Jump to content

sabusik

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

 Content Type 

Everything posted by sabusik

  1. sabusik
    No thanks.
  2. sabusik
    Ok - 4 days and no reply - you guys might as well close this thread. From what I gathered around the net - this is a nasty rootkit and there is never any guarantee that anyone will help to remove it 100%. It hides and infects any antimalware/antispyware/antivirus program you throw at it. The only thing I could do was to backup the data to a safe location, make sure the backed up data was clean and didn't contain the virus/rootkit and then I formatted the hard drive and did a fresh windows install. It was much quicker than waiting around for help and then dealing with the issue for days and still not being 100% sure it's gone.
  3. sabusik
    And since I've seen that we should copy/paste the logs - I'm pasting fresh dds logs here as well. This is dds.txt . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Iva at 0:40:34 on 2011-11-01 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1882 [GMT 1:00] . AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Windows\system32\WLANExt.exe C:\Windows\1328167361:1053218224.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\system32\aestsrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\STacSV.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wbem\wmiprvse.exe "C:\Windows\system32\svchost.exe" C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.google.com/ uWindow Title = Internet Explorer provided by Dell uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080802 uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\users\iva\appdata\roaming\micros~1\windows\startm~1\programs\startup\_UNINS~1.LNK - StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{89950BFD-7E7F-49FD-AC45-7EED9FA08DBA} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{8E2435C2-49A4-40D3-B961-7AA65A003AFE} : NameServer = 160.218.161.60 194.228.211.33 TCP: Interfaces\{E2CA9920-FF64-410D-9780-4B22CE7D39C2} : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\iva\appdata\roaming\mozilla\firefox\profiles\hrlpzppt.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\musicnotes\npmusicn.dll FF - plugin: c:\program files\musicnotes\NPSibelius.dll FF - plugin: c:\users\iva\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\users\iva\appdata\roaming\move networks\plugins\npqmp071505000011.dll FF - plugin: c:\users\iva\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\iva\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R0 53014332;53014332;c:\windows\system32\drivers\53014332.sys [2011-10-31 133208] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-8-2 73728] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-2 111616] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-8-15 27632] S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [2004-11-18 18848] S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2009-8-15 90112] S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [2011-6-29 23424] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-6-29 101120] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-8-15 86824] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-8-15 15016] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-8-15 114600] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-8-15 108328] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-8-15 26024] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-8-15 104616] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-8-15 109736] . =============== Created Last 30 ================ . 2011-10-31 23:35:18 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b974a56a-e71d-4d2a-9daa-9f704b117454}\offreg.dll 2011-10-31 21:56:26 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2011-10-31 21:56:26 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-31 21:52:07 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-31 21:51:59 -------- d-----w- c:\users\iva\appdata\roaming\Malwarebytes 2011-10-31 21:51:54 -------- d-----w- c:\programdata\Malwarebytes 2011-10-31 21:51:51 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-31 21:51:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-31 21:26:24 48016 --sha-w- c:\windows\system32\c_87811.nl_ 2011-10-31 20:49:31 98816 ----a-w- c:\windows\sed.exe 2011-10-31 20:49:31 518144 ----a-w- c:\windows\SWREG.exe 2011-10-31 20:49:31 256000 ----a-w- c:\windows\PEV.exe 2011-10-31 20:49:31 208896 ----a-w- c:\windows\MBR.exe 2011-10-31 20:49:26 -------- d-s---w- C:\ComboFix 2011-10-31 20:22:02 -------- d-----w- c:\program files\ESET 2011-10-31 20:11:12 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b974a56a-e71d-4d2a-9daa-9f704b117454}\mpengine.dll 2011-10-31 17:57:30 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2011-10-31 17:30:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-10-31 17:30:38 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-10-31 17:21:35 133208 ----a-w- c:\windows\system32\drivers\53014332.sys 2011-10-30 11:36:36 -------- d-sh--w- c:\windows\system32\%APPDATA% 2011-10-30 11:32:08 -------- d-sh--w- c:\users\iva\appdata\local\c1392a4f 2011-10-13 21:46:35 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2011-10-13 21:46:35 293376 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-13 21:46:35 217088 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-13 21:46:34 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax 2011-10-13 21:46:33 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-10-13 21:46:26 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-13 21:46:26 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-10-13 21:46:26 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2011-10-13 21:46:26 238080 ----a-w- c:\windows\system32\oleacc.dll . ==================== Find3M ==================== . 