Sujet Précédent Sujet Suivant

VIRUS sur mon PC TR/SPY.WEB.H'

Résolu/Fermé
phk30 Messages postés 1030 Date d'inscription dimanche 3 avril 2005 Statut Membre Dernière intervention 25 mars 2018 - 8 nov. 2011 à 17:46
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 16 nov. 2011 à 08:47
Bonjour,
suite ouverte email piece jointe, impossible supprimer ce virus "TR/SPY.WEB.H' "un logicel c'est installé "system restore" et a fait son action le bureau et les programme on disparu votre aide me serait d'une grande utilité, je repond avec mon autre pc svp merci à bientot.


A voir également:

68 réponses

Réponse 1 / 68
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
8 nov. 2011 à 17:50
slt

colle un rapport avec roguekiller option 2
0
Réponse 2 / 68
phk30 Messages postés 1030 Date d'inscription dimanche 3 avril 2005 Statut Membre Dernière intervention 25 mars 2018 75
8 nov. 2011 à 18:08
bonjour et merci pour la rapidité option 2 soit Suppression ? en vous remerciant
0
Réponse 3 / 68
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
8 nov. 2011 à 18:21
oui
0
Réponse 4 / 68
phk30 Messages postés 1030 Date d'inscription dimanche 3 avril 2005 Statut Membre Dernière intervention 25 mars 2018 75
8 nov. 2011 à 18:31
il a fallu jongler car il n'y a plus rien sur demarer et programme !
mais le fond d'ecran est revenu car il etait noir. merci
RogueKiller V6.1.7 [05/11/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: LOT [Droits d'admin]
Mode: Suppression -- Date : 08/11/2011 18:22:37

¤¤¤ Processus malicieux: 2 ¤¤¤
[SVCHOST] svchost.exe -- C:\WINDOWS\system32\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\WINDOWS\system32\svchost.exe -> KILLED [TermProc]

¤¤¤ Entrees de registre: 6 ¤¤¤
[HJ NAME] HKCU\[...]\Run : Avira (C:\Documents and Settings\LOT\Application Data\smss.exe) -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> DELETED
[HJPOL] HKCU\[...]\Explorer : NoDesktop (1) -> DELETED
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Documents and Settings\LOT\Application Data\Mozilla\Firefox\Fond d'écran.bmp)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost


Termine : << RKreport[1].txt >>
RKreport[1].txt
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 68
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
8 nov. 2011 à 18:35
ok


1/ télécharge malwarebyte antimalware, mets le à jour et colle un rapport d'analyse rapide avec


2/puis

dis nous
quels sont tes problèmes actuels


3/ puis



Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html


(outil de diagnostic)

Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )

Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )

Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.

Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.

Rend toi sur Cjoint : http://www.cijoint.fr/

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message

ou sinon pour transmettre ton rapport:
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer les rapports.
Donnes le liens pjjoint ici ensuite pour pouvoir être consultés.
0
Réponse 6 / 68
phk30 Messages postés 1030 Date d'inscription dimanche 3 avril 2005 Statut Membre Dernière intervention 25 mars 2018 75
8 nov. 2011 à 18:52
je dois faire supprimer la selection dans Malwarebytes

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 8115

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08/11/2011 18:49:03
mbam-log-2011-11-08 (18-48-51).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 147714
Temps écoulé: 4 minute(s), 6 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\LOT\local settings\Temp\A.tmp (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\LOT\local settings\Temp\realtek_ac97.exe (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\LOT\application data\smss.exe (Trojan.Delf) -> No action taken.
c:\documents and settings\LOT\menu démarrer\programmes\démarrage\dxdiag.exe (Trojan.Downloader) -> No action taken.
0
Réponse 7 / 68
phk30 Messages postés 1030 Date d'inscription dimanche 3 avril 2005 Statut Membre Dernière intervention 25 mars 2018 75
8 nov. 2011 à 19:13
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 8115

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08/11/2011 19:12:00
mbam-log-2011-11-08 (19-12-00).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 147683
Temps écoulé: 3 minute(s), 45 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\LOT\local settings\Temp\A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\LOT\local settings\Temp\realtek_ac97.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\LOT\application data\smss.exe (Trojan.Delf) -> Quarantined and deleted successfully.
0
Réponse 8 / 68
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
8 nov. 2011 à 19:22
ok fais la suite


a plus
0
Réponse 9 / 68
phk30 Messages postés 1030 Date d'inscription dimanche 3 avril 2005 Statut Membre Dernière intervention 25 mars 2018 75
8 nov. 2011 à 21:02
zhp diag bloque a 80% meme en sans echec ?
0
Réponse 10 / 68
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
8 nov. 2011 à 22:05
la question 2 ? Sinon zhpdiag bloque sur quoi ? Un message d erreur ?
0
Réponse 11 / 68
phk30 Messages postés 1030 Date d'inscription dimanche 3 avril 2005 Statut Membre Dernière intervention 25 mars 2018 75
8 nov. 2011 à 22:14
il bloque lors du scan
0
Réponse 12 / 68
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
9 nov. 2011 à 08:51
la reponse à la question 2??????????????????????????
0
Réponse 13 / 68
phk30 Messages postés 1030 Date d'inscription dimanche 3 avril 2005 Statut Membre Dernière intervention 25 mars 2018 75
9 nov. 2011 à 15:51
bonjour il n'y a plus de programme dans le menu demarer merci a bientot
0
Réponse 14 / 68
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
9 nov. 2011 à 15:57
télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 15 / 68
phk30 Messages postés 1030 Date d'inscription dimanche 3 avril 2005 Statut Membre Dernière intervention 25 mars 2018 75
9 nov. 2011 à 17:10
bonjour combofix bloque svp merci
0
Réponse 16 / 68
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
9 nov. 2011 à 17:15
colle un rapport avec tdsskiller

Téléchargez TDSSKiller sur votre bureau

https://support.kaspersky.com/downloads/utils/tdsskiller.zip
Créez un nouveau dossier sur votre bureau puis décompressez l'archive dedans
Lancez le programme en cliquant sur TDSSKiller.exe, l'analyse se fait automatiquement, si l'infection est détectée, des éléments cachés (= hidden) seront alors affichés.

Cochez les et cliquez sur "Delete/Repair Selected".
Un message peut ensuite apparaitre demandant de redémarrer le pc (reboot)pour finir le nettoyage. taper "Y" pour redémarrer le PC ("close all programs and choose Y to restart").


