Generic (1) 20:06:56.0359 0532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 20:06:56.0468 0532 TDPIPE - ok 20:06:56.0484 0532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 20:06:56.0562 0532 TDTCP - ok 20:06:56.0609 0532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 20:06:56.0671 0532 TermDD - ok 20:06:56.0703 0532 TermService (37981a741ad7b04258e87129ffe79ab9) C:\WINDOWS\System32\termsrv.dll 20:06:56.0703 0532 TermService - ok 20:06:56.0750 0532 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 20:06:56.0812 0532 Themes - ok 20:06:56.0843 0532 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 20:06:56.0890 0532 TlntSvr - ok 20:06:56.0906 0532 TosIde - ok 20:06:56.0921 0532 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 20:06:57.0015 0532 TrkWks - ok 20:06:57.0046 0532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 20:06:57.0125 0532 Udfs - ok 20:06:57.0140 0532 ultra - ok 20:06:57.0171 0532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 20:06:57.0265 0532 Update - ok 20:06:57.0312 0532 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 20:06:57.0359 0532 upnphost - ok 20:06:57.0390 0532 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 20:06:57.0421 0532 upperdev - ok 20:06:57.0437 0532 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 20:06:57.0515 0532 UPS - ok 20:06:57.0546 0532 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 20:06:57.0546 0532 usbccgp - ok 20:06:57.0578 0532 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:06:57.0593 0532 usbehci - ok 20:06:57.0609 0532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:06:57.0687 0532 usbhub - ok 20:06:57.0703 0532 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 20:06:57.0781 0532 usbscan - ok 20:06:57.0812 0532 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys 20:06:57.0890 0532 usbser - ok 20:06:57.0890 0532 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 20:06:57.0953 0532 UsbserFilt - ok 20:06:57.0968 0532 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:06:58.0031 0532 USBSTOR - ok 20:06:58.0109 0532 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20:06:58.0187 0532 usbuhci - ok 20:06:58.0218 0532 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 20:06:58.0296 0532 usbvideo - ok 20:06:58.0312 0532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 20:06:58.0375 0532 VgaSave - ok 20:06:58.0390 0532 ViaIde - ok 20:06:58.0406 0532 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 20:06:58.0500 0532 VolSnap - ok 20:06:58.0546 0532 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 20:06:58.0593 0532 VSS - ok 20:06:58.0625 0532 W32Time (9f8a0d0cbb2fa265a754516128c00e22) C:\WINDOWS\system32\w32time.dll 20:06:58.0640 0532 W32Time - ok 20:06:58.0687 0532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:06:58.0765 0532 Wanarp - ok 20:06:58.0796 0532 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 20:06:58.0812 0532 Wdf01000 - ok 20:06:58.0828 0532 WDICA - ok 20:06:58.0859 0532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 20:06:58.0937 0532 wdmaud - ok 20:06:58.0968 0532 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 20:06:59.0062 0532 WebClient - ok 20:06:59.0093 0532 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 20:06:59.0171 0532 winmgmt - ok 20:06:59.0203 0532 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 20:06:59.0218 0532 WmdmPmSN - ok 20:06:59.0250 0532 Wmi (bab489a5fe26f2d0c910cf7af7e4cf92) C:\WINDOWS\System32\advapi32.dll 20:06:59.0328 0532 Wmi - ok 20:06:59.0343 0532 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 20:06:59.0421 0532 WmiApSrv - ok 20:06:59.0500 0532 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 20:06:59.0546 0532 WMPNetworkSvc - ok 20:06:59.0609 0532 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 20:06:59.0625 0532 WpdUsb - ok 20:06:59.0656 0532 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 20:06:59.0734 0532 WS2IFSL - ok 20:06:59.0765 0532 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 20:06:59.0843 0532 wscsvc - ok 20:06:59.0921 0532 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 20:07:00.0000 0532 WSTCODEC - ok 20:07:00.0031 0532 wuauserv (aae1a6ffba2b0436e91795120f48c461) C:\WINDOWS\system32\wuauserv.dll 20:07:00.0046 0532 wuauserv - ok 20:07:00.0062 0532 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 20:07:00.0078 0532 WudfPf - ok 20:07:00.0078 0532 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 20:07:00.0093 0532 WudfRd - ok 20:07:00.0109 0532 