2011-10-31 23:35:03 66560 ----a-w- c:\windows\system32\drivers\smb.sys 2011-10-31 21:38:13 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-08-31 15:45:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-09 13:24:52 163424 ----a-w- c:\windows\system32\drivers\eamonm.sys 2011-08-04 08:20:38 103112 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys 2011-08-04 08:20:36 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys . ============= FINISH: 0:41:23,73 =============== And this is attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 2. 8. 2008 1:10:19 System Uptime: 1. 11. 2011 0:34:57 (0 hours ago) . Motherboard: Dell Inc. | | 0U990C Processor: Intel® Core2 Duo CPU T5750 @ 2.00GHz | Microprocessor | 1000/166mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 221 GiB total, 104,44 GiB free. D: is FIXED (NTFS) - 10 GiB total, 5,474 GiB free. E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent 7-Zip 4.65 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.3 Advanced Audio FX Engine Advanced Video FX Engine Auslogics Disk Defrag Bluetooth Stack for Windows by Toshiba CDDRV_Installer Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Combined Community Codec Pack 2008-01-24 Compatibility Pack for the 2007 Office system Conexant HDA D330 MDC V.92 Modem Dell Touchpad Dell Webcam Center Dell Webcam Manager Dell Wireless WLAN Card Digital Line Detect EDocs ESET Online Scanner v3 Google Chrome Google Talk (remove only) Google Talk Plugin Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP USB Disk Storage Format Tool Intel® Matrix Storage Manager Java Auto Updater Java 6 Update 29 Java 6 Update 5 KhalInstallWrapper Laptop Integrated Webcam Driver (1.04.01.1011) Lightscreen Live! Cam Avatar Creator Live! Cam Avatar v1.0 Logitech SetPoint Malwarebytes' Anti-Malware version 1.51.2.1300 MediaDirect Microsoft .NET Framework 3.5 SP1 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Modem Diagnostic Tool Mozilla Firefox (3.6.23) Music, Photos & Videos Launcher Musicnotes Software Suite 1.5.3 NetWaiting O2 OGA Notifier 2.0.0048.0 Picasa 3 Product Documentation Launcher QuickSet Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553074) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2553073) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2535818) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Skype™ 4.2 SMAC 2.7 Sony Ericsson PC Suite 6.007.00 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Outlook 2007 Junk Email Filter (KB2596560) VLC media player 0.9.4 Windows Media Player Firefox Plugin . ==== End Of File ===========================
  4. sabusik
    I am also attaching the TDSSKiller.exe log. 00:33:33.0158 1268 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01 00:33:33.0283 1268 ============================================================ 00:33:33.0283 1268 Current date / time: 2011/11/01 00:33:33.0283 00:33:33.0283 1268 SystemInfo: 00:33:33.0283 1268 00:33:33.0283 1268 OS Version: 6.0.6002 ServicePack: 2.0 00:33:33.0283 1268 Product type: Workstation 00:33:33.0283 1268 ComputerName: IVA-PC 00:33:33.0283 1268 UserName: Iva 00:33:33.0283 1268 Windows directory: C:\Windows 00:33:33.0283 1268 System windows directory: C:\Windows 00:33:33.0283 1268 Processor architecture: Intel x86 00:33:33.0283 1268 Number of processors: 2 00:33:33.0283 1268 Page size: 0x1000 00:33:33.0283 1268 Boot type: Normal boot 00:33:33.0283 1268 ============================================================ 00:33:33.0704 1268 Initialize success 00:33:35.0389 3668 ============================================================ 00:33:35.0389 3668 Scan started 00:33:35.0389 3668 Mode: Manual; 00:33:35.0389 3668 ============================================================ 00:33:36.0122 3668 53014332 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\53014332.sys 00:33:36.0122 3668 53014332 - ok 00:33:36.0325 3668 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 00:33:36.0325 3668 ACPI - ok 00:33:36.0434 3668 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 00:33:36.0450 3668 adp94xx - ok 00:33:36.0575 3668 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 00:33:36.0575 3668 adpahci - ok 00:33:36.0668 3668 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 00:33:36.0668 3668 adpu160m - ok 00:33:36.0778 3668 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 00:33:36.0778 3668 adpu320 - ok 00:33:36.0918 3668 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 00:33:36.0934 3668 AFD - ok 00:33:37.0074 3668 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 00:33:37.0074 