Informations complémentaires sur cet outil :
https://support.kaspersky.com/5350
0
Réponse 17 / 68
phk30 Messages postés 1030 Date d'inscription dimanche 3 avril 2005 Statut Membre Dernière intervention 25 mars 2018 75
9 nov. 2011 à 17:45
a savoir que je ne peut pas aller sur le net avec ce pc, j'ai du renommer tdskiller pour l'installer et n'ai pas pu le mettre dans un dossier sur le bureau, j'essaye de demarer le scan.
0
Réponse 18 / 68
phk30 Messages postés 1030 Date d'inscription dimanche 3 avril 2005 Statut Membre Dernière intervention 25 mars 2018 75
9 nov. 2011 à 17:54
17:43:44.0812 3528 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
17:43:45.0218 3528 ============================================================
17:43:45.0218 3528 Current date / time: 2011/11/09 17:43:45.0218
17:43:45.0218 3528 SystemInfo:
17:43:45.0218 3528
17:43:45.0218 3528 OS Version: 5.1.2600 ServicePack: 3.0
17:43:45.0218 3528 Product type: Workstation
17:43:45.0218 3528 ComputerName: LOT-83FA1B7908C
17:43:45.0218 3528 UserName: LOT
17:43:45.0218 3528 Windows directory: C:\WINDOWS
17:43:45.0218 3528 System windows directory: C:\WINDOWS
17:43:45.0218 3528 Processor architecture: Intel x86
17:43:45.0218 3528 Number of processors: 2
17:43:45.0218 3528 Page size: 0x1000
17:43:45.0218 3528 Boot type: Normal boot
17:43:45.0218 3528 ============================================================
17:43:47.0156 3528 Initialize success
17:45:57.0968 3696 ============================================================
17:45:57.0968 3696 Scan started
17:45:57.0968 3696 Mode: Manual;
17:45:57.0968 3696 ============================================================
17:45:58.0187 3696 Abiosdsk - ok
17:45:58.0203 3696 abp480n5 - ok
17:45:58.0265 3696 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:45:58.0265 3696 ACPI - ok
17:45:58.0312 3696 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:45:58.0312 3696 ACPIEC - ok
17:45:58.0312 3696 adpu160m - ok
17:45:58.0375 3696 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:45:58.0375 3696 aec - ok
17:45:58.0421 3696 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:45:58.0421 3696 AFD - ok
17:45:58.0421 3696 Aha154x - ok
17:45:58.0437 3696 aic78u2 - ok
17:45:58.0468 3696 aic78xx - ok
17:45:58.0500 3696 AliIde - ok
17:45:58.0515 3696 amsint - ok
17:45:58.0546 3696 asc - ok
17:45:58.0562 3696 asc3350p - ok
17:45:58.0578 3696 asc3550 - ok
17:45:58.0625 3696 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:45:58.0625 3696 AsyncMac - ok
17:45:58.0656 3696 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:45:58.0671 3696 atapi - ok
17:45:58.0671 3696 Atdisk - ok
17:45:58.0703 3696 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:45:58.0703 3696 Atmarpc - ok
17:45:58.0750 3696 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:45:58.0750 3696 audstub - ok
17:45:58.0812 3696 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
17:45:58.0812 3696 avgio - ok
17:45:58.0828 3696 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:45:58.0843 3696 avgntflt - ok
17:45:58.0859 3696 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:45:58.0859 3696 avipbb - ok
17:45:58.0906 3696 b57w2k (e5359a62ef537c4c25e364029272b439) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:45:58.0906 3696 b57w2k - ok
17:45:58.0953 3696 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:45:58.0953 3696 Beep - ok
17:45:59.0000 3696 catchme - ok
17:45:59.0031 3696 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:45:59.0031 3696 cbidf2k - ok
17:45:59.0046 3696 cd20xrnt - ok
17:45:59.0078 3696 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:45:59.0078 3696 Cdaudio - ok
17:45:59.0125 3696 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:45:59.0125 3696 Cdfs - ok
17:45:59.0156 3696 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:45:59.0156 3696 Cdrom - ok
17:45:59.0171 3696 Changer - ok
17:45:59.0187 3696 CmdIde - ok
17:45:59.0234 3696 Cpqarray - ok
17:45:59.0250 3696 dac2w2k - ok
17:45:59.0265 3696 dac960nt - ok
17:45:59.0296 3696 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:45:59.0296 3696 Disk - ok
17:45:59.0343 3696 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
17:45:59.0359 3696 dmboot - ok
17:45:59.0375 3696 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
17:45:59.0375 3696 dmio - ok
17:45:59.0406 3696 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:45:59.0406 3696 dmload - ok
17:45:59.0437 3696 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:45:59.0437 3696 DMusic - ok
17:45:59.0484 3696 dpti2o - ok
17:45:59.0500 3696 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:45:59.0515 3696 drmkaud - ok
17:45:59.0562 3696 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:45:59.0578 3696 Fastfat - ok
17:45:59.0609 3696 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:45:59.0609 3696 Fdc - ok
17:45:59.0625 3696 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
17:45:59.0625 3696 Fips - ok
17:45:59.0640 3696 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:45:59.0656 3696 Flpydisk - ok
17:45:59.0671 3696 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:45:59.0671 3696 FltMgr - ok
17:45:59.0703 3696 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:45:59.0703 3696 Fs_Rec - ok
17:45:59.0718 3696 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:45:59.0734 3696 Ftdisk - ok
17:45:59.0750 3696 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:45:59.0750 3696 Gpc - ok
17:45:59.0796 3696 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:45:59.0796 3696 hidusb - ok
17:45:59.0828 3696 hpn - ok
17:45:59.0875 3696 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:45:59.0875 3696 HTTP - ok
17:45:59.0906 3696 i2omgmt - ok
17:45:59.0921 3696 i2omp - ok
17:45:59.0937 3696 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:45:59.0937 3696 i8042prt - ok
17:45:59.0953 3696 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:45:59.0953 3696 Imapi - ok
17:45:59.0984 3696 ini910u - ok
17:46:00.0015 3696 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:46:00.0015 3696 IntelIde - ok
17:46:00.0031 3696 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:46:00.0031 3696 intelppm - ok
17:46:00.0062 3696 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:46:00.0062 3696 Ip6Fw - ok
17:46:00.0093 3696 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:46:00.0093 3696 IpFilterDriver - ok
17:46:00.0125 3696 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:46:00.0125 3696 IpInIp - ok
17:46:00.0156 3696 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:46:00.0171 3696 IpNat - ok
17:46:00.0187 3696 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:46:00.0187 3696 IPSec - ok
17:46:00.0218 3696 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:46:00.0218 3696 IRENUM - ok
17:46:00.0250 3696 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:46:00.0250 3696 isapnp - ok
17:46:00.0281 3696 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:46:00.0281 3696 Kbdclass - ok
17:46:00.0296 3696 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:46:00.0296 3696 kbdhid - ok
17:46:00.0343 3696 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:46:00.0343 3696 kmixer - ok