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 20:07:00.0109 0532 WudfSvc - ok 20:07:00.0156 0532 WZCSVC (349b8d2bb755e8c3b0e3e82a87663e55) C:\WINDOWS\System32\wzcsvc.dll 20:07:00.0171 0532 WZCSVC - ok 20:07:00.0187 0532 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 20:07:00.0265 0532 xmlprov - ok 20:07:00.0281 0532 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 20:07:00.0484 0532 \Device\Harddisk0\DR0 - ok 20:07:00.0484 0532 Boot (0x1200) (2af4fe01936d5ecd56b1adc75b6afd4a) \Device\Harddisk0\DR0\Partition0 20:07:00.0484 0532 \Device\Harddisk0\DR0\Partition0 - ok 20:07:00.0500 0532 Boot (0x1200) (f93326c93b90b1bd214801b20cb1bdfb) \Device\Harddisk0\DR0\Partition1 20:07:00.0500 0532 \Device\Harddisk0\DR0\Partition1 - ok 20:07:00.0515 0532 Boot (0x1200) (a1896c11720f5fb3e84354b56237ea1c) \Device\Harddisk0\DR0\Partition2 20:07:00.0515 0532 \Device\Harddisk0\DR0\Partition2 - ok 20:07:00.0515 0532 ============================================================ 20:07:00.0515 0532 Scan finished 20:07:00.0515 0532 ============================================================ 20:07:00.0531 0264 Detected object count: 5 20:07:00.0531 0264 Actual detected object count: 5 20:07:07.0562 0264 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 20:07:07.0562 0264 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:07:07.0562 0264 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user 20:07:07.0562 0264 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:07:07.0562 0264 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user 20:07:07.0562 0264 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:07:07.0562 0264 sptd ( LockedFile.Multi.Generic ) - skipped by user 20:07:07.0562 0264 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 20:07:07.0562 0264 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user 20:07:07.0562 0264 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:07:22.0734 3708 Deinitialize success aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-03-25 20:08:20 ----------------------------- 20:08:20.812 OS Version: Windows 5.1.2600 Service Pack 3 20:08:20.812 Number of processors: 2 586 0x170A 20:08:20.812 ComputerName: LG UserName: 20:08:21.109 Initialize success 20:18:47.890 AVAST engine defs: 12032500 20:19:29.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 20:19:29.125 Disk 0 Vendor: ST3500418AS CC38 Size: 476938MB BusType: 3 20:19:29.140 Disk 0 MBR read successfully 20:19:29.140 Disk 0 MBR scan 20:19:29.156 Disk 0 Windows XP default MBR code 20:19:29.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63 20:19:29.156 Disk 0 Partition - 00 0F Extended LBA 376931 MB offset 204796620 20:19:29.171 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 190003 MB offset 204796683 20:19:29.171 Disk 0 Partition - 00 05 Extended 186928 MB offset 593923050 20:19:29.187 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 186928 MB offset 593923113 20:19:29.203 Disk 0 scanning sectors +976752000 20:19:29.265 Disk 0 scanning C:\WINDOWS\system32\drivers 20:19:35.531 Service scanning 20:19:44.781 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32 20:19:47.406 Modules scanning 20:19:49.843 Disk 0 trace - called modules: 20:19:49.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spgm.sys >>UNKNOWN [0x89df4938]<< 20:19:49.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dacab8] 20:19:49.859 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000067[0x89d863b8] 20:19:49.859 5 ACPI.sys[b9e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89db0940] 20:19:55.078 AVAST engine scan C:\ 20:34:31.125 File: C:\System Volume Information\_restore{8B5DD435-8060-4498-BF43-DD5F4D1B3FD4}\RP514\A0039918.ini **INFECTED** Win32:Sirefef-PL [Rtk] 20:34:35.015 File: C:\System Volume Information\_restore{8B5DD435-8060-4498-BF43-DD5F4D1B3FD4}\RP515\A0039997.ini **INFECTED** Win32:Sirefef-PL [Rtk] 20:34:35.171 File: C:\System Volume Information\_restore{8B5DD435-8060-4498-BF43-DD5F4D1B3FD4}\RP515\A0040009.ini **INFECTED** Win32:Sirefef-PL [Rtk] 20:34:39.796 File: C:\System Volume Information\_restore{8B5DD435-8060-4498-BF43-DD5F4D1B3FD4}\RP516\A0040092.ini **INFECTED** Win32:Sirefef-PL [Rtk] 20:34:43.843 File: C:\System Volume Information\_restore{8B5DD435-8060-4498-BF43-DD5F4D1B3FD4}\RP517\A0040173.ini **INFECTED** Win32:Sirefef-PL [Rtk] 20:49:32.671 Scan finished successfully 21:50:40.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat" 21:50:40.140 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изтеглете OTL.exe и го запазете на десктопа.