3668 agp440 - ok 00:33:37.0152 3668 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 00:33:37.0152 3668 aic78xx - ok 00:33:37.0292 3668 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 00:33:37.0308 3668 aliide - ok 00:33:37.0339 3668 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 00:33:37.0339 3668 amdagp - ok 00:33:37.0402 3668 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 00:33:37.0402 3668 amdide - ok 00:33:37.0620 3668 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 00:33:37.0620 3668 AmdK7 - ok 00:33:37.0682 3668 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 00:33:37.0682 3668 AmdK8 - ok 00:33:37.0792 3668 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys 00:33:37.0807 3668 ApfiltrService - ok 00:33:37.0932 3668 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 00:33:37.0932 3668 arc - ok 00:33:37.0994 3668 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 00:33:37.0994 3668 arcsas - ok 00:33:38.0150 3668 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 00:33:38.0150 3668 AsyncMac - ok 00:33:38.0197 3668 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 00:33:38.0197 3668 atapi - ok 00:33:38.0338 3668 BCM42RLY - ok 00:33:38.0416 3668 BCM43XX (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys 00:33:38.0431 3668 BCM43XX - ok 00:33:38.0572 3668 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 00:33:38.0572 3668 Beep - ok 00:33:38.0681 3668 BlackBox - ok 00:33:38.0728 3668 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 00:33:38.0728 3668 blbdrive - ok 00:33:38.0790 3668 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 00:33:38.0790 3668 bowser - ok 00:33:38.0915 3668 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 00:33:38.0915 3668 BrFiltLo - ok 00:33:38.0946 3668 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 00:33:38.0962 3668 BrFiltUp - ok 00:33:39.0086 3668 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 00:33:39.0086 3668 Brserid - ok 00:33:39.0118 3668 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 00:33:39.0118 3668 BrSerWdm - ok 00:33:39.0149 3668 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 00:33:39.0149 3668 BrUsbMdm - ok 00:33:39.0196 3668 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 00:33:39.0196 3668 BrUsbSer - ok 00:33:39.0336 3668 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 00:33:39.0336 3668 BTHMODEM - ok 00:33:39.0430 3668 c1392a4f (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\1328167361:1053218224.exe 00:33:39.0430 3668 Suspicious file (Hidden): C:\Windows\1328167361:1053218224.exe. md5: 8f2bb1827cac01aee6a16e30a1260199 00:33:39.0430 3668 c1392a4f ( Rootkit.Win32.PMax.gen ) - infected 00:33:39.0430 3668 c1392a4f - detected Rootkit.Win32.PMax.gen (0) 00:33:39.0539 3668 catchme - ok 00:33:39.0710 3668 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 00:33:39.0710 3668 cdfs - ok 00:33:39.0773 3668 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 00:33:39.0773 3668 cdrom - ok 00:33:39.0882 3668 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 00:33:39.0882 3668 circlass - ok 00:33:39.0960 3668 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 00:33:39.0976 3668 CLFS - ok 00:33:40.0085 3668 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 00:33:40.0085 3668 CmBatt - ok 00:33:40.0132 3668 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 00:33:40.0132 3668 cmdide - ok 00:33:40.0147 3668 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 00:33:40.0147 3668 Compbatt - ok 00:33:40.0225 3668 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 00:33:40.0225 3668 crcdisk - ok 00:33:40.0256 3668 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 00:33:40.0256 3668 Crusoe - ok 00:33:40.0319 3668 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 00:33:40.0319 3668 DfsC - ok 00:33:40.0490 3668 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 00:33:40.0490 3668 disk - ok 00:33:40.0568 3668 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 00:33:40.0568 3668 Dot4 - ok 00:33:40.0646 3668 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 00:33:40.0646 3668 Dot4Print - ok 00:33:40.0709 3668 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 00:33:40.0724 3668 dot4usb - ok 00:33:40.0834 3668 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 00:33:40.0834 3668 drmkaud - ok 00:33:40.0880 3668 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 00:33:40.0880 3668 DXGKrnl - ok 00:33:41.0068 3668 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys 00:33:41.0068 3668 e1express - ok 00:33:41.0146 3668 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 00:33:41.0177 3668 E1G60 - ok 00:33:41.0395 3668 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 00:33:41.0411 3668 Ecache - ok 00:33:41.0489 3668 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 00:33:41.0489 3668 elxstor - ok 00:33:41.0567 3668 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 00:33:41.0567 3668 ErrDev - ok 00:33:41.0676 3668 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 00:33:41.0676 3668 exfat - ok 00:33:41.0785 3668 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 00:33:41.0785 3668 fastfat - ok 00:33:41.0863 3668 