17:46:00.0390 3696 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:46:00.0390 3696 KSecDD - ok
17:46:00.0406 3696 lbrtfdc - ok
17:46:00.0468 3696 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:46:00.0468 3696 mnmdd - ok
17:46:00.0515 3696 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
17:46:00.0515 3696 Modem - ok
17:46:00.0531 3696 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:46:00.0546 3696 Mouclass - ok
17:46:00.0578 3696 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:46:00.0578 3696 mouhid - ok
17:46:00.0625 3696 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:46:00.0625 3696 MountMgr - ok
17:46:00.0656 3696 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:46:00.0656 3696 MpFilter - ok
17:46:00.0671 3696 MpKsl38b85a81 - ok
17:46:00.0687 3696 MpKsle886dbd9 - ok
17:46:00.0703 3696 mraid35x - ok
17:46:00.0734 3696 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:46:00.0750 3696 MRxDAV - ok
17:46:00.0796 3696 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:46:00.0796 3696 MRxSmb - ok
17:46:00.0828 3696 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:46:00.0828 3696 Msfs - ok
17:46:00.0859 3696 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:46:00.0859 3696 MSKSSRV - ok
17:46:00.0890 3696 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:46:00.0890 3696 MSPCLOCK - ok
17:46:00.0921 3696 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:46:00.0921 3696 MSPQM - ok
17:46:00.0953 3696 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:46:00.0953 3696 mssmbios - ok
17:46:01.0000 3696 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:46:01.0000 3696 Mup - ok
17:46:01.0031 3696 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:46:01.0031 3696 NDIS - ok
17:46:01.0078 3696 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:46:01.0078 3696 NdisTapi - ok
17:46:01.0109 3696 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:46:01.0109 3696 Ndisuio - ok
17:46:01.0125 3696 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:46:01.0140 3696 NdisWan - ok
17:46:01.0171 3696 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:46:01.0171 3696 NDProxy - ok
17:46:01.0218 3696 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:46:01.0218 3696 NetBIOS - ok
17:46:01.0250 3696 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:46:01.0250 3696 NetBT - ok
17:46:01.0296 3696 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:46:01.0296 3696 Npfs - ok
17:46:01.0312 3696 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:46:01.0328 3696 Ntfs - ok
17:46:01.0359 3696 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:46:01.0359 3696 Null - ok
17:46:01.0406 3696 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:46:01.0406 3696 NwlnkFlt - ok
17:46:01.0437 3696 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:46:01.0437 3696 NwlnkFwd - ok
17:46:01.0468 3696 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
17:46:01.0468 3696 Parport - ok
17:46:01.0484 3696 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:46:01.0484 3696 PartMgr - ok
17:46:01.0515 3696 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
17:46:01.0515 3696 ParVdm - ok
17:46:01.0531 3696 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
17:46:01.0531 3696 PCI - ok
17:46:01.0546 3696 PCIDump - ok
17:46:01.0578 3696 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\drivers\PCIIde.sys
17:46:01.0578 3696 PCIIde - ok
17:46:01.0609 3696 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:46:01.0609 3696 Pcmcia - ok
17:46:01.0625 3696 PDCOMP - ok
17:46:01.0640 3696 PDFRAME - ok
17:46:01.0656 3696 PDRELI - ok
17:46:01.0671 3696 PDRFRAME - ok
17:46:01.0687 3696 perc2 - ok
17:46:01.0718 3696 perc2hib - ok
17:46:01.0781 3696 portio (a15f8012b1bb59f5c5abf1aa1158cd43) C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
17:46:01.0781 3696 portio - ok
17:46:01.0796 3696 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:46:01.0796 3696 PptpMiniport - ok
17:46:01.0828 3696 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:46:01.0843 3696 PSched - ok
17:46:01.0843 3696 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:46:01.0843 3696 Ptilink - ok
17:46:01.0859 3696 ql1080 - ok
17:46:01.0875 3696 Ql10wnt - ok
17:46:01.0906 3696 ql12160 - ok
17:46:01.0921 3696 ql1240 - ok
17:46:01.0937 3696 ql1280 - ok
17:46:01.0968 3696 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:46:01.0968 3696 RasAcd - ok
17:46:01.0984 3696 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:46:01.0984 3696 Rasl2tp - ok
17:46:02.0000 3696 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:46:02.0015 3696 RasPppoe - ok
17:46:02.0031 3696 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:46:02.0031 3696 Raspti - ok
17:46:02.0062 3696 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:46:02.0062 3696 Rdbss - ok
17:46:02.0078 3696 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:46:02.0078 3696 RDPCDD - ok
17:46:02.0125 3696 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:46:02.0125 3696 rdpdr - ok
17:46:02.0171 3696 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:46:02.0171 3696 RDPWD - ok
17:46:02.0187 3696 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:46:02.0187 3696 redbook - ok
17:46:02.0265 3696 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:46:02.0265 3696 Secdrv - ok
17:46:02.0296 3696 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:46:02.0296 3696 serenum - ok
17:46:02.0312 3696 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
17:46:02.0328 3696 Serial - ok
17:46:02.0343 3696 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:46:02.0343 3696 Sfloppy - ok
17:46:02.0375 3696 Simbad - ok
17:46:02.0390 3696 Sparrow - ok
17:46:02.0437 3696 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:46:02.0437 3696 splitter - ok
17:46:02.0468 3696 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
17:46:02.0468 3696 sr - ok
17:46:02.0500 3696 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:46:02.0515 3696 Srv - ok
17:46:02.0562 3696 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:46:02.0562 3696 ssmdrv - ok
17:46:02.0578 3696 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:46:02.0593 3696 swenum - ok
17:46:02.0625 3696 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:46:02.0625 3696 swmidi - ok
17:46:02.0656 3696 symc810 - ok
17:46:02.0671 3696 symc8xx - ok
17:46:02.0687 3696 sym_hi - ok
17:46:02.0718 3696 sym_u3 - ok
17:46:02.0750 3696 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:46:02.0750 3696 sysaudio - ok
17:46:02.0796 3696 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:46:02.0812 3696 Tcpip - ok
17:46:02.0828 3696 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:46:02.0828 3696 TDPIPE - ok
17:46:02.0859 3696 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:46:02.0859 3696 TDTCP - ok
17:46:02.0875 3696 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:46:02.0875 3696 TermDD - ok
17:46:02.0906 3696 TosIde - ok
17:46:02.0953 3696 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
17:46:02.0953 3696 TrueSight - ok