  • Стартирайте OTL (ако е необходимо, потвърдете през UAC).
  • Направете следните настройки:
  • Сложете отметка пред Scan All Users Публикувано изображение
  • Под менюто File Age изберете 90 days
  • Под менюто Standard Registry променете на ALL
  • Сложете отметки пред LOP и Purity Check
Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):

netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%*.*
%USERPROFILE%*.*
%USERPROFILE%Application Data*.*
%USERPROFILE%Local SettingsApplication Data*.*
%AllUsersProfile%*.*
%AllUsersProfile%Application Data*.*
%USERPROFILE%My Documents*.*
%CommonProgramFiles%*.*
%PROGRAMFILES%*.*
%systemroot%system32configsystemprofile*.*
%windir%ServiceProfilesLocalServiceAppDataLocalTemp*.*
%windir%ServiceProfilesNetworkServiceAppDataLocalTemp*.*
%windir%temp*.*
%systemroot%assemblytemp*.* /S /MD5
%systemroot%assemblytmp*.* /S /MD5
%systemroot%assemblyGAC_32*.* /S /MD5
%systemroot%assemblyGAC_MSIL*.* /S /MD5
%systemroot%system32*.dll /lockedfiles
%systemroot%Tasks*.job /lockedfiles
%systemroot%system32drivers*.sys /90
%systemroot%system32drivers*.sys /lockedfiles
%systemroot%system32Spoolprtprocsw32x86*.dll
%systemroot%*. /rp /s
/md5start
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
atapi.sys
iaStor.sys
serial.sys
disk.sys
volsnap.sys
redbook.sys
i8042prt.sys
afd.sys
netbt.sys
tcpip.sys
ipsec.sys
mrxsmb.sys
hlp.dat
/md5stop
  • Натиснете маркираният в синьо бутон: Run Scan.
  • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

  • Стартирайте файла Публикувано изображение с двукратен клик на мишката.
  • Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):
:OTL
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a8r6xxoh)
IE - HKUS-1-5-21-1606980848-839522115-1801674531-1004SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://eu.ask.com?o=15573&l=dis
IE - HKUS-1-5-21-1606980848-839522115-1801674531-1004..SearchScopes{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=STC&o=15570&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=IP&apn_dtid=YYYYYYYYBG&apn_uid=A38DFAF2-0A39-440D-9A6B-3652C176921D&apn_sauid=653F6091-429B-4A5D-A0FB-E0C4427DA685
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
[2011.02.11 19:05:03 | 000,002,395 | ---- | M] () -- C:Documents and SettingsUserApplication DataMozillaFirefoxProfilesjwhh6y72.defaultsearchpluginsaskcom.xml
[2012.03.21 00:02:02 | 000,000,000 | ---D | C] -- C:Program FilesGrisoft
[2011.06.12 19:49:01 | 000,014,772 | -HS- | C] () -- C:Documents and SettingsUserLocal SettingsApplication Datacqf7ai27b60
[2011.06.12 19:49:01 | 000,014,772 | -HS- | C] () -- C:Documents and SettingsAll UsersApplication Datacqf7ai27b60