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 00:33:41.0863 3668 fdc - ok 00:33:41.0988 3668 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 00:33:41.0988 3668 FileInfo - ok 00:33:42.0035 3668 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 00:33:42.0035 3668 Filetrace - ok 00:33:42.0097 3668 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 00:33:42.0097 3668 flpydisk - ok 00:33:42.0175 3668 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 00:33:42.0175 3668 FltMgr - ok 00:33:42.0238 3668 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 00:33:42.0238 3668 Fs_Rec - ok 00:33:42.0284 3668 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 00:33:42.0284 3668 gagp30kx - ok 00:33:42.0409 3668 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 00:33:42.0425 3668 HDAudBus - ok 00:33:42.0472 3668 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 00:33:42.0472 3668 HidBth - ok 00:33:42.0550 3668 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 00:33:42.0550 3668 HidIr - ok 00:33:42.0612 3668 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 00:33:42.0612 3668 HidUsb - ok 00:33:42.0674 3668 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 00:33:42.0674 3668 HpCISSs - ok 00:33:42.0784 3668 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys 00:33:42.0799 3668 HSF_DPV - ok 00:33:42.0908 3668 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 00:33:42.0924 3668 HSXHWAZL - ok 00:33:42.0986 3668 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 00:33:43.0002 3668 HTTP - ok 00:33:43.0158 3668 Huawei (c1258adcbe6e51a3c06c234d2bdb81b5) C:\Windows\system32\DRIVERS\ewdcsc.sys 00:33:43.0158 3668 Huawei - ok 00:33:43.0236 3668 hwdatacard (0515065a3c7e8869dd01253e987c5bd1) C:\Windows\system32\DRIVERS\ewusbmdm.sys 00:33:43.0236 3668 hwdatacard - ok 00:33:43.0267 3668 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys 00:33:43.0267 3668 hwusbdev - ok 00:33:43.0361 3668 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 00:33:43.0361 3668 i2omp - ok 00:33:43.0408 3668 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 00:33:43.0408 3668 i8042prt - ok 00:33:43.0548 3668 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys 00:33:43.0548 3668 iaStor - ok 00:33:43.0579 3668 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 00:33:43.0579 3668 iaStorV - ok 00:33:43.0735 3668 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys 00:33:43.0751 3668 igfx - ok 00:33:43.0844 3668 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 00:33:43.0844 3668 iirsp - ok 00:33:43.0922 3668 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys 00:33:43.0922 3668 IntcHdmiAddService - ok 00:33:44.0078 3668 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys 00:33:44.0078 3668 intelide - ok 00:33:44.0125 3668 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 00:33:44.0125 3668 intelppm - ok 00:33:44.0250 3668 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 00:33:44.0250 3668 IpFilterDriver - ok 00:33:44.0266 3668 IpInIp - ok 00:33:44.0297 3668 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 00:33:44.0297 3668 IPMIDRV - ok 00:33:44.0328 3668 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 00:33:44.0328 3668 IPNAT - ok 00:33:44.0422 3668 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 00:33:44.0422 3668 IRENUM - ok 00:33:44.0453 3668 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 00:33:44.0453 3668 isapnp - ok 00:33:44.0515 3668 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 00:33:44.0515 3668 iScsiPrt - ok 00:33:44.0609 3668 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 00:33:44.0609 3668 iteatapi - ok 00:33:44.0640 3668 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 00:33:44.0640 3668 iteraid - ok 00:33:44.0671 3668 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 00:33:44.0671 3668 kbdclass - ok 00:33:44.0765 3668 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys 00:33:44.0765 3668 kbdhid - ok 00:33:44.0812 3668 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 00:33:44.0827 3668 KSecDD - ok 00:33:44.0983 3668 LHidFilt (dd83dc92463fce6324fd30a13d17d0da) C:\Windows\system32\DRIVERS\LHidFilt.Sys 00:33:44.0983 3668 LHidFilt - ok 00:33:45.0014 3668 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 00:33:45.0014 3668 lltdio - ok 00:33:45.0092 3668 LMouFilt (8fe0008e183ff0293a925b78a5581c5f) C:\Windows\system32\DRIVERS\LMouFilt.Sys 00:33:45.0092 3668 LMouFilt - ok 00:33:45.0186 3668 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 00:33:45.0186 3668 LSI_FC - ok 00:33:45.0202 3668 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 00:33:45.0202 3668 LSI_SAS - ok 00:33:45.0326 3668 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 00:33:45.0326 3668 LSI_SCSI - ok 00:33:45.0358 3668 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 00:33:45.0358 3668 luafv - ok 00:33:45.0498 3668 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\Windows\system32\drivers\mbamswissarmy.sys 00:33:45.0498 3668 MBAMSwissArmy - ok 00:33:45.0529 3668 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 00:33:45.0529 3668 mdmxsdk - ok 00:33:45.0654 3668 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 00:33:45.0654 3668 megasas - ok 00:33:45.0701 