17:46:02.0984 3696 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:46:02.0984 3696 Udfs - ok
17:46:03.0000 3696 ultra - ok
17:46:03.0031 3696 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:46:03.0031 3696 Update - ok
17:46:03.0078 3696 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:46:03.0078 3696 usbccgp - ok
17:46:03.0109 3696 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:46:03.0109 3696 usbehci - ok
17:46:03.0125 3696 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:46:03.0125 3696 usbhub - ok
17:46:03.0140 3696 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:46:03.0156 3696 usbprint - ok
17:46:03.0187 3696 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:46:03.0187 3696 usbscan - ok
17:46:03.0203 3696 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:46:03.0218 3696 USBSTOR - ok
17:46:03.0250 3696 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:46:03.0250 3696 usbuhci - ok
17:46:03.0265 3696 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:46:03.0265 3696 VgaSave - ok
17:46:03.0281 3696 ViaIde - ok
17:46:03.0312 3696 VIAudio (a1abff7b96be4cbe5e902feffb9125d9) C:\WINDOWS\system32\drivers\vinyl97.sys
17:46:03.0312 3696 VIAudio - ok
17:46:03.0343 3696 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
17:46:03.0343 3696 VolSnap - ok
17:46:03.0375 3696 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:46:03.0375 3696 Wanarp - ok
17:46:03.0390 3696 WDICA - ok
17:46:03.0421 3696 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:46:03.0437 3696 wdmaud - ok
17:46:03.0531 3696 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
17:46:03.0562 3696 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
17:46:03.0562 3696 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
17:46:03.0562 3696 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR7
17:46:03.0578 3696 \Device\Harddisk1\DR7 - ok
17:46:03.0593 3696 Boot (0x1200) (d640f73791db65822a16787491ea1e25) \Device\Harddisk0\DR0\Partition0
17:46:03.0593 3696 \Device\Harddisk0\DR0\Partition0 - ok
17:46:03.0593 3696 Boot (0x1200) (9214d93cb64aef7c7078be35bb86a00a) \Device\Harddisk1\DR7\Partition0
17:46:03.0593 3696 \Device\Harddisk1\DR7\Partition0 - ok
17:46:03.0609 3696 ============================================================
17:46:03.0609 3696 Scan finished
17:46:03.0609 3696 ============================================================
17:46:03.0625 3632 Detected object count: 1
17:46:03.0625 3632 Actual detected object count: 1
17:47:09.0125 3632 \Device\Harddisk0\DR0 - copied to quarantine
17:47:09.0156 3632 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
17:47:09.0171 3632 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
17:47:09.0187 3632 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
17:47:09.0187 3632 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
17:47:09.0187 3632 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
17:47:09.0187 3632 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
17:47:09.0187 3632 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
17:47:09.0187 3632 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
17:47:09.0203 3632 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
17:47:09.0203 3632 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:47:09.0265 3632 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:47:09.0281 3632 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:47:09.0281 3632 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:47:09.0281 3632 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
17:47:09.0281 3632 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
17:47:09.0296 3632 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
17:47:09.0296 3632 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
17:47:09.0328 3632 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
17:47:09.0343 3632 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
17:47:09.0406 3632 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
17:47:09.0453 3632 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
17:47:09.0453 3632 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
17:47:09.0453 3632 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Quarantine
17:47:13.0406 0288 ============================================================
17:47:13.0406 0288 Scan started
17:47:13.0406 0288 Mode: Manual;
17:47:13.0406 0288 ============================================================
17:47:13.0734 0288 Abiosdsk - ok
17:47:13.0750 0288 abp480n5 - ok
17:47:13.0796 0288 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:47:13.0796 0288 ACPI - ok
17:47:13.0828 0288 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:47:13.0828 0288 ACPIEC - ok
17:47:13.0843 0288 adpu160m - ok
17:47:13.0875 0288 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:47:13.0890 0288 aec - ok
17:47:13.0937 0288 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:47:13.0937 0288 AFD - ok
17:47:13.0937 0288 Aha154x - ok
17:47:13.0968 0288 aic78u2 - ok
17:47:13.0984 0288 aic78xx - ok
17:47:14.0000 0288 AliIde - ok
17:47:14.0031 0288 amsint - ok
17:47:14.0062 0288 asc - ok
17:47:14.0078 0288 asc3350p - ok
17:47:14.0093 0288 asc3550 - ok
17:47:14.0125 0288 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:47:14.0125 0288 AsyncMac - ok
17:47:14.0156 0288 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:47:14.0156 0288 atapi - ok
17:47:14.0171 0288 Atdisk - ok
17:47:14.0187 0288 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:47:14.0203 0288 Atmarpc - ok
17:47:14.0234 0288 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:47:14.0250 0288 audstub - ok
17:47:14.0281 0288 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
17:47:14.0281 0288 avgio - ok
17:47:14.0296 0288 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:47:14.0296 0288 avgntflt - ok
17:47:14.0312 0288 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:47:14.0312 0288 avipbb - ok
17:47:14.0343 0288 b57w2k (e5359a62ef537c4c25e364029272b439) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:47:14.0343 0288 b57w2k - ok
17:47:14.0390 0288 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:47:14.0390 0288 Beep - ok
17:47:14.0453 0288 catchme - ok
17:47:14.0484 0288 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:47:14.0484 0288 cbidf2k - ok
17:47:14.0500 0288 cd20xrnt - ok
17:47:14.0531 0288 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:47:14.0546 0288 Cdaudio - ok
17:47:14.0578 0288 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:47:14.0578 0288 Cdfs - ok
17:47:14.0593 0288 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:47:14.0593 0288 Cdrom - ok
17:47:14.0609 0288 Changer - ok
17:47:14.0640 0288 CmdIde - ok
17:47:14.0671 0288 Cpqarray - ok
17:47:14.0687 0288 dac2w2k - ok
17:47:14.0718 0288 dac960nt - ok
17:47:14.0750 0288 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:47:14.0750 0288 Disk - ok
17:47:14.0796 0288 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
17:47:14.0812 0288 dmboot - ok
17:47:14.0828 0288 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
17:47:14.0843 0288 dmio - ok
17:47:14.0843 0288 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:47:14.0843 0288 dmload - ok