:commands
[emptytemp]
[clearallrestorepoints]
След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл - OTL fix log. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте, два пъти се пробвах да пусна ОТL, но малко след това ми блокира. Трябва ли нещо да се променя при настройките преди да се пусне Run Fix?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте, Ето и лога, All processes killed ========== OTL ========== Error: No service named a8r6xxoh was found to stop! Service\Driver key a8r6xxoh not found. HKU\S-1-5-21-1606980848-839522115-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1606980848-839522115-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "Ask.com" removed from browser.search.order.1 C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jwhh6y72.default\searchplugins\askcom.xml moved successfully. C:\Program Files\Grisoft\AVG7 folder moved successfully. C:\Program Files\Grisoft folder moved successfully. C:\Documents and Settings\User\Local Settings\Application Data\cqf7ai27b60 moved successfully. C:\Documents and Settings\All Users\Application Data\cqf7ai27b60 moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temporary Internet Files folder emptied: 3080326 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: User ->Temp folder emptied: 54726747 bytes ->Temporary Internet Files folder emptied: 51855200 bytes ->Java cache emptied: 85537 bytes ->FireFox cache emptied: 101400529 bytes ->Google Chrome cache emptied: 157290011 bytes ->Flash cache emptied: 183344 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2402797 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 255 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 354,00 mb Restore points cleared and new OTL Restore Point set! OTL by OldTimer - Version 3.2.39.2 log created on 03272012_185243 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF63CE.tmp not found! File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF6963.tmp not found! File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF820D.tmp not found! Registry entries deleted on Reboot...

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Как се държи системата ви в момента?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ами и на мен така ми се струва. Нека направим една допълнителна проверка:

Моля, изтеглете aswMBR и го запазете на вашия десктоп.