3668 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 00:33:45.0701 3668 MegaSR - ok 00:33:45.0841 3668 MLPTDR_Q (b39bf953a3a304a2d12751692ec355a0) C:\Windows\system32\MLPTDR_Q.SYS 00:33:45.0841 3668 MLPTDR_Q - ok 00:33:45.0888 3668 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 00:33:45.0888 3668 Modem - ok 00:33:45.0935 3668 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 00:33:45.0935 3668 monitor - ok 00:33:46.0028 3668 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 00:33:46.0028 3668 mouclass - ok 00:33:46.0106 3668 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 00:33:46.0106 3668 mouhid - ok 00:33:46.0153 3668 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 00:33:46.0153 3668 MountMgr - ok 00:33:46.0231 3668 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 00:33:46.0231 3668 mpio - ok 00:33:46.0262 3668 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 00:33:46.0262 3668 mpsdrv - ok 00:33:46.0309 3668 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 00:33:46.0309 3668 Mraid35x - ok 00:33:46.0372 3668 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 00:33:46.0372 3668 MRxDAV - ok 00:33:46.0481 3668 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 00:33:46.0481 3668 mrxsmb - ok 00:33:46.0543 3668 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 00:33:46.0543 3668 mrxsmb10 - ok 00:33:46.0574 3668 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 00:33:46.0574 3668 mrxsmb20 - ok 00:33:46.0652 3668 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 00:33:46.0652 3668 msahci - ok 00:33:46.0699 3668 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 00:33:46.0699 3668 msdsm - ok 00:33:46.0730 3668 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 00:33:46.0730 3668 Msfs - ok 00:33:46.0840 3668 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 00:33:46.0840 3668 msisadrv - ok 00:33:46.0918 3668 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 00:33:46.0918 3668 MSKSSRV - ok 00:33:46.0933 3668 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 00:33:46.0933 3668 MSPCLOCK - ok 00:33:47.0042 3668 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 00:33:47.0042 3668 MSPQM - ok 00:33:47.0089 3668 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 00:33:47.0089 3668 MsRPC - ok 00:33:47.0120 3668 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 00:33:47.0120 3668 mssmbios - ok 00:33:47.0230 3668 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 00:33:47.0245 3668 MSTEE - ok 00:33:47.0323 3668 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 00:33:47.0323 3668 Mup - ok 00:33:47.0417 3668 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 00:33:47.0417 3668 NativeWifiP - ok 00:33:47.0557 3668 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 00:33:47.0573 3668 NDIS - ok 00:33:47.0620 3668 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 00:33:47.0620 3668 NdisTapi - ok 00:33:47.0698 3668 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 00:33:47.0698 3668 Ndisuio - ok 00:33:47.0760 3668 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 00:33:47.0776 3668 NdisWan - ok 00:33:47.0822 3668 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 00:33:47.0822 3668 NDProxy - ok 00:33:47.0916 3668 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 00:33:47.0916 3668 NetBIOS - ok 00:33:47.0978 3668 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 00:33:47.0978 3668 netbt - ok 00:33:48.0041 3668 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 00:33:48.0041 3668 nfrd960 - ok 00:33:48.0212 3668 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 00:33:48.0212 3668 Npfs - ok 00:33:48.0259 3668 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 00:33:48.0259 3668 nsiproxy - ok 00:33:48.0384 3668 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 00:33:48.0400 3668 Ntfs - ok 00:33:48.0493 3668 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 00:33:48.0493 3668 ntrigdigi - ok 00:33:48.0524 3668 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 00:33:48.0524 3668 Null - ok 00:33:48.0540 3668 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 00:33:48.0540 3668 nvraid - ok 00:33:48.0571 3668 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 00:33:48.0571 3668 nvstor - ok 00:33:48.0680 3668 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 00:33:48.0680 3668 nv_agp - ok 00:33:48.0696 3668 NwlnkFlt - ok 00:33:48.0696 3668 NwlnkFwd - ok 00:33:48.0836 3668 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys 00:33:48.0836 3668 OEM02Dev - ok 00:33:48.0868 3668 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys 00:33:48.0868 3668 OEM02Vfx - ok 00:33:48.0992 3668 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 00:33:48.0992 3668 ohci1394 - ok 00:33:49.0164 3668 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 00:33:49.0164 3668 Parport - ok 00:33:49.0226 3668 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 00:33:49.0226 3668 partmgr - ok 00:33:49.0258 3668 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 00:33:49.0258 3668 Parvdm - ok 00:33:49.0382 3668 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 00:33:49.0382 3668 pci - ok 00:33:49.0398 3668 