17:47:14.0890 0288 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:47:14.0890 0288 DMusic - ok
17:47:14.0921 0288 dpti2o - ok
17:47:14.0937 0288 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:47:14.0937 0288 drmkaud - ok
17:47:14.0984 0288 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:47:14.0984 0288 Fastfat - ok
17:47:15.0015 0288 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:47:15.0015 0288 Fdc - ok
17:47:15.0031 0288 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
17:47:15.0046 0288 Fips - ok
17:47:15.0062 0288 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:47:15.0062 0288 Flpydisk - ok
17:47:15.0109 0288 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:47:15.0109 0288 FltMgr - ok
17:47:15.0125 0288 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:47:15.0125 0288 Fs_Rec - ok
17:47:15.0156 0288 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:47:15.0156 0288 Ftdisk - ok
17:47:15.0171 0288 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:47:15.0171 0288 Gpc - ok
17:47:15.0218 0288 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:47:15.0218 0288 hidusb - ok
17:47:15.0234 0288 hpn - ok
17:47:15.0281 0288 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:47:15.0281 0288 HTTP - ok
17:47:15.0296 0288 i2omgmt - ok
17:47:15.0312 0288 i2omp - ok
17:47:15.0359 0288 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:47:15.0359 0288 i8042prt - ok
17:47:15.0375 0288 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:47:15.0375 0288 Imapi - ok
17:47:15.0390 0288 ini910u - ok
17:47:15.0421 0288 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:47:15.0421 0288 IntelIde - ok
17:47:15.0437 0288 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:47:15.0437 0288 intelppm - ok
17:47:15.0468 0288 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:47:15.0484 0288 Ip6Fw - ok
17:47:15.0515 0288 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:47:15.0515 0288 IpFilterDriver - ok
17:47:15.0531 0288 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:47:15.0531 0288 IpInIp - ok
17:47:15.0562 0288 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:47:15.0578 0288 IpNat - ok
17:47:15.0609 0288 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:47:15.0609 0288 IPSec - ok
17:47:15.0625 0288 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:47:15.0640 0288 IRENUM - ok
17:47:15.0671 0288 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:47:15.0671 0288 isapnp - ok
17:47:15.0687 0288 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:47:15.0703 0288 Kbdclass - ok
17:47:15.0718 0288 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:47:15.0718 0288 kbdhid - ok
17:47:15.0765 0288 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:47:15.0765 0288 kmixer - ok
17:47:15.0796 0288 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:47:15.0796 0288 KSecDD - ok
17:47:15.0828 0288 lbrtfdc - ok
17:47:15.0875 0288 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:47:15.0875 0288 mnmdd - ok
17:47:15.0921 0288 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
17:47:15.0921 0288 Modem - ok
17:47:15.0953 0288 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:47:15.0953 0288 Mouclass - ok
17:47:15.0984 0288 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:47:15.0984 0288 mouhid - ok
17:47:16.0015 0288 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:47:16.0015 0288 MountMgr - ok
17:47:16.0046 0288 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:47:16.0046 0288 MpFilter - ok
17:47:16.0093 0288 MpKsl38b85a81 - ok
17:47:16.0109 0288 MpKsle886dbd9 - ok
17:47:16.0125 0288 mraid35x - ok
17:47:16.0156 0288 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:47:16.0156 0288 MRxDAV - ok
17:47:16.0203 0288 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:47:16.0203 0288 MRxSmb - ok
17:47:16.0234 0288 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:47:16.0234 0288 Msfs - ok
17:47:16.0281 0288 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:47:16.0281 0288 MSKSSRV - ok
17:47:16.0312 0288 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:47:16.0312 0288 MSPCLOCK - ok
17:47:16.0343 0288 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:47:16.0343 0288 MSPQM - ok
17:47:16.0375 0288 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:47:16.0375 0288 mssmbios - ok
17:47:16.0421 0288 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:47:16.0421 0288 Mup - ok
17:47:16.0453 0288 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:47:16.0453 0288 NDIS - ok
17:47:16.0500 0288 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:47:16.0500 0288 NdisTapi - ok
17:47:16.0515 0288 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:47:16.0515 0288 Ndisuio - ok
17:47:16.0531 0288 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:47:16.0546 0288 NdisWan - ok
17:47:16.0578 0288 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:47:16.0578 0288 NDProxy - ok
17:47:16.0609 0288 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:47:16.0609 0288 NetBIOS - ok
17:47:16.0625 0288 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:47:16.0625 0288 NetBT - ok
17:47:16.0671 0288 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:47:16.0671 0288 Npfs - ok
17:47:16.0703 0288 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:47:16.0718 0288 Ntfs - ok
17:47:16.0734 0288 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:47:16.0734 0288 Null - ok
17:47:16.0781 0288 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:47:16.0781 0288 NwlnkFlt - ok
17:47:16.0796 0288 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:47:16.0796 0288 NwlnkFwd - ok
17:47:16.0828 0288 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
17:47:16.0828 0288 Parport - ok
17:47:16.0843 0288 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:47:16.0843 0288 PartMgr - ok
17:47:16.0875 0288 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
17:47:16.0875 0288 ParVdm - ok
17:47:16.0890 0288 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
17:47:16.0890 0288 PCI - ok
17:47:16.0906 0288 PCIDump - ok
17:47:16.0937 0288 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\drivers\PCIIde.sys
17:47:16.0937 0288 PCIIde - ok
17:47:16.0968 0288 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:47:16.0968 0288 Pcmcia - ok
17:47:16.0984 0288 PDCOMP - ok
17:47:17.0000 0288 PDFRAME - ok
17:47:17.0015 0288 PDRELI - ok
17:47:17.0031 0288 PDRFRAME - ok
17:47:17.0046 0288 perc2 - ok
17:47:17.0062 0288 perc2hib - ok
17:47:17.0156 0288 portio (a15f8012b1bb59f5c5abf1aa1158cd43) C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
17:47:17.0156 0288 portio - ok
17:47:17.0171 0288 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:47:17.0171 0288 PptpMiniport - ok
17:47:17.0187 0288 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:47:17.0187 0288 PSched - ok
17:47:17.0218 0288 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:47:17.0218 0288 Ptilink - ok
17:47:17.0234 0288 ql1080 - ok
17:47:17.0250 0288 Ql10wnt - ok
17:47:17.0265 0288 ql12160 - ok
17:47:17.0281 0288 ql1240 - ok
17:47:17.0296 0288 ql1280 - ok