  • Кликнете с двоен клин на мишката върху файла aswMBR.exe за да го стартирате.
  • Изчакайте да изтегли дефинициите на avast!
  • От падащото меню посочете дял C: както е на снимката:
Публикувано изображение
  • Изберете Scan бутона, за да започне проверката.
  • Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-03-25 20:08:20 ----------------------------- 20:08:20.812 OS Version: Windows 5.1.2600 Service Pack 3 20:08:20.812 Number of processors: 2 586 0x170A 20:08:20.812 ComputerName: LG UserName: 20:08:21.109 Initialize success 20:18:47.890 AVAST engine defs: 12032500 20:19:29.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 20:19:29.125 Disk 0 Vendor: ST3500418AS CC38 Size: 476938MB BusType: 3 20:19:29.140 Disk 0 MBR read successfully 20:19:29.140 Disk 0 MBR scan 20:19:29.156 Disk 0 Windows XP default MBR code 20:19:29.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63 20:19:29.156 Disk 0 Partition - 00 0F Extended LBA 376931 MB offset 204796620 20:19:29.171 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 190003 MB offset 204796683 20:19:29.171 Disk 0 Partition - 00 05 Extended 186928 MB offset 593923050 20:19:29.187 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 186928 MB offset 593923113 20:19:29.203 Disk 0 scanning sectors +976752000 20:19:29.265 Disk 0 scanning C:\WINDOWS\system32\drivers 20:19:35.531 Service scanning 20:19:44.781 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32 20:19:47.406 Modules scanning 20:19:49.843 Disk 0 trace - called modules: 20:19:49.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spgm.sys >>UNKNOWN [0x89df4938]<< 20:19:49.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dacab8] 20:19:49.859 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000067[0x89d863b8] 20:19:49.859 5 ACPI.sys[b9e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89db0940] 20:19:55.078 AVAST engine scan C:\ 20:34:31.125 File: C:\System Volume Information\_restore{8B5DD435-8060-4498-BF43-DD5F4D1B3FD4}\RP514\A0039918.ini **INFECTED** Win32:Sirefef-PL [Rtk] 20:34:35.015 File: C:\System Volume Information\_restore{8B5DD435-8060-4498-BF43-DD5F4D1B3FD4}\RP515\A0039997.ini **INFECTED** Win32:Sirefef-PL [Rtk] 20:34:35.171 File: C:\System Volume Information\_restore{8B5DD435-8060-4498-BF43-DD5F4D1B3FD4}\RP515\A0040009.ini **INFECTED** Win32:Sirefef-PL [Rtk] 20:34:39.796 File: C:\System Volume Information\_restore{8B5DD435-8060-4498-BF43-DD5F4D1B3FD4}\RP516\A0040092.ini **INFECTED** Win32:Sirefef-PL [Rtk] 20:34:43.843 File: C:\System Volume Information\_restore{8B5DD435-8060-4498-BF43-DD5F4D1B3FD4}\RP517\A0040173.ini **INFECTED** Win32:Sirefef-PL [Rtk] 20:49:32.671 Scan finished successfully 21:50:40.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat" 21:50:40.140 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt" aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-03-30 20:58:09 ----------------------------- 20:58:09.968 OS Version: Windows 5.1.2600 Service Pack 3 20:58:09.968 Number of processors: 2 586 0x170A 20:58:09.968 ComputerName: LG UserName: 20:58:12.453 Initialize success 21:09:15.750 AVAST engine defs: 12033000 21:21:34.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 21:21:34.750 Disk 0 Vendor: ST3500418AS CC38 Size: 476938MB BusType: 3 21:21:34.765 Disk 0 MBR read successfully 21:21:34.765 Disk 0 MBR scan 21:21:34.781 Disk 0 Windows XP default MBR code 21:21:34.781 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63 21:21:34.796 Disk 0 Partition - 00 0F Extended LBA 376931 MB offset 204796620 21:21:34.796 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 190003 MB offset 204796683 21:21:34.812 Disk 0 Partition - 00 05 Extended 186928 MB offset 593923050 21:21:34.828 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 186928 MB offset 593923113 21:21:34.828 Disk 0 scanning sectors +976752000 21:21:34.890 Disk 0 scanning C:\WINDOWS\system32\drivers 21:21:41.921 Service scanning 21:21:50.734 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32 21:21:53.734 Modules scanning 21:21:56.937 Disk 0 trace - called modules: 21:21:56.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spfo.sys >>UNKNOWN [0x89df4938]<< 21:21:56.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dacab8] 21:21:56.937 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000067[0x89db1218] 21:21:56.937 5 ACPI.sys[b9e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89db0d98] 21:21:57.281 AVAST engine scan C:\ 21:48:44.218 Scan finished successfully 21:54:56.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat" 21:54:56.625 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

  • Стартирайте файла Публикувано изображение с двукратен клик на мишката.
  • Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):
:commands
[emptytemp]
[clearallrestorepoints]
След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл - OTL fix log. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: User ->Temp folder emptied: 62915430 bytes ->Temporary Internet Files folder emptied: 1153825 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 405408970 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 5920 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 18343167 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 465,00 mb Restore points cleared and new OTL Restore Point set! OTL by OldTimer - Version 3.2.39.2 log created on 04022012_233914 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DFBA6E.tmp not found! File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DFC055.tmp not found! File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DFD666.tmp not found! Registry entries deleted on Reboot...

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Как стоят нещата сега?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.