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 00:33:49.0398 3668 pciide - ok 00:33:49.0429 3668 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 00:33:49.0429 3668 pcmcia - ok 00:33:49.0554 3668 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 00:33:49.0570 3668 PEAUTH - ok 00:33:49.0632 3668 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 00:33:49.0632 3668 PptpMiniport - ok 00:33:49.0726 3668 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 00:33:49.0726 3668 Processor - ok 00:33:49.0788 3668 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 00:33:49.0788 3668 PSched - ok 00:33:49.0928 3668 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 00:33:49.0944 3668 ql2300 - ok 00:33:50.0053 3668 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 00:33:50.0053 3668 ql40xx - ok 00:33:50.0084 3668 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 00:33:50.0084 3668 QWAVEdrv - ok 00:33:50.0365 3668 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys 00:33:50.0443 3668 R300 - ok 00:33:50.0615 3668 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 00:33:50.0615 3668 RasAcd - ok 00:33:50.0662 3668 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 00:33:50.0662 3668 Rasl2tp - ok 00:33:50.0724 3668 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 00:33:50.0724 3668 RasPppoe - ok 00:33:50.0802 3668 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 00:33:50.0802 3668 RasSstp - ok 00:33:50.0896 3668 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 00:33:50.0896 3668 rdbss - ok 00:33:50.0958 3668 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 00:33:50.0958 3668 RDPCDD - ok 00:33:51.0036 3668 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 00:33:51.0036 3668 rdpdr - ok 00:33:51.0067 3668 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 00:33:51.0067 3668 RDPENCDD - ok 00:33:51.0176 3668 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 00:33:51.0176 3668 RDPWD - ok 00:33:51.0301 3668 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys 00:33:51.0301 3668 rimmptsk - ok 00:33:51.0348 3668 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys 00:33:51.0364 3668 rimsptsk - ok 00:33:51.0504 3668 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys 00:33:51.0504 3668 rismxdp - ok 00:33:51.0660 3668 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys 00:33:51.0660 3668 ROOTMODEM - ok 00:33:51.0691 3668 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 00:33:51.0691 3668 rspndr - ok 00:33:51.0800 3668 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\Windows\system32\DRIVERS\s0017bus.sys 00:33:51.0816 3668 s0017bus - ok 00:33:51.0863 3668 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\Windows\system32\DRIVERS\s0017mdfl.sys 00:33:51.0863 3668 s0017mdfl - ok 00:33:51.0972 3668 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\Windows\system32\DRIVERS\s0017mdm.sys 00:33:51.0988 3668 s0017mdm - ok 00:33:52.0034 3668 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\Windows\system32\DRIVERS\s0017mgmt.sys 00:33:52.0066 3668 s0017mgmt - ok 00:33:52.0175 3668 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\Windows\system32\DRIVERS\s0017nd5.sys 00:33:52.0175 3668 s0017nd5 - ok 00:33:52.0253 3668 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\Windows\system32\DRIVERS\s0017obex.sys 00:33:52.0253 3668 s0017obex - ok 00:33:52.0424 3668 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\Windows\system32\DRIVERS\s0017unic.sys 00:33:52.0424 3668 s0017unic - ok 00:33:52.0549 3668 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 00:33:52.0549 3668 sbp2port - ok 00:33:52.0612 3668 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 00:33:52.0612 3668 sdbus - ok 00:33:52.0627 3668 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 00:33:52.0643 3668 secdrv - ok 00:33:52.0752 3668 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys 00:33:52.0752 3668 seehcri - ok 00:33:52.0799 3668 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 00:33:52.0799 3668 Serenum - ok 00:33:52.0830 3668 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 00:33:52.0830 3668 Serial - ok 00:33:52.0846 3668 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 00:33:52.0846 3668 sermouse - ok 00:33:52.0955 3668 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 00:33:52.0955 3668 sffdisk - ok 00:33:52.0986 3668 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 00:33:52.0986 3668 sffp_mmc - ok 00:33:53.0048 3668 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 00:33:53.0048 3668 sffp_sd - ok 00:33:53.0189 3668 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 00:33:53.0189 3668 sfloppy - ok 00:33:53.0236 3668 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 00:33:53.0236 3668 sisagp - ok 00:33:53.0251 3668 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 00:33:53.0251 3668 SiSRaid2 - ok 00:33:53.0360 3668 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 00:33:53.0376 3668 SiSRaid4 - ok 00:33:53.0423 3668 Smb (9bb8b6fc6c3b2992364f9a83a96b04c6) C:\Windows\system32\DRIVERS\smb.sys 00:33:53.0423 3668 Suspicious file (Forged): C:\Windows\system32\DRIVERS\smb.sys. Real md5: 9bb8b6fc6c3b2992364f9a83a96b04c6, Fake md5: 6bf5b3adacb423ea76ecde82ab0c2805 