17:47:17.0328 0288 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:47:17.0328 0288 RasAcd - ok
17:47:17.0343 0288 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:47:17.0343 0288 Rasl2tp - ok
17:47:17.0375 0288 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:47:17.0375 0288 RasPppoe - ok
17:47:17.0390 0288 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:47:17.0390 0288 Raspti - ok
17:47:17.0421 0288 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:47:17.0421 0288 Rdbss - ok
17:47:17.0437 0288 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:47:17.0437 0288 RDPCDD - ok
17:47:17.0468 0288 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:47:17.0484 0288 rdpdr - ok
17:47:17.0515 0288 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:47:17.0515 0288 RDPWD - ok
17:47:17.0531 0288 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:47:17.0531 0288 redbook - ok
17:47:17.0609 0288 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:47:17.0609 0288 Secdrv - ok
17:47:17.0656 0288 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:47:17.0656 0288 serenum - ok
17:47:17.0671 0288 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
17:47:17.0671 0288 Serial - ok
17:47:17.0687 0288 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:47:17.0687 0288 Sfloppy - ok
17:47:17.0718 0288 Simbad - ok
17:47:17.0734 0288 Sparrow - ok
17:47:17.0781 0288 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:47:17.0781 0288 splitter - ok
17:47:17.0796 0288 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
17:47:17.0796 0288 sr - ok
17:47:17.0859 0288 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:47:17.0859 0288 Srv - ok
17:47:17.0921 0288 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:47:17.0921 0288 ssmdrv - ok
17:47:17.0937 0288 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:47:17.0937 0288 swenum - ok
17:47:17.0984 0288 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:47:17.0984 0288 swmidi - ok
17:47:18.0000 0288 symc810 - ok
17:47:18.0015 0288 symc8xx - ok
17:47:18.0031 0288 sym_hi - ok
17:47:18.0046 0288 sym_u3 - ok
17:47:18.0078 0288 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:47:18.0078 0288 sysaudio - ok
17:47:18.0140 0288 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:47:18.0140 0288 Tcpip - ok
17:47:18.0187 0288 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:47:18.0187 0288 TDPIPE - ok
17:47:18.0203 0288 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:47:18.0203 0288 TDTCP - ok
17:47:18.0234 0288 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:47:18.0234 0288 TermDD - ok
17:47:18.0265 0288 TosIde - ok
17:47:18.0312 0288 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
17:47:18.0312 0288 TrueSight - ok
17:47:18.0343 0288 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:47:18.0343 0288 Udfs - ok
17:47:18.0359 0288 ultra - ok
17:47:18.0406 0288 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:47:18.0406 0288 Update - ok
17:47:18.0453 0288 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:47:18.0453 0288 usbccgp - ok
17:47:18.0484 0288 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:47:18.0484 0288 usbehci - ok
17:47:18.0500 0288 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:47:18.0500 0288 usbhub - ok
17:47:18.0531 0288 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:47:18.0546 0288 usbprint - ok
17:47:18.0593 0288 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:47:18.0593 0288 usbscan - ok
17:47:18.0625 0288 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:47:18.0625 0288 USBSTOR - ok
17:47:18.0656 0288 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:47:18.0656 0288 usbuhci - ok
17:47:18.0687 0288 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:47:18.0687 0288 VgaSave - ok
17:47:18.0687 0288 ViaIde - ok
17:47:18.0718 0288 VIAudio (a1abff7b96be4cbe5e902feffb9125d9) C:\WINDOWS\system32\drivers\vinyl97.sys
17:47:18.0718 0288 VIAudio - ok
17:47:18.0734 0288 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
17:47:18.0734 0288 VolSnap - ok
17:47:18.0796 0288 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:47:18.0796 0288 Wanarp - ok
17:47:18.0812 0288 WDICA - ok
17:47:18.0843 0288 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:47:18.0843 0288 wdmaud - ok
17:47:18.0937 0288 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
17:47:18.0953 0288 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
17:47:18.0953 0288 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
17:47:18.0968 0288 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR7
17:47:18.0968 0288 \Device\Harddisk1\DR7 - ok
17:47:18.0984 0288 Boot (0x1200) (d640f73791db65822a16787491ea1e25) \Device\Harddisk0\DR0\Partition0
17:47:18.0984 0288 \Device\Harddisk0\DR0\Partition0 - ok
17:47:18.0984 0288 Boot (0x1200) (9214d93cb64aef7c7078be35bb86a00a) \Device\Harddisk1\DR7\Partition0
17:47:19.0000 0288 \Device\Harddisk1\DR7\Partition0 - ok
17:47:19.0000 0288 ============================================================
17:47:19.0000 0288 Scan finished
17:47:19.0000 0288 ============================================================
17:47:19.0015 3760 Detected object count: 1
17:47:19.0015 3760 Actual detected object count: 1
17:47:30.0000 3760 \Device\Harddisk0\DR0 - copied to quarantine
17:47:30.0031 3760 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
17:47:30.0031 3760 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
17:47:30.0078 3760 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
17:47:30.0093 3760 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
17:47:30.0093 3760 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
17:47:30.0109 3760 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
17:47:30.0109 3760 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
17:47:30.0109 3760 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
17:47:30.0109 3760 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
17:47:30.0109 3760 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:47:30.0140 3760 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:47:30.0156 3760 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:47:30.0187 3760 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:47:30.0187 3760 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
17:47:30.0187 3760 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
17:47:30.0203 3760 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
17:47:30.0203 3760 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
17:47:30.0234 3760 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
17:47:30.0250 3760 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
17:47:30.0265 3760 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
17:47:30.0281 3760 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
17:47:30.0359 3760 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
17:47:30.0359 3760 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Quarantine
17:50:18.0078 3512 Deinitialize success
0
Réponse 19 / 68
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
9 nov. 2011 à 17:57
remets un rapport tdsskiller

puis colle un rapport avec zhpdiag si cela remarche
0
Réponse 20 / 68
phk30 Messages postés 1030 Date d'inscription dimanche 3 avril 2005 Statut Membre Dernière intervention 25 mars 2018 75
9 nov. 2011 à 18:00
j'ai fait apres ce rapport un nouveau scan et selectionner cure et fait un reboot voici le rapport
17:56:55.0859 1048 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
17:56:56.0265 1048 ============================================================
17:56:56.0265 1048 Current date / time: 2011/11/09 17:56:56.0265
17:56:56.0265 1048 SystemInfo:
17:56:56.0265 1048
17:56:56.0265 1048 OS Version: 5.1.2600 ServicePack: 3.0
17:56:56.0265 1048 Product type: Workstation
17:56:56.0265 1048 ComputerName: LOT-83FA1B7908C
17:56:56.0265 1048 UserName: LOT
17:56:56.0265 1048 Windows directory: C:\WINDOWS
17:56:56.0265 1048 System windows directory: C:\WINDOWS
17:56:56.0265 1048 Processor architecture: Intel x86
17:56:56.0265 1048 Number of processors: 2
17:56:56.0265 1048 Page size: 0x1000
17:56:56.0265 1048 Boot type: Normal boot
17:56:56.0265 1048 ============================================================
17:56:57.0125 1048 Initialize success
17:56:59.0515 2620 ============================================================
17:56:59.0515 2620 Scan started
17:56:59.0515 2620 Mode: Manual;
17:56:59.0515 2620 ============================================================
17:57:00.0187 2620 Abiosdsk - ok
17:57:00.0203 2620 abp480n5 - ok
17:57:00.0234 2620 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:57:00.0250 2620 ACPI - ok
17:57:00.0265 2620 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:57:00.0265 2620 ACPIEC - ok
17:57:00.0281 2620 adpu160m - ok
17:57:00.0328 2620 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:57:00.0328 2620 aec - ok
17:57:00.0375 2620 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:57:00.0375 2620 AFD - ok
17:57:00.0390 2620 Aha154x - ok
17:57:00.0406 2620 aic78u2 - ok
17:57:00.0421 2620 aic78xx - ok
17:57:00.0453 2620 AliIde - ok
17:57:00.0468 2620 amsint - ok
17:57:00.0500 2620 asc - ok
17:57:00.0515 2620 asc3350p - ok
17:57:00.0546 2620 asc3550 - ok
17:57:00.0578 2620 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:57:00.0578 2620 AsyncMac - ok
17:57:00.0609 2620 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:57:00.0609 2620 atapi - ok
17:57:00.0609 2620 Atdisk - ok
17:57:00.0640 2620 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:57:00.0640 2620 Atmarpc - ok
17:57:00.0687 2620 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:57:00.0687 2620 audstub - ok
17:57:00.0750 2620 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
17:57:00.0750 2620 avgio - ok
17:57:00.0765 2620 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:57:00.0765 2620 avgntflt - ok
17:57:00.0796 2620 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:57:00.0796 2620 avipbb - ok
17:57:00.0828 2620 b57w2k (e5359a62ef537c4c25e364029272b439) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:57:00.0828 2620 b57w2k - ok
17:57:00.0875 2620 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:57:00.0875 2620 Beep - ok
17:57:00.0937 2620 catchme - ok
17:57:00.0984 2620 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:57:00.0984 2620 cbidf2k - ok
17:57:01.0000 2620 cd20xrnt - ok
17:57:01.0015 2620 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:57:01.0015 2620 Cdaudio - ok
17:57:01.0046 2620 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:57:01.0046 2620 Cdfs - ok
17:57:01.0078 2620 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:57:01.0078 2620 Cdrom - ok
17:57:01.0093 2620 Changer - ok
17:57:01.0125 2620 CmdIde - ok
17:57:01.0156 2620 Cpqarray - ok
17:57:01.0187 2620 dac2w2k - ok
17:57:01.0203 2620 dac960nt - ok
17:57:01.0234 2620 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:57:01.0234 2620 Disk - ok
17:57:01.0281 2620 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
17:57:01.0296 2620 dmboot - ok
17:57:01.0312 2620 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
17:57:01.0312 2620 dmio - ok
17:57:01.0328 2620 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:57:01.0328 2620 dmload - ok
17:57:01.0359 2620 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:57:01.0359 2620 DMusic - ok
17:57:01.0390 2620 dpti2o - ok
17:57:01.0406 2620 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:57:01.0421 2620 drmkaud - ok
17:57:01.0453 2620 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:57:01.0453 2620 Fastfat - ok
17:57:01.0484 2620 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:57:01.0484 2620 Fdc - ok
17:57:01.0500 2620 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
17:57:01.0500 2620 Fips - ok
17:57:01.0515 2620 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:57:01.0515 2620 Flpydisk - ok
17:57:01.0578 2620 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:57:01.0578 2620 FltMgr - ok
17:57:01.0593 2620 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:57:01.0593 2620 Fs_Rec - ok
17:57:01.0625 2620 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:57:01.0625 2620 Ftdisk - ok
17:57:01.0640 2620 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:57:01.0640 2620 Gpc - ok
17:57:01.0687 2620 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:57:01.0687 2620 hidusb - ok
17:57:01.0703 2620 hpn - ok
17:57:01.0750 2620 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:57:01.0765 2620 HTTP - ok
17:57:01.0781 2620 i2omgmt - ok
17:57:01.0796 2620 i2omp - ok
17:57:01.0828 2620 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:57:01.0828 2620 i8042prt - ok
17:57:01.0843 2620 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:57:01.0843 2620 Imapi - ok
17:57:01.0875 2620 ini910u - ok
17:57:01.0906 2620 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:57:01.0906 2620 IntelIde - ok
17:57:01.0921 2620 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:57:01.0921 2620 intelppm - ok
17:57:01.0953 2620 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:57:01.0953 2620 Ip6Fw - ok
17:57:01.0984 2620 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:57:01.0984 2620 IpFilterDriver - ok
17:57:02.0015 2620 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:57:02.0015 2620 IpInIp - ok
17:57:02.0078 2620 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:57:02.0093 2620 IpNat - ok
17:57:02.0375 2620 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:57:02.0375 2620 IPSec - ok
17:57:02.0390 2620 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:57:02.0406 2620 IRENUM - ok
17:57:02.0500 2620 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:57:02.0500 2620 isapnp - ok
17:57:02.0515 2620 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:57:02.0515 2620 Kbdclass - ok
17:57:02.0546 2620 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:57:02.0546 2620 kbdhid - ok
17:57:02.0578 2620 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:57:02.0578 2620 kmixer - ok
17:57:02.0609 2620 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:57:02.0609 2620 KSecDD - ok
17:57:02.0640 2620 lbrtfdc - ok
17:57:02.0687 2620 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:57:02.0687 2620 mnmdd - ok
17:57:02.0734 2620 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
17:57:02.0734 2620 Modem - ok
17:57:02.0765 2620 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:57:02.0765 2620 Mouclass - ok
17:57:02.0796 2620 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:57:02.0796 2620 mouhid - ok
17:57:02.0828 2620 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:57:02.0828 2620 MountMgr - ok
17:57:02.0859 2620 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:57:02.0859 2620 MpFilter - ok
17:57:02.0906 2620 MpKsl38b85a81 - ok
17:57:02.0921 2620 MpKsle886dbd9 - ok
17:57:02.0937 2620 mraid35x - ok
17:57:02.0953 2620 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:57:02.0953 2620 MRxDAV - ok
17:57:03.0015 2620 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:57:03.0015 2620 MRxSmb - ok
17:57:03.0046 2620 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:57:03.0046 2620 Msfs - ok
17:57:03.0078 2620 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:57:03.0078 2620 MSKSSRV - ok
17:57:03.0125 2620 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:57:03.0125 2620 MSPCLOCK - ok
17:57:03.0140 2620 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:57:03.0140 2620 MSPQM - ok