00:33:53.0423 3668 Smb ( Rootkit.Win32.ZAccess.e ) - infected 00:33:53.0423 3668 Smb - detected Rootkit.Win32.ZAccess.e (0) 00:33:53.0594 3668 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 00:33:53.0594 3668 spldr - ok 00:33:53.0735 3668 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 00:33:53.0735 3668 srv - ok 00:33:53.0797 3668 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 00:33:53.0797 3668 srv2 - ok 00:33:53.0891 3668 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 00:33:53.0906 3668 srvnet - ok 00:33:53.0969 3668 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys 00:33:53.0969 3668 STHDA - ok 00:33:54.0062 3668 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 00:33:54.0062 3668 swenum - ok 00:33:54.0125 3668 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 00:33:54.0125 3668 Symc8xx - ok 00:33:54.0250 3668 SymIM - ok 00:33:54.0296 3668 SymIMMP - ok 00:33:54.0889 3668 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 00:33:54.0889 3668 Sym_hi - ok 00:33:55.0076 3668 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 00:33:55.0076 3668 Sym_u3 - ok 00:33:55.0295 3668 tap0901 (66cbe7e7ef1b23c71f9402285878b284) C:\Windows\system32\DRIVERS\tap0901.sys 00:33:55.0295 3668 tap0901 - ok 00:33:55.0576 3668 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys 00:33:55.0591 3668 Tcpip - ok 00:33:55.0856 3668 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys 00:33:55.0872 3668 Tcpip6 - ok 00:33:56.0090 3668 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys 00:33:56.0090 3668 tcpipreg - ok 00:33:56.0246 3668 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 00:33:56.0246 3668 TDPIPE - ok 00:33:56.0309 3668 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 00:33:56.0309 3668 TDTCP - ok 00:33:56.0418 3668 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 00:33:56.0418 3668 tdx - ok 00:33:56.0527 3668 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 00:33:56.0527 3668 TermDD - ok 00:33:56.0730 3668 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\Windows\system32\DRIVERS\tosporte.sys 00:33:56.0730 3668 tosporte - ok 00:33:56.0917 3668 tosrfbd (266df087a8c24da34ff40cf3df86ccfb) C:\Windows\system32\DRIVERS\tosrfbd.sys 00:33:56.0917 3668 tosrfbd - ok 00:33:56.0964 3668 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\Windows\system32\Drivers\tosrfbnp.sys 00:33:56.0964 3668 tosrfbnp - ok 00:33:57.0120 3668 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\Drivers\tosrfcom.sys 00:33:57.0120 3668 Tosrfcom - ok 00:33:57.0151 3668 Tosrfhid (7c807ba9660e2995cc0217a14a24094c) C:\Windows\system32\DRIVERS\Tosrfhid.sys 00:33:57.0151 3668 Tosrfhid - ok 00:33:57.0214 3668 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys 00:33:57.0214 3668 tosrfnds - ok 00:33:57.0432 3668 TosRfSnd (a4ce9572bc4ac8d329455059b43c5bea) C:\Windows\system32\drivers\tosrfsnd.sys 00:33:57.0432 3668 TosRfSnd - ok 00:33:57.0650 3668 Tosrfusb (602818649c84eb774d6971da65f79cc8) C:\Windows\system32\DRIVERS\tosrfusb.sys 00:33:57.0666 3668 Tosrfusb - ok 00:33:57.0806 3668 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 00:33:57.0806 3668 tssecsrv - ok 00:33:57.0947 3668 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 00:33:57.0947 3668 tunmp - ok 00:33:58.0009 3668 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 00:33:58.0009 3668 tunnel - ok 00:33:58.0150 3668 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 00:33:58.0150 3668 uagp35 - ok 00:33:58.0228 3668 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 00:33:58.0228 3668 udfs - ok 00:33:58.0399 3668 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 00:33:58.0399 3668 uliagpkx - ok 00:33:58.0586 3668 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 00:33:58.0586 3668 uliahci - ok 00:33:58.0649 3668 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 00:33:58.0649 3668 UlSata - ok 00:33:59.0132 3668 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 00:33:59.0132 3668 ulsata2 - ok 00:33:59.0429 3668 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 00:33:59.0429 3668 umbus - ok 00:33:59.0585 3668 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 00:33:59.0600 3668 usbccgp - ok 00:33:59.0959 3668 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 00:33:59.0959 3668 usbcir - ok 00:34:00.0131 3668 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 00:34:00.0131 3668 usbehci - ok 00:34:00.0178 3668 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 00:34:00.0193 3668 usbhub - ok 00:34:00.0334 3668 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 00:34:00.0334 3668 usbohci - ok 00:34:00.0443 3668 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 00:34:00.0443 3668 usbprint - ok 00:34:00.0521 3668 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 00:34:00.0521 3668 USBSTOR - ok 00:34:00.0583 3668 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 00:34:00.0583 3668 usbuhci - ok 00:34:00.0724 3668 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 00:34:00.0724 3668 vga - ok 00:34:00.0755 3668 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 00:34:00.0755 3668 VgaSave - ok 00:34:00.0786 3668 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 00:34:00.0786 3668 