17:57:03.0171 2620 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:57:03.0171 2620 mssmbios - ok
17:57:03.0203 2620 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:57:03.0218 2620 Mup - ok
17:57:03.0250 2620 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:57:03.0250 2620 NDIS - ok
17:57:03.0281 2620 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:57:03.0281 2620 NdisTapi - ok
17:57:03.0296 2620 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:57:03.0312 2620 Ndisuio - ok
17:57:03.0328 2620 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:57:03.0328 2620 NdisWan - ok
17:57:03.0359 2620 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:57:03.0359 2620 NDProxy - ok
17:57:03.0375 2620 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:57:03.0375 2620 NetBIOS - ok
17:57:03.0406 2620 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:57:03.0406 2620 NetBT - ok
17:57:03.0437 2620 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:57:03.0453 2620 Npfs - ok
17:57:03.0484 2620 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:57:03.0484 2620 Ntfs - ok
17:57:03.0515 2620 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:57:03.0515 2620 Null - ok
17:57:03.0546 2620 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:57:03.0546 2620 NwlnkFlt - ok
17:57:03.0562 2620 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:57:03.0562 2620 NwlnkFwd - ok
17:57:03.0593 2620 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
17:57:03.0593 2620 Parport - ok
17:57:03.0609 2620 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:57:03.0609 2620 PartMgr - ok
17:57:03.0640 2620 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
17:57:03.0640 2620 ParVdm - ok
17:57:03.0656 2620 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
17:57:03.0656 2620 PCI - ok
17:57:03.0671 2620 PCIDump - ok
17:57:03.0703 2620 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\drivers\PCIIde.sys
17:57:03.0703 2620 PCIIde - ok
17:57:03.0734 2620 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:57:03.0734 2620 Pcmcia - ok
17:57:03.0750 2620 PDCOMP - ok
17:57:03.0765 2620 PDFRAME - ok
17:57:03.0796 2620 PDRELI - ok
17:57:03.0812 2620 PDRFRAME - ok
17:57:03.0828 2620 perc2 - ok
17:57:03.0843 2620 perc2hib - ok
17:57:03.0921 2620 portio (a15f8012b1bb59f5c5abf1aa1158cd43) C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
17:57:03.0921 2620 portio - ok
17:57:03.0937 2620 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:57:03.0937 2620 PptpMiniport - ok
17:57:03.0953 2620 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:57:03.0953 2620 PSched - ok
17:57:03.0968 2620 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:57:03.0984 2620 Ptilink - ok
17:57:04.0000 2620 ql1080 - ok
17:57:04.0015 2620 Ql10wnt - ok
17:57:04.0031 2620 ql12160 - ok
17:57:04.0046 2620 ql1240 - ok
17:57:04.0062 2620 ql1280 - ok
17:57:04.0093 2620 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:57:04.0093 2620 RasAcd - ok
17:57:04.0125 2620 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:57:04.0125 2620 Rasl2tp - ok
17:57:04.0140 2620 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:57:04.0140 2620 RasPppoe - ok
17:57:04.0171 2620 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:57:04.0171 2620 Raspti - ok
17:57:04.0187 2620 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:57:04.0187 2620 Rdbss - ok
17:57:04.0203 2620 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:57:04.0203 2620 RDPCDD - ok
17:57:04.0250 2620 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:57:04.0250 2620 rdpdr - ok
17:57:04.0296 2620 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:57:04.0296 2620 RDPWD - ok
17:57:04.0312 2620 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:57:04.0312 2620 redbook - ok
17:57:04.0390 2620 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:57:04.0390 2620 Secdrv - ok
17:57:04.0437 2620 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:57:04.0437 2620 serenum - ok
17:57:04.0453 2620 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
17:57:04.0453 2620 Serial - ok
17:57:04.0484 2620 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:57:04.0484 2620 Sfloppy - ok
17:57:04.0500 2620 Simbad - ok
17:57:04.0515 2620 Sparrow - ok
17:57:04.0562 2620 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:57:04.0562 2620 splitter - ok
17:57:04.0578 2620 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
17:57:04.0593 2620 sr - ok
17:57:04.0656 2620 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:57:04.0656 2620 Srv - ok
17:57:04.0703 2620 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:57:04.0703 2620 ssmdrv - ok
17:57:04.0734 2620 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:57:04.0734 2620 swenum - ok
17:57:04.0781 2620 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:57:04.0781 2620 swmidi - ok
17:57:04.0796 2620 symc810 - ok
17:57:04.0812 2620 symc8xx - ok
17:57:04.0828 2620 sym_hi - ok
17:57:04.0859 2620 sym_u3 - ok
17:57:04.0890 2620 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:57:04.0890 2620 sysaudio - ok
17:57:04.0937 2620 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:57:04.0937 2620 Tcpip - ok
17:57:04.0968 2620 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:57:04.0968 2620 TDPIPE - ok
17:57:04.0984 2620 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:57:05.0000 2620 TDTCP - ok
17:57:05.0015 2620 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:57:05.0015 2620 TermDD - ok
17:57:05.0046 2620 TosIde - ok
17:57:05.0093 2620 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
17:57:05.0093 2620 TrueSight - ok
17:57:05.0125 2620 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:57:05.0125 2620 Udfs - ok
17:57:05.0140 2620 ultra - ok
17:57:05.0171 2620 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:57:05.0171 2620 Update - ok
17:57:05.0218 2620 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:57:05.0218 2620 usbccgp - ok
17:57:05.0250 2620 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:57:05.0250 2620 usbehci - ok
17:57:05.0265 2620 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:57:05.0265 2620 usbhub - ok
17:57:05.0281 2620 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:57:05.0296 2620 usbprint - ok
17:57:05.0328 2620 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:57:05.0328 2620 usbscan - ok
17:57:05.0343 2620 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:57:05.0343 2620 USBSTOR - ok
17:57:05.0375 2620 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:57:05.0375 2620 usbuhci - ok
17:57:05.0390 2620 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:57:05.0390 2620 VgaSave - ok
17:57:05.0421 2620 ViaIde - ok
17:57:05.0437 2620 VIAudio (a1abff7b96be4cbe5e902feffb9125d9) C:\WINDOWS\system32\drivers\vinyl97.sys
17:57:05.0437 2620 VIAudio - ok
17:57:05.0453 2620 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
17:57:05.0468 2620 VolSnap - ok
17:57:05.0515 2620 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:57:05.0515 2620 Wanarp - ok
17:57:05.0531 2620 WDICA - ok
17:57:05.0562 2620 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:57:05.0562 2620 wdmaud - ok
17:57:05.0656 2620 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
17:57:05.0671 2620 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
17:57:05.0671 2620 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
17:57:05.0687 2620 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR9
17:57:05.0687 2620 \Device\Harddisk1\DR9 - ok
17:57:05.0703 2620 Boot (0x1200) (d640f73791db65822a16787491ea1e25) \Device\Harddisk0\DR0\Partition0
17:57:05.0703 2620 \Device\Harddisk0\DR0\Partition0 - ok
17:57:05.0703 2620 Boot (0x1200) (9214d93cb64aef7c7078be35bb86a00a) \Device\Harddisk1\DR9\Partition0
17:57:05.0703 2620 \Device\Harddisk1\DR9\Partition0 - ok
17:57:05.0703 2620 ============================================================
17:57:05.0703 2620 Scan finished
17:57:05.0703 2620 ============================================================
17:57:05.0734 0980 Detected object count: 1
17:57:05.0734 0980 Actual detected object count: 1
17:57:16.0171 0980 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
17:57:16.0171 0980 \Device\Harddisk0\DR0 - ok
17:57:16.0171 0980 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
17:57:19.0515 1060 Deinitialize success
0