viaagp - ok 00:34:00.0833 3668 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 00:34:00.0833 3668 ViaC7 - ok 00:34:00.0880 3668 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 00:34:00.0880 3668 viaide - ok 00:34:00.0973 3668 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 00:34:00.0973 3668 volmgr - ok 00:34:01.0051 3668 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 00:34:01.0051 3668 volmgrx - ok 00:34:01.0207 3668 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 00:34:01.0207 3668 volsnap - ok 00:34:01.0270 3668 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 00:34:01.0270 3668 vsmraid - ok 00:34:01.0379 3668 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 00:34:01.0379 3668 WacomPen - ok 00:34:01.0410 3668 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 00:34:01.0410 3668 Wanarp - ok 00:34:01.0457 3668 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 00:34:01.0457 3668 Wanarpv6 - ok 00:34:01.0566 3668 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 00:34:01.0582 3668 Wd - ok 00:34:01.0628 3668 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 00:34:01.0644 3668 Wdf01000 - ok 00:34:01.0722 3668 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 00:34:01.0738 3668 winachsf - ok 00:34:01.0847 3668 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 00:34:01.0847 3668 WmiAcpi - ok 00:34:01.0940 3668 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys 00:34:01.0940 3668 WpdUsb - ok 00:34:02.0034 3668 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 00:34:02.0034 3668 ws2ifsl - ok 00:34:02.0096 3668 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 00:34:02.0096 3668 WUDFRd - ok 00:34:02.0237 3668 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys 00:34:02.0237 3668 XAudio - ok 00:34:02.0268 3668 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys 00:34:02.0268 3668 yukonwlh - ok 00:34:02.0330 3668 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0 00:34:02.0346 3668 \Device\Harddisk0\DR0 - ok 00:34:02.0346 3668 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 00:34:03.0095 3668 \Device\Harddisk1\DR1 - ok 00:34:03.0157 3668 Boot (0x1200) (1c87bb41b794aa77b498067de1159056) \Device\Harddisk0\DR0\Partition0 00:34:03.0157 3668 \Device\Harddisk0\DR0\Partition0 - ok 00:34:03.0157 3668 Boot (0x1200) (6eb823f88d298c188019456d43267234) \Device\Harddisk0\DR0\Partition1 00:34:03.0157 3668 \Device\Harddisk0\DR0\Partition1 - ok 00:34:03.0157 3668 Boot (0x1200) (e69a4a01f8d22cafabd0fd4590efa75c) \Device\Harddisk1\DR1\Partition0 00:34:03.0157 3668 \Device\Harddisk1\DR1\Partition0 - ok 00:34:03.0173 3668 ============================================================ 00:34:03.0173 3668 Scan finished 00:34:03.0173 3668 ============================================================ 00:34:03.0173 0796 Detected object count: 2 00:34:03.0173 0796 Actual detected object count: 2 00:34:13.0297 0796 HKLM\SYSTEM\ControlSet001\services\c1392a4f - will be deleted on reboot 00:34:13.0360 0796 HKLM\SYSTEM\ControlSet003\services\c1392a4f - will be deleted on reboot 00:34:13.0422 0796 C:\Windows\1328167361:1053218224.exe - will be deleted on reboot 00:34:13.0422 0796 c1392a4f ( Rootkit.Win32.PMax.gen ) - User select action: Delete 00:34:13.0547 0796 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\smb.sys) error 1813 00:34:13.0968 0796 Backup copy found, using it.. 00:34:13.0984 0796 C:\Windows\system32\DRIVERS\smb.sys - will be cured on reboot 00:34:13.0984 0796 Smb ( Rootkit.Win32.ZAccess.e ) - User select action: Cure 00:34:15.0310 1020 Deinitialize success TDSSKiller.2.6.14.0_01.11.2011_00.33.33_log.txt
  5. sabusik
    A few days ago a file C:\Windows\1328167361:1053218224.exe showed up in my task manager list of processes. I can't get rid of it, nothing will kill it. Google searches started being redirected. Microsoft Security Essentials became disabled and nothing can bring it back to life, it gives some kind of an error. Eset Online Scanner always finds some kind of Win32/Patched.HN trojan -- usually always attached to a different file. I downloaded full version of Eset - it became disabled immediately. I downloaded Malwarebytes - I couldn't run it... it started and was closed immediately. Windows Defender flags the C:\Windows\1328167361:1053218224.exe file as Trojan:Win32/Sirefef.O but it fails to remove it. All of these antispyware/antimalware/antivirus programs - once they get disabled - you can't even try running them again - they will give an error: "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item." I tried to remove the antivirus programs (but I think even the removal process had problems as the virus attached itself into some of their files). I downloaded TDSSKiller and it finds two infected files - one has the option to cure the other to delete. After reboot the files are there again - so TDSSKiller on its own can't seem to get rid of these files. Here's the screenshot: I ran the DDS. I'm attaching the log files. Let me say right away that I do understand the risks, I have changed my passwords on a clean machine, I backed up my essentials and I DO WANT TO PROCEED with cleaning and removal. DDS.txt Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.